The Host Unknown Podcast - Episode 9 - The podcast for all people
Episode Date: June 5, 2020This Episode is a Trump Free Zone.It is also the episode where we mangle our support for a very real and urgent cause, Black Lives Matter. We are neither qualified or intelligent enough to comment any... further except to say BLACK LIVES MATTER, and if you disagree we no longer want you near our podcast.The world is full of injustices, and BLM is the one that is quite rightly in the public eye at the moment. Our podcast is produced to bring a smile to the faces of anyone and everyone, all colours and creeds (except the intolerant) and to help people through their daily lives.In this weeks episode, Joy Lycett (comedian) screws up teaching a woman how to phish, a well known journalist throws shade at bloggers worldwide (Dan Raywood), Tiger King dethroned, Javvad folds like a pack of cards.Paco Hope. The cocktail company is Stir Crazy: https://www.instagram.com/stir_crazy_cocktails/Post credits copyright Monty Python.  Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Oh, do you know what I did think about?
I don't know if you guys remember, but Craig Shergold.
I don't know whether you guys remember this story,
but when early days of the internet,
there's always this thing about Craig Shergold wants birthday cards.
Please send this address, blah, blah, blah.
And it became chain mail.
And it got to a stage where after a know after a couple of years his parents were like
please stop sending stuff to this address like you know he's not sick anymore uh you know he no
longer has uh cancer um whatever you know please stop sending all these letters um he actually died
last week oh my god yeah so it's You know This Famous
Chainmail person
Actually did
Did pass away eventually
Is there an address
We should send these to?
Yeah
You're listening to
The Host Unknown Podcast
Great timing You know what I'd suggest we do that again but we're not that kind of show choked on my coffee sorry yeah you know you know there's a mute i didn't die that's fine
you know there's a mute button there jav you know what it's a bit hard to reach for the mute button
when you're trying not to like choke coffee all over your keyboard and everything.
You know, if we had a professional on board, they would hit the mute button straight away during that.
Never crash the jingle. That's the law.
You know, once social distancing rules are relaxed, I'll get my professional back in to help me with these things.
After I press the mute button button i'm about to cough well you know they second guess you they'd be like a you know like a second brain who would
just be there right in front of you before you do anything and they they would put their finger to
their lips just before you actually said anything stupid as well,
which would mean that they'd have their finger on their lips for about 45 minutes.
Anyway, hello, folks. How are you?
Not too bad. How are you doing this week, Mr Langford?
Yeah, OK. OK. Getting a bit...
Feeling a bit ground down by all, if I'm perfectly honest with you,
you know, with the lockdown and everything else that's going on.
What about yourself, Jav? How are you?
I'm doing fantastic.
You know, as a natural introvert,
I have been preparing for this all my whole life,
and this is everything I hoped it to be.
Not only do we have, like, you know,
a good reason not to see anyone.'s netflix and amazon prime and disney plus and all these streaming services and if you're bored of them you can just switch
on the news and you're entertained for hours yeah god well we did say last week this was going to be
a trump free zone this week yeah uh and we're going to hold true to that promise.
We are not going to talk about Trump at all.
We're not even going to mention his name, Trump, during this episode,
apart from during this introductory segment, in which case, you know,
we don't have to worry about it.
Which reminds me a little bit of a Monty Python intro to a vinyl record,
you know, those things that Boomers had years
ago from Monty Python, where the very
first track...
The very first track of it was talking about
profanity, and they said
we wish to warn our listeners
that there is
various amounts of profanity in this
two-sided
piece of vinyl that you're about to listen.
Such profanity includes a ****** and a foreskin.
But since they appear only in this introduction,
viewers can now relax,
which I think is exactly what we're doing with Trump.
Yeah.
And just to be clear, which one am I?
Am I the...
You're the second beep.
OK.
OK.
Oh, dear.
So, yes, Trump-free zone.
We're not going to talk about that.
But it would be remiss of us to not acknowledge
certainly what's going on in the world
and mostly in the US at the moment.
Yeah.
Sorry, Andy, I thought you were going to say it.
I thought you said double A.
Acknowledgement.
Oh, did I?
Okay, so folks, here's what's going on here.
Is this going to be one of those heavy edited sessions?
No, no.
Let me set the scene so everyone's just aware
of what's going on here,
and then we don't need to edit anything.
So the first few episodes we recorded,
it was completely, literally three minutes before we hit record,
we were like, what are we going to talk about?
And then over the weeks, we've gotten slightly better.
We've got some sort of structure and we kind of like like and then for a couple of weeks we've been we've been on the ball on the
ball we've we've had these notes we say okay this section so and so is going to talk about this
section so and so um this week uh tom had the brilliant idea hey we've got a chat functionality
in this um recording software using so let's use that.
