The Host Unknown Podcast - Episode 86 - The Oh So Christmas Special
Episode Date: December 17, 2021This Week in InfoSecWith content liberated from the “today in infosec” twitter account16th December 1988: 25-year-old computer hacker Kevin Mitnick was charged for crimes including theft of softwa...re from DEC (Digital Equipment Corporation), including VMS source code and allegedly causing $4 million in damages to DEC.Ex-Computer Whiz Kid Held on New Fraud Countshttps://twitter.com/todayininfosec/status/147163999100882534415th December 1994: Netscape Communications Corporation releases Netscape Navigator 1.0, the world’s first commercially developed web browser, although this particular version was free for non-commercial use.15th December 1995: Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first worldwide web search service to gain significant popularity. One of the most popular search engines in the early world wide web, Google didn’t overtake AltaVista until 2001. AltaVista was eventually purchased by Yahoo! in 2003. Rant of the Week (15:49)Thom starts but quickly hands the baton Jav who takes a clear lead on this weeks rant... about Andy. This is Andy's response:Songs that build up tension and stumble forward: Songs that skip a beat Billy Big Balls of the Week (21:34)National Lottery scratch card fraud: Men jailed over £4m jackpot claimI talk about the time Thom went solo with (TL)2 ventures and highlights how going solo is a brave move for someone in a cushy CISO job. Industry News (28:23)Hackers Target India’s Prime Minister“Worst-Case Scenario” Log4j Exploits Travel the GlobeChristmas Payroll Fears After Ransomware Hits Software ProviderGrindr Fined €6.5m for Selling User Data Without Explicit ConsentLog4j Looms Large Over Patch TuesdayFrance Orders Clearview AI to Delete DataRegulator: Venues Must Protect User Privacy During #COVID19 ChecksAll Change at the Top as New Ransomware Groups EmergeUS and Australia Enter CLOUD Act Agreement Tweet of the Week ( 38:09)https://twitter.com/GeekChickUK/status/541242616407687168?s=20 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
As a podcast, who would you like to trade places with?
That's the question.
As a podcast?
Well, we're not allowed to mention
they who shall not be named for three weeks.
Well, I wouldn't want to trade places with them at all.
Obviously.
No.
Obviously.
I'd probably say we should trade places with Joe Rogan.
Isn't he a bit of an arse, though?
Yeah, but he gets, like, billions of views
and millions of dollars in revenue.
Isn't that what's important here?
Isn't that what Christmas is all about?
Well, it's how you pay for Christmas.
Well, you know.
Go anti-vax.
Yeah.
It's not anti-vax.
You just take some horse medication
and it cures your covid the only horse medication
i've taken is ketamine you're listening to the host unknown podcast
ho ho ho and welcome to the host Unknown podcast from wherever you are joining us.
Hello, good morning, good afternoon, good evening.
Welcome to the oh-so-Christmas special episode of the Host Unknown podcast.
Gentlemen, good day to you all. How are we? How are we?
Jav, how are you?
Wagwan, rude boy, junglist massive.
OK, my universal translator's not quite warmed up yet, but I'm guessing that's good.
Yeah, all good, man. All good in the hood. How about you?
Nice. Yeah, very good. Very good. I can't believe I've got just a couple more days of work
and then I'm off for a little while. I'm off for a couple of weeks. It's going to be nice.
A couple of more days of work, as if you're implying that you've worked in the past.
I work incredibly hard. I work at least as hard as you.
Well, that doesn't take much. That's not saying much.
Set the bar low and fail to reach it.
And talking of a low bar, Andy, how are you?
Right, that was actually a joke about taking ketamine, okay?
So I didn't realise that, you know, you'd gone into the record
and then rolled straight into the jingle.
So let's, you know, any prospective employers out there,
that was a...
And also, let's face it, any frequent listeners of the Hostland podcast know that we're a joke.
So come on.
How are you, sir?
How's your week been?
It's actually been a pretty terrible week.
Oh, no.
It started off and it's all because of this log 4j uh as you may be aware that i
do have a client facing role uh in the day job and clients are demanding and they ask some stupid
questions right i'm not saying i get it there was a big global panic going on yeah everyone wanted
to know what was going on i appreciate that but what are
you going to do with that information on a sunday you know that's all i'm saying yeah yeah yeah
it's the standard corporate response to basically say oh yeah no unfortunately we don't get away
with that kind of stuff had you know if i had full autonomy on the message that went out and i didn't have to
run it by pr or global communications or branding um i'm sure it'd be something like bitch please
just give me a couple of days to get my shit together yeah but alas you know we have a process
in place and it's um and also it starts with the line we take security very seriously absolutely
yes and also you don't know how to spell
yeah exactly i'll do a voice recording though right i'll be like
give me your whatsapp yeah what's the best number to call you on
incoming wav file
a spokesman for the company said,
I don't know.
