The Host Unknown Podcast - Episode 46 - The Insult free Episode
Episode Date: March 12, 2021This week in Infosec(Liberated from the “today in infosec” twitter account):6th March 1992: For the second year in a row the Michelangelo virus activated on this date. However, the lead up to Ma...rch 6th, 1992 was the first instance of mass hysteria about a virus, though the hysteria was overblown. https://en.wikipedia.org/wiki/Michelangelo_(computer_virus)https://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/https://twitter.com/todayininfosec/status/1368258690143371264https://nakedsecurity.sophos.com/2010/04/08/fame-bbc-newsround/5th March 2003: A Sendmail remote buffer overflow vulnerability was made public. Discovered by ISS 2 months prior, exploit code was published within 24 hours.https://www.techrepublic.com/article/watch-out-for-critical-buffer-overflow-vulnerability-in-sendmail/https://twitter.com/todayininfosec/status/1235425049923862529 Rant of the WeekNike’s Resell Scandal and VP Ann Hebert’s Resignation, Explainedhttps://www.complex.com/sneakers/nike-ann-hebert-son-sneaker-resale-scandal-explained/how-was-joe-hebert-getting-shoes19-year-old entrepreneur from Portland, Oregon. Known as “West Coast Joe” and runs the @west.coast.streetwear account on Instagram, along with its affiliates.Starting his business in high school, Joe begins selling limited-edition drops, “Deadstock”, and establishes Discord channels to share his unique knowledge of Nike sale schedules, sale locations, and more. His success caught the eye of Joshua Hunt, who sought to write a piece for Bloomberg.Fame and fortune got to Joe’s head when he sends through an American Express statement to demonstrate the company’s revenue. The name on the card? It wasn’t Joe. It was Ann Hebert, VP and GM of Nike’s North American market. Joe's mom. Hunt reaches out to Joe to discuss the relationship. Joe begs Hunt to not disclose this information in the article and ceases communication with Bloomberg entirely. Ann Hebert resigns just days after the publication of Hunt’s article outlining the story. Billy Big Balls of the WeekSTURGIS, Mich. – A virtual preliminary examination in Michigan was interrupted last week after the defendant was found to be at the same home as an alleged victim of assault while the hearing took place.Coby James Harris, 21, had gone before St. Joseph County District Court on March 2, accused of assault with intent to commit bodily harm less than murder, stemming from an incident Feb. 9 in Sturgis, Michigan.About seven minutes into the proceeding, Deborah Davis, assistant to the prosecuting attorney and representing Lindsey, said she believed Lindsey and Harris were in close proximity during the livestream, based on Lindsey’s answers and body language.“Your Honor … I have reason to believe that the defendant is in the same apartment as the complaining witness right now, and I am extremely scared for her safety,” Davis said. “The fact that she’s looking off to the side and he’s moving around, I want some confirmation that she is safe before we continue."Middleton asked Lindsey where she was at that moment.“Um, I’m at a house,” Lindsey said, with hesitation, giving a Hatch Street address in Sturgis.Middleton then asked Harris to divulge the address where he was. Harris gave a house number on East Lafayette Street.Middleton told Harris to go outside with his cell-phone and take a photograph of the house number. Harris declined, saying he was limited by low phone battery and that his device was connected to a charger.A few moments later, Davis said the police were at the door of Lindsey’s confirmed location to check on her. Lindsey was instructed to go to the door to speak to police.“We may need to adjourn this, your Honor,” Davis said to Middleton.Lindsey's connection to the court proceeding went offline after it showed her speaking to police outside the home. Moments later, Lindsey’s livestream came back online, showing Harris inside on Lindsey's phone and in the custody of police. Davis briefly “face-palmed” upon the reveal that Harris was at the same location as Lindsey.https://eu.sturgisjournal.com/story/news/crime/2021/03/05/court-hearing-postponed-after-accused-found-same-house-witness/4587600001/(start at 06:30.) Rollerblading Karachi cops https://youtu.be/Q0jED85uwbw Our source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe! Industry newsSITA Supply Chain Breach Hits Multiple AirlinesDocker Hub and Bitbucket Resources Hijacked for Crypto-MiningMcAfee Faces Decades Behind Bars After Fraud IndictmentNCSC: Don’t Fall for Mother’s Day Scams This WeekMicrosoft Expands Coverage of Exchange Server PatchesMost Threat Analysts Banned from Sharing Intel with PeersThird of Office Workers Warned After Sharing Data Via Unofficial AppsSuperstar K-Pop Band’s TikTok HackedSchool Boss Resigns After Porn Found on Computer Javvad’s Weekly StoriesIndustry Leaders Javvad Malik and Wendy Nather to Headline Infosecurity Magazine Online Summit - industry pioneers Javvad Malik, security awareness advocate at KnowBe4, and Wendy Nather, head of advisory CISOs at Duo Security (Cisco), will be headlining the upcoming Infosecurity Magazine Online Summit, taking place on March 23 and 24. Tweet of the WeekDr Jen Golbeck reminding us how creepy Facebook and other advertisers (but mostly Facebook) are:Accelerometer Vibrations to Speech — How your phone’s accelerometer can snoop on your calls (popular press)La Liga Soccer App Spying Scandal — Without telling users, Spain’s soccer app used GPS and microphone access to fine bars who hadn’t paid licensing feesSonitor’s Lyra system uses your phone’s microphone to track your position — an example of the ultrasonic beacons mentioned in one of my videosLocation tracking through WiFi signals — Your location can be tracked even if you turn off location servicesFacebook Shadow Profiles — Even if you haven’t set up a Facebook account, the company likely maintains a “shadow profile” of you.Target Knows You’re Pregnant before you tell anyone else — here’s howhttps://www.tiktok.com/@jengolbeck? https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620https://twitter.com/jengolbeck/status/1368991334309257216?s=20 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I suppose I don't have time to get another cup of Charny, do I?
No, no. Mind you, I found myself reading words I never thought I'd read earlier this week.
It was, the firmware on your mug is now up to date.
You're listening to the Host Unknown Podcast.
to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are listening to us from. Welcome to Host Unknown Podcast. Mr Malik, how are you?
