The Host Unknown Podcast - Episode 74 - Was it me or was it a long week?

Episode Date: September 24, 2021

This Week in InfoSec (04:56)With content liberated from the “today in infosec” Twitter account18th September 2015: Google notified Symantec that the latter issued 23 test certificates for five org...anizations, including Google and Opera, without the domain owners' knowledge. Symantec performed an audit and announced that an additional 2,622 test certificates were mis-issued.Sustaining Digital Certificate Securityhttps://twitter.com/todayininfosec/status/143938865326496563820th September 1996: An email began spreading about a destructive virus named Irina. Some virus nerd called Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.Computer Viruses and Hoaxeshttps://twitter.com/todayininfosec/status/1307862674387144705 The Box © Charlie Langford Rant of the Week (12:55)Investigation launched after MoD email blunder Billy Big Balls of the Week (20:55)Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day Industry News (34:17)Experts Concerned Over New Digital Secretary's Lack of Cyber KnowledgeRomance Scammers Make $133m in First Half of 2021Former IT Exec Pleads Guilty to Insider Trading ConspiracyData of 106 Million Visitors to Thailand BreachedEuropean Police Bust €10m Mafia Fraud RingPrison for AT&T Phone-Unlocking FraudsterAfghan Interpreters' Data Exposed in MoD BreachHalf of Web Owners Don't Know if Their Site Has Been AttackedUS Eye-Care Providers Report Data Breaches Tweet of the Week (41:43)https://twitter.com/aprivateguy/status/1441091095471874053?s=20https://twitter.com/ReverseICS/status/1441048111292506112And just for Andy...https://twitter.com/AlyssaM_InfoSec/status/1441135546961563649?s=20 Come on! Like and bloody well subscribe!

Transcript
Discussion (0)
Starting point is 00:00:00 Yeah, so when I was up at, uh, came to the aerodrome, right, I was walking the dog, and up there they've got, like, a lot of the livestock, so we went through and there was a, um, a flock of cows. Heard of cows. They were cutting through. Of course I've heard of cows, I saw a flock of them yesterday.
Starting point is 00:00:16 You're listening to the Host Unknown Podcast. Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us and welcome to episode 75. Is it 75? I think it's 75 of the Host Unknown podcast. And Andy, we're going to have to improve your grammar, you know. There's nothing wrong with my grammar. your grammar you know there's nothing wrong with my grammar i was thinking more about your grammar school that you went to that obviously didn't teach you anything i'd speak proper oh okay in it yeah well i did it was about uh 20 years ago i went to school to get educated and today i is it dear me how are you andy uh good it's that uh end of uh q2 end of the you know sales half year so yeah very busy which i know not many infosec people appreciate but you can be uh infosec busy at the end of a sales quarter yeah yeah well working for vendors we know that don't we jav yep work yes
Starting point is 00:01:27 i can see you're fully committed today to this podcast you know we're stuck with monosyllabic answers i i wake up in the morning and piss excellence just like ricky bobby so you know so basically all your excellence has now gone and, and, you know, maybe a fuller bladder would have helped today. So, so busy week,
Starting point is 00:01:53 Andy, because I felt like a really long week for me. I have to say. It has been. Yeah, it's absolutely a long week and it is not over yet. So I think we've still got the whole of Friday to get through. And then maybe a bit on Saturday.
Starting point is 00:02:06 And then, you know, squeeze in a bit more work on the Sunday. Absolutely. Until we get through the end of the month, it's going to continue to be busy. And then it's straight back on to, right, let's start the next quarter with a bang. Exactly. Doesn't help. Doesn't help. Jav, how are you?
Starting point is 00:02:24 Apart from empty bladders empty bladder that's good so i don't have to ask you for a convenience break during recording what can i say jav you know age takes its toll on all of us yeah so i'm waiting till i get to your age so i can get one of those bags pop in so that i don't need to go anywhere I can just uh relieve myself on the move or not so to speak you're such a horrible person to work with I don't know how you could I feel sorry for your colleagues I mean you say it's been a long week I'm gonna ask your colleagues they're gonna say man it's been a doubly long week long yeah I I'm I'm just amazed that you consider this work because you certainly don't put the effort in. Oh.
