The Host Unknown Podcast - Episode 79 - Is it a bird a plane or JavMan?
Episode Date: October 29, 2021This Week in InfoSec (08:13)With content liberated from the “today in infosec” Twitter account29th October 1969: The first message sent over the ARPANET was from Leonard Kleinrock’s UCLA compute...r, sent by student programmer Charley Kline at 10:30 PM to the second node at Stanford Research Institute’s computer in Menlo Park, California.The message was simply "Lo." But not on purpose.Charley Kline Sends the First Message Over the ARPANET from Leonard Kleinrock's Computerhttps://twitter.com/todayininfosec/status/132186187898595328225th October 2008: A 43-year-old woman in Japan was arrested after she hacked into the computer of the man she'd married in the online game MapleStory and erased his carefully constructed digital character after their relationship curdled.Woman faces jail for hacking her virtual husband to deathhttps://twitter.com/todayininfosec/status/1320513559500128257 Rant of the Week (18:18)Why You Should Delete Your Facebook AppA stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app. Billy Big Balls of the Week (27:15)Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppersThe schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results. Industry News (34:03) Government Agents Compromise REvil Backups to Force Group OfflineHalloween Horror-Show for Candy-Maker Hit by RansomwareNew Cybersecurity World Record SetTesco App and Website Back Online After Cyber IncidentBlackMatter Bug Saved Victims Millions in Ransom PaymentsStudy Coordinator Falsified Clinical Trial DataEC-Council Offers Free Cybersecurity TrainingOfcom's Scam Call-Blocking Plan Could Save Consumers MillionsNorth Korean Lazarus APT Targets Software Supply Chain Tweet of the week (41:28)https://twitter.com/coriplusplus/status/1453483418944159748https://twitter.com/MegabitMeghan/status/1453398057312215042 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Go for it, Jav. You're the one who's commercially sold out.
This week's show is sponsored by John Caprez from Spain,
a man who you may know about...
Take two.
Start again.
Fix it in post.
Yes.
This week's show is sponsored by John Caprez from Spain,
a man who may know about password managers,
but more importantly, knows the secret to getting
mentioned on this show to love us all yes yeah do you want to put it in your own words
wait wait i know you're doing it on the fly anyway but nobody will realize that you're
that you're reading this don't worry don. Don't worry. Go for it.
Oh, God, he is actually editing it.
Chums, chums, chums.
This week's show is sponsored by John Caprez from Spain.
A man who may know about password managers,
but more importantly,
knows the secret to getting mentioned on this show
to show that he loves us all equally.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us. And welcome to episode 79, I think, of the Host Unknown podcast.
Welcome one and all.
Jav, thank you for that one take.
I can't believe it.
That was incredible.
38 minute one take.
Unbelievable.
I know.
I mean, the fact that he didn't read out dramatic pause and breathe and look right was quite astounding.
I think we were all really impressed.
Well, you know, that's what you get when you deal with professionals.
Well, you know, that's what you get when you deal with paid professionals
like yourself because, well, we got paid.
Somebody actually paid us.
I haven't seen the money yet, but they've still paid us.
They pledged.
They have pledged.
They have promised they will pay.
They promised us exposure.
But, yes, very good.
And not only that, it was an I love you all pledge as well. So even better, very good. And not only that, it was an, I love you all pledge as well.
So even better,
even better that there's a person,
as you say,
who knows how to get mentioned.
So this is the host,
John Caprez,
unknown show.
You too could be mentioned really quite,
you know,
all over the place. If uh sponsor us uh title on that
that yeah working title absolutely absolutely you too could be named on the host insert name here
unknown podcast could be brilliant anyway jeff how are you i'm you? I'm very good. I'm very good, thank you.
No stories about fly tipping, come on.
Well, you know, I was just going to tell you about my latest vigilante activity for the community good, but I won't now.
Maybe next week once it's all sorted out.
Yeah, because there was an issue with, you know, the bin men,
they take out the bins.
You said you weren't going to tell us.
I know, but that's to get you on the edge of this seat.
And now you're like, well, tell us.
So now I'm going to.
