The Host Unknown Podcast - Episode 41 - Mixing It Up
Episode Date: February 5, 2021Nobody will look at Javvad in the eye again without seeing that image. It could be worse, you could have seen it live like Andy and Thom had to.This week in InfoSec(Liberated from the “today in info...sec” twitter account):3rd February 2007: A former Coca-Cola secretary to a executive was convicted after stealing documents and unlaunched product samples, then conspiring with coworkers to sell them to Pepsi, which warned Coca-Cola.https://www.thestar.com/business/2007/02/03/former_coke_secretary_convicted_in_spy_case.htmlhttps://edition.cnn.com/2007/LAW/05/23/coca.cola.sentencing/https://twitter.com/todayininfosec/status/12245225616539197441st February 1952:A new method for tracking down users of unlicensed television sets was unveiled in the UK.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/1/newsid_2521000/2521357.stm5th February 1953: Sweet rationing ends in BritainChildren all over Britain have been emptying out their piggy-banks and heading straight for the nearest sweet-shop as the first unrationed sweets went on sale today.Toffee apples were the biggest sellers, with sticks of nougat and liquorice strips also disappearing fast.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/5/newsid_2737000/2737731.stm Rant of the WeekThe Biggest Threat to Facebook Isn’t Apple, It’s Mark ZuckerbergDuring Facebook's earnings call, the company's founder and CEO, Mark Zuckerberg, made a point of talking about the risk Apple's upcoming iOS 14 changes pose to Facebook's business. Those changes will require apps to ask permission before they are able to track users across apps and the internet. For Facebook, a company whose entire business model is built on the ability to track users, collect their data, and then sell targeted ads based on all of that information, losing the ability to track users could be a real problem. The thing is, Apple isn't stopping any app from tracking any user. It's only requiring that apps ask permission first. The real problem is that now everyone will be given a choice about whether to let Facebook track them, and the company logically assumes that most people will opt out. Suddenly people will be confronted with the reality that Facebook isn't free at all--it's just that most people weren't aware of the cost.https://www.inc.com/jason-aten/mark-zuckerberg-is-worried-apples-privacy-changes-could-be-end-of-facebook.html Tweet of the Weekhttps://twitter.com/TatianaDior/status/1357178566413287426Almost ran: https://twitter.com/fs0c131y/status/1356291273255227392?s=20 Industry NewsApprenticeships Could Solve Cyber-Skills Crisis, Say ExpertsGlobal Government Outsourcer Serco Hit by RansomwareTrickbot Trojan Back from the Dead in New CampaignMan Charged in $11m Crypto Scheme that Featured Steven SeagalSocial Media Oversharing Exposes 80% of Office WorkersData on Thousands of Foxtons Customers Posted OnlineOver Three Million US Drivers Exposed in Data BreachUS Shipping Giant Loses $7.5m in Ransomware AttackThree More Vulnerabilities Found in SolarWinds Products Javvad’s Weekly StoriesFoxtons rejects claims of slow reaction to data leakSMS Bandits owner arrested for carrying out large-scale phishing scamsRansomware attack disrupts UKRI services and web assets Billy Big BallsRansomware: A company paid millions to get their data back, but forgot to do one thing.A cautionary tale shows how organisations that fall foul of ransomware should concentrate on finding how it happened before anything else A company that fell victim to a ransomware attack and paid cyber criminals millions for the decryption key to restore their network fell victim to the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place.https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/ The Little PeopleWant to star in The Little People? Have an opinion you want to share, but don't have the social media clout to be heard? Send us a 30-60 second voice recording and we might even play it on the show. theveryfinechaps@hostunknown.tv Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I'm like 30% at least more effective when I use this keyboard because it is just so...
You're someone that likes the sound of his own voice, so I guess when you're on your own, you can hear the sound of your own typing.
Yeah, yeah, exactly. It's like I like slapping my own arse while I run one out as well.
You're listening to the Host Unknown Podcast
I just realised you were recording
Hello, hello, good morning, good afternoon, good evening
From wherever you are
And welcome to the Host Unknown
True Confessions unknown true confessions. Yes, welcome everybody. Good morning, Jav. How are you?
A bit raw from last night, but all good.
Fair cheeks, fair cheeks.
Very good. Yeah, is that keyboard holding up for you?
It is the best investment I've made in a long time.
Oh, man.
Oh, man.
Anyway, I hear this week, Jav, that you've had a loss in the family.
I have.
You have.
We were talking about it just before the show.
You've decided that someone or something that's been with you for 10 years now has been a part of your life part of your family's life it's time to sort of
say goodbye and wave it across the rainbow bridge is it me no uh is it is it one of the pets that i forgot i had yeah you forgot for the last 10 years no
your iMac ah the iMac yes yes we should all treat our our Apple products with such reverence right
i know i know so this is an iMac it's a 2010 iMac and it's been a solid beast vintage a vintage year for imax you know what it just in terms of
like computing equipment it was it has been the well it's now the second best because i bought
imac and i bought a macbook pro at the same time and the macbook pro is still running that's still
fine it's slow but it's it's brilliant but but yes it's ran for ages i mean
talk about return on investment don't ever tell me that apple products are expensive if they all
last that that long um and are just as productive right you don't have to stick linux on it after
three years just to get no no no everything worked fine i mean obviously in the last year or so i
haven't been able to update it because it's out of date uh it doesn't support the new new sos but it was running fine and the kids were using it
as a you know for the online learning these days and and you know the video calls worked and the
audio was brilliant i just can't fault it at all i it's just like you know know, what is that? 150 a year over, over 10 years.
If it's not a lot of money,
that's,
that's less.