Starting point is 00:03:08 See, that's a secret. I make it look effortless. Sometimes less is more. This is not going anywhere. I don't care what you were doing. Let's move on to the show. Right, what have we got coming up for you today well this week in infosec relives a semantic screw-up and celebrates nerds of the world billy big balls something something jaina as seen on reddit emails us a little bit more than we needed to know that's a rant of the week
Starting point is 00:03:43 oh is it a rant of That's a rant of the week. Oh, is it a rant of the week? Geez. A rant of the week. Shut up. You don't have to talk while you're tight. No, I'm saying this is why you need stuff
Starting point is 00:03:56 written down because you're just making stuff up. Well, it was going to be a Reddit as seen on Reddit, wasn't it? That was for about a long time ago. We work in an agile format here.
Starting point is 00:04:12 We're all about making, you know, scripting fast. By agile, you mean deleting stuff. And breaking the script while we go along. What have we got coming up today? Well, this week in InfoSec relives a semantic screw-up and celebrates nerds of the world. Billy Big Ball's something, something, something, Diana, rant of the week,
Starting point is 00:04:37 emails us a little bit more than we really needed to know. Industry news brings us the latest and greatest security news stories from around the world. And finally, tweet of the week is a work in progress at the moment. Let's see what Andy can pull out of the bag. Moving swiftly on, let's get on to one of our favourite parts of the show. This week in infosec is that part of the show where we take a stroll down infosec memory lane with content liberated
Starting point is 00:05:19 from the today in infosec twitter account so our first story takes us back six years to a different era when on or around the 18th of September 2015, Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google itself and Opera, without the domain owner's knowledge. And then as a result of this, Symantec performed an audit and then later announced that an additional 2,622 test certificates were missing. Now, so back in, according to the NetCraft survey from 2015, Symantec was responsible for about one in every three SSL certificates used on the web globally,
Starting point is 00:06:07 which made it the largest commercial certificate issuer in the world. And obviously SSL certificates or TLS certificates are used to encrypt those connections between browsers and HTTPS-enabled websites, which is pretty much all of them these days. And the idea is that they verify that users are actually visiting the websites they're intended to and not spoof versions and obviously people issue these certificates are supposed to be you know organizations known by the certificate authorities and you know they are trusted by default in the browsers and operating systems so back at a time when infosec advice was to check that little padlock in the browser uh it turns out you can't even trust that padlock um and google really went to town on semantic after this one i think you
Starting point is 00:06:51 know they sort of berated them for the next year um you know and demanded that semantic uh you know evidence how they um rightly so you know i mean it's one of the fundamental parts of trust in the internet right yeah yeah and so yeah i mean google really took them to town publicly as well um you know there's a whole blog where they're just posting updates about how they're you know verifying um semantics you know claims that no private keys were exposed um you know how employees actually use the tool um you know they want to see the audit logging mechanism, you know, to show that it couldn't be modified or, you know, tampered with. And so, yeah, very early, almost six years ago,
Starting point is 00:07:36 was it early sort of supply chain management, but really sort of done publicly as well. So hadn't Symantec fairly recently taken over from someone else is it verisign or something like that yeah so semantic actually acquired uh quite a few companies um so that they acquired verisign uh geotrust thought and rapid ssl as well um you know so they had a lot of control uh over the web. Because it used to be secured by VeriSign, and then it suddenly changed to secured by Symantec.
Starting point is 00:08:12 And it's like, what? That seems odd. That seems like a sideways step in the business model. And now no one really cares. I mean, wasn't Chrome the first to stop showing the padlock or something? They stopped having it go green. Yeah. They were like, yeah, it doesn't add anything.