So Andy, for some reason, he still writes all of his notes in HTML.
It's sort of like Geocities website he still maintains.
And so he copied and pasted it from there into here,
and the formatting is completely messed up.
Well, it's just a huge chain of text it is
so the part where you're reading double a tom is actually the fact that andy sent this
yes but also the way he phrased things said it's definitely him that's gonna say it
well i think this will notice he was writing for himself that we have to share with all of us
yeah exactly exactly inside the mind of andy agnes yeah well it's it's messy and a constant
stream of uh of words uh it is but we're gonna try and uh just bring a bit of levity to the
show this week yes well i think for the first you know for for a portion of levity to the show this week, I think is what we're trying to say. Well, I think for the first, you know, for a portion of it, I think we're certainly underqualified to make any real comments here,
aside from the fact that this is really serious and that we are very much in support of the Black Lives Matter movement that's going on in the US and the scenes of
devastation and terror
frankly that's going on out there
but we're
not a serious show
and we're not qualified to comment
in any great detail
but we did want to acknowledge it
Good point, well made
Yes, it wasn't clumsy
at all was it no no exactly right so let's
try and save the show let's uh jump into something let's try and save the show let's make sure we're
not gonna you know we're gonna retain at least some of our audience after not only crashing the
jingle but uh crashing the only serious thing we wanted to talk about. Dear me.
So, yeah, we've got, as Jav mentioned in his little
let's save the show section there,
we do have a bunch of things that we've got coming up.
We've got Rants of the Week, The Little People,
Billy Big Balls, Tweets of the Week.
We've got lots of industry news.
Our sources have really ramped up this week
it's almost like they're listening to us and hearing us complain about the lack of stories
um so yeah it's good good stuff going on there um who wants to go first let's rather than follow a
show order what should we talk about first tom take us away all right okay we're
gonna start we're gonna start right away with rant of the week you know there's a point of
having these things written down so we don't have these awkward silences we're like you're
the teacher saying picking on a student who wants to go first? Have you not listened to the podcasts that go out?
Everyone's looking down at the floor.
Have you not listened to the podcasts when they go out?
I edit out all of the awkward silences.
It takes me two hours each time.
I seem to recall that I was the one that discovered
that our show was associated with another controversial podcast.
Oh, yes, that's true.
Depending on which medium you listen to.
Yeah, well, we're off that platform now.
Yes.
And it wasn't controversial.
It was just the algorithm picking up all of Tom's likes
and associating it with that.
Piss off.
It was clickbait anyway.
Anyway.
Oops.
Rant of the week i'm gonna have to edit out that little silence as well rant of the week so this was sent to me by a friend of mine early this week um now there's a
comedian in the uk called joe lysett um and he's he's pretty funny actually he's he's. And he's pretty funny, actually. He's, you know, he's one of them
sort of modern comedians, as it were.
And he's actually done a lot of stand-up.
Very funny. He's now moved
on to doing a sort of
consumer advice and consumer
support show. A bit like
That's Life
with Esther Ransom.
Great show.
Yeah.
Well, anything that shows you know vegetables that
are shaped like genitalia in the 70s and 80s that had to be good great tv oh yes it was brilliant i
used to i used to love that show anyway so he does he does a show and basically he gets another comedian onto the audience show, but they pick up a cause.
I don't know, somebody's tumble dryer exploded
or something went wrong with the service,
their holiday was cancelled, whatever.
And then in a hilarious way, he goes and takes a film crew and normally goes and doorsteps the company or the directors or whatever and shames them into doing something about it.
And in many cases, it's perfectly valid because there are lots of shitty companies out there that do shitty things.
And having someone who can sort of raise the awareness of what the company is doing
and therefore get them to do the right thing is good.
However, in this particular one that I saw,
I thought it was bang out of order on a number of accounts.
And because this is a loosely related cybersecurity show,
this was about people scamming and phishing people to empty their bank accounts.
So there was this woman, she was contacted by NatWest from a text telling her that her
accounts have been compromised and she needed to transfer money. And when you say contacted
by NatWest, that NatWest is in air quotes, right?
Yes, that's exactly right.
Did you not see me do them?
We heard them.
Yeah, exactly, exactly.
And so they phoned her.
They phoned her and told her to transfer something like 3,800 to one account
and 8,000 to another account.
I mean, if that's not suspicious in of itself, it's a bit weird.
And then the moment she did it, her sister said,
what the heck have you done?
You know, that's obviously a scam.
So she phones up Nat West on the number from the back of her card
and tell them what's happened.
And they go, okay, that wasn't us.
We never would tell you to do that.
We send out regular advice that says don't do this sort of thing.
But let's see what we can do.
They managed to get 3,800 back, but not the eight grand.