I'm good, thanks. Glad it's Friday. looking forward to sleeping for two days actually
did you just have to force
yourself to say
glad it's Friday
no
it's so endorsed
Mr Malik how are you
I'll tell you what was happening
I was typing something I was looking for
something while the sweeper was going on
and then he broke in I muted my mic because I know you for something while the sweeper was going on. And then he broke wind.
I muted my mic because I know you hate my clickety-clackety keyboard.
Your mechanical keyboard.
Yeah.
And so I started replying and I realized I was on mute.
So then I had to unmute myself and take another breath and say,
glad it's Friday, guys.
Okay.
Objection overruled.
I thought you broke wind halfway through.
Oh, dear.
So what have you been up to, mate?
Just, I don't know, man.
It's very busy, but I just don't know.
Everything's a haze.
You know when you get so busy that you just are on a roll
and you just feel like you're constantly delivering stuff
either for work or the kids or the wife or, you it's uh just a never-ending treadmill but but it's good in a way
i i i talked to friends who have been on furlough since last year or they've been out of work for
instance last year and i am very happy that i am in this situation we were saying this just before
weren't we it's like sort of bemoaning the fact of
how busy we were and all that sort of thing and you think this is not something to be complaining
about right now i mean yeah obviously mental health all that is really important but really
yeah you know fortunate if you if you've got work and an income and all that sort of stuff
um you know it's it's pretty good life's pretty good given
what we've just gone through just uh on that so friends that were on furlough are any of them in
the security industry no yeah i i don't know anyone that's in in security that's on furlough
not saying that there aren't people that might have lost yeah that's what i was just wondering how early on i i knew of some um in the sort of sales
environment um uh but they were furloughed for like you know two days of the week or something
like that they weren't all in this country it was a different sort of government schemes
yeah you know and i think that was more a sort of uh cash flow protection more than yeah there's a
lot of uh companies are very quick to react to uh proactive cash flow protection more than anything. Yeah, there's a lot of... Companies are very quick to react to proactive
cash flow protection measures.
Yeah, absolutely.
There were some companies that went on
25% pay cut
or
20% pay cut.
I know people, exactly, I know
teams of people that that happened to.
Literally, we still want you coming in
five days a week, but you're going to only earn 80 of the money it's like yeah it's not got a job yeah
exactly it's it's that quid pro quo is not really there is it you know if you're going to do that
at least accept the fact that actually most people would still put in five days work over those four
days you know and and then let them have that day at a time when they might
need it most to be with their families anyway this is uh you know welcome to host an unknown
in a pandemic review uh so barely 12 months on we still hadn't gone into lockdown at this point last
uh last year no not quite had we another week uh 23rd officially when it was as late as the 20th
so at this point this time last year um there was actually a funny headline which was um
coronavirus conference gets cancelled due to coronavirus
bloomberg did that so i was looking through know, like one year ago on my phone.
And yeah, at this point, the UK still hadn't locked down.
They were looking to contain or delay it until the summer.
We were quite late to the game, weren't we? Yeah.
That old herd mentality.
Yeah, that plan didn't work.
No, herd immunity.
Herd immunity.
Get the pitchforks out.
I want herd mentality.
Now you're confusing the government with Twitter.
Although both about as effective.
Yeah, New Zealand got it right.
They've had a number of their massive stadiums filled up
in the last three to four months.
They completely got it right.
Yeah.
Then again, I say it's a bit easier when you're on the arse end of the planet
and you're not a major hub where most of the world travels through
or resides in.
I think it's not a completely accurate comparison.
I think there's elements of that are very, very true.
I think, obviously, I think more could have been done.
Andy, how are you?
Good, not too bad.
I did see some exciting news, obviously,
and I don't think anyone would be
surprised to know that host unknown was linked with the news story which has dominated the world
news services this week really it is a story of royal proportions no less well obviously i mean
you know my knighthood's obviously in the making you know it's just a matter of time really yeah so this uh broke uh and tom this is actually one that you caught on the 8th of march oh yes
and you know when you actually look at it it's right there in black and white we are clearly
linked uh you know in what's that like the top line We're in the first two lines of this story about, you know, former former royal addition to the family, Meghan Markle.
Mm hmm. And so the headline is actually Bethany Frankel mocks Meghan Markle for supposedly suffering at the palace.
And he says, cry me a river.
So this is from Celebrity Insider.
And in response, Frankel wrote, cry me a river.
The plight of being a game show host, unknown actress,
to suffering in the palace with tiaras and a seven-figure sword.
We make the news.
We make the news. A very big story we made this week. We make the news.
A very big story we made this week.
We are up there.
I tell you what, my Google alerts are on point.
Absolutely.
Absolutely nothing wrong with that one.
AI will take over the world.
It'll take over the celebrity pages of Hello.
Anyway, what have we got coming up for you today?
We've got This Week in InfoSec,
Tweets of the Week,
Bully Big Balls,
Rants of the Week,
Industry News.
Unfortunately, as part of the outstanding settlement agreement, there will be no more little people in the
foreseeable future. Yeah.
That's aka the Yusuf clause.
Yeah, the Yusuf clause.
Exactly.
Sorry, Yusuf.
But will we have
a sticky pickle of the week?
You'll have to wait until the very end of the show,
I'm afraid. You've got
50 minutes of these
blithering idiots uh to get through first of all but why don't we move straight on to
this week in infosec well i love that intro to that one um so this is the part of the show where we take a brief
stroll down memory lane and talk of events of yesteryear uh with the benefit of hindsight
so the content here is inspired by the today in infosec twitter account and embellished by us
so just trying out new taglines here.
Yeah, absolutely.
I like the inspired by because they've not been doing anything
to their Twitter account, have they?
No, it's been slow.
It's famine time, and I think they're on furlough maybe.
Yeah.
So just before I go into the stories this week,
I should issue a correction, and it won't be a trend
because we'd spend more time on corrections in content if we did uh but friend of the show and sometimes my alternate identity
mr quentin taylor uh pointed out that uh something i said last week about the zone h mirror uh is
actually very much still running and i gave out factually inaccurate information last week uh by
saying it hadn't been updated for five or six years. You just hadn't looked at it for five or six years.
Well, I mean, the intern made a mistake.
You know, as soon as I was notified,
I took steps to make sure that it didn't happen again.