Oh, dear.
How's your week doing?
Yeah, not bad.
It's not bad.
Definitely, obviously, events have somewhat dried up,
so I'm working on some new presentations.
So, yeah, they dried up not only because of Christmas,
but also because of Omicron
how did the Greeks predict all of the names of these variants it's just incredible
yeah so impressive there's a lot more stuff those Greeks have got in the pyramid that we don't know about yet apparently so um so uh yes things are things
have changed it literally feels like so i've been i've been at this company for almost or just over
a year literally just over a year and um it feels like exactly the same position where we were this
time last year like just about to lock down you you know, still not quite sure what's going on.
The only difference is I've had three doses of ivermectin
or whatever it was, you know, to help me get better.
But, yeah, talk about deja vu, do you know what I mean?
Yeah.
Very weird.
Let's see what we've got coming up for you today
in this week's Oh So Christmas special.
So it's Christmas and therefore we'll take a look back
at our Oh So Fun Pack lives
and tell stories of the jinx, japes and capers
of Host Unknown from the last few years. What that really
means is we haven't got a lot to say apart from the latest vulnerability. So we're going to sort
of take a few things from our past and try and palm them off as a fresh episode all together.
as a fresh episode altogether.
This week in InfoSec obviously takes us back to where it really started,
although perhaps not so far back as the little baby Jesus in his crib.
Rant of the Week shows that scanning isn't something done just by pen testers.
Billy Big Balls is a story in two parts,
which unfortunately were not financially connected.
Industry News brings us the latest and greatest security news stories from around the world.
And finally, for the year, Tweet of the Week tells of the greatest story ever told from Nottingham. OK, so let's move on to our favourite part of the show,
the part of the show we like to call...
This Week in InfoSec.
It is that part of the show where we take content liberated from the Today in InfoSec Twitter account and further afield.
And I'm pleased to say that our little nudge last week did help Steve jumpstart his account as he has this week reminded us that it was a mere 23 years ago, on the 16th of December 1988,
that 25-year-old computer hacker and friend of the show, Kevin Mitnick,
was charged for crimes including theft of software from DEC,
which included the VMS source code, in addition to allegedly causing $4 million of damages.
in addition to allegedly causing $4 million of damages.
And with this story, one of my favorite quotes on his arrest was from a guy called Detective James K. Black,
who was the head of the Los Angeles Police Department's
computer crime unit, when referring to Mitnick said,
he's several levels above what you would characterize
as a computer hacker.
Now, if that is not a tagline for your LinkedIn profile, I do not know what is.
And Andy, points of order here.
What's the name of the company?
DEC.
D-E-C.
DEC.
DEC.
DEC.
Not D-E-C.
What?
DEC.
It's DEC.
DEC.
Digital Equipment Corporation. DEC. DEC. Do you know what? Do you know what's happening? It's over. Deck. Digital Equipment Corporation.
Deck.
Do you know what?
Do you know what's happened?
It's over time.
This is a problem.
Over time, I've stopped remembering that name,
and it's now just an acronym.
My very first commercial job in computing
was working on DeckVac systems.
Were you like the punch card person?
You took the punch card? Not far off.
We had reel-to-reel backups.
Jesus.
Was DEC the one that does the
drink driving or was that Ant?
Hey!
Hang on!
Hang on!
Oh dear.
Our second story.
So let me ask you what you guys were doing on Wednesday of this week.
Did you do anything productive?
Well, for the record, obviously, yes.
Officially.
I'm all about productivity.
Oh, my God.
Probably my most productive day of the week.
Wednesday is my 3x productivity day yeah yeah so it'll be something that you know in years to come we'll look back at and say wow
on that day 15th of December uh you know this is where it really started for everyone I was so
productive man yeah so I mean for me and I'm sure this, you know, the 15th of December has contributed to
my life online, as I'm sure it did for many others when 27 years ago, on the 15th of December 1994,
Netscape Communications Corporation released the Netscape Navigator 1.0 browser, which was the world's first commercially developed web browser,
although this particular version was free for non-commercial use.
And then a year later, not even a lesson,
a year later, on the 15th of December, 26 years ago,
again, developed by researchers at Digital Equipment Research Laboratory,
the AltaVista search engine was launched.
And this was the first sort of worldwide web service
to gain like really significant popularity.
And it was one of the most popular search engines
in the early days of the web until, you know, Google overtook it in 2001.