Starting point is 00:08:30 Yeah. It just confuses people. And friends of the show, Troy Hunt, has a real thing about it as well, doesn't he? Well, so does Scott Helm. He blogs a lot about SSL certs and how the internet works. Well, if Troy does, then Scott definitely, you know, obviously does. So our second story takes us back a mere 25 years, just almost yesterday, to the 20th of September 1996, when an email began spreading about a destructive virus named irena and then some
Starting point is 00:09:09 virus nerd called graham clully graham clully uh discovered it was a hoax marketing ploy from penguin books of all people what so what on earth were they thinking well i guess it was still kind of the early days but really yeah it was uh i guess still obviously early days but there's a great link via web archive you know just to show how long ago this was this is almost the before times of the internet um you know it's practically on a uh you know bbs uh where they pulled the information from um but there's a great write-up uh from this guy was it graham clully i'm not sure i've never heard of him i don't know but it just some as you say just some nerd from the 90s right yeah so there's a nice list of virus hoaxes like the good times virus and you know irena's in there um authored
Starting point is 00:10:06 by this graham clully um and you know he talks about how he is at the the virus bulletin conference uh in brighton england uh when he first received this message so obviously you think back then like is someone got a virus alert is he american if he says brighton, England? Because that's kind of like the common thing. Is Graham and Carly? Yeah, I am assuming gender here, so I don't know whether Graham is. Okay, so is this individual, I mean, I'm assuming American as well,
Starting point is 00:10:36 because that's quite a common thing, you know, Brighton, England, you know. Yeah. Yeah, I mean, this person obviously knew about viruses back in the day, you know, because they... Probably doesn't now. They went on to say that, yeah, well. I mean, this person obviously knew about viruses back in the day, because they went on to say that, yeah, well, I mean, it's old hat, right? If you can make a career out of something. I doubt it. I doubt it.
Starting point is 00:10:55 But, yeah, it goes on to say that, you know, when they heard the content of the email, they could spot it as a hoax straight away. But just think, 25 years ago, you would actually contact someone and ask whether they thought this was a virus or not. Well, how times have changed. And they could just hear about it
Starting point is 00:11:16 and tell you whether it's... It's almost like there's a virus whisperer. Is that what this Graham was? Graham Clully is a virus whisperer. That's a cool title. That is. Graham Clully, virus whisperer. Yeah.
Starting point is 00:11:31 You should make a film about that. I know. I know. Maybe we could find him in whichever old folks' home he is in, probably in Florida somewhere. Yeah. Or Texas, maybe. Mind you, if he's in Texas, he's probably dead.
Starting point is 00:11:47 Yeah. From the Rona. You just don't know. But if anyone knows, send us an anonymous tip. Indeed. On our Secured by Semantic hotline. Which is theveryfinechaps at
Starting point is 00:12:06 hostunknown.tv .google.com thank you very much Andy this week in InfoSoul
Starting point is 00:12:20 this is the podcast the queen listens to although she won't admit it talking of royalty i've spent a week this week at uh uh a house in dartmoor that used to be owned by james hewitt he of um the princess diana uh allegations allegations of an affair. And apparently she was there.
Starting point is 00:12:48 She frequented that place quite often. Lovely, Andy. Thank you. Let's move right on to... Listen up! Rant of the Week. It's time for Mother F***ing Rage. And this week, the rant falls to me, surprisingly.
Starting point is 00:13:07 I've taken over from Tom. Yeah. He's normally the angry, ranty one, but the doctor has advised him to keep his blood pressure under control lest he suffers a stroke and his face balances out. Anyway, do you remember a few weeks ago, we discussed a story about the SAS putting some details in a job advert and how it was a blunder. And then Tom, you said that, oh, I think the SAS are so clever, they've done it on purpose to see how many people would actually pick up on it
Starting point is 00:13:45 and yeah you know the we discuss yes the the British military very good SAS obviously special forces but you know one of the best armies in the world and what have you and um now I think after reading this story I think it's not a mistake that the SAS made because there are some very dumb people within the MOD. And an investigation has been launched after the MOD sent an email to 250, well, more than 250 Afghan interpreters waiting relocation to the UK by copying name, email addresses and other information into the body of an email. Sorry, so email addresses went into the body of the email? No, no, the email address went into the to field
Starting point is 00:14:41 and then other information was put into the body of the email so it wasn't even just a slip of oh this should have gone bcc not not cc or two it was a slip of that and also putting stuff in the main body it appears that way it appears oh my host unknown has not seen the email yet but um the email is understood to have originated, and I love this acronym, the Afghan Relocations and Assistance Policy, ARAP or ARAP. ARAP. No, that's the American version. I was going to say someone's mispronounce that. So all I can imagine is that there was like these, you know,
Starting point is 00:15:28 over 250 interpreters getting this email, hiding out in somewhere in Afghanistan. And they're like, oh my God, what is this? They reply, you're all saying Habibi, Habibi,
Starting point is 00:15:38 remove me, unsubscribe. And then someone else replying like, can you stop hitting reply all? And for three days, it's just going on. Who dished new computer? Yeah. And that wasn't it.