How that slipped through our army of fact-checkers,
I have no idea.
But we're grateful for friends like Quinton.
Yeah.
Yeah, so thank you, Mr. Taylor.
You win the prize
for that deliberate mistake
that I put in.
So if you ping me your address
via wire and I'll send you
three of the finest Cadbury's
tiffin bars for you and the family
to enjoy prior to St. Patrick's Day.
Nice.
I found a mistake in that case.
No, no, by default,
like everything's a mistake.
That was a deliberate one though yeah oh right i said that's the trick subtle difference yeah so this uh first story is going back we're talking michelangelo madness
and we're going back a meager 30 years on this one um so the michelangelo virus was first found in early 1991
and funny enough in new zealand as we were just mentioning uh you know so not only do they have
mordor and uh you know that the orc armies contend with they've got this uh virus um early 90s uh so
the michelangelo virus is a typical sort of of infector of diskette boot records and the master boot record of hard disks with one special exception.
So with this virus, if an infected system booted on the 6th of March, you know, any year, the Michelangelo virus would overwrite parts of the hard disk with random data.
the Michelangelo virus would overwrite parts of the hard disk with random data.
And that would then render the hard disk, you know, inaccessible.
You know, you lose all that information.
So the virus was named Michelangelo not because of, you know,
anything in particular about the virus,
other than the fact that one of the first people to analyze it noticed that it actually activated on Michelangelo's birthday.
So therefore, you know, the name stuck because you know how they named things back in the day um so anyway you
know we were slow back then about these viruses so we knew this thing had been around you know
1991 so the second year came along uh you know where this was uh you know going to get notoriety so 6th of march 1992 was approaching and in the weeks that
preceded that there was this um like explosion of inter interaction between like the media and the
the antivirus industry and the michelangelo virus actually became a major news event
um so there were stories warning about you know the destructive potential
of this virus and how it's going to bring the world to a stop uh it's broadcast on major tv
networks uh you know articles started uh putting in mainstream newspapers things like that um so
as the you know the date was approaching think like this is probably a preview to what uh you
know the millennium bug was was looking like when it came comes to hysteria
um so the predictions of the number of systems to be wiped out grew to the hundreds and thousands
and into the millions and then you know the whole world was going to collapse and that many computers
back then well there was and so this is the uh funny thing so there was a guy called john mccaffey
who claimed that not only was michelangelo the third most common computer
virus but he predicted up to five million pcs would be hit on michelangelo day and so that
story was then obviously you know taken as verbatim and hit all the the news news uh news
wires people went out and bought McAfee's antivirus
software. Yeah, and that's it.
So for anyone that doesn't know John McAfee,
he's not the
dubious, libertarian,
crypto-loving presidential
candidate that sometimes
goes on the run,
currently in prison.
But he was actually, at the time, considered to be
one of the usa's leading
experts um you know on computer viruses so you know what he said did actually um you know make
sense and you know it's such innocent times back in 92 you know why wouldn't you believe the experts
uh so i've got three of the headlines from that day uh so usa today you know front page thousands of pcs could crash on friday uh you
know the washington post says deadly virus set to wreak havoc tomorrow uh los angeles times just
says paint it scary uh yeah i'm not sure about that one uh so cnn sent a film crew to the mcafee
offices hoping to catch this disaster on camera okay and then what i love about this is
not to be outdone by our american media cousins the uk's very own flagship news program called
news round for those of those uh john craven's news round they sent a news crew to the offices of a company called sns international who were
the developers of dr solomon's antivirus
do you know like there was a at the time in 1992 there was a middle-aged gentleman by the name of
graham cluley no way Who was coding the first Windows version
of Dr. Solomon's software.
Yeah, so this is a major news event.
Was he on camera?
Have we got footage?
I don't have footage, unfortunately,
but I would love to go through those archives.
I want to see what Graham looked like in his 40s.
I know.
It would be great to imagine.
Okay, he must have been so young back then.
So anyway, long story short, March the 6th came along,
big anticlimax.
You know, Michelangelo was found on some systems,
possibly destroyed data on some of them.
But, you know, that whole worldwide disaster that was predicted
didn't actually happen
um but uh michael michael angelo madness as it then became known did have uh one big effect
on the industry as we know it uh so you know because people were worried about this the you
know this widespread damage they actually went out and bought antivirus software
um to make it table state on yeah and so yeah went out in mass
apparently there were stories of lines of people queuing around the block waiting to buy buy uh
buy copies of it uh and almost overnight uh mcafee became you know the market leader
um you know so at the time march the 6th 1992 the only winners from Michelangelo virus were the antivirus companies.
Yeah.
And I'm sure it was entirely coincidental that McAfee, the company that later went public, IPO later in the year in October of 1992.
I was always a Dr. Solomons person, even in my first IT manager role.
Yeah, that's more of the European.
Dr. Solomon's was definitely my thing.
Oh, did something just get updated?
I see a picture of a young Graham Cluley.
He looks exactly the same.
That's not it.
No, so, Jav, this is 2010.
That's got to be recent.
That's 20 years after what we're talking about.
I'm sorry, I sorry i was he made
mention of his appearance on news round and uh that was the first but i'm sure if we follow the
links we will find we'll get there eventually but that's the other thing you know the internet
wasn't actually that widely accessible you know in the early 90s so this is still people that you
know had a computer at home that were likely taking documents from the office back home to work on them.
On a floppy disk.
On a floppy disk.
Yeah, exactly.
Which weren't floppy.
Which were hard.
Yeah.
The other thing I did like about this story was, you know, just that link with McAfee talking a load of crap and then profiting from it
and i'm just saying you know the guy that's currently in spain awaiting extradition
for tax evasion uh you know is accused of pump and dump schemes where he's brought larger numbers of
publicly traded coins and promoted them on twitter and then sold them for a profit. So I'm just saying 30 years apart, you know, there's not much new stuff in InfoSec.
Excellent.
Yeah, that's an interesting one.
And the other one is actually, it's a smaller story.
So this is taking us back to just 2003, so a mere 18 years ago this week.
A send mail remote buffer overflow vulnerability was made public,
which was discovered by ISS, like the Internet Security Scanner,
two months prior.
And as soon as it was made public, the exploit code was released
within 24 hours.