At which point she reaches out, as you would in these sort of circumstances,
to comedian Joe Lycett to say
you know I lost this money and NatWest isn't helping me so what he does is he goes and creates
fake social media accounts so Twitter Facebook etc of the NatWest CEO whose name I forget
it doesn't really matter starts starts posting some hilarious stuff,
you know, about how much he loves Joe Lycett and lots of different things and, you know,
silly comments and all that sort of thing. And then sends Joe Lycett an invitation to come and
see him at the NatWest headquarters up in London. So he rocks up with a film crew to NatWest,
where obviously security says he ain't coming in um he shows them the tweet
at which point they say oh you ain't coming in and uh basically push them out um oh they do a
little flash mob as well about asking for money back you know all that it's hilarious you know
whatever as a result of this and as a result of pressure from the show nat west refunds the eight
grand even though nat west didn't lose the eight grand nat west didn't do anything for this woman
to um send the eight grand even though nat west regularly send advice i'm not a fan of nat west
by the way they screwed me over as a student so you, you know, I like to think I'm being fair. That is a bitter grudge you're carrying
there, Mr Langford, into your 70s.
It's been a long while.
I have to say. Let's say you were not a mature student
either.
I was a very
immature student, as I recall.
So,
you know,
much as I dislike Nat West as a bank, they did nothing wrong in this.
You know, and banks, all of the high street banks, banks everywhere are actually providing lots and lots of information around, you know, spotting scams and all that sort of stuff.
But they had their hand forced that they refunded this eight grand.
Dangerous precedent.
Dangerous precedent.
Exactly.
Yeah, absolutely.
As if that wasn't bad enough, at this point, Joe Lysip basically said,
we've succeeded.
Hooray.
End of story.
He didn't go into at all all the things that this woman did wrong,
all the warning signs this woman should
have spotted other things that um you know the viewers could have learned from all the
viewers learned was it's not my fault and that i think that really annoys me and i think um
you know much as i think shows like this do provide some entertainment and they do in many cases
hold
rogue companies' feet to the
fire as it were to
do the right thing
this was a terrible
terrible example
teach a man to fish
yeah so that
ladies and gentlemen was my
rant of the week.
Yeah, I think it's, like you said, alluded to,
you're a victim of fraud rather than going to the police,
your insurance company, complain to the bank,
going to the financial ombudsman.
If your thought is let's go to a comedian,
then I think that says it all yeah exactly
yeah exactly yeah you've exhausted all uh official channels so let's put some uh
social pressure on kangaroo court judge and uh exactly and this is just a case of using social
media to bully an organization and this was the bank okay so they lost okay eight grand they can absorb
it but imagine if you're a small business yeah and you know something like this you know one of
your customers says that because a few are got defrauded that's the precedence that's been
kind of set um yeah or and even if you don't have to pay it the the whole issue of going through
legal and and what have you is sometimes too much the the court of
public opinion is strong it happened to me at a company i worked at where um um criminals were
issuing um sorry we're ordering goods in the name of our company uh and they were doing the classic
thing of ordering a few little
bits and bobs you know to build up a credit rating and then they would suddenly order
35 grand's worth of memory chips or whatever yeah um and these companies would then not get paid
and then they would come to us and we would say but this isn't us but it's got your name on it so but it's not even our address
and this person hasn't worked for this company for five years you've not done your due diligence
yeah send it to my gmail addresses and stuff like yeah exactly and many times they would go oh crap
you know and try and deal with it quite a few times we then had letters from solicitors saying,
you owe us this money.
And thankfully, we had a legal department, you know,
who dealt with much bigger things than this.
And it was just, I handed this email over to them and they went,
yeah, don't worry about it.
I'll send them a letter.
I didn't hear anything from it at all.
But, you know, you can't blame us for your lack of due diligence yeah you know one one company had you know 35
grand's worth of whatever it was 30 grand's worth of stuff delivered to a housing estate in holland
um and they apparently this this guy was telling me that the salesman who actually did it and accepted the order, you know, because normally it's cash up front until you get a credit line.
But who accepted the order actually drove there to try and intercept the delivery.
Excellent.
James Bond stuff going on right there.
Yeah, that's right that's right you have a map on
the wall with some strings like this is the optimal point i can intercept the delivery van
i think he's still in the back of the van now i think they intercepted him so yeah yeah terrible
terrible hey andy i see you've just updated the chat with something we can read. Well, I don't want people to be complaining on this one.
As I tried to pull out the news headlines,
I realised I couldn't even figure out what I was going to be talking about.
Let's just get a different...
We just need to share a Google Doc or something.
Why are we complicating this?
Yeah, why are we, Andy?
Oh, dear.
Right, I think that should move us nicely into some industry news.
Industry news?
Industry news.
The teenage training programme Cyber Discovery
opened registration three months early.