Trust me, we are.
When you start wearing your underpants outside your trousers,
then, you know, and stand in with a tablecloth
wrapped around your neck fluttering in the wind then we might be interested
fair enough i'll take that on board i'll speak to my costume department
your youngest child yeah and legal yeah exactly yeah you you are the incredible bin man is that
is that what you're trying to tell us
well i'm not telling you now i'm not telling you now the mystery of the unlabeled bin who
don't know wondering no one knows who he went dumpster diving and just read whose letters
they belong to and just wheeled it back to their house right no no it got blown down the road in the wind right yeah we all know this story and you and you came this close to writing a strongly worded
letter to them it's like one of those formulaic shows like what is it the gentle smashing security
sorry yes where everything's pre-predefined and it's going to get resolved in one way
all the time no i have many tricks up my sleeves citizens okay okay well bear this mind did you
get up to anything to do with infosec this week um oh i'll tell you really funny i'll tell you
really quickly i i was giving this webinar today to a company they're a customer of ours
and it was just on Cybersecurity Awareness Month
so I was telling them about this
and I was like you need to be careful
about what information you share
and there's a digital footprint out there
and be mindful
and so it was a fantastic presentation
I had all the hand gestures going
and I was being very authoritative
and in the end when the questions and answers came up,
one person left a question saying,
is your birthday on and quoted my birthday there.
And you said, how can you get that right?
And my two supposed best friends, Tom and Andy,
can't agree on what day it is between them.
I know. And I was like, well, you know, that just goes to agree on what day it is between them. I know.
And I was like, well, you know, that just goes to show,
do as I say, not as I do.
Yeah, yeah.
And then you say, well, what are you going to do with that information?
Send me a present?
Oh, heaven forbid, you know.
Yeah, heaven forbid that should happen.
I know, it's on me, Andy.
It's my job.
I've got to do it.
I've got to do it.
I got paid today, so I can afford it now.
I thought we'd actually agreed what we were going to get.
Yeah, we have.
We have.
We have.
I've just got to buy it now.
I've just got to buy it.
So, yeah, we'll get there in the end.
Don't worry.
Anyway, Andy, what about you?
Nothing as exciting as tracking down lost bins
or revealing my actual birth date to anyone.
So, you don't think i'll just tick over
every day above ground is a good day yeah exactly
uh mine's been all right i i've ordered uh another iphone 4 to pull apart and stick in a picture
frame uh because uh nobody has yet noticed the deliberate mistake on
that uh picture i posted and the ones i sent you so uh yeah we'll we'll work it out you'll work it
out next time i i uh get that job done so yeah i'm just about the difference after that yeah it does
exactly yeah i could i could probably find the mistake but my investigative skills are needed elsewhere that's all i could probably find the mistake i just don't care that much yeah i really couldn't give a toss
why you are so excited about this
oh dear let's move on let's uh find out what we've got coming up for you today.
This week in InfoSec is about the first electronic hello world
and how the walls between reality and fiction
may have a slight impact on personal relationships.
Rant of the week is Facebook looking like a data siphoning duck,
quacking like a data siphoning duck
and even walking like a data siphoning duck, and even walking like a data siphoning duck.
No clues as to, or no prizes as to what we think of Facebook at the moment.
Billy Big Balls admires the entrepreneurial spirit of a teen and his bobber job attitude.
Industry News brings us the latest and greatest security news stories from around the world. And Tweet of the Week provides evidence for why IT support people really hate end users.
Okay, let's move swiftly on, shall we, to this week's...
This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account. 52 years to the 29th of october 1969 when the first message was sent over the arpanet so as you tech nerds may know advanced research projects agency network aka arpanet was the first
wide area packet switch network with distributed control
and one of the first networks to implement the TCP IP internet protocol,
or rather protocol suite.
But both technologies basically later became the technical foundation of the internet.
So that first message was from Leonard Kleinrock's UCLA computer,
sent by student programmer Charlie Klein at 10 30 p.m to the second node
at Stanford Research Institute's computer in Menlo Park California and that message was simply
lol as in hello but not on purpose so the intended word was actually going to be login
uh but the message text um you know once the L and the O were transmitted, the system crashed.