And that was in 2003.
And again, looking at this, you know, at the time, SendMail, the most widespread SMTP server in use, was one of the, this article, you know, sort of says it was one of the cornerstones of the internet.
So any flaw that affects SendMail has major security implications.
internet so any flaw that affects send mail has major security implications so see how this newly discovered buffer overflow can allow for remote exploit of send mail and here we are 18 years
later you know kicking off the week with the news that exchange has got these major vulnerabilities
yeah you know exchange is one of the most widespread mail servers in use,
once again proving that there is no new stuff in InfoSec.
But it's the on-prem, isn't it?
It is the on-prem of Exchange, which lots of people still have.
You know, they do link with both on-prem and... Yeah, there's a lot of hybrid out there,
and there's also just a lot of companies that won't fix it if it ain't broken.
No, exactly.
A lot of smaller companies as well that depend on it.
Yeah.
Yeah, absolutely.
So everything old is new, and everything new is old.
Thank you so much for that, Andy.
Very good, yeah.
Thank you.
This week in
InfoSoul
excellent thank you very much
right let's move straight on
although we didn't stay quite as long on that
as we did last week
but let's move straight
on to this week's
listen up
rant of the week. It's time
for Mother F***ing Rage!
Yes, this is me
and this isn't so much
of a rant but I think
It is a rant.
It's a rant about nepotism.
It is. It is. Whatever that means.
So
I don't know much about trainers or sorry for our american
view listeners sneakers but apparently they are big big business especially with like limited
editions coming out and you know what have you um you know uh it's it's apparently a multi-million, if not billion sort of dollar
industry at the moment. So, you know, people, they try to buy stuff and sell them all the time.
And there's a 19-year-old entrepreneur from Portland known as West Coast Joe. And he runs the West Coast Streetwear account on Instagram.
And he started his business back in high school,
selling limited edition drops, dead stock,
and establishes a Discord channel to share his unique knowledge
of Nike sales schedules, sales locations, and more.
of Nike sales schedules, sales locations, and more.
Now, his success caught the eye of a reporter at Bloomberg.
The fame and fortune got to Joe's head, and he agreed to this interview with the reporter.
And he was so keen to please the reporter,
and I'm sure the reporter had some good tactics,
that he sent
through his American Express statement to demonstrate the company's revenue. Now the name
on the card wasn't actually Joe's it was his mother's who was Anne Herbert the VP and GM of Nike's North American market. Ooh.
So the reporter reached out, said,
let's discuss the relationship with your mum.
And he gets on his knees and begs him not to disclose the information
and ceases communication.
The article gets published,
and Herbert subsequently resigns days after the
publication uh where they outline the story so you know this does seem sketchy um you know
actually Nike has uh an employee online store where they get discounts for their products,
but they have a code of conduct, and the first line is it,
do not resell.
And then they go on to say that as a Nike employee,
you may learn of business opportunities or what have you
that may be a benefit to Nike, but don't
take advantage of it, you know, and to benefit you and your loved ones.
So the question arises is, how was a Nike VP able to set up a company with a son's name?
a company with a son's name? How was her son able to gain exclusive information?
Information that allegedly, according to the statements, let him bring in as much as $600,000 a month. A month? A month. How do you get hold of that much stock without raising a flag inside a Nike. Well, you know, there was two things that were going on.
One is he had some knowledge of where some of these items were being shipped to.
And he was using bots to get in there quickly and buy them very, you know, straight out the bat.
The second part is he set up a Discord channel
where he was selling information to the masses saying,
sign up and I'll teach you how you can become a sneaker billionaire.
And people were...
I hate those things.
Yeah.
So many people are doing that.
They're like, oh, become a millionaire overnight by dropshipping.
Like, you know, you sit back on your beach,
all you do is set up these Alibaba accounts and you know just put up a shop front uh yeah it's yeah frustrating because if
everyone could do it everyone would be a millionaire sounds like you've been stung andy
joe unfortunately i have so you know like i'm part like the whole next door app uh you know
so i can see my neighborhood and stuff like that and sometimes i see these scams that go around um you know when people say hey has anyone had this and
like i got bitter very early on in my life when um must have been like maybe 11 or 12
and uh you know walking down the the high street uh you became bitter at 11 or 12. Yeah.
This car pulled up. Explains a lot.
This car pulled up.
And this guy was like, you know, to me and my mate, he's like,
oh, it's like, you know, guys, he said, you know,
showed this ID, worked for whatever, H. Samuel or something,
you know, whatever jewelers it was at the time.
And he said, you know, I worked for him.
Yeah, because I got some extra stock. He goes, you know, he goes, but I the time and he said you know i worked yeah because i got some
extra stock uh he goes yeah he goes but i don't want to take it back he's like you know do you
want to buy it and he's like you know it's all genuine gold and you know absolutely believe that
crap as well and uh so it must be like maybe like 12 years old i bought this gold bracelet for
all the money i had which was like 12 pounds at the time and my mate did the same as well like
you know 12 pounds both got these uh gold bracelets they're really weighty and stuff
um and then you know wearing it through the day thinking we're looking cool then you know I got
home that night and um yeah it kind of went green in the bath uh you know and it's just you realize
it's one of those common scams so since then then, I mean, I've just, I get really annoyed when people say,
do this, it's that easy, because they're the only ones making money.
So I have an instant dislike for any of those things.
So today I learnt that matey bubble bath turns gold green.
Can you still get matey? I have got a bottle of it in my bathroom now
oh that's fantastic yeah gotta love a bit of matey
but yeah i mean this i mean discord's one of those things that is actually you know it's
another one of these channels i don't think the the work's different in terms of what he's doing to make money uh you know it's been around
for the ages it's just the different channels that people are using to to promote these days
aren't they just different audiences that's it that's it i i think the two things that got me
in the story i think one is pretty clear the other one is not so much the one is pretty
clear that you know insider knowledge is a bad thing you shouldn't you be using it to to make
make money i think most people would agree with that the the second part is really about the
legality or the uh how ethical it is to use bots to to buy stuff and i my immediate reaction was oh it's it's kind of like
you know you remember back in the days of ebay when before you could automatically set your
highest bidding and everything you had to be on there and put bids in on the last second and then
you realize some people were using bots and that would infuriate you but um you know i i get it
when you're uh using a bot against other people or what have you,
it can be a bit frustrating. But, you know, with all this talk of machine learning and
artificial intelligence and automation and orchestration and all those kinds of things,
you know, from a business perspective, they're always using bot technology to a degree to be more efficient um so why can't
the average person use bots to be more efficient and uh you know we can always come up with
arguments here or there about how ethical it is or not but i think we we need to come to some sort
of agreement as to like is this technology that is super automation only allowed for the privileged
few and everyone else you have to make do with, well,
if you want to automate your lights and your heating at home, that's okay.