Industry News.
European Cyber Security Blogger Award winners announced.
Industry News.
Hashtag InfoSec20.
Impact off hashtag COVID-19 is 2020's leading security trend.
Industry news.
Hashtag InfoSec20.
Consider leadership and team decision-making in challenging times.
Industry news.
Google adds YubiKey support for Apple devices.
Industry news.
Folks, that was this week's...
Industry news.
That's a lot of quality content there.
Yeah, there is a lot there.
The LPA news wires really kicked in this week.
They have.
Our syndicated news source has really upped, really up to their volume of reporting.
Our news source is like our stick.
Yes, it is. Sorry, they are.
We're not saying who this person is, they supply us with they they're our supplier of
news they're like the heisenberg of the news world they're unwittingly supplying us
um so there's an interesting thing in there which i picked out tom you mentioned
um with a cough in between as well the european cyber security blog reward winners um yeah i missed that one this week unfortunately
but uh how what i invited you personally uh unfortunately i've had a very busy week uh
but uh how how did that occur this week obviously with uh that's usually a social event where
everyone gets together yeah so and how actually it was Eskenzi who organized it and Qualis who sponsored it.
Qualis is a sponsor, huh?
Qualis.
Qualis was a sponsor.
Do you know what?
I think Qualis.
Host unknown.
Sponsored by.
Qualis.
I'm here.
Qualis.
That could be you guys and girls.
That could be you.
But yes, sponsored by Qualys.
And it was actually a really nice evening.
It was done very well by Askenzy.
It's always difficult to get a sense of, you know, excitement and community
when you're on a Zoom call or something like that.
But what Askenzy did was they sent out cocktail-making kits
from a company whose name I forget.
Can you remember, Jav?
God, I wanted to give him a shout-out as well.
I can't remember because my phone was sent to our York office
instead of my home address, so I'm still waiting for it to arrive.
Well, they sent out these cocktail-making kits,
and if I remember the name of the company,
I'll shout it out before the end of the episode.
But they were very good.
And also they did alcohol-free ones as well,
which I partook of,
which again is really very good in these days as well.
And so we started off with learning how to make a particular cocktail,
and then the awards happened, and then we made a second cocktail,
which was very good fun.
The high point, however, I think, was the most entertaining security blog,
which Jav didn't win this year
which was the
high point. Even though I was
a judge on this so that
completely refutes
your rant from a couple of weeks
ago Andy where you falsely
accused
me of winning awards when I'm
a judge. I was a judge and I
didn't win any awards. I didn't win any awards.
I didn't win most entertaining.
You mean they kind of turned around and said,
oh, damn, he's on to us.
So, Tom, when you receive your award,
ignore the Jav bit scratched up.
Yeah, I was just about to say that, yeah.
I did wonder why the certificate had Javad scratched up.
No, so I did win Most Entertaining Security Blog,
which I thought was, well, was absolutely lovely, I have to say.
It was a bit of a high point.
I immediately rushed and told my family,
and they sort of kind of went, oh, to me,
which kind of told me everything I needed to know.
But no, I was really, really pleased and really chuffed, to say the least.
Sounds like a well-organised event.
It was.
The cocktail making kit sent in advance.
It's a way of encouraging participation.
It was good.
And the guy that was, he was really good.
He talked us through how to make it. And he said, these are things you need. And he was really good. He talked us through how to make it.
And he said, these are things you need.
And he was very engaging.
And the history behind things and the explanation of, you know,
why Pimms is a number one cup and whiskey is a number two cup
and all that sort of thing.
Of course, I can't remember why now.
But it was fascinating nonetheless.
So, you know, Eskenzi and qualis um really well done that was uh it i think it set
a standard for an event like that remote event yeah yeah absolutely it does show it's possible
you just have to plan for it yeah i suppose it was also quite good because you sort of like knew
nearly everyone that had joined so it felt very good
so i'm not too sure if it was like a event where there's hundreds of people and you don't know
anyone how that would turn out because in physical events you can still rock up to people and
introduce yourself i mean online it's uh i suppose you could go asl question mark and like you know
kick things off slide into dms is what the kids say ASL oh come on you were around in those days weren't you you know you use uh icq and um oh
yeah I know icq but ASL is American Sign Language surely we would use BSL age sex locations oh
let's move on yeah
old enough yes please down there Oh, let's move on. Yeah.
Old enough.
Yes, please.
Down there.
Oh, man.
So, yeah, that was the European Security Blogger Awards.
And there were 12 awards as well, which was quite a lot.
Because I think in the blogger Awards in the US,
there's only like five or something, isn't there?
Or are they just running out of money to give prizes?
Yeah, something like that.
I don't know.
But yeah, no, I think it's, to the folks listening,
the reason Tom won the award wasn't for this podcast as entertaining as it
is.