So, you know, using Netscape to search for things with AltaVista as your homepage, until Google overtook it in 2001.
So using Netscape to search for things without a Vistra as your homepage was pretty much the symbol.
That was pretty standard.
It was.
I mean, that was the symbol that you were someone
that knew how to navigate the internet.
Yes.
You were an elite surfer who could turn their noses up at AOL users.
Yeah, or Lycos or whatever the other one is.
Lycos, God, yeah.
I used to use, my first internet provider was after bulletin boards.
No, MSN, the Microsoft Network.
You had money, money.
You were rich, rich.
I was a beta tester for it.
You had money, money.
You were rich, rich.
I was a beta tester for it.
So, yeah, that was – it was bizarre.
It was – back then, it was like you connected to the internet through another company.
It's like you gained access to the football fields
by walking through someone else's house.
Do you know what I mean?
It was, you know, rather than just walking into the football field,
you had to be invited and knock on the door of someone else's house,
walk through their hallway, through their living room, their kitchen,
open the back door into the garden and then into the football field.
It was really odd back then because CompuServe was like that,
AOL was like that, MSN.
You never just connected directly to the internet,
at least not in the very early days.
No, there were a few free providers that cropped up as well.
They just gave you the phone number and so you'd dial the modem
into that number and you'd be on the internet
without having to register and stuff.
It was a bit more expensive though, I think serve it might have been free so no but again free serve
although the numbers were free it was still a service you paid for and you still went through
their manner as it were they got over they got taken over by dixon's didn't they in did that yes
they did dixon's god all these names that have just gone.
Yeah, all these places that you used to shoplift from as a youngster.
Well, the only place Dixon's survived in the UK was in the airports,
but I believe they have closed all their stores in the airports now.
Oh, really?
Yeah, they've been closed in T5 all the last five times I've been through there this year.
They're gone.
Wow.
Gone.
I know.
I know.
Where am I going to buy my crappy overpriced stuff thinking I've made a bargain?
Aren't they with PC World or Curry's?
They're all merged together.
That's right. But Dixon's Travel was the brand that they retained for,
or was the Dixon's brand they retained, I should say.
Do they still have W.H. Smith's in the airport?
Yeah, they've gone big.
They've gone big.
They've got special W.H. Smith's bookshops.
Wow.
Not just everything you might want and some weird shit at the till
that they keep asking you to buy, but, you know, just bookshops.
It's a world gone crazy, I tell you.
It has.
OK, we're losing anyone born before 1990 right now.
So let's move on.
Andy, thank you so much for this week's...
This week in InfoCircle.
Let's all agree to be naughty and save Santa a trip.
This time, Saving Tip is brought to you by Host Unknown.
Merry Christmas!
is brought to you by Host Unknown.
Merry Christmas!
Merry Christmas!
So I trust both of you have been naughty boys this year?
Of course.
Yeah, I gave up on getting on that nice list a long time ago.
Yeah.
It's overrated.
The game is rigged.
It's like McDonald's Monopoly.
McDonald's Monopoly. I was in Poundland the other day,
and for our international listeners.
What happened?
I know.
Is it that annual trip where you go around and laugh at people?
Yeah.
It's like undercover boss.
It's like dollar store in the US, right?
I was in Poundland.
You can get Poundland Monopoly.
How does that work?
Is everything just a pound on it or something?
I have no idea.
I have no idea because, unfortunately,
the game was 15 quid in Poundland.
What?
I know.
I couldn't work it out.
Couldn't work it out.
But I'm so tempted to buy it.
it out couldn't work it out uh but i'm so tempted to buy it just that's like a really shitty uh stocking filler or something
you don't actually buy the properties you just like go and squat in them or as you go around the
board every property lands on you how much is that yeah yeah how much is that how much is that
anyway let's move on to this week's
so yes eons of tradition make this rant of the week fall to me again. And this is, well, since this is the trip down memory lane,
this is the reminiscing part of the year's shows,
I'm going to rant about you, Andy.
Okay, here we go.
A long show.
Yeah, exactly.
Now, let me just flick through this list.
So the fact is...
Be specific, OK? We don't have that much time.
Yeah, that's right.
And this week's rant is about Andy, and that was this week's.
So, Andy, and I know, Jav, you'll back me up on this.
This story takes place the summer summer of 2019 where our three
intrepid heroes plus a behind the scenes cameraman took the long trip up to leicester uh not nottingham
as i said in the uh intro sequence but uh leicester to film what was to become our least successful
music video for at least a year until the one we released last year.
And it was, do you know what?
It was good.
It was very professionally done.