But if you want us to take it beyond that, then, then no,
we're going to look down on you.
So I just thought that was an interesting sort of angle that came out through
the story.
It has elements of the GameStop scandal that's going on at the moment.
Oh, yeah, where the big companies are allowed to short places,
but if the general public do it, it needs investigating.
Yeah, exactly.
Exactly.
Nothing illegal was done as such.
As far as I understand, I don't know the story fully, but nothing illegal was done. It's just a group of people decided to help out a company that was an integral part of their growing up, to be honest with you, and saw that it was plummeting and potentially going out of business and basically decided to put confidence back into that company by buying money,
sorry, by buying shares.
And isn't that what the market is about confidence?
Exactly.
I did like Blockbuster's tweet after that GameStop thing.
They're like, hey, Reddit, do your thing.
Was that actually Blockbuster?
No, it was a fake one.
It was funny, though.
Yeah, yeah.
Do you know there is still one Blockbuster store open?
Yes.
Yeah.
The last one.
Yeah.
The last one.
And, in fact, in a final, well, I'm going to say in a final kind of
fuck you moment, there is a Netflix documentary about it.
Oh, man.
Netflix, who offered themselves to Blockbuster back in the early days
and Blockbuster said, no, you're right, mate.
Wow.
It's like Eric Bischoff turning up on Raw.
Sorry, what? right mate wow it's like eric bischoff turning up on raw we did say we were going to uh pop quiz you this week tom on uh how about we finish this one how about we finish this round to the week and then we'll um
then we'll go on to the pop quiz show it okay well on your point about confidence uh people can
also build confidence in host unknown uh through our sponsorship packages that are available on our site.
Hostunknown.tv.
Yeah.
Sponsorship starts from as little as a pound.
But if a million of you all get together and put in a pound.
There you go.
There you go. R go rant of the week
the host unknown podcast orally delivering the warm and fuzzy feeling you get when you pee yourself
i've forgotten about that one.
Oh, dear.
So, I mean, I didn't actually have anything.
So, Tom, in your own words, you've got 30 seconds.
Tell me what the Montreal Screwjob was.
That's the family-friendly version.
Okay, that's a cocktail, isn't it?
Do you know, we try and educate you.
We take time out of our weekend to educate you,
send you YouTube links, commentary, and you're just not, you know,
you can lead a horse to water, right? Is it one of those spin-off films from the Cannonball Run?
Or the Italian job, something like that i don't know all right next i got that one right i held that one next i don't know i'm out jeff you're out where do we go you
guys knew your stuff come on yeah oh we're gonna give him a pop quiz. One question later. Come out. Who did Mark Henry defeat to win his first world championship?
Cassius Clay.
Okay, okay, okay.
How about this?
I'll make it easier.
What sport was Mark Henry involved in before?
Olympic sport was he part of
before joining wrestling?
The 1924 chess team.
Chess was an Olympic sport in the 20s.
You remember it well, right?
Yeah, Graham told me about it.
Yeah, we better move on.
I don't think you're going to get any of it in.
All right, then.
It's time for me to do this week's...
So it has been mentioned to us that Billy Big Balls
might be alienating roughly know a you know roughly half of our audience
when actually we're not obviously talking about actual balls it's more sort of metaphorical balls
yeah cojones i think yeah that's a good time although cojones does just mean balls but i
think in the in the um in in a vernacular i think cojones does
mean metaphorical balls doesn't it yeah but if anyone uh objects to that we can then turn on
them and say they're being racist yes there you go yeah top gear got nothing on us anyway so Anyway, so this Billy Big Balls goes to a lawyer in Michigan, I think,
something like that, a lawyer.
And she was cross-examining a witness in a case.
And it was all on Zoom.
And this is where it kind of, if you watch the YouTube and we've got the link in the show
notes, it's about 25 minutes long. You want to start at about six minutes 30. And you probably
don't need to see it all the way through to the end, but it plays out a bit like a TV show. It
really does. And so there was this virtual preliminary examination that was interrupted after the defendant, who was also on screen, was found to be at the same home as the alleged victim of the assault.
So this chap, Kobe James Harris, he'd gone before the court, accused of assault with intent to commit bodily harm, less than murder, blah, blah, blah.
Stemming from an incident in February.
About seven minutes into the proceedings,
hence why I said six minutes 30,
Deborah Davis, who's the assistant,
and who is this week's Billy Big Balls of the week,
assistant to the prosecuting attorney
and representing Lindsay, the woman who had been attacked,
said she believed Lindsay and Harris were in close proximity during the live stream
based on Lindsay's answers and her body language. And to quote, this is exactly what she says. She
says, Your Honor, I have reason to believe that the defendant is in the same apartment as the
complaining witness right now, and I'm extremely scared for her safety.
Davis said the fact that she's looking off to the side and he's moving around, I want some
confirmation that she's safe before we continue. She was asked where, um, the, the, uh, witness
was asked where she was at the moment. Uh, I'm at the house very much hesitating and gave a you know a hatch street address um
the um the accused was also then asked to divulge his address and he gave a house number on east
lafayette street completely different um he was then asked to go outside and take a uh photograph
of his house with his cell phone he declined declined, saying that the low power on his phone
meant that if he disconnected from the charger, etc.
What you actually also saw was there was a police officer
on the Zoom call, and he went partially off screen,
picked up a phone, made a phone call,
and actually he got the police to go round to the witness's
address. And within minutes, they were there. And the accused's Zoom call ends abruptly and
comes back on as he's being cuffed and trying to apologise for what he's done. But anyway,
the damage was done. But anyway, the damage was done.