Hence, the literal first message over ARPANET was low.
It actually crashed.
It crashed off the two characters.
Nice.
That reminds me of that Star Trek, the one that earlier, was it the first one where V'ger came?
It was like this spaceship called V'ger.
Oh, that's right.
No, it was an alien intelligence, wasn't it?
Yeah, yeah.
And they later find out he's actually Voyager.
It would just be the wording had come off.
But carry on, please.
But yeah, no, so an hour later, you know,
after they recovered from the crash,
the SDS Sigma 7 computer effected a full login and more history was made.
So when people simply say,
Maybe they are just referencing that first message 52 years ago back on the ARPANET.
Or internally crashing.
Or internally crashing.
Our second story takes us back only 13 years to on or around the 25th of October 2008. A 43-year-old woman in Japan was arrested after she hacked into the computer of a man she had married in the online game Maple Story and erased his carefully
constructed digital character after their relationship ended. Now according to the Japanese
media this middle-aged piano teacher from southern Japan, you know she actually sparked major debate
among millions of online gamers about whether or not virtual offenses should stay in cyberspace or be punished in the real world um but police arrested her this week 13 years ago
following a complaint by the man um who was a 33 year old office worker who lived in the northern
city of sepporo well yeah a virtual toy boy um so the two apparently never met offline
and the woman reportedly a real life
divorcee is not suspected of any sort of violent crime um but she faced charges of using her
digital partner's password and id which she acquired when they were happily married as a
virtual couple um but she obviously used those credentials illegally to access his computer. The charge carried a maximum sentence of five years in prison or a fine of up to £3,200.
Now, the spokesman for the Sapporo Police Department at the time said it sounds like a strange case,
but obviously it's illegal to hack into someone else's computer.
That's why she was arrested.
And the spokesman was surprised at the attention the case was getting internationally because to him it was simply a
computer crime um so i guess this this is a really strange case and the reason i bring this up and
never actually find out what happens at the end of this by the way i tried to figure out who it was
what happened you know what the final punishment was um tech radar actually said that she was jailed for it but can't reference how long
for or what her name is um it appears in the guinness book of records as the first arrest
uh based on a cyber crime or something happened in a virtual world um in the same month the dutch
court also sentenced two teenagers to 360 hours of community service for virtually beating up a classmate and stealing his digital goods.
And the Dutch police said, you know, these are virtual goods.
You know, goods are goods, so it's theft.
And the court was obviously criticised for going too far.
And it's not the first time that, you know, we've seen crime to these sort of second worlds or anything like this how how do you
virtually beat someone up and steal their stuff unless it's a part of how the game works no well
and this is where i'm going right and so i mean this has happened there's another one
but more common crimes you know this is more recently sort of 2020 a man in singapore cheated players in maple story out of cash
by asking them for real world payments for virtual game currency so you know he had sort of done a
deal hey you transfer me this real money in the real world and i'm going to send you these virtual
credits in here um and then what he did is actual fraud right so that's yeah exactly exactly yeah
yeah so i guess Go for it.
Well, I'll say where I'm going with this.
So you think like Second Life is, you know, not the only one.
It's also had, you know, fraud, money laundering, sexual harassment.
You know, all those type of things are real crimes that trans, you know, impact someone in the real world as well.
So people argued at the time that this person, you know, may have spent a lot of time building his character.
You know, you may have paid for upgrades. don't know how maple story works uh you know i'll be
honest but i can tell you that at the time they had over 20 million users uh playing this game in
uh sort of japan and korea oh sorry that's a smaller 50 million subscribers in korea
south korea uh and nine million in japan so quite a popular game. So I don't know whether, you know,
you have to pay for upgrades, in which case,
you know, she's erased real money
that he spent in the real world.
But the reason I bring this up now,
and it happened 13 years ago,
but with Facebook virtual labs moving into the metaverse,
as we say, which is obviously that sort of broad term.