We had our friend of the show, Jim Shields.
He was director.
He was returning a favor like a true gentleman,
and he went all out to help us record this video. We had the lyrics and the tune, as it were,
and Jim had that professionally recorded as well.
We were ready to go.
We were ready to go.
I even remembered the first two or three words of each line
before I had to look at the cue cards as well.
Now we know you're lying.
Yeah.
I even remembered after the second or third attempt
that sometimes you have to sing and walk and dance
at the same time.
It's quite challenging, trust me.
And then halfway through it, Andy basically says,
no, I'm not doing it. I'm not doing this. I'm not doing this. Yeah. And then halfway through it, Andy basically says,
no, I'm not doing it.
I'm not doing this.
I'm not doing this.
Yeah.
No, the lyrics don't scan.
It's not how it should work. And Jav and I are like, what?
What are you talking about?
No idea what that term means.
Yeah, the lyrics don't scan.
At which point, to rub salt in the wounds,
he gets out a portable speaker that jav
and i bought for him that was a rue that day um gets out a little portable speaker and then plays
the track and sort of says see this bit doesn't scan so what bit where no not getting it and so
he plays the original see see it's not and it, no, I'm not really seeing a difference here.
This went on for a couple of weeks.
It was almost vetoed, almost vetoed.
We basically, I think Jav and I said to you, Andy, you fix it.
You've missed out huge chunks of this story.
Well, I'll tell you, I'll tell you the big chunk you did miss out
oh okay the whole reason it was re-recorded no no listen listen yes it was because the original
uh copy you supplied was low quality really low and then you actually had your friend
chris rice actually recorded a high quality version and emailed it to you two weeks before we
even went to the tube but because you never check your emails you didn't have it so had you just
checked your emails Andy we wouldn't have been in that mess wait it wasn't even a mess for anyone
other than you I didn't know that rant of the week could be a relay but do you know what i am handing this baton over to you jeff
so vexed about this that i met one of his colleagues at an event a month later and he goes
oh how's it going jeff yeah are you still speaking to andy i said why not he goes he is so vexed at
you guys he's like effing and blinding in the office every day about how you guys can't hear that the lyrics aren't scanning or not.
I have no idea what that even means.
I'm not looking around in this warehouse that we're recording in, which is full of dust and allergies and everything.
And I'm like, is Dr. Dre somewhere here in the office?
It's like, are we seeking his approval?
I have no idea what was going on
with andy that day he was just like you know andy there's a point where tom and i were in a corner
rocking like you know saying like we need to replace it i think i think we did try to explain
this to you at the at the time I'm going to get that link.
I'm going to stick it in the show notes.
And it's about how the way music plays and when there's beats,
it builds up a tension in the brain.
And that was this week's Rant of the Week.
Merry Christmas.
Merry Christmas.
You're listening to the Host Unknown podcast at Christmas.
Happy whatever doesn't offend you.
It's the most wonderful time of the year.
But we've all moved on.
I'm not biting. I'm done.
All right.
Well, shall we move?
I don't know why I do the rant of the week,
you know,
because I think when Jav gets the bit between his teeth,
nobody wants to get in the way of that.
Anyway,
Jav,
over to you for this week's.
Yes.
Well,
today's Billy Big Balls is a story of two halves,
which are completely unrelated.
So the first one is just a recent story that caught my attention and I thought it's too good to not mention on today's show.
So there was a couple of a few men who like to play the lottery and you can obviously buy the National Lottery tickets or you can buy
their scratch cards where you buy the card
for a quid each or something.
You scratch them off and
if the numbers match, then you win
that amount. Something like that.
Anyway,
these gentlemen, they bought
a bunch of scratch
cards, five of them,
at Waitrose in Clapham Common, a fine part of London.
Avoid it if you don't have a flat jacket. But they won £4 million on a scratch card.
Isn't that amazing? So what has this got to do with security and Billy Big Bull's move?
When they went to claim it, they said, we don't actually have a bank account. Would you mind
giving us the money in cash? And they're like, hmm, you bought the ticket on a debit card,
so clearly you must have a bank account. And then they were like, no, it belonged to a friend. It was this.
What's your friend's name? John. What's John's surname? I can't remember. It was all sorts of
things going up and down. It transpired that they had actually just stolen someone's, not even their
card, but their card details. And they actually paid with the card he had the card number written down on his hand uh so they stole someone's someone's card they bought scratch uh
scratch card with with the card um the stolen card details and subsequently they uh they tried
to claim four million and national lottery done an investigation said uh-uh you're not having it and now they're all banged up in jail
for fraud as billy big balls go they're kind of i don't know dumb balls well
stupid balls i don't know yeah do they expect what's going to happen i know i mean it's it's it's almost as stupid as claiming the lyrics don't scan but
anyway moving on uh the the uh the the reminiscing part of our story is uh if you're a cso in a nice
job a cushy job a big global corporation and you're the head of security, the CISO, the head honcho,
the director of security, whatever the title might be,
and you're making, like, I don't know, you know, good money.