That's just over a 10 or a month.
Yeah.
Um,
so,
so,
um,
yeah,
it is sad to see it go.
I did try reviving it.
I was like,
you know,
doing the whole compressions on the chest,
banging the ground.
God damn it.
Don't you dare leave me.
You called him a specialist.
You called Tom.
Yeah.
He's dead, actually.
That's right.
Actually, one of my cousins' sons, he works as an Apple genius.
And I even, like, sent him pictures and everything and whatever.
And he was like, yeah he goes it's it's
not worth he goes we don't stop the parts it's a graphics card that went on it and you know
something else and he's like we don't even stop the parts for it and he goes it's just not worth
it you better find a new one and i was like are you cult of jobs you just want me spending more
money and he's like it's 10 years old. How much longer do you expect it to last?
It's like the kid that built it wasn't even born when this came.
Yes, exactly.
I've had children last longer than this.
Oh, well, we wave goodbye to your iMac,
and I look forward to hearing about a new purchase
and a new addition to the family, Geoff.
I'm thinking of adopting next time.
I just don't think I can go through with the emotional.
Like a high purchase type thing.
Yeah.
Yeah, just swap it out every couple of years.
Andy, how are you, sir?
Not too bad.
Yes, I can't complain.
I've got nothing on life support.
I just got all my old equipment
sitting around in boxes
somewhere i tend to stop using them before they stop working yeah yeah and so um you managed to
make it on this morning without any technical difficulties as well you even sound you know
half decent as well well i i never have technical difficulties it's whoever joins third onto this
uh podcast program tends to have the difficulties.
Jav had no problems at all except his iMac died.
Yeah, exactly.
See, case closed.
Oh, dear.
Well, I've got some news this week.
Oh, congratulations.
How far along are you?
Exactly.
Couple of days. i'm expecting tomorrow yeah um you want to be called uh gramps or pop pop well by the sound it'll make more like pop pop um so uh i i i carried
out a bit like miyamah i carried out a bit of a coup and I am now
El Presidente
of the Thames Valley ISC
Square chapter.
The ISC Square chapter.
Oh, the Thames Valley
chapter. Wow, that is such a prestigious
chapter. I know.
El Presidente, I'll have you know.
Wow, that's amazing.
Well done.
Hang on a second.
You don't live near Thames Valley, do you?
Hush.
Okay, right.
Don't tell them that.
Everything's online these days.
It doesn't matter where you are.
Exactly.
We've got our first committee meeting
in the week after next.
There will be sweeping changes.
I should be demanding
Apple equipment and sponsorship
and all that stuff.
No, no, no. Hold on.
This is like someone joining the Mafia
and saying, I'm going to shake them down now.
Oh, is that a descent of descent towards ISC squared?
I hear it from poster boy.
No, no, no.
Yeah, that's right.
It's descent towards the mafia.
I'm sorry, Uncle Sergiuliani.
So, yes, it was...
Congratulations.
Yeah, well, thank you i thank you um i obviously um it comes as a
real surprise and i'd like to thank so many people uh not least the people that didn't
realize there was a thames valley chapter pay into london like everyone else
it's like every now and then you receive an email from ic squared and there's some legal
speak in it and then you ignore it and then it's like a few weeks later there's like we'd like to
congratulate this new board member thank you for everyone that participated hold on i didn't see
anything about that yeah and why is it my name yeah there's two emails i recognize and they seem
to come around very frequently the first one's the
uh nominations for the board and then the second one is your renewals are due
and it's already i thought you're going to talk about the spam you get from uh
a certain hey uh you know what you know it's it's funny like it's not funny that's the problem
no no no before we move away from the topic, because I think this is interesting, that what would it take for someone who does a day job in InfoSec to then say, let me subject myself to more rigor, governance frameworks and organizing something.
Oh, let me join the Thames Valley chapter of IC2 as the president.
oh, let me join the Thames Valley chapter of IC2 as the president.
You know, it's like you'd be better off getting a hobby building massive Lego objects or something.
Well, that was the other accomplishment of this week.
Was building a massive Lego project again.
I've got to get a girlfriend is all I can say and uh you also need to get onto
tiktok because uh you're sending some pretty funny videos uh and i'm posting them as you and getting
loads of likes are you getting offers of girlfriends that's the only thing that will
make me go there exactly exactly girlfriend sugar baby is pretty much the same.
Yeah.
So there you have it, listeners.
Tom is available on the market and desperate.
He's cold, white and loaded.
So Anna Nicole, if you're out there,
then make your applications to the guys at hostunknown.tv.
The very fine chaps at hostunknown.tv.
That's the one.
Rolls off the tongue, that one.
The very fine chaps at hostunknown.tv with the subject line,
Tom's sugar baby application.
No, not sugar baby.
I can't afford a sugar baby.
You need to have not only your all
your own teeth but uh but your own job as well don't wait if they have their own teeth and their
own job why would they come to you tom shush shush let's move swiftly on okay so uh what do we have
for you this week this week in infosecweet of the Week. Looking forward to that one. Billy Big Balls, a rant of the week, industry news.
We may or may not have a little people or even a sticky pickle.
Spoiler alert, we don't have a little people because they're all unreliable.
Yeah, so we've got an idea for that.
We've got an idea for that.
But before we start, I have an idea. an idea oh dear are you down for this guys
this idea that you're going to agree to before i tell you it of course so so we have literally
tens tens of listeners out there in the world and they're spread all over the place and i was
looking at the analytics of our podcast stuff and it actually shows you where they're listening from
and we've got obviously we've got clusters around the east coast of america uk parts of europe etc
but there are listeners and i'm just looking at the map from the last seven days there
are listeners who are literally by themselves uh listening to us so for instance last week
this last seven days we had somebody from Curitiba Curitiba C-U-R-I-T-I-B-A.
