The Host Unknown Podcast - Episode 81 - Thom AI ver 2
Episode Date: November 12, 2021This Week in InfoSec (09:55)With content liberated from the “today in infosec” twitter account10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicatin...g computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots.https://twitter.com/todayininfosec/status/1193706921733189632 Rant of the Week (14:24)EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login formsAccording to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption. Billy Big Balls of the Week (21:18)Hack leaves fertility clinic medical data at riskThe Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients. Industry News (27:32)Ukraine Unmasks Armageddon Group as FSB OfficersFacial Recognition Firm Could Be Ordered to "Close" in UK, Warn ExpertsOne in Three Workers Monitored by Their EmployersRobinhood Data Breach Hits Seven Million CustomersUS to Charge Suspects Over Kaseya Ransomware AttackClass Action Against Google BlockedAnglers Redirected to PornhubScam PACs Allegedly Stole $3.5m from Trump VotersResearchers Uncover Prolific Hacker-for-Hire Group Tweet of the Week (35:44)https://twitter.com/bcmerchant/status/1457849195738451975https://twitter.com/sherrod_im/status/1458460638561382401 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So that Tom AI was a bit of a failed experiment, wasn't it?
It's lucky I'm back this week.
What do you mean failed?
It was a huge, roaring success.
It's been one of my most popular episodes ever.
How can you bet?
It didn't even sound...
The most popular episode ever.
It didn't sound anything like me.
Oh, dear.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to episode 81 of the Host Unknown Podcast.
Episode 85.
It's okay. I'm back, lads. I'm back. It's okay.
You can take out the AA batteries from that AI
and put it back in a box, not needed anymore.
Wow.
I've grown really fond of the AI,
and I'm really glad we've got it.
It'll be a far better friend to us once you're gone.
It might remember to get around to sending you your birthday present
for a start, Geoff.
Yes, it might.
It's only, what, three weeks late, isn't it?
It's all right.
It's all right.
It's a surprise birthday present.
It'll be a surprise when I find it, yeah.
And when it's all rotted inside.
The funny thing was, Tom literally had it there
in his sights when he said,
shall I get this?
I said, yes. And they wouldn't let me buy it because the boss wasn't there so it wouldn't let me buy it and then i've
just not had a chance to go back and now i'm traveling all the time so uh so oh dear this is
making me very worried as to what it was that they need boss approval for you it will be a what can
i say jav it will be a distinctly average present for an okay friend.
Yes.
It's the shirt off someone's back.
Yes.
Anyway, Javon.
Sorry.
One year, about five years ago,
I went to Columbia for a Tactical Edge conference.
Yeah.
And I presented it.
And one evening, we all went out
for dinner to this place it was a really nice um sort of place edgar rojas he he arranges the
conference he's a fantastic host he looks after you so we're all in there and it was a quite a
retro place uh they had lots of like old memorabilia scattered all over the place
and one of them was a neon sign for napster i believe oh wow
and so there's a whole table full of like 20 security people and hackers and what have you and
a few of them were like we really need that and uh they're like well how are you going to get it
off the wall and everything and then like so one of them went and sweet talked to one of the waiters
who called over the manager and they were like oh one of my best friends sweet talked to one of the waiters who called over the manager.
And they were like, oh, one of my best friends used to work there and he died and it would really mean a lot to us
if we could take it off your hands.
I think some money may have been exchanged,
but they ended up pulling out a ladder.
Two staff got up there.
It was a massive neon sign they pulled it
off the wall and uh we walked out of the restaurant with it so okay so andy the um the napster sign is
now off i didn't realize you already had one yeah exactly right god they told me it's the gift that
everybody wants the money can't buy it. Oh, geez. Okay.
Anyway,
how are you,
Jeff,
apart from bathing in the glow of your neon Napster sign?
I'm very good.
I'm very good.
Thank you.
You know,
we had a, a residence meeting just a few days ago.
Oh,
this,
this little saga is hotting up,
isn't it?
Yeah.
Yeah.
Now,
now there's some debate as to whether we put retractable bollards on the ends
to prevent unauthorised vehicles entering.
Hang on, I've got a far more important question.
Yeah.
What biscuits did you serve at the residence meeting?
Actually, I went out that day.