You're making, what do the kids say?
You're making coin or whatever.
You're making bear peas.
Bear peas.
Bear peas?
Yeah.
That's what the kids say.
Yeah.
I thought bear pea was yellow.
Bear pea?
See, I'm thinking of burpee first, but anyway.
Anyway, you have that experience.
You have that cushy number.
You have everything there.
But then you still think, you know, thisy number, you have everything there, but then you still
think, you know, this is not fulfilling me as an individual, you know, the company paying for my
business class flights is not good enough. I want to go solo and I want to set up my own,
you know, company as a solo person. So basically a solo contractor and go out there and help as many
organizations as they can do better in their security so this is the birth of tl2 security
uh our good friend off the show tom langford uh who went off sorry who's friend friend friend of
the show is you well was was a friend of the show until roughly five minutes ago
when he started his rant of the week, apparently.
Hold on a second.
I'm just trying to send back this Christmas gift.
If I go quiet, bear with me a second.
So he went off and went solo, and he was doing really well.
I like talking about him as if he's not in the room.
But he went solo. He was doing really well and I like talking about him as if he's not in the room but he went solo he was
doing really well and then and then the the pandemic hit and uh that really put a threw a
spanner into his works and and a lot of people's work but I think it's um you know going solo is a
scary perspective for for many people and and I think in Christmas spirit, I'd like to tip my hat to all the
contractors out there, all the people that are out there grinding every day. It's a hard job
being a contractor on a day rate. And you're forced to justify yourself every three months
or six months, whenever that contract rolls around. And if you're in the UK, you're probably struggling with IR35 and all the other kind of like tax incentives of working in that
thing. But you know, you are a critical, critical part of the industry and the security that all
goes on. So thank you for your big balls and your bravery and for doing a good job.
So thank you very much.
So just to clarify, to add on to this, like Tom rants about me wanting something to sound good.
Yeah, you're praising Tom for just basically jacking it all in and chancing his luck.
Well, not just Tom, but I think every contractor.
I mean, you wouldn't know, I mean, you know,
having worked in the same one company since you were 12,
you're probably not used to change.
I'm only 21 now, so it's not that long.
No.
Yeah.
But yeah, yeah, that pretty much, you're right.
But that sums it up yeah yeah yeah lovely
thank you so much jav i have a little tear in my eye uh as do many of the contractors out there
listening to your dulcet tone the contractors are too busy working to actually be listening to me i
assume i say the contractors will be wiping their eyes with all those... Those £50 notes.
...spare bank notes they've got, yeah.
After tax, I don't think
there are many of those left.
Not under IR35 anymore.
Billy Big Balls of the Week.
Andy, I don't suppose you have a watch on your hand
with a sweeping second hand that doesn't miss a beat
without losing any of the tension.
And tell us what time it is.
Let me have a look.
It's that part where I don't have time to educate you on how lyrics scan in a song.
But it is that time of the show where we head over to our news sources over at the InfoSec BA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry news.
Hackers target India's prime minister. Industry News. Hackers target India's Prime Minister.
Industry News.
Worst case scenario, Log4j exploits travel the globe.
Industry News.
It must payroll fears after ransomware hits software provider.
Industry News.
Grindr fines 6.5 million euros for selling user data without explicit consent. Industry News.
Log4j loomed large over Patch Tuesday. Industry News. France orders Clearview AI to delete data.
you AI to delete data.
Industry News.
Regulator, venues must protect user privacy data during hashtag COVID-19 checks.
Industry News.
All change at the top as new ransomware groups emerge.
Industry News. US and Australia enter cloud act agreement.
Industry News.
And that was this week's...
Industry News.
Wow.
Huge if true.
Huge if true.
Huge if true.
And talking of huge, so Grindr and their €6.5 million fine
for selling user data
without explicit consent.
Does that mean you have to give consent whilst naked?
Asking for a friend before it's too late.
I assume so.
Yeah.
I mean, the wording is a little, you know, unfortunate there.
So I'm just reading what they gave away.
So it was GPS location, IP address, advertising ID, age and gender,
as well as knowing the user was on Grindr.
And that information was sold to third parties.
Yeah, that's not great, is it?
Not without consent.