But the big balls here was this was a prosecutor who wasn't just looking, a public prosecutor,
just looking to go through the motions here or whatever.
This was somebody who was genuinely interested
in the well-being of the client and actually decided to...
Picked up on all the cues as well, I guess.
Yeah, picked up on all the cues.
Non-verbal cues.
I'll be fair here.
Probably, or there's reasonable...
I think it would be reasonable to say
that the average male lawyer
may not have picked up on those cues.
They may have just thought,
oh, she's nervous or...
She's nervous.
She can see him on the
screen or whatever yeah exactly exactly so you know i think i think uh you know a real real good
but what i think what i think this comes down to as well is how uh the internet and even things
like zoom calls etc they often say you know by by separating everybody out, it makes it more safe and secure.
You hear about witnesses giving testimony over video statements,
over video and things like that.
You have to guarantee the security of the environment they're in as well.
And this is one case where that security was not in place,
and this could have been a real sort of perversion of
justice so yeah billy big balls bit of a rant bit of a you know going off on one but this was uh
brilliant um so yes oh and also um davis the prosecutor uh in a in a brilliant coup d'etat
here davis briefly facepalmed upon the reveal
that Harris was at the same location as Lindsay.
She's probably bemoaning the criminal mind, let's face it.
So it was adjourned, et cetera.
It was adjourned.
The guy had his bail bond removed.
So I believe that means he was basically...
Recalled to jail.
Yeah, reprimanded.
So he was facing 10 years anyway, wasn't he?
And that's before they now add witness intimidation, I guess,
to the list of charges.
Exactly.
I mean, like I say, the criminal mastermind.
Jeez.
What did he think was possible?
You know, it was going to come out at one point or another, you know.
It's also one of the problems, I guess,
with all these remote court cases at the moment.
Yeah.
You're either being intimidated in your own home or you're a cat.
Yeah.
Yeah.
Now, that was genius.
Yeah.
I know.
We didn't cover that one. I not a cat your honor yeah yeah yeah
but but this is the thing i think with uh with lockdown we've seen a huge spike in domestic abuse
yeah uh that's gone up and um also it's i think you're right that the female um prosecutor probably is far more in
tuned into looking out for signs of abuse and what a victim actually looks like you know like
guys they they pretend to be sympathetic and empathetic but you know most people haven't
ever experienced anywhere near what a lot of these ladies go through on an almost daily basis from just general, from what guys might think is general like banter.
They could perceive it as a harassment, intimidation and, you know, all those kinds of things.
It's, it's, it's, we're, she's very fortunate in those, in that circumstance. But I think it's, you know, just think about how many other cases go on like this on a daily basis that no one really picks up on.
Yeah, no, I was talking about, I was going to mention, you know, this week, the, the case of the girl, Sarah Everett, who was, you know, walking home from clapping.
And, you know, so it went disappeared.
And now, you know, sadly, her body's been found.
But the person involved was not only a police officer,
but also previously accused of, you know, indecent exposure.
And there's a lot of, you know, it wasn't really investigated properly
because, you know, it was a guy.
Jesus Christ.
I thought this was the police force, not the fucking Catholic church.
Yeah.
Yeah.
So, I mean, yeah, there's that.
It just opens up that whole thing, you know,
would it have been different if it wasn't, you know,
boys looking out for boys sort of thing.
Yeah.
Yeah.
Yeah.
Although I did hear that he'd'd been hospitalized for injuries incurred whilst in
custody yeah don't know um yeah well yeah i don't know whether it's like that um do you remember
years ago there's a guy who um tried uh stealing from a load of marines that had just come back from deployment um and they apprehended him
called the police and uh while they were waiting for the police or something he sustained sort of
like two broken arms a broken leg and like you know facial injuries caused by falling off the
curb while uh while he was waiting for the police to arrive and uh you know that was a
story that everyone had at the bar he fell off the curb seven times yeah yeah it reminds me of this
this old it was on channel four or something a long time ago it's called karachi cops it was
like a documentary and uh they showed that they were interviewing the police and they'd been a crime and they were like,
do you know who, will you be able to catch it?
It seems like, no, don't worry.
Our investigators are really competent.
We'll find someone, we'll find someone.
And then the next scene, you see some poor guy
who's clearly been beaten and he's like, you know,
begging for his life and he's like, yes, I did it.
I'm sorry I did it.
He's like, you know, begging for his life.
And he's like, yes, I did it.
I'm sorry I did it.
Yeah, that's hard.
And that happens with the case of the, not to, you know,
try and get open old cases, but that girl in Italy who was accused of, was it Amanda something?
Yeah, yeah, yeah.
Yeah, they immediately arrested like you know four people
and then all of a sudden you know one of them confessed almost immediately
and it happens in other places as well where tourism's a massive um you know thailand and
the likes of that where tourism is really important for the economy um they tend to find
criminals very quickly,
and you kind of wonder whether they are actually... To show justice.
Yeah, to say it's safe.
No one will ever get away with crimes.
But you sometimes look at the evidence,
and I don't think it would stack up in the burden of proof
that's needed in the UK justice system.
Yeah.
Yeah, so anyway, that was... This week's billy big balls of the week goes to uh
deborah davis assistant to the prosecuting attorney in michigan billy big balls of the week
actually um just to uh not offend any of my Karachi friends,
I'm sorry if I brought up Karachi.
So actually a few weeks ago,
there was a video put out by the Karachi cops.
Karachi is a city in Pakistan for those unfamiliar.
I should have said some things.
I'm talking about something crunchy.
But they are deploying a new elite unit.
I'll post the video into the show notes.
But they are rollerblading.
Yes.
So they are rollerblading cops with guns in Karachi,
which is not known for having the most rollerblade-friendly streets.
I was going to say, it's not known for its pavements.
But, yeah, criminals try to get away now.
Watch the video.
It's highly informative.
I'm waiting to see this kind of skill displayed by police forces
all over the world.
Don't criminals use, like, what's it called,
like the Dalek attack in order to get away from...
The Dalek defence.
The Dalek defence.
That's what I meant.
Excellent.
Andy, I think I know what time it is.
It is. It is time for us to go to our sources over on probation at the InfoSec PA Newswire
as they've been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
CETA supply chain breach hits multiple airlines.