I have absolutely no idea which country is that.
Could somebody look that up?
So if you are our listener from Curitiba,
contact us at theveryfinechaps at hostunknown.tv
and we will read out your name and pretend like, you know,
it's important to us or something like that.
We also have that's in South America, by the way, Curitiba.
We also have a listener from Angol, again, South America.
I can't remember what country that is. I know the Andes.
It's between Argentina and the Andes. Not between. It's the other side of the Andes of Argentina.
This is a fascinating geography lesson.
Yeah, yeah.
I could look it up, but I'm afraid that my keyboard will distract you.
And last off, we have a listener in Idaho Falls in the good old US of A
so the
three of you
Mr or
Mrs Idaho Falls
Mr or Mrs
Curitiba
and
what was the other one oh Mr or Mrs
Angle please do give
us a shout.
Drop us a note and we'll we'll tell the world who you are. And we'll send you a ten dollar Amazon voucher.
What? We will?
You go for it, Andy. Andy's responsible for all logistic and dispatch.
You know what? What's really funny is that these three places are all known locate um known exit nodes for um nord vpn
well idaho falls yeah massive massive data center there massive data center i'm sure yeah
curritaba tiba no no i'm not getting it getting it. Anyway, so yes, that's my contribution to mixing it up this week.
It would be without you, Tom.
Thank you so much for that riveting conversation.
Well, we'd probably start on time for a start.
So yes, let's move on to this week's.
This week in infosec
so we move on to the part of the show where we should be taking a stroll down memory lane
but instead it has one of these hosts contemplating paying someone on Fiverr to do this legwork simply because the content we
typically liberate from the Today in InfoSec Twitter account has not been refreshed for quite
some time so there's some slim pickings for this time of year and I had to go out and source some
of my own stories but we did manage to pick one out from the Today in InfoSec Twitter account and it's one that I
did like from back in 2007 which judging by my maths is 14 years Tom's maths would put it down
to about 15 years ago and this is from the 3rd of February 2007 a former coca-cola secretary to an executive was convicted after stealing
documents and unlaunched product samples and then conspired with co-workers to sell them to pepsi
and in a great tale of corporate espionage pepsi actually turned around and told coca-cola all about this problem
and this was a yeah it's a fascinating story i mean there was a great uh quote from one of the
coke execs the pepsi executive saying that you know we did what any responsible company would
do you know competition can be fierce but it must also be fair and legal um you know and so there's like a big sting operation
that went into this the fbi um initially took some of the the um paperwork and you know paid
five thousand dollars and the price went up and i mean it was a slam dunk you know they set up a
camera in this lady's office and um you know they got videos of her going through confidential
documents stuffing them into her bags, taking samples of products.
Absolutely unbelievable. But it goes to show that, you know, intellectual property theft is nothing new.
Insider threats, nothing new. It's been going on for years.
And I guess the only thing that was surprising is that two big, fierce rivals actually have honourable.
Yeah, actually play fair.
Do you know who could take a lesson out of Pepsi's book here?
Ticketmaster?
Yeah, could be. Could be.
Could be.
It does tell you something.
I must admit, it does make me think a lot more highly of Pepsi,
even if it was in 2007.
Yeah.
You know what I'm thinking now?
I'm feeling a bit guilty if we haven't told Graham
that Carol's been slipping off the show notes.
Well, do you know what?
I'm actually thinking it's the other way around,
and I have my suspicions about you two.
Upon listening to, you know,
the second best InfoSec podcast this week,
there was a lot of coverage on the old GameStop. upon listening to, you know, the second best InfoSec podcast this week,
there was a lot of coverage on the old GameStop.
Sorry,
you mean the week after we covered GameStop?
Absolutely.
When you say us slipping them the show notes,
you mean them listening to our podcast?
Well,
no,
I mean,
I'm pretty sure they've both got access to the show notes from when they've been on the show.
And,
you know, I just never remove access. i'm not part of that yeah the joiners movers
leavers process not one of my things it's you know i'm an ideas person not a delivery person
yeah i've got an idea i should replace you
right so anyway that's uh that's the uh story I was close to, when you said you had a lot more respect for Pepsi there,
I was close to trying to find this other story about a competition
which they ran in Asia, I think, in the Philippines.
And this is not related to InfoSec,
but this was just the story of a competition that went wrong.
And I don't know if you're aware of this, but this was just the story of a competition that went wrong um and i don't know
if you're aware of this but it's i've just looked up so february 1992 um pepsi philippines announced
that their print numbers ranging from one to nine nine nine inside inside the caps of um pepsi seven
up and miranda bottles and certain numbers could be redeemed for prizes.
And they range from like $4 to like $40,000,
which is like a million pesos locally,
which represented about 23 years worth of earnings for the average person on that one,
considering the minimum wage was so low in the country.
So the whole thing increased, obviously, their sales massively, their market share jumped from
4% to 25%. It's such a big event, winning numbers were announced on TV every night.
And the word went wrong was the magic number was 349. And so you know, one night on the news,
they announced a grand prize number for
the day was 349 um and because of a computer error it wasn't just one bottle that had 349
but 800 000 bottles were printed and so this caused a massive issue because Pepsi basically said they weren't going to honor it.
And there was like riots and like grenade was thrown into one of their warehouses.
A mother and child were actually killed as a result of a grenade being thrown at a Pepsi truck.
And yeah, I think there was quite a big event that occurred.