Yeah, when you tie it back with the GPS location, you're pretty...
Yeah, exactly.
Exactly.
And, you know, given whatever your thoughts are on apps like Tinder
and Grindr and all that sort of thing, anything that happens
between two consenting adults, emphasis on the word consenting,
or more, then it's absolutely fine.
But to then sell that data about them without their consent,
that seems like an organisation that's founded purely on cash,
not on the desire to help people connect.
I don't like that imbalance or that dichotomy of morals and ethics, which I think is...
Wow.
You're going to be really disappointed when you hear
about this thing called capitalism.
You can be a capitalist and ethical at the same time.
Well, yeah, that's like you can be Andy and, you know,
tone deaf at the same time as well.
But, you know, we know that's not...
God!
Right, OK, I can't believe I'm saying this, Jav,
but, you know, you need to take all that,
tie it up into a non-scanning music-shaped Andy balloon
and let it go.
Bend over and shove it up your...
Turn it sideways!
Polish it up real nice so when when you read the headline us and australia enter cloud act agreement what do
you think this is about i assume they're going to be like sharing data. You know, like how the Patriot Act lets the US just access any cloud environment they want across the world if it's owned by an American company.
Yeah, even though it might not fall under their jurisdiction.
Yes, yes, yes.
I assume they're just getting Australia on board to agree to that.
Pretty much, pretty much pretty much what i was really surprised i i think the acronym cloud is really
bad to use then yeah because it's it's so it stands for clarifying lawful overseas use of data
i did not realize it was an acronym i'll be honest i thought it was about
yeah i thought it was about you know cloud environments like yeah no that's what i thought
and and it's written and the headline was written with cloud all in capitals.
And I thought, that's a weird way to write cloud.
Are they being very...
Is there emphasis on cloud?
But no, it's...
US and Australia enter cloud act agreement.
Yeah, exactly.
Or sea loud.
Sea loud.
But yeah, the cloud act agreement will help ensure loud. See loud. Yeah.
The Cloud Act agreement will help ensure
Australian and US law enforcement
agents are able to timely access
electronic data to prevent, detect,
investigate and prosecute serious
crime. So this basically
means the US will have access to all
Australian data. Wow.
Okay, that's a bit more than
just like AWS and Azure're you know when stuff's
going suspicious activities in those cloud environments yeah yeah yeah so i was looking
at the um you know that headline all change at the top as new ransomware groups emerge
and i'm still trying to decide whether i like this or not is that you know how we've talked
in the past about how some of these ransomware groups and sort of criminal organizations are better run than most
you know sort of footsie 100 companies yeah yeah you know greater rewards you know more aggressive
targets and you know really tight ship um and it now it looks like we're starting to report on
who's the who's the top group like we're almost going to have like a magic
quadrant for you know who are the the people that make up the best of these sort of cybercrime top
of the pops top 10 countdown yeah yeah oh these are the best ransomware groups this way oh yeah
we got hit by number one you know yeah yeah we didn't fall for number seven we got hit by the
best number seven tried number three nearly got through but it was only number one that got us.
Yes, yes, yes.
If it's below number five, then you can't say it was a sophisticated attack.
Or you use the top ten as a multiplier.
So you've lost data.
The ICO give you a fine and then multiply that by the number they rank
in the top 10.
So if you get hit by, you know, the top gang,
well, your fine's only multiplied by one.
But if it's like, you know, the 10th best, which is not very good,
then you get a fine multiplied by 10.
I think there's an incentive.
It's also an industry where like, you know,
that proper cyber espionage and sort of dirty tricks against your
competitors is tolerated.
It's expected, Let alone tolerated.
Yeah. Bonus points for doing it.
It's like, you know, the clues in the word criminals.
Yeah. Yeah. No, I think you're right.
I think there's going to be a dark web FTSE 100 listing or something.
We might even find our first black unicorn, a ransomware gang worth over one billion.
And we might even see some black M&A take place as well.
Yeah, or IPO even.
Or IPO, yes. So you can invest your crypto into these well-run organizations.
In like a series C funding round
yes
and you know what it will probably outperform
the Nasdaq and the FTSE 100
and the London Stock Exchange so yes
I'm all on board
I'm not saying I'm on board
but
for the time being
I'm happy to invest
excellent industry analysis of the news this week But for the time being, I'm happy to invest.
Excellent industry analysis of the news this week,
as always, from this crack team of podcasters.
Industry News.
The one thing no one wants to find in their stockings on Christmas morning is... Tom.
Merry Christmas from Host Unknown.
Keep the change, you filthy animal.
Can't see what the problem is myself.
These are some great sweepers, I've got to tell you.