Starting point is 00:15:57 Apparently, just yesterday, a second breach has been found, potentially compromising the safety of more Afghans who may be eligible to relocate to the UK. Dozens of people were mistakenly copied into an email earlier this month, with their names, email addresses visible to all recipients. I think this is more of a BCC versus CC thing. And the MOD has apologised, but at least one of the recipients is from the Afghan National Army. Ooh, dear.
Starting point is 00:16:34 So the MOD has apologised at what? The funerals of these people? Yeah, something like that. I mean, Jesus, it's unforgivable when you, this kind of intelligence leak. It is. It is. I mean, having said that,
Starting point is 00:16:50 I suppose sending an email list out there isn't quite the same as a wayward drone strike. No, no. I mean, on a scale of one to 10, definitely. But you know,
Starting point is 00:17:00 the implications could be pretty much the same. And, and this is why these guys need generic email addresses. Like, you know, The implications could be pretty much the same. This is why these guys need generic email addresses, like ilovetacos at hotmail.com. Yes. Because you can't trust people. When you're dealing with the government,
Starting point is 00:17:17 you just can't use your full name. The problem is, though, they'll look at that when they're hiring interpreters in the first place and go, well, this person's not very professional. There is that. There is that. So there is that dilemma. But before everyone thinks I'm just picking on their MOD, I did have a quick search for any other recent email breaches.
Starting point is 00:17:42 Other governments also mess up. Yeah, I mean, governments, high-profile departments, military, everyone messes up. And just a couple of days ago, over 1,000 Stoke-on-Trent Council tenants' data was breached also in an email blunder. The employee sent the email, placed the addresses of all 1043 recipients in the two address box rather than the BCC, meaning that all of your council tenants now knew where
Starting point is 00:18:17 all of the other council tenants email addresses were. So maybe not quite the same impact but just to show that we are fair we are balanced we are we aren't anti-mod we we are just anti-poor security we're anti-everybody we hate you all we hate you all equally yes uh yeah i just you know councils, I kind of get it. I'm a little bit more accepting of that because these aren't, you know, the best paid or even best motivated people. Their working conditions aren't great. And the MOD, I know, again, very, very similar kind of staffing.
Starting point is 00:19:00 But the actual implications of these kinds of leaks are so severe in that field that you'd think there would be far stronger controls you know not just soft controls but technical controls like you know if you're putting more than more than 20 people into a two field there should be some kind of prompt that comes up and says are you sure you're sending this to the right place you know i guess it depends what they're using i don't think by default office um you know actually says i mean i don't know about what uh google business is like or but yeah office by default says you know this this is going to go to x many people yeah yeah but it's easy to switch off but it's and it's not that prominent either is it it's not like you know you in in the military for something quite so critical you need a big
Starting point is 00:19:52 flashing red screen basically yeah i mean it's it's it's easy to ignore people just get blind to it after a while even if it is a big big flashing it's uh that sort of thing but but i love how you said that you know councils are forgiven because they're poorly paid working bad circumstances and what have you because the mod definitely is uh very well paid and they work in luxury air-conditioned offices around the world well i did i did say they're they're the same but the implications are greater there so in my defense oh not in my mind like why why do you let the truth get in the way of a good story that's uh because you don't what oh okay you know mr
Starting point is 00:20:39 integrity all of a sudden well somebody has to be on this show. Rant of the Week. We are officially the most entertaining content amongst our peers. Yes, we are. Right, shall we move directly on to this week's Bully Big Balls of the Week. So, the Bully Big Balls of the Week.
Starting point is 00:21:06 So, the Bully Big Balls falls to me this week. Jav and I just swap in roles, it seems. So, I don't know if either of you two have heard of this newfangled app that
Starting point is 00:21:21 the younger generation and the feeble-minded adults get kind of addicted to called TikTok. Have you come across that? What's it called? TikTok. TikTok. Yeah.
Starting point is 00:21:38 Sounds familiar. Yeah. Well, it's well known for being extremely addictive the algorithms uh basically they're little short videos and if if you're you know a kid it's basically dancing and you know silly skits and short videos and little loops and voiceovers and stuff like that and if you're a you know like i say a feeble-minded middle-aged man, it's mostly barely adult women jumping around and shaking jiggly things for them to ogle. And the algorithm recognizes this, the backend algorithm recognizes this, and delivers more and more similar content to the point where people do get very addicted to it. It's very difficult. TikTok have also now seeded their own videos into it, encouraging people to stop after a certain
Starting point is 00:22:34 time. I think one of them is a young lady brushing her teeth saying, hey, isn't it time to go to bed, which in of itself is probably suggestive for some of these people uh but um so yes it's known to be addictive uh etc the big move though and the story we're talking about today you're very very judgmental of some people who are using an app do you have some bad memories or something or is there some trauma associated with this because you've been bullied on this platform is it because you're too old to use it is this the problem probably probably yeah i think i think after a certain age this sort of you know the maturity kicks in and the you know the um you know we look for other you know more constructive avenues to to. Like moaning about those youngsters. Well, I'd hardly call you two youngsters.