You know, 22 22 000 people took legal
action um you know civil cases deception were filed and uh yeah it it dragged on ultimately
i mean that they got nowhere near what they um thought they were going to win um you know they
got a uh 380 settlement uh you know for moral damages um but i mean that really damaged pepsi's brand
in south asia for that but um there was another one so what you're saying you had a big a big
respect for them that they they have messed up in other parts of the world well that there was
another one where they launched some kind of competition for you know winning prizes that money can't buy or something
like that and the tv advert had a teenager land in a harrier jump jet um and basically saying you
know you could win this and some kid whether he gamed the system or was just very diligent in collecting the tickets or the points whatever got enough
points um to win ostensibly a harrier jump jet and and um coca-cola uh sorry pepsi refused to
saying well that's ridiculous we can't get our hands on a harrier jump jet and um uh the courts
demanded that they did because they're saying you know you clearly
stated that you could win a harrier jump jet and now you're saying you can't so they from memory
and i hope you know maybe someone can uh email us and tell us if this is true but from memory they
they had to go and buy a decommissioned harrier, you know, with the engine removed and, you know, all of the confidential stuff removed from it
to then give to this kid.
Amazing.
But this isn't anything new.
I mean, there's this, back in the 80s, I think,
American Airlines was, I believe it was American Airlines,
they were undergoing some real bad financial difficulty so they they to raise money they were selling two
hundred and fifty thousand dollar tickets which allowed you lifetime
unlimited first-class miles so you could buy it for two hundred fifty thousand
and then you could hop on any American airline flight first class all the time so a bunch
of people bought them and uh there's a few people they literally like never got off the plane they
would fly from one place to another and of course you would yeah yeah you know just and they were
on first name basis with all the staff and everything and and that's it it allowed you to take one a past a
companion um so so one of the people they they would like you know they would walk along and
if they just do like a hey today's your lucky day to anyone who was standing in queue at economy
and say come with me and like you know say this is my plus one and and like treat them to like
you know first class and
what have you and uh it's like traveling with tom in the old days isn't it exactly
in the old days honestly and uh and yeah that and there were so many ways that american then tried to
revoke people's memory so so this was one of the ways that oh it was only meant to be for someone
you knew you you were you know they claimed that they were gaining some sort of financial motive from this or what
have you by upgrading someone for who they didn't know. So they cancelled some people's
tickets that way. Some other people, they said, oh, it's due to fair use policy and all these
sorts of things that weren't in the initial contract. But yeah, corporates are like that,
aren't they? They'll promise you something great great and then as soon as you start taking advantage
of it then they're like oh no no no we didn't mean it was going to be that great so do you know what
i thought you were going with that story when you said uh some airline in the 80s there was one
um hoover um yes well yeah the british division of Hoover. So what they did, because their sales were obviously dropping,
they said that they would give two complimentary round-trip tickets
to the US, which was worth about £600 at the time,
to any customer who purchased at least £100 in Hoover products.
And so people were like, well, of course, i want to go to the us i'm happy to spend
a hundred pounds instead of 600 pounds um but yeah they had to cancel the promotion because
too many they couldn't fulfill it um it was an absolute financial disaster it really took them
down it did yeah it was uh it was uh they actually lost their uh warrant following a documentary,
which, you know, talked through what occurred at that time.
And lovely chap James Dyson, he dropped us off one of his vacuum cleaners.
That's a scarily good impression.
However, I feel we are getting sidetracked here.
So here we were talking about Pepsi.
About Pepsi inside a track. I feel we are getting sidetracked here. So here we were talking about Pepsi. No, come on.
About Pepsi inside a track.
Second story I had was from the 1st of February, 1952.
Wow. So something, Tom, you can probably fill us in on the details a bit more than I can on this.
So a mere 69 years ago and at the time a new method for tracking down users of unlicensed television
sets was unveiled in the uk now this may be a funny story for people around the world who
probably aren't aware that we have a tv license in this country uh where we are expected to pay
i don't recall the amount it's
100 and something pounds per year 160 i think 160 odd pounds per year uh and that gives us access to
the bbc or the bbc channels if you're legally blind you can get a discount of about 15 quid
apparently oh interesting didn't know that um and what you probably don't so any uh particularly u.s um sort of listeners if you go
to the bbc website you will see adverts and you know pop-ups and stuff like that we don't get that
in the uk uh that's something that happens outside of this country and it's really weird when you're
traveling and you see it happen um however there used to be a time before digital TV where, you know, we had TV license inspectors who would go around and they would detect
whether or not there was something listening to TV airwaves in your
property and they'll check it against the list to see whether you had a
license or not. So it was very,
very sort of big brotherish. even back then in 1952
there were vans with these
aerials on top
so just think 69 years ago
that started
there's some conspiracy theories about the fact that
it never worked, what they did was
they'd drive down streets and see
who was looking out the windows and would like quickly
shut their curtains or something like that
yeah
they'd have a list of all the houses that didn't have a license yeah
they just drive down their roads and then they'd check out for any suspicious behavior there
yeah yeah exactly exactly but yeah it's a it's it's an interesting one it's a good model though
yeah although i do love the um if you're online and it says um and and you're connecting
from the uk's uh it when you press play on the iplayer to check that you have a tv license
it has this really clever mechanism of a button or two buttons that says yes i have a tv license no i don't have a tv license
choose wisely yeah if you press yes you can play so any visitors to the uk
press the top button
so so what was really interesting about this is, as you were saying, I was thinking, like, people talk about Netflix
as if they invented streaming TV and subscription model.
No, the BBC was the original subscription model for watching content.
Yeah.