But I think, you know, where they're going is this whole sort of virtual world environments where you know people can get
together and use sort of virtual reality or augmented reality um you know that you can
walk around and interact with real world players you know other players
are we going to see crimes coming up in there you know because i i don't feel like we've gotten
closure on these previous crimes.
I can answer that.
We will absolutely be seeing crimes committed in the Facebook metaverse
because it's run by Facebook and they'll be doing the crimes.
I mean, if you had a character,
one of the first things I would do is probably run up behind you
and give you a virtual wedgie.
Well, exactly.
And this is to my point about that Dutch story.
They virtually beat someone up in an environment and stole his goods.
So in a virtual environment, how do you beat someone up in a virtual environment
unless there is the ability to beat someone, like in GTA Online
or something like that, in which case it's a part of the game, right?
It's a part of the environment.
And then steal certain goods.
How do you steal those goods virtually?
Well, that's what I mean.
So maybe they paid for those goods in the real world.
You know, like with real money, you buy upgrades in the game.
And maybe, you know, rather than focusing on the getting beaten up part,
we're focusing on the theft of those goods. Yeah, but you said he got beaten up virtually and his stuff stolen it sounds like it
was stolen for in the virtual world through the characters oh i don't know i'm overthinking it
yes you are yeah i'm definitely overthinking this oh my god i'm sounds like my grandfather great grandfather
even your grandfather's like like who is this old man
oh that's fascinating though isn't it it's where you know it's almost like the internet
needs to be needs to be its own legal sort of entity,
for want of a better term.
Let's get in there first.
Let's set up the law court.
Oh, yes.
Like a nation.
The internet is a nation.
And if you break laws on the internet,
then you get punished on the internet, if you see what I mean.
I don't know.
I'm struggling here.
Virtual floggings taking place.
Virtual floggings, yeah.
Yeah, that's right.
Ring back the rack.
Yeah, we're going to remove half the keys from your keyboard.
But I don't know.
But, you know, if you're in one jurisdiction,
you do something and it's not illegal there,
but it's illegal in a different jurisdiction, et cetera, all that goes away if there is a single internet jurisdiction if you see what i
mean i don't know we've got to get in there we've got to set ourselves up it's we have pretty much
first come whoever gets there first right exactly we yeah we will be the kangaroo court yes that's
right that's right the jumping marsupial court as we'll call it in our brave new world.
Excellent.
Thank you very much, Andy, for this week in InfoServe.
As you probably gathered, I was just warming myself up there
for the next segment.
Because you know what's coming
everybody uh we've got we've got two of my favorite words rant and facebook about to come up
listen up rent of the week it's time to mother rage and rage i will uh why this this story this Rage, I will. This story, this is about why you absolutely should delete your Facebook app now.
Absolutely now.
So there's been a new warning for almost all iPhone users,
all iPhone users who have Facebook as the app installed on their phone,
iPhone users who have Facebook as the app installed on their phone, as Facebook has suddenly been caught secretly harvesting sensitive data without anybody realizing.
And the worst part of this is that there's no way to stop this from happening, this very
much invasive tracking, other than by deleting the app and if we look a little bit further so
bottom line what what happens is that um face if you set all of your settings on facebook to private
do not track do not share all that sort of stuff you would expect your phone or your facebook app
to be fairly silent in what it sends backwards and forwards to facebook right pretty much you know related to just what you type in and just what
you that's what you've asked it to do that's what it said it's going to do precisely all right you
do not track me do not share my information do not do this do not do that well it was you know
a few weeks ago um it broke that even if you update your settings to never track your location,
actually, the Facebook app on the iPhone still captures your location data using metadata from your photos and your IP address.
And Facebook has admitted to this harvesting.
Although, of course, they won't comment on why that's so wrong when users specifically disable
location tracking. So that's, you know, that's strike one there straight away, right? You know,
that is, you've asked us not to track you, but we'll continue to track you.
There's now a new one where this goes even
further, apparently, by using the accelerometer on your iPhone to track you, well, basically a
constant stream of your movements, which can easily be used to monitor activities and behaviors at a
time of day, and correlated to places or when you're interacting with its apps and services.
And it can even match you with people near you, whether you know them or not.