Docker hub and Bitbucket resources hijacked for crypto mining.
McAfee faces decades behind bars after fraud indictment.
NCSE, don't fall for Mother's Day scams this week.
Microsoft expands coverage of Exchange server patches
Industry News
Most threat analysts banned from sharing threat intel with peers
Industry News
Third of office workers warned after sharing data via unofficial apps
Industry News
Superstar K-pop band TikTok
hacked. Industry news.
School boss resigns after
porn found on computer.
Seriously?
Honestly. It's so
cliche. Industry news.
And that was this week's
Industry
news.
I mean, seriously?
A school boss can afford a porn laptop.
Exactly.
But they decide to use one on a school computer, probably?
Well, that's probably where it was found, yeah.
It would help if we read the stories, actually.
Well, yeah, exactly. exactly well that's not what people
listen to i mean i mean come on i know that you know when one gets a little horny the brain starts
to act a bit oddly but but seriously yeah it was his work issued computer um just to clarify yeah well well okay he he's in arizona so oh let's set the bar there
okay okay and he's 67 years old tommy lewis jr
so yeah he was uh it says lewis's proclivity for porn was discovered during a random internal security scan run by the county's IT department.
It wasn't random.
They knew exactly what they were looking for after they saw some of the firewall logs.
Well, exactly.
It says their logs blocked over 100 attempts to access sexually explicit websites.
Well, let's see.
The image was... No. I don't want the image. No, Well, let's see. The image was, no.
I don't want the image.
No, no, no, no.
The image flagged by police was found on a flash drive that Lewis had left
plugged into his computer.
It depicts an intimate picture of a woman that appears to be upskirt,
non-consensual.
So there was that in a
statement he wrote i am very sorry and shameful thank you for giving me an opportunity to work
for you i wish you the best it gets better is he gonna pray to god
a week after sending his apology,
he sent a text message to the county's HR manager
requesting the flash drive be returned to him.
Oh, dear.
For sentimental reasons.
Well, he's probably feeling down,
so he thought, I know it would cheer me up
if I have a little target.
I need a little bit of post-nut clarity.
Well, he's 67 years old.
Come on.
I mean, honestly, you want to jack off to things, absolutely fine.
I mean, as long as it's ethically produced and all that sort of thing.
I mean, we kind of begin to comment on what was actually on there,
you know, alleged or otherwise.
But you want to do that?
That's absolutely fine.
But you've got to keep that sort of shit separate.
Jesus.
Oh, dear.
Welcome to the Host Unknown wanking tips for the professionals podcast.
Available for consultancy, school teacher.
Yeah.
Special rates for education.
Educational discounts.
I thought this might be the insult free episode, but it's definitely not offense free.
Oh, please say the next-free. Oh, please, say
the next three words, somebody, please.
Huge, if true.
Oh, God.
Oh, we couldn't make
this stuff up.
Please, Jav,
tell me you've got something better.
Javad's Weekly Stories. Industry leaders Jav, tell me you've got something better. Javad's Weekly Stories.
Industry leaders Javad Malik and Wendy Nath
to headline information security magazine online summit.
Industry pioneers Javad Malik,
security awareness advocate at Nobifor,
and Wendy Nath, head of advisory CISOs at Duo Security Cisco,
will be headlining the upcoming
InfoSecurity Magazine Online Summit
taking place on March 23rd and 24th.
How are you an industry pioneer?
Is this going to be live or do you get the chance to pre-record it?
This is going to be live.
You are struggling with the word magazine.
Don't pre-record it.
This is going to be live.
Because you are struggling with the word magazine.
You know, this is such a big – you don't realize the big deal this is.
You know, sometimes there's a – do you guys ever remember watching Smallville,
the Superman?
Oh, yeah, yeah, yeah.
I was aware of it.
Okay.
But the dad of Superman in that show was played by one of the guys
who was one of the Duke brothers from
Dukes of Hazzard
oh yes
and in one episode
the other cousin turns up
and they have kind of like a
in joke reunion
and he brings the Dodd Challenger.
The General Lee?
Yeah, it wasn't the General Lee, it was a blue-collared one.
And they go bombing around the farm or something
and they have a good time.
So it's like if you grew up with the Jigsaw Hazard,
it was like, you know, a really good thing.
So seeing me and Wendy back together again after all these years is similar,
in my mind, at least.
It brings about the same level of excitement.
You're the one coming in onto the video webinar
in a blue charger.
That's right.
Don't have a Confederate flag on the roof,
for God's sake.
We're not going to survive this
No, it's alright if Jav does it
Oh, okay
I could wear my Daisy Dukes as well if that makes you feel good
Oh yeah
Oh dear, oh thank you
Javad's Weekly Stories
Okay, I think we need to move very quickly on we do have one more story
and i think it's an absolute doozy um this is a tweet or yes it's tweets a week um so i think
andy you've got this one haven't you tweets of the week and we always play that one twice sweet of the week superb so this came from a tweet from
um or it actually came from a tweet of dr jen goldbeck um and she was reminding us how creepy
facebook and other advertisers uh but mostly facebook um are uh and i think this is one that
you sent around the group chat potentially.
So Dr. Goldbeck, she's a really engaging creator on the TikTok platform.
And this is so, you know, once this tweet came around, I love the fact that you're sending links to Twitter for content that I see via TikTok.
But, you know, what I mean, just really quickly, really succinctly brings this to life for us.
How all these companies just mine data.
And, you know, one of the articles actually goes on to talk about how it is, you know, people don't want to know.
People want to take advantage of the benefits of these platforms, but they don't want to know how they get there.
And what's that analogy?
The sausage meat factory,
where people want to eat sausages,
but they don't want to see how the sausages are created.
And it's very much people that use these services.
But what I absolutely love about Dr. Goldbeck
is not just she's really engaged
in the way she delivers this stuff,
but really sort of credible.