So I delegated my 16-year- old daughter to go and uh vote on my behalf
and what did she vote for the bollards because i told i told her to vote for the bollards because
some people wanted gates because they don't use their garage or they don't have a garage
so they wanted those big gates which are eight more expensive but be there a pain you even if
you're walking you have to oh where the keys i have to take it unlock it and everything
bollards will prevent the vehicles which we don't want but still allow foot traffic or
cycles and everything like that are they automatic one once you can press the button on
i well we haven't really decided it was just like like all a bit up in the air. But I think the voting took place. We've agreed on bollards. And now one of the neighbours,
who's a very active gentleman in this field, he's gone out to research the different types
of bollards. And he will inform us on our group WhatsApp group chat as to what was decided.
Is this gentleman the owner of a bollard installation company by any chance?
I have no idea
wow security at home and at work impressive well you know you're gonna have to send a picture
you know of the of the plans and of the installation and you know we're invested
here we're invested even the tom AI was invested. It was.
Yeah, absolutely.
Andy, what about you, mate?
You come to me just as I stuff my mouth because I thought this saga was going to go on for a bit longer.
You say it like that's a rare thing of me.
Yeah, this is true.
Referring to you just as you put food in your mouth.
I did.
You know what was funny was when we covered at the,
what do we call it the jerick show oh yeah on camera it's after jeff said a message saying
i didn't realize how much you eat you're just eating constantly
so yeah it's a good thing we don't have cameras on here but no yeah can't complain i rarely
complain so i've got nothing to complain about yeah nothing to talk about as a result you know
pick a fight with a neighbor or something or you know have some rubbish dumped on your lawn and
then you've got something to talk about well do you know what we did have someone uh dumped their
kfc uh like just everything outside our house what yeah pain in the backside but was there any
sort of dumpster diving looking for receipts any of that no just picked it up stuck it in the bin
moved on nicked a chip yeah exactly good food right yeah hey you know you can't let it what
you know 24-hour rule yeah look andy if you had the problem and no one was willing to help,
then you know who to call.
Yeah.
The Tom AI.
The neighborhood watch team.
That's it.
Your friendly neighborhood Jav.
Yeah.
Well, this week I am in Berlin.
Last week it was Amsterdam, which is why I couldn't attend.
But this week I am in Berlin.
I spoke at a conference yesterday, and I saw Checkpoint Charlie today,
which is really quite cool, even though it's surrounded by...
Oh, yes.
I was there a couple of years ago.
Yeah.
It's literally like four blocks down from the hotel I'm in.
That's amazing.
Okay.
But it's surrounded by shops that sell Checkpoint Charlie Tut.
Yep.
And right opposite, it's kind of nestled between a McDonald's and a KFC.
KFC.
Yeah, exactly.
Exactly.
But, you know, the KFC is on the old east side
and the McDonald's on the old west side.
So I think that tells you, you know, about those commie chicken eaters.
It's commie chicken eaters.
It's funny.
You're in Germany and yesterday for lunch I went
and had a German doner kebab which was uh quite quite
interesting. Was it called Donner und Blitzen? No it's called that's the name of the chain it's
called German Donner kebab. Oh right. And and on the wall they had uh pictures of the Berlin wall
and all the graffiti on the Berlin wall and we sat there and my wife looks over said what's this
graffiti they got on the wall and I I said, it's a Berlin wall.
And she looked at me as if she'd never heard of it
because she hadn't heard of it.
Did you tell her it's where David Hasselhoff made history?
Yeah, exactly.
But she didn't know who David Hasselhoff was either.
And you married this woman?
Sorry to hear about your divorce mate
you know
it's one of those
things like you know
marrying a mute blind
deaf girl it's one of
the things sometimes it's the only way you can
get married right exactly tell me
about it even that was
touch and go for a while
and Mrs. the Malik if you listening, that was all on Jav. That was unscripted,
entirely on Jav. Nothing to do with us.
She's got better things to do than to listen to this podcast.
Anyway, what have we got coming up for you today? Well, this week in InfoSec takes us back to when having a virus actually meant something.
Rant of the Week proves finally that size doesn't matter.
Billy Big Balls delivers on its promise.
Industry News brings us the latest and greatest security news stories from around the world.
And finally, Tweet of the Week is from the InfoSec branding department,
where your security measures may go up as well as down.