So it's obviously using Bluetooth beaconing or something similar to that.
There is absolutely no mention of this anywhere in any part of Facebook at all.
There is no transparency whatsoever.
You're not warned that this happens when you set everything to disabled tracking.
And it just carries on doing it.
And for me, it's like, how do these people sleep at night?
I just.
Yeah.
So, I mean, we saw this, but I know Dr. Jen Golbeck previously.
I think we talked about her before.
And she actually mentioned something about, you know, how it wasn't
specifically Facebook, but how you can be tracked by the accelerometer.
Yes. On your phone yeah um because i think there was a case of it was some sports app wasn't it that figured out everyone that was in the pub watching the game illegally
and they could get the vibrations from what they were watching that's right and then find the pub
in the pub yeah and so and i think what's so if i'm looking at the example in this one what they're saying is
you know you have all of this stuff on you say right actually do not track me like locations
off you cannot know where i am but the example given is that you're you know in the same location
as someone else that doesn't have these restrictions on their settings yeah and so facebook automatically
know this person's in this area and your vibrations are identical. Right. You're going down the same road. You've got the same background sounds, everything.
So therefore you are in this location. Utter scum.
Yeah, it's what I was saying.
Don't track me. Oh, you're tracking me.
You're just tracking me through a different mechanism, despite me saying don't track me.
That's right. I think this is like one
of those cases where they probably sat around with their lawyers and said look someone's saying don't
track me using the facebook app but if we look at the scratches or the lens distortions and identify
where they are we're not using the facebook app and they're like yes that will hold up in a quarter floor and i think that's what they went for that's how i'm envisioning this this unfolded
although although if you delete the facebook app they can't track you but i know what you're saying
it's still using the facebook app but it's not using it in an active sense in in that sense yes
exactly but but yeah it's oh my god you know anybody out there if you haven't if
you have not deleted your account from facebook and that's assuming that you have you know that
facebook have actually deleted because i saw one the other day where somebody had deleted their
facebook account eight years ago and then got a notification from facebook and they checked the
headers and all that sort of thing it was a legitimate email from facebook saying someone's trying to log in with your credentials uh if this
is you press you know yes here so they got a two-factor um notification saying somebody was
trying to log into their account the account that they deleted eight years earlier yeah i mean with
facebook they just allow you to reactivate old
accounts don't they yeah yeah but you delete yeah so you're you're not actually deleting your
account you are not you're right to be forgotten although not that we have that in the uk anymore
um but um don't get me started i was talking to somebody about the other day uh i think i nearly
gave myself a heart attack um but your right to be forgotten is gone.
Delete my account.
Okay, we've deleted your account.
Actually, no, we haven't deleted it.
We've just kept it here just in case.
Horrible, horrible, horrible.
So, yeah, utter rant of the week.
Please come off Facebook.
It's a hive of villainy and scum, you know, the world over. Awful people,
awful practices. And Jav and I were just talking earlier before the show about our comments last
week about, you know, does Facebook break more laws than your average criminal? And
if somebody knows of any research into this area, I'd love to find out because obviously we're,
that's the kind of podcast we are,
you know,
hard breaking journalism,
investigative journalism.
Absolutely.
You better watch your back,
son.
Absolutely.
And,
and,
you know,
I guarantee you if we find out,
we'll be ranting about it.
Yeah.
And just,
just for balance,
Mr.
Zuckerberg,
if you are pumping more billions into
the metaverse we would like a court in your new land yes sponsored you know you could you could
have the host unknown court court of justice yeah for a modest fee facebook's host unknown
yeah absolutely absolutely because let's face it we we are money hungry. You know, we are. You know, if you really want to give yourself a heart attack, Tom, Dr.
Jen Goldbeck, she she actually said, like in some of the research she'd done, just look at all the patents that Facebook have filed and you will kill yourself.
Because it's not just what's here today. It's what they're all planning or they wish they had.