I think it's a good idea.
I'm quite happy with the TV license model.
Well, you know, I think what we've seen in the last couple of
years is there's been a lot of backlash against the tv license purely because a lot of people
feel like the bbc have not been impartial enough and i think a lot of that's just from uh the
previous american president who's been going on about you know the media can't be trusted and all
that kind of stuff but um but it just really varies because i on about you know the media can't be trusted and all that kind of stuff
but um but it just really varies because i think like you know there was a time when the bbc was
the the provider of of the majority of the content you consumed nowadays it's like if you think about
tv or uh radio i mean i know you listen to radio 57 or whatever it is on BBC Radio 57, Tom, but
I mean, I haven't listened to BBC Radio for years and I can't remember the last time I watched
anything on BBC News or TV either. So I think that there's a legitimate
kind of gripe where people are like, I don't even use this service, why am I paying for it?
Because it's a national service
it's a national so and and actually they they probably consume more than they think than they
realize you still to me uh but i think i think all this talk about you know biased um reporting by
by the bbc the thing that i find really interesting is especially if you're on twitter
you see the folks on the left talking about
how biased the reporting is by the BBC.
And then you see people from the right
talking about how biased the reporting is on the BBC.
And so it kind of tells me
that the balance is probably about right.
Yeah.
I mean, personally, I just did,
I stopped liking paying for the BBC licence
as soon as Top Gear moved to Amazon Prime.
So that was me.
Yeah. Yeah. Now I have to pay for the Amazon licence.
Exactly.
Any more on that?
There was one other that caught my eye, but I'm we are uh running out of time so this was uh just a story from uh
68 years ago 1953 nothing to do with infosec it did just catch my eye um as you're aware maybe
uh or maybe you recall at the time tom rationing came into force a few months after the start of
world war ii um and in that was in 1940 so 13 years later uh sweet rationing ended in britain
um so you know children all over britain had uh started to empty out their piggy banks and head
to the nearest sweet shop um and apparently toffee apples were the biggest sellers uh with sticks of
nougat and licorice strips also disappearing fast and i thought that's a fascinating insight into what
people were doing 68 years ago i can't even imagine you living in a time when there was
sweet rationing andy i'll tell you that war would have been over a lot quicker than it was
if they started rationing stuff yeah well i think the sweet rationing and the sugar rationing was
was tied together wasn't it it? It was. Yeah. Yeah.
So they did.
Yeah.
They rationed the,
uh,
yeah.
Sugar first.
And then it just goes to show quite how,
um,
how good we have it.
Well,
yeah.
How good we have it now,
but also how screwed up and depleted the nation was at the end of the
second world war.
Um,
that it took seven,
uh,
seven to eight years for,
uh, basics like sugar to become plentiful again.
Yeah.
Quite incredible, really.
Super.
Thank you very much, Andy, for...
This week in InfoSoul.
Wow, we spent about 25 minutes on that.
But, you know, it's one of my favourite spots, I have to say.
So I think it's a good one.
But I think I suggest we move quickly on, shall we?
Let's do it.
Let's get on to...
Listen up!
Rant of the week.
It's time to mother rage
so um this is about facebook and we all know how much i love facebook so um
during facebook's earnings call uh mark zberg, Mr. Lizard Man from another planet, made a point of talking about the risk of Apple's changes in iOS 14 and the risks they pose to facebook's business so basically the fundamental change is and it's a
small change is that apple are demanding uh greater privacy and greater uh levels of
uh i guess you could say cognizance on behalf of the Apple device owners.
It's about transparency as well, isn't it?
Yeah, transparency, exactly, as to what they're letting apps do.
So basically they're requiring apps to ask permission
before they're able to track users across the apps that they use
and the internet sites that they go to,
which for Facebook facebook their entire
business model is based on this ability to track users collect their data and then sell targeted
ads based on all of that information so you know you go to amazon you look at some products and
then you think now i'm not going to buy those And then you fire up Facebook and then you'll see that you're being targeted with ads from those product manufacturers.
And losing this ability to track users is going to be a problem for ad revenue because, you know, in order for Facebook to remain free, they need the revenue from the ads.
And that's how Facebook is making vast amounts of money.
The key thing here, though, is that Apple isn't stopping any app from tracking any user.
All it's doing is requiring that the apps ask permission to.
And Facebook are worried that their entire business model is going to fall through
because people will suddenly realize that facebook is tracking them and tracking them quite
dramatically yeah and so mr zuckerberg is saying that this is you know um apple is a threat to the open market, blah, blah, blah.
It's a threat to Facebook.
It's bad news, et cetera, et cetera.
Now, the view that I've always had with this sort of privacy
and lack of transparency and all that sort of thing
is if you can't look your customer in the eye
and tell them what you're doing with the data
without feeling a little bit ashamed
you probably should be looking at a different business model um the fact that mark zuckerberg
is um he's either a lizard or an android but either way he has very few feelings as far as
i'm aware uh very few emotions i'm not convinced he feels that, but he should do. So I think, you know, I think that this reality
that will suddenly hit people that Facebook isn't free at all
is literally around the corner,
even though it's something that we as infosec professionals
have been saying for a long, long time.
Yeah, it's classic deflection, though, from Zuckerberg, though, isn't it?
I think there's another article that came out in the week the week sort of you know because facebook is scared of being exposed
you know they're creating a bad person you know they're creating this this villain you know there
has to be a villain in the story so they're sort of uh you know making apple to be the villain
yeah it's classic yeah yeah actually i'm just trying to think back, I can't remember which one, but it was one of the Steve Jobs keynotes, where he explains the app ecosystem and everything. And actually, in those early days, he even said that we will ask permission every time we want to access, say, your contacts or your location or something.