We didn't do that sort of cheap thing where you just play jingles,
like bells over the top of your normal music.
Yeah.
No, we went all out.
We did it properly.
We paid for proper ones.
Exactly.
Proper ones.
Or you use the text to voice sort of editor on your Mac to do the voiceover.
Three weeks, guys.
That's all we have to do.
Three weeks.
What?
I haven't mentioned anyone. Right. That's all we have to do. Three weeks. What? I haven't mentioned anyone.
Right, let's go on to the final part of the show,
the part of the show that we like to call...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
So I am going to take this one
and I'm going to take you back to practically yesterday
or rather just over eight years ago.
And our tweet comes from friend of the show Iggy
who posts the greatest story ever told.
Host unknown style.
Thank you for the laughs.
And it includes a link to a video that we did and this was filmed up near i want to say nottingham but it was leicester again wasn't it it was leicester
yeah so around that um jim shield so friend of the show jim shield um and this kind of like comes up
you know quite often people say well one of the questions
you always get is you know one when are you going to do another music video um not one that sucks
um and the other one is you know how who are you and what are you doing in my bathroom
yeah okay number two their number well that's probably number one uh but I wish they'd just say thank you. Right. Number three, are you VAT registered for the Haribos that you consume?
I'm going to get my lawyer on the line. I'm not comfortable answering these questions without legal representation.
You're trying to trick me. Taxman's put you up to this.
You don't. Yeah, that's how i got let off the hook i had to turn
informant so the question we often get is uh you know how long does it take to put a video together
and i was looking back to when we actually filmed this one and you know it started with an idea and
although we released it in december uh you know in the run up to Christmas, because obviously it was the greatest story ever told.
We started early November.
So we got an email from it was Micaiah Dream, who was the real, I guess, beauty and brains of the operation.
You know, truth be told.
It's Jim, everybody else's beauty.
Yeah.
She wasn't, was she the assistant producer?
I don't know what her official role was.
Assistant director, I think.
Assistant director, right, yeah.
But she was also, I guess, a professional actress in her own right, wasn't she?
She was on ITV's Footballer's Wives.
That's right prior to
that but yeah so it started with an email sort of asking us to pick uh three days that we could
pick from one of three days that we could show up and attend to record a video that we don't know
what the content is uh and then there's the only thing is if you guys have any sort of robes uh can
you bring them along and can you and can you grow a beard oh
can you grow a beard as well yeah and that you know what made me laugh is that there's a whole
email thread and actually it was you can tell it's a while ago because we were all responding
to emails back then um and i think tom you asked for a script uh you know is there a script we
should be looking at or can we wing it and then j Javs posted his, you know, here's the short version.
Mary, Joseph and baby Jesus in the barn.
Mary and Joseph having a bit of a barney because the paternity test shows Joseph isn't really the father.
Whereas Mary is giving it the whatever, you don't own me attitude.
And before things get out of control, in come the three wise men, who then reveal themselves to be Tom,
who's a futuristic cyborg atheist sent back in time to stop religions from spreading.
But before he can do anything,
Andy reveals himself to be an undercover Jew sent from the future to stop the atheist and snatch the baby.
In the ensuing fight, Jav gets into the baby,
looks into the crib to see that the baby is actually Jav.
There's a switcheroo somewhere.
The baby pulls out the dummy, says,
Durka, Durka, and then we see the dummy is actually a grenade.
And kaboom.
And then Jav underlines it and says,
the way I see it, if we offend everyone, we don't offend anyone.
if we offend everyone we don't offend anyone okay i really hope this is the actual script and mckay is like it is now
and so and this whole message thread just goes on for so long but i actually said like you know
i've got my ability to grow beards is disappointingly lame. And then I said, but I do like the way we all think.
Jav instantly assumes he's a wise man.
Tom instantly assumes he's one of the three kings.
I see the word beard and assume we're making bit part appearances as shepherds.
And then the whole thing, right?
Up until the day before we went, like the night before we said is there an address
that you want us to come to tomorrow and she's like don't worry you'll get the script when you
arrive and arrive where it's just crazy that we actually managed to produce let's be honest twist
and shout managed to produce quality content with the
lack of planning that when it you know we all had an idea we always know that there's a message we
want to try and convey but you know we're never quite sure what that message is and you know even
looking at the original treatment uh you know what us normal people would call a script um you know
those in the in the in the industry call it a
treatment there's uh lines at the end that we didn't even use it's um what is mer anyway i've
got an ipad you know google to all men it's goodwill not google you idiot but at the time
the whole thing was about giving away your location on Foursquare, which was a popular app, which is no longer around.