All right, let's go to the favourite part of the show,
the part of the show we like to call...
This Week in InfoSec.
I'm impressed that you're managing to sort of quarterback this show from a hotel room in Berlin, Tom.
What can I say? I've got my mobile studio with me.
Your iPhone, right?
Yeah. Yeah.
your iphone right yeah yeah so uh our it's gonna be a drive by infosec memory lane because what people probably don't realize is that we are recording a whole day earlier than usual and uh
we're even less prepared than usual so as i scroll through the today infosec timeline
uh our first or in fact our only mention is going to take us back a mere 38 years
to the 10th of November, 1983, where at a security seminar,
Len Adelman used virus in connection with self-replicating computer programs.
So afterwards, use of the term took off,
but it wasn't the first use of a virus in this way.
There was a 1973 movie called Westworld,
where it's used to describe the malfunction spreading in robots.
So was it the movie or the book?
Because it's a Michael Crichton book, isn't it?
Well, see, I don't know when the book because it was um it's a michael crichton book isn't it well see i don't know when the book was written um well it was before it was before the um the film because
the film is based on really yeah interesting um so what's interesting about it is obviously it's
the internet that this is posted on so someone's actually replied and said it actually showed up in The Scarred Man,
which was a 1970 sci-fi short story
where the author actually writes about
a malicious and self-replicating program
named Virus.
You remember that, Tom, when it came out?
Yeah, yeah.
I had to get it off my bookshelf and have a look.
The last time you saw a movie, wasn't it?
Westworld.
Westworld was such a good film.
Oh, the original one was.
Yeah, Yul Brynner.
Yul Brynner was just relentless and just so, so emotional.
He was the, basically, he's the Terminator's daddy.
Let me put it that way just the way he just
continues to hunt and brilliant absolutely brilliant a future world is good which is
the follow-on but right so that's why i was disappointed with uh you know the sky did the
series westworld yes yeah i liked it i know lots of people did but i couldn't like you
brenner's always the one that did it, you know, properly.
They did have a few references to that. Too much of a deviation.
Yeah, but there's too much of a deviation.
Yeah, but I think, you know, what the series did was actually investigate how AI, you know,
true AI and intelligence, et cetera, can evolve and grow.
Whereas in the 70s, there was, you know, that wasn't even a concept that people could even sort of understand,
that level of sentience.
Yeah.
So, well, I like the series because it really investigated, you know,
how, what happens when machines start to realise that they're just playthings,
you know, and that they actually do have lives and sentience
and a soul of sorts and you know all
that so uh it had it had its moments don't get me wrong but i i enjoyed it i must admit
you see i've never read the book and i i've not seen the original film so my only exposure to
westworld was the sky tv show and it was i when i watched it, I saw it less about the machines
and more about a commentary on how depraved humanity is
when it feels it can get away with stuff without consequence.
Yeah, yeah, very true, very true.
Dan, you're going too deep.
There's some clever storytelling as well.
Clever storytelling, use of time, you know, within the narrative
and all that sort of stuff.
It was good.
I was impressed.
Anyway,
anyway.
Oh yeah,
you said that was
the only one,
didn't you?
That's the only one.
That's the only one.
Excellent.
This is going to be
a short show, folks.
You might be able
to get your dinner
early today.
This week
in InfoSoul.
Excellent.
And I think we can move straight on to this week's Rant of the Week.
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
I had your back, Tom, to pick up the mantle off this.
I tried to do a rant last week.
It was horrible.
Was it?
So you've given this story to me that I've only just read?
Well, isn't that the same with all the stories oh yeah absolutely absolutely so um it turns out that if you click on the link in the show notes folks and you can read this for yourself obviously
but it turns out that if you are a pharmaceutical giant with millions and billions of revenue that you still under fund and under resource your IT
and security because many of these pharmaceutical giants basically run old vulnerable apps
and even fail to use basic encryption you you know, even like during login forms.
So, you know, usernames and passwords are passed through in plain text and all that sort of thing.
So in a report by Outpost 24 entitled the 2021 Web Application Security for Healthcare,
um 3.3 percent of those firms that were scanned are deemed suspicious um including open test environments that should have been closed and that's 3.3 percent is actually quite a large
amount given so that the kind of uh private sensitive and even intellectual property kind of data that is held.