So it's horrible they're all planning or they wish they had so it's um horrible stuff
yeah anyway that was this week's rant of the week
right let's get over that and let's play something a little bit more cheerful shall we
this is the podcast the queen
listens to although she won't admit it and she's got plenty of time to listen to it i was gonna
say she's still alive as of time of broadcasting so yes that's right uh mind you she's got plenty
of time to listen to it from my hospital bed so uh welcome mum uh we'd like to say by royal appointment uh it's in your
hands now all right let's move on to something hopefully a little bit more cheerful um and let's
go to this week's yes yes yes you wantfulness, you come to me. You stay away from depressing Tom and his on-air stroke that he's about to have.
So this week's Billy Big Balls comes from a...
Well, police have called him a sophisticated teenager.
I would like to refer to him as a...
As you wear a monocle and a top hat?
Yes
Gin Fosek, he only drinks
gin
I would rather
see him as a
entrepreneurial
teenager. He walks with a cane
He walks with a cane
with a gold
diamond in the handle Gold a gold with a sort of diamond in the in the handle yeah
gold knuckle fist yeah yeah i'm picturing like snoop dogg right now anyway in a top hat and
monocle yes yes so um where was i going with this so he this teenager who's uh only doing his a level so young lad
um set up a website impersonating a gift voucher site so there's a gift voucher site called love
to shop with the word two replaced by the number two the number two replacing the word two.
Yes.
Right.
That's right.
So it's love number two shop.
So anyway,
he set up a website impersonating that gift voucher site.
Maybe it was love two T.O. shop.
I don't know what the website was.
But anyway,
he done that.
And then he bought some Google ads,
which resulted in his fake site appearing above the real one in search results.
You can see where this is going.
So people started coming to the site and started redeeming their vouchers
and what have you.
So he harvested just over £ six and a half thousand pounds
worth of vouchers in the week that the site was active. It was active for a
week. The stolen vouchers were converted into love to shop vouchers and
this is where he went wrong. The poor kid he used his own uh his own account to
convert the vouchers he went on too many um track day experiences yeah yeah but later police also
discovered he had 12 000 credit card numbers on his computer, along with details for 197 PayPal accounts.
On top of that, he had 48 bitcoins, which last August when they arrested him was worth
about $200,000.
But if you calculate the value today, they're probably worth around $2 million.
So anyway, he was caught because he used his own uh account to to cash it and what have you uh so did he make the bitcoins from from criminal
activities or was he just you know as a 12 year old new to mine them uh that's what it was implied and that's what it's all been confiscated by
the crown court so um because it was that case of that guy that had to the police had to give
back the interest that the person would have made on the seized bitcoins didn't they
that's amazing because they got it wrong basically yeah yeah so uh the the uh the judge who
who sentenced him he said if he was an adult he would be going inside um she told the boy to his
room yes you have a long-standing interest in computers unfortunately you use your skills to commit a sophisticated fraud and and
this is where i think it gets really you know it's a bit mislabels the whole thing it's not a
sophisticated fraud someone just set up a website that impersonated another domain it was close to
it and the only sophisticated part was that he bought some google ads to make
it list higher than the legit one i mean that's not even sophisticated that's just you know google
posts you through 50 pound vouchers all the time and let's face it i could watch a few youtube
videos and probably set up a google ads account yeah exactly exactly um so you know it you know, it's not sophisticated. This is, again, a case of the system being broken,
people falling victim to domain lookalikes. And, you know, he received a 12-month youth rehab
order, and he pled guilty to money laundering and fraud by false representation so
in a year's time in a year's time i'm sure once his a levels are behind him or maybe two years
time if uh any company is looking to hire a uh a a uh ethical hacker because by then he would
have become ethical i'm sure there'll be a young talent behind him yes about his history yeah he's just going to become a you know a marketeer with his
google ads that's maybe maybe he's just very good at buying google ads yes yes no actually i think
the money is on speaking circuit so i think i i would love to see a double act of like, maybe him going first and saying,
how I got, you know, how police stole 2 million of bitcoins, followed by Aaron Bennett, Bennett,
Aaron, doing how I stole, how my identity got stolen, and how I scorned the police.