Starting point is 00:23:31 What are you listening to? That's not music. Well, I also say that about you two as well. So, you know what? It's really weird, Tom. It's like you're this really weird generation. You don't like the classic or you don't understand any older references like hip hop or wrestling. Older references?
Starting point is 00:23:51 You don't understand anything new like TikTok. And what do you actually like or what was that one year in history that you think, oh, that was good. If only time had stood still then, the world would have been perfect. 1973? You know, Bowie's... It starts with a 19. Are you sure it starts with a 19?
Starting point is 00:24:15 Well, Bowie was riding on the man who sold the world and Ziggy Stardust and the Spiders from Mars. What, that Nirvana song? Oh, shut up. I do know that Nevermind was released 31 years ago today. So, yeah. I know some stuff.
Starting point is 00:24:36 I know some stuff. I read it in my broadsheet. Back to your story, Tom. Sorry. Oh, back to my... Okay, thank you. Thank you. So your little segue in there is over now, is it?
Starting point is 00:24:48 It's 30 years ago today as well. Just seeking clarification. Oh, that's right. 1991, wasn't it? That's right. Yeah. So, but TikTok China has made a very bold move by limiting kids to just 40 minutes, four zero minutes of use each day on their platform. They also, their algorithm has been tweaked for these particular users
Starting point is 00:25:19 to deliver more wholesome content, whatever that might be. Now, the caveat to this, of course, is you can join this platform and be whoever you want. You either don't have to register or if you do register, you don't have to necessarily tell the truth as to who you are and what age you are and all that sort of thing. But if you have and you are under 14 years of age uh tiktok will move into youth mode um like i say just restrict you to 40 minutes now i believe and please gentlemen as i'm sure you will do anyway correct me wrong but i believe this follows on the back of china's decision to restrict gaming uh to kids to to 40 minutes a day as well.
Starting point is 00:26:07 So it seems very, well, funny enough, very authoritarian of the Chinese government to do this, which, you know, more than, but a very bold move nonetheless. nonetheless. And especially as there is some really interesting research into the benefits that gaming and computers can bring to people. So I read one the other day, link is not in the show notes because I can't remember where it was, but kids and young adults... Sounds plausible. It sounds plausible. Yeah, exactly. I'm taking a leaf out of Jad's book here. So young adults, kids who play a lot of computer games, are actually significantly better at recalling a series of events,
Starting point is 00:26:59 let's say a crime scene or a traffic accident or something like that, because their visual acuity is so much higher they're used to looking out for detail on screens and small movements and things like that and so actually they can they are better at reporting um you know the incident as it actually happened uh rather than the rest of us fuddy duddiesuddies that basically say, no, I didn't see a gorilla walk into a room of people dancing and all that sort of thing. But nonetheless, I digress. No, no, no, don't digress.
Starting point is 00:27:34 This is brilliant. This is like, Your Honour, I'd like to have his testimony thrown out because he does not own the latest Xbox 360 or PlayStation 5. That would mean visible convenience. He only plays Call of Duty, not World of Warcraft. Yeah. And his highest kill streak has been 12, so he clearly doesn't pay enough attention to detail.
Starting point is 00:28:00 Yeah. Yeah. So, interestingly, and some of the comments in this people there's a lot of capital letters in this some people are you know should not strong-arm any form of parenting upon the customers you know yeah and if i had a teenage kid it would be simple if you want to use something like tiktok buy your own phone and internet with money you earn and things like that so there's a lot of people on here uh on the internet very uh very angry about this even though they probably don't even live in china yeah and i think this is more about the chinese government's control over people.