Although Host on Run was up for the best podcast,
but it didn't win.
We were runner up though.
Runner up.
Runner up.
Yes.
Anyway,
it wasn't podcast.
It was security legends.
Oh yes,
that's right.
Security legends.
But,
but folks check out Tom's Lost CISO.
That's what he won it for.
The Lost CISO is his YouTube channel and his Facebook blog.
That is a very entertaining blog as well.
I had no idea that was yours, Mr. Langford.
What, the fact that it says Tom Langford at the top?
Yeah.
Oh, dear.
Do you know what?
Funnily enough, in fact, you guys know this.
I had to make a little tally yesterday for a potential client of sort of my, you know, YouTube.
Sorry, YouTube, my Internet and social media tendencies.
And it's quite it was quite interesting to look at when you sort of see I've got, you know, four things I'm involved in.
So obviously there's Tom Langford dot com. There's a TL2 security.
There's host unknown. There's a lost CISO.
So obviously there's Tom Langford.com, there's a TL2 Security,
there's Host Unknown, and there's a Lost Seaside. And how actually it's spread out between Twitter and LinkedIn
and YouTube and blogging.
And, you know, it's quite, I don't want to say multi-channel
or anything, you know, anything sort of up itself like that.
But it's fascinating all these different ways
that the different brands communicate.
Yeah, different audiences.
Yeah, absolutely.
And thankfully, by combining all four,
it made my figures look fairly attractive to my potential client.
Yeah, that's a good way of presenting statistics, I think.
Yeah, absolutely.
No fake views or fake Russian bots.
Well, don't pad it because it's in the public domain.
You're going to get found out.
But look at ways of making them look bigger.
Yeah.
It's like the telescopic lens, isn't it, on your camera?
Yeah.
Oh, dear.
I think we need to move on to something else now.
How about we do...
Whoops.
Billy Big Balls of the Week.
I have got a great Billy Big Balls for you this week.
And let me take you back a few months,
in which we'll go down as perhaps now in retrospect one of the most normal things that happened this year
tiger king fantastic fantastic and and uh for those of you who've been living in a cave under a rock with your eyes blindfolded and your fingers in your ears, go out and watch it.
At the end, you know, the rivalry in the show was epic.
It was, I'd say it was better than when Hogan and Macho Man had their rivalry or when Hogan even body slammed Andre the Giant I think
this was better than that who exactly um so Joe Exotic uh was always after Carol Baskin and Carol
Baskin ah the court of public opinion is really out on that. Most people believe that she did kill her first husband
and fed her to the animals.
Allegedly.
Allegedly.
Allegedly.
Don't sue us.
If you want to sue us, my name's Tom Langford.
And my name is Graham Clewley.
Yes.
Friend of the show.
Fold like a pack of cards. And my name is Graham Cluley. Yes. Friend of the show.
Fold like a pack of cards.
We'll get on to that in a minute.
Unlike you, Mr Malick.
We've got the receipts, Mr Malick.
Brothers in arms there.
I did not fold.
I did not fold. I did not fold.
I stood my ground.
I was just like,
who is this peasant?
I clipped my fingers and sent my army of lawyers after them.
Who told you to do as you were told?
Yeah.
No, actually, I didn't.
We'll get on to that.
We'll get on to that.
Do go on, J that. Do go on, Jeff.
Do go on.
Honestly, why don't you just bring Graham on to this show
if you love him so much?
He'll be coming on.
He will be coming on.
Anyway, Joe Exotic ended up going to jail at the end of that.
Carol Baskin seemed victorious,
but she was not just satisfied in bathing in the blood of her enemies.
She wanted to sit on the throne.
So the zoo that was formerly owned by Joe Exotic
has been handed over to Carol Baskin.
Wow, that's going to break his heart.
That is.
But I read, minus all the animals,
because the animals have to be taken somewhere else
and she gets basically the property.
Well,
so she can just like,
you know,
I haven't read the story in that much detail.
I just stopped at the headline.
Oh, here we go. So I didn't read the story. Let me detail. I just stopped at the headline. Oh, here we go.
There we go.
So I didn't read the story.
Let me tell you what I think of the headline.
There we go.
The classic social media argument.
I just wanted to get outraged at that.
Oh, come on.
I didn't know you guys were going to go all Parkinson on me.
Oh, dear.
But, yeah, basically, she had loads of lawsuits against him.
I think they were like about a million dollars worth or something
because he was infringing on her trademarks and everything.
It is a real twist to the story, I have to say, at the end.
It is. It is.
So she wins.