18% of the organizations using outdated and unpatched web components.
And these are scanned from outside.
This is not just inside their corporate walls.
And one in five of these environments is insecure.
It's out of date.
It's the same in U.S. healthcare.
Organizations there have roughly the same amount of suspicious apps
in operation but tend to run fewer apps,
but 23.74%, so slightly more, are outdated.
I'm going to stop reading these highlights
because bottom line is health care certainly now certainly at this time is paramount in the
importance of our economy our livelihood our health obviously our lives and you know us getting
back to normal and yet it seems perfectly acceptable, you know, for these
companies that are making billions and billions of pounds, dollars, yen, and whatever else in
revenue, to run this kind of operation that puts all I've just said, you know, our livelihoods, health, economy, et cetera, risk from theft or loss or misuse, et cetera.
Basic SSL failures, privacy policy misconfigurations, cookie settings, you know,
just basic stuff that really on your externally facing environment should be fixed. So very,
really on your externally facing environment should be fixed.
So very, very surprising here.
Very, very annoying.
And I feel, therefore, very much counts as a rant of the week for me. Yes, yes, yes.
I think what's really interesting is, A, these are very low-hanging fruit,
a lot of them, like having test environments uh you know that that
is still exposed but what are the odds you know if one of these organisms gets breached they're
going to get hire kevin mandia to come down and say this was a highly sophisticated nation state
attack no one could have seen it coming uh we're going to help dig out the iocs and and secure you
from now on whereas like most anyone jeff it could have happened to anyone, Jeff. It could have happened to anyone, yes.
It can happen to anyone.
But without wishing to victim blame,
which I know is obviously very popular amongst journalists at the moment,
I think you're right, Jeff, because I think the problem is
many of the times we victim blame companies that are literally
just trying to do the very best they can.
You know, they're not these huge multinationals with billions of dollars of revenue and, you know, executives paid in the millions, et cetera, et cetera.
You know, many of these are just sort of regular companies just trying to do what they can with what they can.
These health care giants are quite literally that giants in
industry who should know better so do you know what's really surprised me about this is um
just the fact there's so many more publicly exposed applications in the eu that considered
health care because it is such huge business in the US. I would have expected not just the big, you know, big orgs,
but there would be, you know, very small orgs as well that have, you know,
sort of exposed applications.
And I would have thought it'd be more the smaller ones of those because,
like I say, it's such big business.
There's literally hundreds of thousands of these, you know,
Medicare providers or, you know,
sort of anyone that falls under the
healthcare industry in the u.s i'm just surprised that the eu has so many like three times the
amount almost well are they are they healthcare or pharmaceutical there's a distinction so
healthcare in the u.s is massive business but the pharmaceutical giants there's only a you know there's only a handful i don't know
pfizer gsk astra uh zeneca uh yeah but i guess going by you know the the infographic that's
included in the link they both it says us health care and eu health care so yeah yeah it's quite
strange yeah yeah yeah interesting things like yeah not having uh encryption on on application Yeah. Yeah. It's quite strange. Yeah. Yeah. Yeah. Interesting. Yeah.
Not having encryption on application forms and things like that.
Yeah. Because these are forms where you're probably typing in some of your most sensitive details, right?
Yeah.
You know, where on your body is the rash?
We don't want people that flashing across the internet in plain text do we
maybe not
certainly not in my case
anyway
that
my friends
was this week's
rant of the week
whew
god you know what
I feel better for that
got it off your chest
yeah
I got it off my chest
and I put it somewhere else
this is the
host unknown podcast
home of billy big ball energy
and talking of which let's move on jav it's your turn for
now this this uh literally wrote itself into the Billy Big Ball section.
A hack leaves fertility clinic medical data at risk.
Data from private fertility clinic was put at risk after a ransomware attack
hits a document management firm.
Can I say this attack was inconceivable?
Oh, man.
Fuck.
No wonder you were really keen on doing the Billy Big Balls this week.
Quite how it's inevitable, I don't know.
Oh.
So, yeah, that was this week's Billy Big Balls.
Thank you.
Oh, okay.
Oh, is that literally it?
You're not going to talk about what actually happened?
Oh, okay.
So they used a third party, as always.