We really jumped on the right app for that one to have longevity.
Timeless.
Aged like milk.
Yeah.
Left in the sun.
A lot of effort.
We do manage to turn out some good videos.
And you'd be surprised at how chaotic it is beforehand.
The thing I remember about that day is you said,
because I stayed over in London the night before,
and you said, come to my place.
I'll pick you up.
Come to the station nearest me.
I'll pick you up.
We'll drive and pick up Jav.
So I was staying in southeast London.
So I got the very first train at 5 o'clock in the morning out to what,ham or no not beck it was even further than that wasn't it it was no i came
to pick you up from some random station i don't even remember which station closest to you
i i went was it hayes yeah yeah hayes in kent that's right it was hayes so i went to hayes
which is what you know half an hour southeast from where I am in southeast London, like at Zone 6 or something like that.
We then drive virtually past where I was staying overnight, get lost in the city to pick up Jav, finally pick him up at something like eight o'clock in the morning to get up to Nottingham.
And we got to Nottingham at what felt like two o'clock in the afternoon.
Leicester.
Leicester, whatever.
Up north.
God.
Yeah.
Outside the M25.
Yeah.
Oh, my God.
So, yeah, it was a long, long day, as I recall.
We realised it would have been easier to drive around the M25 rather than through London.
Yeah.
Yeah.
Especially at half past five in the morning. London. Yeah. Yeah. Especially at half past five in the morning.
Yeah.
Yeah.
Yeah,
definitely.
But you know,
you know what?
The great thing about that video,
not for us,
but was the village which Jim was living in.
That's where we shot in,
in one of his neighbor's barns.
He lived a few,
few doors up from him.
And they,
he said,
can I borrow your barn?
We're shooting a Christmas video.
And his neighbors were, were devout Christiansians they used to go to the church and everything
and when they saw the video that came out they were deeply offended were they i did not know
that and they kind of like you know jim got the cold shoulder from them and most of the community
but he didn't care because he was moved out of there shortly after.
How can you be offended by comedy,
for goodness sake? It did offend a few people. If you remember, there was a particular
organisation
who shall remain nameless who
thought that
joking about religion was too close to
the bone for some.
And it wasn't even a joke at religion.
It was just a religious themed joke.
Exactly.
Exactly.
Not many people wanted to touch that.
Yeah.
To be honest, not many people want to touch a lot of our videos.
I remember someone recently, they played one of the Lost All The Money video,
but they only played the first sketch and then they didn't play the music
because there were people dancing in glittery outfits.
Yeah, that's right, because there were women dancers in it.
You know, the ones who look professional and could actually dance and move
as opposed to the three of us who look like, I don't know, sacks of meat shoved.
Honestly.
You know, yeah, I don't get it.
That's the last time I'm agreeing to let the Interior Ministry
of Afghanistan play any of our videos.
I mean...
LAUGHTER
Although, you know, after the change of the government there,
we have had a new inquiry.
Yes, we have.
Oh, dear.
Nice one, Andy.
Nice one.
That was a lovely trip down memory lane.
Thank you very much.
Tweet of the Week.
And so we draw to a close for this year. Now, we won't
be back next week.
In fact, we won't be back until
what is it, the second
week of January? Something like that?
Well,
7th or 14th of January. We'll surprise
you. Subscribe and you'll get a notification.
Yes. Yeah, there you go. and you'll get notification. Yes.
Yeah, there you go.
There you go. I think, you know, let's not just confine ourselves
to the constraints of the calendar.
Let's just go with our creative juices takers.
Hopefully not to the doctor's surgery.
So, folks, thank you so much.
It's been a wonderful year, despite being locked up for much of it
and despite getting a little sniff of freedom before having it snatched away
just before Christmas yet again.
We do hope you've enjoyed our podcast this year,
our listenership stats.
Kind of say you do, actually, which is nice,
nice to know. We wish you all, whatever it is that you are celebrating, even if it's just
celebrating the fact you have a few days off, we wish you all a lovely group of holidays,
happy new year, et cetera, et cetera. Javav thank you very much sir you're welcome as always my good friends
and uh and listeners as well uh really really you know what it's it's it's an honor to be
on this show every week and stream directly into your ears uh thank you for putting up with us
and uh hopefully see you in the new year so until then
stay secure my friends and andy thank you very much sir son of a bitch stole my line stay secure
you've been listening to the host unknown podcast if you enjoyed what you heard comment and subscribe
if you hated it please leave your best insults on our reddit
channel worst episode ever r slash smashing security and he's already at the door he doesn't
care he's hung up he's at the door i've got nothing to say to you clown