She wins, which is kind of good because joe wasn't getting the zoo back and
i never liked jeff low the guy that took over the zoo from him because he seemed like shady as
fuck well he built a new one didn't he yeah with another dodgy guy uh yeah it was just like
everyone was just so dodgy the whole yeah exactly there was
only a couple of people who who came out well in that whole thing but one was it saff that the woman
who lost her um yes uh who lost her arm that's right and uh there was someone else wasn't there
oh that long-haired bloke i've forgotten his name name now. Oh, yeah. He was a cool dude. He was the head zookeeper, wasn't he?
Yes.
He stayed for the animals, didn't he?
Yeah.
He was a cool dude, that guy.
But everybody else came out really badly.
Even Carol Baskin, in fairness.
Yeah.
I did not warm to her at all.
Oh, no.
I think she came across as the worst.
Yeah.
You know, she... Yeah i i completely disliked her
no i liked him a bit who's sorry doc bag one that that guy who had this other one he had a
he had like 10 wives in his little compound oh, yeah. Now it sounds really bad, like I'm endorsing his lifestyle.
He reminded me of, oh, God, I've forgotten his name now.
He just recently moved back to the US.
He was living in the UK.
It's a cybersecurity guy.
Malware tech blog.
No.
Oh, God, that's typical. Graham Cooley. Malware tech blog. No. Okay.
Oh, God, that's typical.
Graham Clewley.
Friend of the show.
No.
No, not Graham Clewley.
Oh, dear.
Is it a bloke?
Yeah, it's a bloke.
I can't even remember the company he used to work for.
I follow him.
Rick Ferguson.
No. No, no. Rick Ferguson. No.
No, no. Rick Ferguson reminds me
of the head zookeeper.
Oh, dear.
It doesn't matter.
It does matter. Now you've got to tell us who he reminds you of.
I know.
Troy Hunt.
No. Matt Summers.
Matt, no.
Older guy. He smokes cigars at security. Troy Hunt. No. Matt Summers. Matt, no, no.
Older guy.
He smoked cigars at Security.
At Security.
Yeah.
Oh, God.
Looks a lot like Baguan, Ponytail.
Oh!
Doesn't matter.
It'll come to me.
Oh, I know who you mean.
Oh, he's moved back to the States. why yeah yeah yeah just just in the last six months i think he done the impromptu talk at b-sides
london and that year that we spoke at and it was really good i didn't see that one was he the one
that sent us that that song that he recorded about um yes. It was like a country song. Yes.
Oh, no, I can picture him and I can't.
I'm glad it's not just me.
Oh, my God.
He's got grey hair.
Oops, I knocked my mic.
He's got grey hair like Ponytail.
Yeah.
Oh.
Looks a lot like him.
Really nice guy.
You're right.
He does look a lot like him.
He's a lovely guy.
Absolutely lovely fella.
And absolutely does not have a string of wives or a...
That we know of.
A tiger zoo.
Yeah, absolutely.
Anyway, well, thank you, Jav.
Thank you for your...
Billy Big Balls of the Week.
Interesting.
Interesting.
Whew.
So, there's been a lot going on this week as well in fact we alluded to some of this during that particular segment um around well people having to fold like a pack of cards
like a cheap deck chair like a cheap deck chair yeah yeah not only do you fold but you catch your fingers in it at the same time
so
yes in fact I'm not
even going to try and
talk through this I'm going to leave this to you
Andy
so if anyone wants to get sued
it's going to be me right
Tweet of the week
I have nothing to lose here
on this one so my tweet of the week I have nothing to lose here on this one um so my tweet of the week i know
i've seen your house which uh well you can call it a house you know it's more of a you know roof
uh you know roof three walls uh you know something just the essentials
yeah uh yeah it's lean uh i think i've got a uh no lean two yeah minimum viable product
so this uh this week's tweet of the week the one which really caught my eye
um and as you know we did have a few tweets uh floating around um that you know we even had
backup tweets that would make good stories but this one really sort of hit home um because i think we all see an opportunity here for a potential
sponsor um however so this is uh you know looking after a friend of the show mr grain cluley um you
know he tweeted on um just uh the third of june which is this week, and it said, Following a legal threat from Redacted Name, I have removed their name from this article on my site.
I hope readers will accept my apologies for what is clearly unsatisfactory, but I can ill afford to get embroiled in a legal fight.
And this relates to a story about an unprotected Elasticsearch server,
which a British security firm or UK-based security firm looked after,
inadvertently exposed 5 billion records from data breaches.
So already not a good look for a UK security firm,
not able to secure data, especially when it's something as, I won't say simple, but you have your checklist. You can't afford to get your threat fatigue when your job is security.
You are the ones that don't get worn down.
You have to get it right every time.