Starting point is 00:28:52 I mean, I may not have told you previously, but I do use TikTok on occasion. Do you? Yeah. But you know what? In terms of all the platforms out there, they have like a wellness hub, you know, and they encourage positive behaviors and they've got an amazing support network for people um you know for various you know if you think like teenagers that go through struggles mental health um you know self-harm those type of things which i don't think other platforms sort of advertise a safe space to discuss you know but these um you know tiktok has an entire hub dedicated to this um they've got their own psychologists as well who work for the
Starting point is 00:29:25 company that uh you know produce videos and talk through things um but they also have the own built in stuff as well to encourage you to use it less uh you know so if you're scrolling through for you know like 40 minutes at a time it'll say if it's late i'll say right you know go to bed tiktok still going to be here tomorrow um you know if you're scrolling through it during the day it'll say hey look you know why don't you get outside, get some fresh air, go and get a drink or make TikToks outside. So they actually, as immersed in the experience, it's not like a little pop-up that comes up in the corner.
Starting point is 00:29:58 It's actually part of what you're scrolling through that you have to go through. And it's presented as a normal normal video if if i understand it this is a bit like what you're saying is it's a bit like a drug dealer selling drugs but also running a recovery clinic and yes telling you how to get hold of the nearest ambulance yeah and also saying hey look you know what this is uh this is your fourth fourth bag in a row why don't you uh take a break other drugs are available well it'll be like look you know i'm still going to be here tomorrow man you don't need to be doing
Starting point is 00:30:35 this more tonight it's less like a drug dealer and sounds more like my GP. Well, you get smack off your GP. Well, illegal. Through the pharmaceutical name, whatever it is, I have no idea how to pronounce it. But they're always like, here's your medicine, only take this many.
Starting point is 00:31:00 Your prescription will only work for like three more times, then you have to come see me again. The pharmacist is in on the deal. So I think it's a good industry if you give it the veneer of legitimacy. Of credibility, yeah. Yeah, exactly. I think it's more about the Chinese government controlling people starting from a very young age now
Starting point is 00:31:21 rather than anything to be held accountable for. How dare a communist and draconian government impose these measures on its people? It's come as such a surprise to us all. So, you know, I'm not entirely against the premise. And let me just explain why. the premise and and let me just explain why because very little is understood as to the long-term impact of uh being on a phone or device all day long and going through social media we're only just scratching the surface as to what what some of the impact is we could do more we could do more and while in principle, absolutely agree that,
Starting point is 00:32:06 you know, people should be free to choose, but we need to see what the pros and cons are. And there is a lot of evidence showing the detrimental nature of a lot of social media platforms like Facebook and Twitter, Instagram, even the other day, Instagram,
Starting point is 00:32:21 there was something about Instagram and how, how it impacts the, the, the body images of, of, of teenage girls, day, Instagram, there was something about Instagram and how it impacts the body images of teenage girls from a very young age and what have you. So I think in the absence of anything that, and I think everyone's trying to work it out as we go along. we go along uh so i think something like that we should be really thankful it's the chinese government doing it because then we can view it almost like a a control sample and we see the results in a few years time and if they're doing better then hey maybe they've done something right and if they've gone completely crazy and they're they're hacking it and there's civil war then we like hey that's a step we should avoid but again... No one's going to trust the research that comes out of China.
Starting point is 00:33:08 Exactly what I was going to say. You think this is going to be a failed experiment, according to the Chinese government? We can observe, isn't it? We can observe ourselves. Through what? We'll send in the UN. Exactly.
Starting point is 00:33:25 Hans Blix can go in and if he doesn't get the results he wants, he can impose sanctions and write strongly worded letters to them. Yes. And what happens if they don't do anything?
Starting point is 00:33:42 He'll send another follow-up letter. Exactly. He'll start off with, as per my previous email. There was a... When you're talking about, you know, we don't know the long-term effects, wasn't there that comedian who said,
Starting point is 00:34:00 this is ages ago, if Pac-Man had affected us as kids, we'd all be running around in dark rooms, munching pills and listening to repetitive music. Billy Big Balls of the Week. Andy, what time is it? It's that time of the show where we head over to our news sources at the InfoSec PA Newswire, who have been very busy bringing us the latest and greatest security news from around the globe
Starting point is 00:34:28 industry news experts concerned over new digital secretary's leak of cyber One does never cease. Industry news. Romance scammers make $133 million in the first half of 2021. Industry news. Former IT execs plead guilty to insider trading conspiracy. Industry news. Data of 106 million visitors to Thailand breached Industry News European police bust 10 million euro mafia fraud ring
Starting point is 00:35:11 Industry News Prison for AT&T phone unlocking fraudster Industry News Afghan interpreters data exposed in MOD breach Industry news Half of web owners don't know if their site has been attacked Industry news US eye care providers report data breaches
Starting point is 00:35:36 Industry news And that was this week's Industry news Huge if true Well I was going to say huge But 133 million Doesn't sound like a lot Well I was literally just going there
Starting point is 00:35:56 And I'm thinking now scammers are producing Quarterly results right In terms of how they're doing As a company We should see an uptick in the next few days yeah exactly maybe confidence in their uh in their scam has dropped in the criminal underworld um you know it's like well these are lower than expected earnings but you know we're doing a course correction and we're going to reissue uh uh you know expected earnings uh over over the second half of 2021.