It's a third party, that was it.
They were here and about 1,700 patients' data was affected.
They're thinking it might be sold on the dark web or just shared.
You know, the ICO told the BBC it was, quote, unquote, making inquiries.
So there's not much to go on.
Sorry, I'll say, you added a story purely to get that that pun into it's my podcast
i mean what's the point in having your own podcast if you can't do what you want to do on it
why are you ruining my podcast man well i want to do this billy big balls of the week so so disappointed in both of you i'll allow it so you know i actually um i've got my own company
and it is named it's literally a four-letter name which is very similar to a fertility clinic
it uses the exact same letters in just different order and the amount
of times because i've got a catch-all email address the amount of times that i receive
like quite personal information um you know literary results of fertility tests and things
like that the people just email me thinking that they're emailing this clinic um wow yeah like
quite quite detailed like what what do you do with the uh with the emails that
you receive uh i delete them these as soon as i just delete i don't want to deal with that sort
of stuff uh like historically like it's been going on for years right so historically i think back in
2017 2018 yeah i would reply and say like you know you've got the wrong email address, I think you need to resend.
But now I just delete them. There's a lot of stuff in there that I don't want.
Can't you put a rule in that will at least reply to these people to say, you've got the wrong one,
you need to resend this, and by the way, I've deleted this email?
Well, how do I know that it's not an email for me?
email well how do i know that it's you know not an email for me well use keywords you know like i don't know pregnancy and um conception and sperm and things like that oh oh right okay yeah you've
never seen the group chat that i'm no i just realized yeah okay fair enough yeah so have you
have you considered changing your company name from ivf sec
to something else oh do you know what and this this sperm counters are us
um like you joke but i was reading something about there's actually a company called meta
um facebook of bullying into giving up that's right did you see this yeah
oh i don't know the details of it yeah i have to google it right it's
or else we can google it and cut out a whole load of dead time while we google the story
um but no yeah so there was a small company called meta and apparently uh you know about
six months ago some lawyers turned up said they want to buy your name, buy your trademark, all that sort of stuff.
And, you know, it's all anonymous.
They wouldn't say who they were.
And they, as the story goes, they made quite a derisory offer, is what the owner of the company said.
Certainly not enough to cover the cost of rebranding and contacting all their clients and sort of explaining the change and all that kind of stuff.
So Facebook just pushed ahead anyway, right?
And they just announced that they're going to be called Meta.
And what are you going to do?
You know, as a small company, Facebook could tie you up in court cases.
Yeah.
You know, until you go bust.
God, it's so unlike Facebook.
A company that does so much good in the world and helps people
and is a beacon of truth and hope in our in our digitally
connected lives it really surprises me that they might have done something like that unfathomable
unfathomable you know uh you know i'm amazed that the the the lizard person known as mark
zuckerberg actually lets that happen. I thought lizards had better morals.
Oh, well.
Oh, well.
Oh, do you know what?
Actually, I'm Googling the story.
Yeah.
And Snopes has come up and said...
Snopes.
Unproven.
Oh, really?
Well, they say yeah yeah saying it's unproven yeah well that's because they're not allowed to talk about it because they're being tied up in uh
in this is such a great podcast andy brings up a story, gets everyone hooked, then also says, it's unproven, so I may have been wrong.
This is just like how we have to put up with Andy
and his mad ramblings as he thinks out aloud.
As the sugar hits his brain at high velocity.
Yeah, in between mouthfuls of gummy bears.
Yeah, we'll just rebrand this the Host Unknown Q podcast.
Anyway, Andy, I'm sure there is something that you do know.
What I can tell you is even though it is late on a Thursday,
we are able to go over to our news sources at the InfoSec PA Newswire
who have been very busy bringing us the latest and greatest security news
from around the globe industry news ukraine unmasks armageddon group at fsb
offices industry news facial recognition firm could be ordered to close in uk warn experts industry news one in three workers
monitored by their employers industry news robin hood data breach hit seven million customers
industry news us to charge suspects over kezia ransomware attack. Industry news. Blast action against Google blocked.
Industry news.
Anglers redirected to Pornhub.
Industry news.
Scampax allegedly stole $3.5 million from Trump voters.
Industry news.