And he goes, like, we're not going to block it, but we will ask the permission.
So it's kind of like informed consent. Yeah.
And so from that point of view, this has always been Apple's model.
They sort of like haven't been, if anything,
Apple themselves have been lax in that.
And now they're going back to what one of their core principles was about
putting the user in charge and putting them in control
of what data they share with what apps.
Well, it's a bit like the iOS 14 bought out the notification
of what was going on to your...
Oh, stuff being sent on your keyboard.
Yeah.
Yeah, that's right.
And some apps are constantly writing data to it
because that's how they get around the transmission
of sort of basically personal data, right?
They're copying that data and then pasting that into a process
that will then send it home rather than
doing it through the app as such yeah i think i think people made a big fuss about tiktok doing
that but uh it turns out everyone was doing it yeah that's right that's right that's right yeah
so yeah i i i must admit my my rant although I've remained fairly calm, you know, I'm aware this is an Apple story.
But my rant here is that, you know, the biggest threat to Facebook is an Apple.
It's Mark Zuckerberg. that can sway whole nations from political views
from one side to another at a whim,
based upon a product that rated the attractiveness of women
in his college,
I think he needs to look a little closer to home, personally.
So, yes, this is one of those stories that doesn't surprise me reaffirms and completely
reaffirms my opinion of companies like facebook and of companies like apple indeed so so it just
to put it in context in in q4 uh in this earnings call facebook earned earned $27,187 million in advertising revenue.
Say that again.
$27,187 million.
That was their revenue from advertising.
They have this other column called other revenue,
which is everything else,
like say like licensing or developer charges or whatever.
And that's a mere 885 million.
And this is just Q4 of what they announced last year.
That was their highest quarter for the year.
Q4.
I love it.
Year on year growth.
It must be.
Yeah.
And meanwhile,
he's sitting there going,
man,
look at those bad guys over there at Apple.
Yeah.
Yeah.
Asking permission,
making us ask permission to use your data.
Well,
that's it.
I mean, I mean,
what it is,
is basically advertising is their entire, their, their entire their empire is built on that.
And if you start interfering in that, then then that's what, you know, causes them a great deal of concern.
But they've never been the most transparent companies. And in fact, they've used people's data in the most heinous ways.
companies and in fact they've used that people's data in the most heinous ways yeah so yeah it's i i've absolutely if facebook disappeared tomorrow i wouldn't shed a single tear nothing at all well
i left fake you know i left facebook a few years ago after having used it for for many years before
that and and the funny thing was i did not miss it a single day. And even now, I know the brand exists, but I completely forget how it actually was used in a day-to-day basis.
Only every now and then, my wife will sometimes say, oh, do you know it's so-and-so's birthday today?
I said, how do you know? Oh, they posted it on some pictures on Facebook.
And I was like, well, Facebook's a thing. People still use that.
People are putting their actual date of birth on facebook yeah yeah
so so just just on the side note to that um i was watching this documentary on minimalism on netflix
and um what one of the guys done he wanted to get into minimalism really quick so he went home and
he packed up everything in boxes as if he's moving. And he labeled everything very well, like plates and suits and dishes and records
and what have you.
And then he was living in the house,
but he'd only unpack the things that were essential.
And after several months,
there were still boxes and boxes
that he just had not opened up at all.
So he ended up just getting rid of those boxes
because he thought this is all surplus and um i i saw that and i thought you know what this is
exactly how apps are this is how they trick us i and if you go on your phone or your computer and
you start deleting a whole bunch of apps or you just move them into a folder saying if they're
not out of this folder by so and so time i'm sure lots of these social media companies you don't need as much as you think you do but i tell you what the moment he
threw those boxes away the next day he was looking for a cable yes guarantee you it was in one of
those boxes i've got this little box with cables in it and it's like labeled cables i don't need
but i'm too scared to throw away. Yeah, exactly.
Anyway, excellent.
Thank you. That was this week's
Rant of the Week.
I like how Tom says thank you and excellent
to his own segment.
Well done.
Well, neither of you two will.
True story.
Sketchy presenters, weak analysis of content and
consistently average delivery like and subscribe now please do please do right let's move swiftly
on otherwise we'll still be here by the time smashing security records and then we'll never know which stories of ours uh so yes this week
it's time for tweet of the week and as always i'm going to play that one again tweet of the week
fantastic so i'm going to run with this one this is a very quick one uh just so we can move the
show on i saw this and i liked this uh one it's from someone tatiana door at tatiana door
and she simply says i'm going to push through with cyber security because i'm not a little bitch
what uh yes so clicking into seeing the thread context uh Tatiana appears to be a younger member of our information security community.
It looks like she's getting into InfoSec.
She's doing her studies at the moment.
And the reason I like this, not just because of her attitude, just going to keep going, but the support that she gets doing it.
Straight away, there's someone like, if anybody's studying for the security plus exam i've got a roadmap along with pdfs that help me
pass uh you know many people have benefited uh dm me you know i'll send them to you and you know
it's just pure just goodness in the thread it's like you know do it i've got this offer yesterday
you know someone's got a job as a cyber security engineer for like $80 an hour.
But it's really, I mean, if it were a Star Trek show, it'd be like the Lower Decks, if you know what I mean.
And it's just really nice and wholesome to see, you know, people breaking into the industry, supporting each other.
And it's so nice.