Starting point is 00:36:25 We can still turn this around. We're hiring a new scam director, global scam director to lead the team. Oh, dear. What's that interesting one? Obviously, the experts being concerned about the digital secretary's lack of cyber knowledge. This is obviously about the appointment of Nadine Dorries.
Starting point is 00:36:48 Yes. Nadine Dorries, who tweeted that she doesn't know her own password. She tweeted it, and I actually replied to her on this, but she said we can't all be expected to... I'm sorry, say again? Didn't she share it? She admitted to sharing it with her staff. Yes't she? I'm sorry, say again? Didn't she share it? She admitted to sharing it with her staff? Yes.
Starting point is 00:37:08 That's exactly what I was going to say. Yeah. So she said, you know, ministers can't be expected to know their passwords for this. Everybody knows that when I go into my office, the first thing I shout is, what's my password? That's appalling. I actually replied to her and said, that is appalling.
Starting point is 00:37:25 That would be a fireable offense in most companies it would but i i i don't feel that bad about her because i think this is more an indication as to how systems are not designed for a lot of use cases. And I think poor user design is one of the big problems that leads to all of these things. But then what are we going to do? Go to, when we say passwordless, right? So say, you know, she has a device where it's pushed to authenticate. Yeah. She'll walk in the room and say, right, who's got my phone?
Starting point is 00:38:02 Can they just press the little button that's come up? Exactly. Exactly. You know, there's a physical amount of work. Yeah. yeah she'll walk in the room say right who's got my phone can they just press the little button that's come up exactly exactly you know yeah you hire someone and say right this is your job if you see an authenticate now button pop up just press yes yeah this is your sole job because i can't be bothered to remember this stuff that's exactly it i think it's a really cavalier attitude to this sort of thing and and i think uh yeah it's a really cavalier attitude to this sort of thing. And I think, yeah, it's very concerning, to be honest with you. But on brand for government, I guess, because if you think, you know, the amount of... Who's that director that sort of got cancelled for a tweet that he did 10 years ago? Or something he said on an online platform 10 years ago? And, you know, we've seen stories of people being penalised for stuff they said
Starting point is 00:38:45 when they were a lot younger. And yet we've got a new digital, you know, digital and culture secretary who literally just the other day said, no, this is security stupid. And, yeah, no, no blowback whatsoever. We should have got Dido Harding on. Should have hired Dido Harding.
Starting point is 00:39:06 Maybe she's unavailable. Well, we would have been protected against sequence attacks at least. But I find it, well, mind you, it doesn't surprise me at all because who in this current government is qualified anyway? So, I mean, we've got a bloody journalist running the country. Jennifer O'Curie, surely. Do you know what? She'd be a much better choice in the decimals.
Starting point is 00:39:34 Oh, she would. That's what I'm saying. Oh, yeah, yeah. You're asking somebody who's qualified. Yeah, absolutely. Absolutely. You know, whatever the reasons for why we might know Jennifer Okuri, she's qualified in this field.
Starting point is 00:39:49 And she would do a far better job. Oh, it makes me angry. Calm down, Tom. Calm down. Remember your breathing exercises. Exactly. You know, just this morning, sitting in my armchair, rustling my broadsheet in anger.
Starting point is 00:40:08 And that was this week's Rant of the Week. Anything else in there pop out for you? I was surprised that half of web owners do actually know when their website is breached. Yeah, that's true. Yeah, I think it's very, very surprising. Unless the website has been defaced or they've been ransomwared or something. You're not going to know.