Researchers uncover prolific hacker- hire group industry news and that was
this week's industry news amazing okay so which one of you two is monitored by your employer
that's exactly what i was gonna to ask. Do you know what?
Because if it's not you two, I'm fucked.
No, so we're monitored in our place of work.
But not just by people, right?
They actually use automated tooling that score things that you do.
So time that you log in, whether it's unusual behaviors,
amount of data you're copying, type of things that you're looking up as well uh so a couple of years ago
you know we're working on acquisition in korea and um you know essentially you've got a score
for every employee right and uh when you trigger a certain threshold that's when someone investigates
and uh you know looking at korean websites at uh two in the morning uh is apparently a trigger for unusual behaviors i wasn't aware that you worked for the
people's republic of china but you know it's good to know he doesn't it's he works for north korea
the democratic publicly public something korea yeah tpr game is that right i think that uh can depend on where you were the type of
data you've got access to i think it's appropriate to have technology technological controls in place
to uh you know non-judge and just based on data in terms of uh highlight anything that may be
considered risky that's that's double plus good it's all you know i think you
know it when you break it down and you strip away the layers who isn't being monitored the
technologies are collecting the data all the time anyway um so whatever you do can be searched
through i suppose the question is are they being proactively monitored? Is it actively being searched? Yeah, that's it. Yeah.
Rather than reactively.
And also, how are they monitoring as well, right?
So, like I said, the stuff that we go through is all based on behaviours, right?
Abnormal logging times, copying large amounts of data,
unusual patterns of activity on the network.
Andy doesn't normally do Pornhub at two in the afternoon.
Yeah.
No, actually, that's normal, right?
That wouldn't change the threshold.
No, no, no. What Andy was doing, he got caught,
so he hacked into Anglers, redirected into Pornhub,
and then said, I was only going to Anglers.
That's right.
Oh, God, if only technology was that dumb, right?
So many, many years ago, previous company,
we were in a multi-tenanted building.
And this was very, you know, what, 2006, 2006, that sort of time.
And we were chatting with the IT guys at another company, as people do.
And one of the guys said, you know, do you use any tools for, like, monitoring employees?
Like, you know, when people are working from home or any of that kind of stuff.
Because back then it was more normal to come into the office, but we started having more people work from home.
And, you know, it's still kind of people weren't too happy because one of the sales guys answered
the phone while he was cutting the grass all right you know when he was supposed to be working so that
didn't settle down well with the sales director thinking that everyone was working uh so they're
really saying that you know they're tools that you can use it you know to ensure that you know
productivity checkers right it's different thinking back then right you know in terms of
there's no mental health benefits or like, you know, people are there
to work on the company time.
You know, it doesn't matter if they do different hours.
So anyway, we spoke to this other company and they had a tool which took a screenshot
of people's desktops every five minutes.
And then they had someone that had to sit there and go through everything
to see what it was holy moly yeah that was pretty pretty detailed i mean you know we we like to
operate in uh you know close to the bone but you know even we thought that was too far
that was uh nothing that any of us wanted to be part of. I do remember when I first installed a 64K leased line into the company I was working for.
It was a big deal because it was fast.
Leased line or ISTN?
No, it was a leased line.
Wow.
Yeah, it was proper.
Proper, had its own static IP address and everything.
Money bags over here.
Yeah, I know.
I know, right?
And when we put it up to two meg a little while later,
woo!
But yeah, the very, you know,
put our first firewall in and all that sort of stuff.
And I was going through the logs as you do,
because I was a nosy git.
And the amount of pornography that was being downloaded
was incredible.
It's like fantastic i don't have to you know wait for you know each pixel by pixel to download at home to uh to masturbate to it can
come down really quickly while i'm at work um yeah i had to have a i had to have a word with a few
people actually um you know just not not not to say stop it but just to say you can be seen
knock it knock it off
so that was the thing right back then it was um you know that's like you you learned things about
people you didn't want to learn right yeah yeah i i found out about a guy who enjoyed amputee porn
right so i the worst one i saw was a guy who enjoyed granny porn um but what was really weird
about that was that his uh he was russian his wife was russian um but she was she was really
young looking like oh like ballerina type And that's why it was such a contrast,
is that he had married this really beautiful,
like young girl from Russia.
And yeah, he spent a long time looking at granny porn.