And maybe a third one, maybe, I don't't know the guy from lolsec mustafa
old bassam uh t flow yeah t flow yeah yeah um so yeah i shot to my mates
i think i think all of them together would make fantastic um fantastic like um you know
they're gonna be on cameo soon right Billy Big Balls
of the week
host unknown
sponsored by
John Capris
Capris
no
Andy what time is it
it's that time of the show where we head over to our new sources over the Capri's. Capri's. No. Andy, what time is it?
It's that time of the show where we head over to our news sources over the InfoSec PA Newswire who have been very busy bringing us the latest and greatest John Caprae's sponsored security news from around the globe.
Industry News.
John Caprae's says government agents compromise
reval backups to force group offline.
Halloween horror show for Candy Maker
hit by ransomware.
John Caprez says new cyber security world record set.
John Caprez says Tesco app and website back online after cyber
incident industry news juan capre says black matter bugs saved victims millions in ransom
payments industry news john caprese says study coordinator falsified clinical trial data industry news john caprez says ec council offers free
cyber security training industry news one caprez says off-com scam cool blocking plan could save
consumers millions industry news john caprez says north Korean Lazarus APT target software supply chain.
Industry News.
And that was this week's
John Caprez.
Industry News.
Do you know what? I really hope we're pronouncing his name
right.
15 quid and we can't even
pronounce his name right.
John, if we're pronouncing it wrongly, let us know.
And as long as nobody else is sponsored by next week, we'll correct it.
If someone else sponsors us, well, then you're at last week's news.
So there's one story on there I don't want to look at,
which is the new cybersecurity world record set.
What?
Oh, dear.
Made the news then, Jav.
Yes, made the news.
Made the industry news.
Did I send you the picture of the certificate?
I'm not sure.
Is it from Publisher?
Microsoft Publisher? Pub publisher Microsoft publisher insert name here
title
Javad Malik written in red crayon
yes yes yes
I was looking at the
EC council offers free
cyber security training so obviously
a council with a big
reputation to rebuild after um you know massive
sexism complaints and uh you know god knows what else they get wrong uh allegations of blaming
junior marketeers for posting information which you know they clearly wrote themselves um they
have released the biggest massive open online course giving free education with no limit placed
upon class size in an online environment so i think that's probably one of the most widely
distributed content course content around anywhere uh you know from unethical sources
but now it looks like they're giving it away for free because what makes people forget
stuff like that then free shit exactly yeah not convinced not convinced
so so i i see um i also heard from your reaction andy, about the candy maker hit by ransomware.
That's just bad news.
Why would you target people?
Why would you target hospitals and candy makers?
And sweet makers.
Exactly.
It's just, what's wrong with people?
Yeah.
People who bring joy to the world.
Back the hell off.
Yeah.
These are the people that produce Nerds, if you remember those.
Juicy Fruits and Gummy Bears.
Their systems were encrypted.
Juicy Fruits.
God, yeah.
Not impressed.
Not impressed at all.
And how can a North Korean APT really be that effective
when they're working on like Spectrum 48Ks
and stuff up there?
Yeah.
Do they not use
the Red Star operating system?
Is it Red Star it's called?
Oh, yes, that's right.
You know, their closed OS, right?
Yeah, the Chinese...
Isn't it a Chinese OS?
Is that right?
I thought it was a Korean one.
I'll tell you what.
I'll actually look it up.
Okay.
No, interesting.
But yeah, I'm always surprised by this because, you know,
well, I guess part of it is we don't know anything really
that goes on behind the, you know,
behind the big iron curtain of North Korea.
But given that the country is, you know,
mostly in poverty and spends all its money on military stuff
and also it's, you know, very few countries are able
to freely trade with it, has it really got access
to that level of, you know, technology and expertise?
Or is it purely just a rebranded Chinese thing?
I don't know.
Well, yeah.
A lot of the...
I mean, Lazarus Group basically is the government.
It's not like a group.
It is, you know, they're all set up.
And they have two...
There are two divisions within it
and with their own mission.
So one mission is to go and make money.
So they'll launch, like,
their attacks against cryptocurrency
exchanges. They'll
go after the end users.
They were behind
the Swift bank
attack in Bangladesh a while back.