It's not that sort of cynical old bastards ripping each other down that we've been used to
seeing uh elsewhere so this is um absolutely fantastic so i do like that tweet and uh there's
a link to it so you can see it click on it and like it yourselves very true no that's a good one
i i mean i think if anyone can easily push through with cyber security if they want to
as long as they stay off twitter because that's the worst place to go to for advice because that's where all these miserable
cranky bastards live what you mean like you and me
i i think of myself more of a tenant as opposed to a resident but yeah he's got tenure yeah yeah yeah that's right excellent thank
you andy it's late of the week i will add though uh if i can because there was a there was an
almost ran which i saw but it may uh may just be me that enjoys it and it was actually a tweet of
a guy who uh he's literally been contacted
reminded me of what happened to you tom like this guy uh received a dm uh a photo of his phone which
he lost and it's obviously locked to a link to an apple id and this guy's just like sending a
message saying hey like how do i remove this id please and it reminded me of the time your phone got
stolen or lost and you know some guy in india sort of sent you a message saying hey what's
your password yeah that's right that's right yeah oh that went on for days that was really good
he cussed me out and then he'd apologize and beg me to you know let him have the phone and it's like but it's a stolen phone yeah
yeah no i'm a poor student i played paid like 150 dollars for it please you don't understand why
you're a rich man you got a new one through insurance yeah exactly exactly oh man yeah i'd
forgotten about that so true so true uh but also the other thing you mentioned, Andy, was Star Trek Lower Decks, which is on Amazon Prime at the moment.
It is. And such a good show. Such a good show.
I strongly recommend anybody who has even a passing interest in Star Trek.
I've only just started. So, yeah, I started it thinking, oh, let's see what this is like.
And then 10 episodes later, it was suddenly dark again.
Does it have like Baby Yoda and all those classic characters in it?
It does have cameos by Star Trek actors in there.
Mark Hamill? Yeah, that's him. there. Mark Hamill?
Yeah, that's him.
Yeah, Mark Hamill.
Yeah, dick.
Yeah, that's right.
That's right.
So, you know, may the force be with you, Gandalf,
and all that sort of stuff.
Good.
Let's...
Oh, Andy, you know what time it is?
Oh, it's that time of the week where our source on probation
over at the InfoSec PA Newswire
has been very busy bringing us
the latest and greatest security news from around
the globe
Industry News
Apprenticeships
could solve cyber skills
crisis, say experts.
Industry news.
Global government outsourcer Serco hit by ransomware.
Industry news.
TripBot Trojan back from the dead in a new campaign.
Industry news.
Man charged in $11 million crypto scheme that featured Steven Seagal.
Industry news.
Social media oversharing exposes 80% of office workers.
Industry news.
Details of thousands of Foxton's customers posted online.
Industry news.
Over 3 million US drivers exposed in data breach.
Industry news.
US shipping giant loses $7.5 million in ransomware attack.
Industry news.
Three more vulnerabilities found in...
Industry news.
And that was this week's... Three more vulnerabilities found in SolarWinds. Industry News.
And that was this week's...
Industry News.
Huge if true.
Huge if true.
Shame Jav couldn't quite read his cues properly there.
People fit it in together.
Yeah, well, data on thousands of Foxton's customers.
That's the details, yeah.
And the devil's in the data, as they say.
Shall we move on to some proper news now?
Oh, you want some of this, do you?
Some of your own stuff.
Foxton's rejects claim of slow reaction to
data leak. Industry
News. SMS bandits
owner arrested for carrying
out large-scale phishing scams.
Industry News. Ransomware
attack disrupts UKRI services
and web assets.
And that was this
week's
Javads Weekly Stories.
So not only did you mess up the Foxton story first time,
it's actually one that you wrote yourself.
Yes.
Yeah.
And struggled with it the second time.
No, it's only because you got it into my mind.
That's why I struggled with it.
But the first one was not an article that I contributed to.
The second one, the one that I did was do you know what i really want to know more about this
11 million dollar crypto scheme that featured steve that well-known cryptologist so he is a
he has russian citizenship i believe steven seagal yes, he's as dodgy as a Friday night kebab, I tell you.
Well, do you know what?
You say that.
I remember a story years and years ago where he was being threatened
when he was an actor, and he had to have protection from the mafia,
I think.
Protection?
Yeah, so he was being... Mafia was providing yes providing protection no they were threatening him
oh i see yeah so and he so he did turn snitch and uh went and i remember this was like years ago i'll
have to read it because i obviously misremember it um and just make up the story in my head anyway
but i'm pretty sure that he was, yeah,
he basically came out of it looking like a real sort of, you know,
scaredy cat and, you know, went running.
And also, what are you doing that means the mafia feel they have to threaten you?
Just making money, I guess.
Yeah, but...
But isn't he also like a sheriff or something in in some county in america and
there's like a short-lived tv show documentary where they followed him around and oh my god
he's a bizarre one i mean he was he was you know quite a fit guy and now he's he's like this
like blobfish happens to the best of us tom all it means is that uh you know he no longer needs his uh body
in order to uh you know all of his strength is in his mind uh you know he works with his brain
not with his body oh okay so he so he breaks bricks with his head yes yes so so yeah the Yes. Yes. So. So, yeah, the series was called Steven Seagal Lawman and it's a reality show for two seasons.
Wow. And he's he's a reserve deputy sheriff in Louisiana or something.
That sounds like a lot of layers down.
He's a reserve deputy sheriff.
I don't know. I'm probably saying it wrong, but he's kind of like a part-timer.
I think he only does it for...
The TV.
But to be fair, I don't understand the US law pecking order.
You know, you've got local PD, you've got sheriff,
you've got state troopers, you've got...
Yeah.
I'm trying to work out, is he
in the pecking order, is he above or below
Dog the Bounty Hunter?