Well, people, you know, I mean, you do what you do, right?
But not when you, well, not when you should be working, for a start.
The other thing I got, I thought the company was pronounced Kaseya, not Kassia.
I don't know.
I've always called it Kassia.
Tomato, tomato, I guess.
I thought it was tomato.
I don't know, just get one of the PR people on to... Yeah, and also I thought it was tomato I don't know let's get one of the PR people
on to
yeah
and also I thought
it was tomato potato
ah
anyway
thank you
gentlemen
that was
this week's
industry news
okay
that brings us directly into the final segment of the show and this week's
tweet of the week and we always play that one twice tweet of the week
okay so as uh yeah we have two tweets of the weeks this week uh tom i'm gonna do one which
you came up with, first of all.
This is from Brian Merchant, and he's talking about, I guess, Google over time.
So in 1998, Google said,
Our mission is to organize the world's information and make it universally accessible.
And then in 2004, Google says,
Don't be evil. A company that does good things for the world,
even if we forgo some short-term gains.
And then we reached 2021.
Google's achieving the mission of the DoD together.
Which I think is a nice summary of where Google are.
The Department of Defense, by the way.
Of course.
I assume that most people in the infosec uh arena everyone knows about we are a broad church yes but it's uh yeah you that's a
bold claim thinking that infosec people listen to us but but uh yeah no i think uh dod orange book But, yeah, no, I think DOD, Orange Book, that kind of stuff,
I think it's embedded in everyone's, most people's minds.
Yeah.
Yeah.
But it is incredible because I always remember Google saying about,
you know, do no evil, I think was the actual tagline, wasn't it?
Yes.
Do whatever you want in Google.
You join us and you can go and run your own projects
and blah, blah, blah, but do no evil.
And now look at them.
Incredible.
Absolutely incredible.
And that leads us on to our second tweet of the week.
This is one from Sherrod DeGrippo.
I apologise for the bad pronunciation of that.
It simply says,
has anyone considered rebranding InfoSec
as Corporate Wealth Advisory?
They're basically the same thing.
Breaches are expensive.
Past performance is not a guarantee of future results.
That sounds like...
An ad for a wealth management company. also but also i'm laughing at it but don't particularly understand it really yeah i'm not getting the analogy very clearly
it's it's you know what i think it's it's i like the analogy it's too clever for me is what I'm saying. Yes, yes.
That's the problem.
It's a bit like the people that call themselves technical debt consultants when they work in InfoSec.
Technical debt consultants?
What the hell is one of them?
You know, it's a joke.
Do you know what?
I have genuinely not heard that.
It's not a real thing. It's something that people throw around just in jest.
Of course it's not. That is shite.
No, but you know how it's like one of the big problems with organisations,
they accumulate technical debt over time.
Yeah, yeah, yeah.
And therefore security debt is one of those things.
And like, you know, it's a play on that.
Wow, that's the problem with analogies.
They don't really fit.
Who would have ever thought?
And if you think too hard about it, it doesn't make sense.
That's the problem when you grab the bull by the horns, Jeff.
Oh, no, that's a metaphor.
When you grab the cow by the teats, this is what happens.
What was the first person who'd done that actually thinking
yeah exactly
he's
well he thought
he was going to
pull the other one
for a start
oh
move along
Tom
no
no
I'm going to milk
this for all it's worth
I delete
irresponsible
oh
gentlemen thank you very much for this week's show Irresponsible. Oh,
gentlemen,
thank you very much for this week's show.
It's a highlight of my week.
I, I left last week feeling a little lower than normal.
Um,
knowing that you just,
um,
you know,
unboxed and rolled out Tom AI,
but feel a lot better for that.
So yes,
thank you very much,
Jeff.
Thank you,
sir.
Have a lovely weekend and um
yeah uh i hope you enjoy listening back to this as much as well as much as many of our audience
you assume that i listened back to this i know yeah and uh andy thank you very much sir
are you secure my friend stay secure
you've been listening to
the host unknown podcast
if you enjoyed what you heard
comment and subscribe
if you hated it
please leave your best insults
on our reddit channel
worst episode ever
r slash
smashing security
legendary security legendary oh man that took me a little while to
fall into that one
he was using the outro to google some
like cow puns
yeah i think he was yeah i think he was