So that's
one half of their operation. The other half
is literally like espionage
getting access to
stuff, plans, like how do you make a microwave,
I suppose is high on the list, things like that. And that really, the majority of their attacks,
when you look through them, it's using publicly known vulnerabilities. So they're going after
unpatched systems and the delivery
method is normally through spear phishing so it's nothing sophisticated highly sophisticated
in the true sense of the term but i saw the free education at ec council now so
yeah man they're gonna be locked down as tight as a drum. But I was going to say, it's that real misnomer of a term, APT,
which is just not always the case, right?
No, no.
Maybe it's not meant to be read as one word.
Maybe these are the options.
They are either advanced, they're either persistent or they're…
Or they're a threat.
Yeah.
You can have two of
them but not all three together yes oh dear excellent uh that was this week's industry news
this is the host unknown podcast, home of Billy Big Ball Energy.
So, Andy, it falls to you to cheer us all up again with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And because I couldn't decide on a Tweet of the Week,
I'm actually going to give you two for
the price of one so the first one is from corgi who is she's actually reposted a tweet that someone
else had done but it's a screenshot of a tweet back from uh august uh yeah looking at the uh
american date format uh or else it's the 8th of the 19th month.
Could be a North Korean one.
Could be a North Korean one, but it doesn't have the names of the people that made the tweet in that one.
So repost of an original.
But the question is, why are IT guys such dicks?
And the person replies and says,
Last week I drove two hours to push the power button on a server that three separate people assured me was already on.
Which I think we...
Which resonates.
Yeah, it resonates.
It resonates.
With anybody who's actually been in IT, so not Jav.
Yeah.
And also just people setting up their mic for podcasts right yeah i was waiting for that
yeah i just thought i'd get my strike in first you know it was funny because when we when we
discussed this before the show started i i my initial reaction was well it's a poorly designed
system if different people looking at it can't can't figure out whether it's on or off
it's clearly a design flaw and uh tom in his colorful way said no the people are being idiots
yeah and then i used an extra word than that literally two minutes afterwards he's like i
can't hear anything i can't hear anything yes oh maybe because i haven't plugged in the microphone. No, that's not what I said.
That's not what I said.
But it was a rookie error on my part.
Which I subsequently resolved myself, I hasten to add.
But I did remember to switch on the computer with the button.
Just saying.
Anyway, don't like that one because i i ended up looking bad in that
cheer us up a bit more andy the second tweet is from someone called meg and uh she has a proposal
for something called ransomware it's like ransomware but you can't get your files back
if you're too attractive sure you might lose all your data, but you'll feel incredibly validated.
God, Jav, I bet you're pleased.
You'll always get your data back, Jav.
How am I going to get my selfies back, honestly?
They'll be sent back before even a ransom is sent.
Again, first strike. Life's already been too harsh for you.
First strike.
Yeah, he had a tough paper round.
And in fact, it was Jav's birthday just recently.
Jav is now officially old.
No, I'm not officially old.
He's been officially old for a long time.
No.
All right, so you're unofficially old.
I don't know.
Choose one.
I don't know. I'm not old, okay? I don't know choose one i don't know i'm not old okay i don't know i can't remember wrap this up it's time for my nap
oh excellent thank you very much indeed gentlemen
jav uh thank you so much uh time for your nap now you can go and relax yeah put your feet up
sorry did that come out loud it'll stay don't don't worry. Anyway, thank you very much, Geoff.
Okay, you're welcome.
From your record-breaking friend.
He called me a friend.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure. You've been listening to The Host Unknown Podcast. If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
r slash Smashing Security.
So you know how Smashing Security asked us for a little note for their 250th episode.
Oh, yeah.
Did you see what they deliberately did?
They set the date as the 29th of November,
hoping that we wouldn't send them anything
because they don't want to play out our stuff on their show.
I think we should just send them a bunch of our jingles.
Yeah, that'll work.
That'll work.
They're just so insecure.
But send them with a copyright. You know, with the voice in the background,
like, you know, copyright, like, well, you know,
Holston in the background so that they can't just use it wholesale.
Congratulations, Smashing Insecurity.
We'll just send them this.