It's not like for part two or
you know uh by my xyz um you know it's just factual delivered and she cites sources as well
which you don't often see uh you know links to patents to prove that this stuff is actually
happening and things like that um but you know some of the stories she's covered in recent times um you know the
the u.s retailer target uh knows you're pregnant before you tell anyone uh and that's quite an old
one actually it is yes yeah that is an old obviously you know but it but it's fascinating
still nonetheless yeah how they do that and that was one of the ones where they're saying that you
know people will spend those coupons as long as they don't know how target knew about it uh you know his
sort of 15 year old daughter i think it was to receive these coupons for being pregnant and the
father complained yeah and then it turns out that she was actually pregnant and as a result target
now seed bad data into their um into their offers so it doesn't look so you'll get an advert for nappies and you know pregnancy cream or whatever
and then a lawnmower gotcha yeah okay yeah just to try and tone it down a bit yeah exactly because
it is it is too accurate if you see what i mean yeah audit box yeah you gotta give them something
you gotta give them something you gotta have a coffee stain on a document. Yeah.
But other stories, you know, she covers that, you know,
we know about location tracking through Wi-Fi signals.
Dan Cuthbert and Glenn Wilkinson did a great talk about this at 44Con,
you know, a few years ago.
But, again, really well presented, put together.
The Facebook shadow profiles that we all know about, you know, how even if you haven't set up a facebook account company knows you maintain a shadow profile um other favorite
ones of mine the la liga which is uh the spanish uh imitation of the uk's premier league um they
had a football app uh and without telling users and this was mostly android users the app would use gps and microphone
access whilst you were watching the game and they would be able to establish whether you were in a
bar watching the game and if you were they'd cross-reference whether that bar had paid for
a license to screen the football and uh yeah then they'd go and find people um the accelerometer uh you know vibrations to speech
so even if your microphone's not on uh you know that the accelerometer on your phone can be used
to uh snoop on uh you know conversations and calls keywords things like that
but the one that uh got a lot of publicity this week was uh the talk she did um or you know that the video she posted
about how um facebook are able to track people and they've got a patent for this um they may be
able to use um the dust on your camera lenses to identify people you may know uh you know without
using gps or any of the other data that they get
in trouble for um so if you take if i take a photo of you tom and then i take a photo of jav like two
weeks later facebook would analyze whether the dust on my camera you know on those pictures are
the same and if they are they would assume that i'm a common person to you too and therefore you
know we might you know potentially
we may know each other so you uh would start showing up in um you know jav's suggestions
uh as people to see i couldn't think of nothing worse i know that's quite amazing it's it's kind
of like so even if you turn off the metadata the technical metadata this is kind of like environmental metadata that they yeah they they gather and uh it's really quite it's really horrible because i don't know
if you also remember like uh from because of the shadow profiles or because of the messenger app
going through your contacts um there was a story a year or so ago where a psychiatrist was finding
that her patients were being recommended to each other
as friends uh because she was a common uh connection to them both yeah it was really
but here's here's the thing so let's say you you say in facebook and that's because the thing is
that nobody knows whether facebook is actually using this technology or not, because Facebook will not comment, which tells me that they are. But here's the thing. You say to Facebook and you disable
all of the things that say, I want to transmit my location. I want you to have access to this,
that, the other, et cetera. Basically, you say, I don't want you to track me. I just want to
use Facebook in a very, very vanilla way. And I take the hit
for what that brings. What they're then doing is really not observing and recognizing your wishes,
because they're just going around it in a different way that you can't change.
Yeah.
Because it's not just dust that distracts. This is, you know, tiny little micro scratches on your lens
and all that sort of stuff.
So things that, you know, yeah, wipe your finger over the lens, great,
but that doesn't get rid of it.
Yeah, probably get your fingerprint.
Exactly, yeah, exactly.
But this is so, so insidious because it's, you know, oh, you don't want us to track you.
OK, but we'll track you this way instead.
Oh, you don't want to give us access to your microphone because you don't want us to listen into your calls.
OK, we'll use your accelerometer instead.
You know, which which is something that you don't know about or can or can change.
Or maybe you can, but you wouldn't know to change.
about or can change, or maybe you can, but you wouldn't know to change.
And it's just so immoral and unethical and just douchebaggy,
to use the legal term.
Tell us how you really feel.
Oh, man.
I wish we hadn't finished on this one because this would piss me off.
What's really amazing is decades and decades of, say,
like investigation and law enforcement,
and they haven't been able to come up with this many new innovations to how to track criminals.
They're still relying on someone going around dusting down for fingerprints.
And these guys, because obviously they make like 2,000 million a quarter
just from advertising alone
so there's incentive uh they they've got these things oh we can find this to recommend friends
to each other why don't you use this and sell it to law enforcement to find serial killers or
something yeah but maybe but the fact is the evidence gathered by those means would be inadmissible because it's illegally gathered well i'm just saying as a
concept i i know what you mean you're such a you're such a you can't get any you you're almost
like having a wife on the show honestly this is like not a my wife. I can't say anything in jest.
I can't say anything that's just like locker room banter.
I can't say anything that's not 100% accurate.
Did you want to insult your mother-in-law while you're at it?
She's a lovely person.
That's like a reflex response that was, wasn't it?
That's right.
Wait, wait, wait.
She's a lovely person.
She just produced a very terrible off-screen.
Oh!
I was going to say, as you said, a lovely person. But enough of my brother-in-law.
Close recovery.
Close recovery.
Oh, dear me.
I think we need to end
right there
alright folks
thank you very much
for listening
if you have
complaints
don't forget
it's
it's Javad
basically
Andy and I
will do our best
next week
but you know
what can we say
he's a force of nature
oh you want us to start cutting out more segments every week now yeah that's right Andy and I will do our best next week, but, you know, what can we say? He's a force of nature.
Oh, you want us to start cutting out more segments every week now, do you?
Yeah, that's right.
Yeah, this is actually a three-hour show, but, you know.
Yeah, the use of force strikes again.
Yeah, that's right.
Jav, thank you very much, sir, as always.
I really appreciate it.
It doesn't feel like it, but okay.
Oh, mate, mate, it's brilliant.
Thank you.
I hope you have a great weekend.
And Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel. Worst episode ever.
R slash Smashing Security.
So there's this Clubhouse chat group called Council, not Cancel.
So it's about actually giving people a chance to apologize and atone for their mistakes rather than, you know, going straight to their employers and saying, you know, how these people should be cut off.
That's fair enough.
It is.
Well, I'm just saying it's lucky that that's out there because I think, Jeff, you might need it.