That's the only one
Dog the Bounty Hunter, even I got that
reference
but although, I have to say
I only got that reference because there was a thing
on South Park with Cartman
when he became a bounty hunter and he modelled himself on Dog the Bounty Hunter.
I was like, what the hell is this?
And had to do a little Google search.
Recording from the UK.
You're listening to the Host Unknown podcast.
Yes, you are.
And let's move very swiftly onto this one.
These are great.
So this one is another story about ransomware.
Surprise, surprise.
Ransomware seems to dominate 80% of all the cybersecurity stories any given week. But this is an interesting one because it's covered in an article by ZDNet and they are quoting something that NCSC mentioned in their blog. paid millions, millions I tell you, I think it was 6.5 million, to get their data back once they got hit by ransomware.
So they paid money, they got the decryptor, and they decrypted their data, and they were saved. Yes?
Woohoo!
Wrong. What they forgot to do was one simple thing. Can you guess what that was, Tom?
Fix the problem?
Well, yeah, exactly. They didn't do any investigation into how they got infected
to start with. They didn't check or they didn't check to see whether they'd been left with any
back doors or anything like anything like that so they just
got the oh thank you kind sir thank you wallet inspector you give me back my wallet you know
they they uh they were like okay and um so a few weeks later passed and the the criminals
they took a look and they said hey we still got access get a load of this and they went in and they encrypted all their files again
oh my god and not only had the company not learned its lesson by in terms of um fixing the problem
they hadn't learned their lesson in and taken any backups either so they felt they had no what pay them yet again
they tried the decryption key again the same one i i don't know what that you know what it
wouldn't surprise me if it was the exact same decryption key that was
but yeah they finally get the email they paid it the second time they get the email. They've paid it the second time. They get the email and go, son of a...
With a little coupon at the bottom,
like 15% off your next encryption.
As a loyal customer.
As a loyal customer.
You know what?
Maybe the second time
they weren't even hit with ransomware,
they just got the email and said,
oh, guys, come on, we've got to pay this guy. maybe the second time they weren't even hit with ransomware they just got an email and said oh guys
come on we've got to pay this guy
I think they've got a regional
account manager as well
dedicated service manager
and a technical account manager to help them type the code
as one of our top clients
apparently they've since now moved on to the subscription service As one of our top clients. Yeah.
Apparently, they've since now moved on to the subscription service.
They're simply paying 50 grand a month.
Works out more cost effective than the pay-as-you-go model, yeah.
Oh, that is brilliant.
I noticed, I clicked into it, I noticed they won't say who the company was.
No.
Um,
but to clarify that ransom was 6.5 million pounds.
Jeez.
That's like $10 million.
Yeah.
That's holy crap.
And currently about a million euros.
That is,
uh,
that's just fantastic.
I do,
um, do, what i mean i'm not in a ransomware situation
but there was one time where when i was younger um i pulled up outside a uh kfc to get some food
literally parked on the pavement like just out of shot of the the counter and uh you're not supposed
to park there obviously came out uh parked up went inside, got my KFC, got to the car.
There's a parking ticket on the window.
And I was looking around.
I was like, what the hell?
The next night, I drove down.
I did the exact same thing, parked in the exact same spot right outside,
came out, ticket on the window.
And the best thing was, days later i did it again
three times in a week and you know what that britney song was written about you
well yeah and you know the i bet the traffic warden was like what is it with this clown
like you know and it's exactly the same as these ransomware people they must have been like what
the hell?
Oh, man.
Billy Big Balls of the Week.
Fantastic.
Oh, dear.
So, we're drawing to the end of the show. We don't have a little people or a sticky pickle,
which is just as well,
because we're running out of time.
However, Jav, you had an idea. Would you like to share it with our guests not not taking any names
you surf morgan all the other people i've been in contact with over the few weeks to give me a
little person segment sorry whose names are you not taking i'm not taking yousef's name or morgan's
name or anyone else's name like that okay so so not yousef not morgan right no no no so i and you know some of
the aztec people's name i'll forget because they're such little people but um because it seems difficult
to for us to to me to take time out of my busy schedule schedule to reach out to people continually
and say hey give me a little person so what we're opening it up to is kind of like a little person
speakers corner type of concept if there's
something that irritates you like tom's voice or like andy's uh annoyingly poor audio quality
the show is only an hour long uh so record a 30 to 60 second piece um whether it be related to
security or those two muppets or anything vaguely tech related.
If you could, I mean, I'm going to say talk about anything as long as you can tie it into security somehow.
As skillfully as we tie things into security on this show.
Yes, exactly.
So if you do that, we will play it in this segment.
If it meets our strict
quality control standards.
You can record it and send
it via WhatsApp to Tom
if you have his number,
or you can email him. Or if not, his number
is 0780...
LAUGHTER
Yeah, I'm
not sure we'd be distributing that number to the masses per se it's uh
um but no email us the very fine chaps at host unknown.tv and we will get you featured on this
show something that no other podcast on the planet will offer you because they look down at you but
we value you
little people we do value the little people i mean you know this is why we are the number one
infosec security infosec security the number one infosec podcast uh i mean the number two one never
does this they're not interested they just like to get the the big people on their podcasts. They're all about the money.
We're all about the community.
So, yes, thank you, Jav.
And that is exactly it, folks.
Thank you so much for listening to our inane prattling on once again.
Jav, thank you very much.
You're welcome, as always.
As always.
And Andy, thank you very much. You're welcome, as always. As always. And Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
r slash Smashing Security.
We're waiting to see who's going to speak first.
More like waiting to see who's going to actually send anything in.