So, yeah, yeah unfortunately a friend of
the show graham clewley was um threatened with legal action um and our own mr malik the reason
this one resonated is that uh you were also threatened with legal action from this particular
uh individual this this particular company um and this was probably a few weeks ago wasn't
it so they're clearly on a social media cleanse or I guess a Google SEO cleanse
where they're now discovering all these articles about themselves you know when
they sort of Google their name you'll notice they're using hashtags such as
data breach you know when they're publishing their own news,
you know, and that's very sort of classic,
what do they call it, like white hat SEOing.
So, you know, if the words, you know,
that company name and data breach comes up,
hopefully it will bring up an article of them talking about data breach
rather than the articles about them having data breaches.
So, you know, over time,
they will dilute it. But, you know, on the flip side, it does. They are dependent on people
deleting the original sources of those articles and totally understand where people come from.
So, I mean, I've worked at a place where uh we embrace legal action um and it is time consuming
and i've also worked at places where they do not uh embrace legal action and you know they look at
it they take a step back and say well what do we really lose from this um you know and the the
people that need to know will um learn by the the barbara streisand effect um yeah so this is uh or the wayback machine or the web archive absolutely and uh
yes i mean we're not going to mention uh you know deep fat babs um or a company which sounds
similar to that um net labs yeah exactly sheep vet uh labs yeah um so yeah i don't know jav if you if you want to uh just uh jump in here and
sort of uh you know explain uh you know how you took your stance uh you know how you made your
stand and were prepared to die on that hill yeah so you know unlike clearly i didn't fold. Yeah.
So whereabouts is your, I'm just,
if you can point me to your tweet where you actually call them out and tell them that you're not folding, that would probably be good for people to see.
So they can see how it's done, right?
As we already established with the earlier story that Tom told us about the
comedian, you know,
simply going on social media and causing a ruckus
isn't the only way that you can resolve issues.
So I'll tell you seriously, though, that, you know,
I was really surprised to get an email because I didn't even write a blog about it.
It was a journalist.
So in my role, what I do is whenever there's a story um oftentimes i
get asked by journalists to provide a quote because that's part of my job as an educator
yeah yeah media media educator so um and i'll i'll provide a whatever information is provided
i'll provide a general statement of what have you. So a journalist came
and said, well, okay, we've heard this story where 5 billion records were left exposed.
And I provided a very general comment. I didn't mention the company name. I didn't acknowledge
whether there was, you know, who was at fault, but I just said, look, when there's so many records
in one place, even if they've been collated from previous breaches, if someone were to get hold of it, they can then do a lot of harm with it.
So they can use it to launch phishing campaigns, identity theft, bank fraud, all that kind of stuff.
So I got approached by this company and it was a very nice initial email on LinkedIn and then an email to me saying, oh, we saw you quoted this.
There's been a misunderstanding.
It wasn't a breach.
You know, it was a very sort of like looking back,
it was very weasel worded because they're trying to say it wasn't a breach.
It was just an exposure and the research effect, you know.
If it walked like a duck and it quacks like a duck.
Yeah, exactly.
So I said, look, I'm really sorry to hear that i said um but you know um
you're asking the wrong person why don't you just go to the um
oh why don't you just go that's your legal team right saying
shut up shut up
so i said why don't you just go to the author of the story and say look
hear the facts this is what's right and wrong and you know have a discussion with them and take it
off and uh they're like oh you know it's not a practically it's not a breach but your
interpretation confirms it's a breach and this that the other i don't know whether it's your individual comment or whether your company sponsored this and you know um and then it's like
it took a very quick turn it's like our legal counselor started necessary work by keeping our
legal rights and will continue to seek our legal right to minimize damage you know therefore we
will reserve the right to issue proceedings against you and your company seeking relief or defamation and everything and um i was like well okay here's me gone from being helpful and how you're doing hope
hope you're well in the uh in the pandemic and you know how can i help you try and do it and
and actually i reached out to the author initially i said look here's my quote
i i used the word breach and it wasn't like, I said, look, remove the word breach
because there's no evidence of a breach. It was, it was exposed and a researcher found it. So we're
not sure whether, you know, it's a generic term, but I said, okay. And I said, look, as a gesture
of goodwill, I've reached out to him and I asked him to remove that, but that's all I can do. I
can't say to him, take out my entire quote because that would you know ruin his story and everything you really need to go to him yeah
because you are central to the story right yeah um well it's it's just how it's written and it's
like the closing sort of paragraph on I know and um and then he comes back and acts like a complete asshole and says, well, here's legal. So, you know, it's one of those things where like,
and I completely understand why Graham would have redacted it because as soon
as you, cause he copied in a legal firm into it, it's, it's, again,
you look at the firm that he's from, it's, it looks like a one person firm.
You look at the legal firm that that he copied into
the email it looks like it's run by his cousin um you know or one a one person firm somewhere in
north london uh so you know i just forwarded it onto our legal counsel at uh at no before and i
said look this is what's happening um and they're like and they laughed i laughed we all had a good
laugh um and then i replied to him and said,
basically, I'm formally asking,
don't contact me again.