Starting point is 00:40:42 No, no, you're not going to know. you're not gonna know no no you're not gonna know you know a website is is your um in my in most cases is just the the poster you've stuck up in the local bus shelter right yeah stick it up there and you leave it and get on with it yeah in in the vast majority of cases yeah i mean that that's where like you know i think companies like wordpress and platforms like that are by helping quite a lot because they they offer some level of scanning or whatever you built into the platform and as long as you stick to you know not not using all these third-party untrusted plugins or extensions, you can be pretty safe. But, yeah, I don't know.
Starting point is 00:41:29 See, I'm just happy. If I get spammers coming to my website, I'm just happy. Oh, look at the stats go up. Yeah, still counting them. Yeah, exactly. A win is a win is a win. Right, thank you very much, gents. That was this week's...
Starting point is 00:41:46 Industry News. Marvellous. Let's move very swiftly on to Andy and... Tweet of the Week. We always play that one twice. Tweet of the Week. This is one that Jav pointed out earlier. And it's from a private guy on twitter who basically posted
Starting point is 00:42:08 a link to a story about a major far-right platform that got hit by a data breach um and so that data breach revealed the names and addresses of proud boys q anon and texas right to life backers um and i think when i when i first saw it you know you're thinking oh man this is funny like you know it's typical but then i thought the type of people that are part of these groups anyway and register with their real names and you can pretty much tell who they are anyway you know i don't actually think we're gonna gonna be surprised with this one anymore. Would they perchance have Trump flags outside their house? Yeah, Trump 2024,
Starting point is 00:42:50 you know, talking about Hillary, the crooked Hillary, and stole the election. And they drive cars with 911 protect and serve written on the side. Yeah. Yeah. But there was another one which I did see.'s um a guy called uh k reed whiteman
Starting point is 00:43:09 who said that he port scanned his new furnace uh it has ssh open uh on it and now he wants to try and find out the password uh so this is just i guess you know as the ongoing uh iot uh rolls out around the place this guy's got a new furnace in his house, which can be connected to the internet. I mean, what could go wrong with connecting a heating appliance to the internet? Has he tried admin-admin? You'd hope so.
Starting point is 00:43:37 I mean, yeah, or maybe root-root or root-tor. Yes, that's the one. So if any of our American friends, American listeners are listening in, so a furnace in the US is just a boiler in the UK, right? I wouldn't be able to clarify that distinction. Okay. Well, Andy, I just saw this other tweet for you that you would appreciate it's by alissa miller i i'm saying you can appreciate it because you have to click on the link and go through to it
Starting point is 00:44:15 because it's a picture and it is a three pound sour gummy worm it's huge it takes up like it's folded up and it goes up and around the entire chopping board um it is like one serving of diabetes you know it looks obscene it looks so for me i'm not a fan of the sours anyway but three pounds is actually uh less than one and a half kilos, which is rookie numbers, if I'm honest. I think it sounds impressive because it's reported in pounds, but in kilos, that's like 1.4 kilos? Yeah, it's about one and a half kilos. It's 2.4 pounds to a kilo? It's no five kilo Toblerone, you know what I'm saying?
Starting point is 00:45:04 Ah, yes. yes oh yes you you have that one yeah i've impressed people with the size of your toblerone andy it's a good start but yeah it's yeah work to be done lovely thank you andy for this week's Tweets of the Week. Tweets of the Week. We draw to a close. As usual, we hope you've enjoyed this week's show. I certainly did, apart from the contributions made by Jav and Andy.
Starting point is 00:45:43 But, you know, outside of that, wonderful, wonderful. Jav, thank you very much for your time, and I hope you have a lovely weekend. Oh, thank you so much, my good friend. I really appreciate our time we spend together on this show every day and all of our friendly banter, which is completely not real at all. So you have a good weekend too. You have a good weekend too. You have a good weekend too.
Starting point is 00:46:06 Try to avoid those buses and don't accidentally dial into smashing security again. And I would say I'm so glad we don't do this every day. Andy, thank you very much, sir. Stay secure, my friend. Stay secure, my friends. Stay secure. You've been listening to the Host Unknown Podcast.
Starting point is 00:46:28 If you enjoyed what you heard, comment and subscribe. If you hated it, please leave your best insults on our Reddit channel. Worst episode ever. r slash Smashing Security. We done? We out? We out. Oh, thank God god couldn't happen quick enough like pulling teeth like pulling teeth tom's about to take out his dentures and say what what's that you say shoddy

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.