If you want anything to say,
say it to my legal team.
And that was the last I heard anything from that.
However, you did contact the author
to modify the wording.
That was before I...
That was him trying to be helpful,
not folding. That was him trying to be helpful, not bold.
That was actually me trying to be helpful because obviously I don't want there to be fake news.
I don't want anything incorrect to be there.
Yeah, throwing people under the bus unnecessarily.
Yeah, and when I said that to him,
look, as a gesture of goodwill,
look, I've asked him, but you need to ask the thing.
And his reply to me was, this is a complex area of the law and we strongly recommend that
you seek independent legal advice immediately we look forward to immediate removal of the hearing
of from this website by x date and you know thank you for your understanding and that's just like a
you know such an arsehole threat if i ever see him at a conference i might just punch him in the face honestly yeah because because that'll help yeah
that'll help i mean if you want to get sued get sued for something properly yeah that's right yeah
yeah but i think i i just it is bizarre that companies will go through this kind of process
um not all companies uh i think just no i'm just yeah yeah absolutely
it's bizarre that some companies will do this completely but i think it's it's a fairly natural
reaction we i i worked for a place and they had um basically a security researcher contacted them
and said we found you know issue with this you know we found, you know, issue with this, you know, we found a
vulnerability in this package that you, or in this site that you've just deployed, blah, blah, blah,
you know, we want to help, et cetera. And I was called in because suddenly legal were involved
and they wanted to know what the hell's going on. Who is this person? Do we need to sue them for, you know, attacking our system?
We were like, whoa, slow down there. You know, this is this is just somebody he's not once said that he wants money.
He didn't even want, you know, he wasn't looking for a bug bounty or anything.
He just wanted to sort of be involved in the process. In i think he wanted a job um with with our company
um but in the end we diffused it entirely uh and um by me meeting him at a conference and giving
him some company swag and saying thank you very much and he loved it all he wanted was the
acknowledgement acknowledgement yeah yeah that it was you know that it'd been done right but
the initial corporate reaction was get legal involved.
We need to cover our asses.
And I think whilst that's understandable in certainly these days of litigation and all that sort of thing and potential reputation, it can really backfire like I think it has done for this company.
like I think it has done for this company.
Yeah.
It's almost like they need some way of amplifying their voice in a public medium, perhaps a podcast, just saying,
that maybe they could, you know,
they might want to sponsor a podcast to get their point across.
Yes, yes.
I think that's very wise yes yeah it gives something back
to the community so so if you're listening host unknown sponsored by
well let's gloss over that let's move on to uh something else uh we got little people this week we do
we do have a little people we do you know there's uh there's an interesting thing that kicked off
this week's little people for for the eagle-eyed listeners and fans they'll see that host unknown
actually posted the blog last week we did we did did we what did we blog about uh the the vdbi oh well yeah one chart in the
data feature report the one that looks like the tl2 security logo has been just sort of
splatted against the wall that's the one yes yes that's exactly how I described it as well.
So go on, Jeff, do introduce.
So I thought, well, you know, this is a, well, obviously we're, it's a blog and there are lots of bloggers out there that like to blog about stuff. And sometimes.
Award winning sometimes.
Yeah.
That's breaking news there. Blogs like to blog about stuff and sometimes award-winning sometimes yeah that's breaking news there blogs like to blog
about stuff oh my days this is brand new information to me here what an education this show is
all right calm down calm down that's for the audience to be saying at home
sorry i thought i was on mute sorry guys blogger's gonna
blog but a lot of them are really poor writers and i'm not just speaking about the ones whose
english is there like the second or third language um so sometimes they're either overly technical
or there's no point or what have you so i turned to a good friend of the shows um uh who is a deputy editor deputy editor
at info security magazine it's like you're emphasizing he's not good enough to be an
editor no i mean like deputy's a good one it's like deputy dog like yeah still not still not
bigging this guy up i can see why uh why you pre-prepare all of your blogs and everything, chap.
You're not really one for speaking off the cuff, are you?
I thought my legal department were worried about me going out and ad-libbing,
but, man, you guys, it's a full-time job at your place.
So I asked him, as a professional writer for many years and a
journalist and a deputy editor um what he thought actually he was acting editor while
eleanor was on maternity leave once as well so it's not that he's not capable at all
i asked mr dan raywood what his thoughts were about bloggers who write,
but they are absolutely terrible at writing.
The Little People.
So how do I feel about bloggers who, well, clearly can't write,
but make out like they're brilliant writers?
Well, of course, we see a lot of companies maybe even encouraging their researchers, whatever,
to actually go out and write blogs and share their intelligence, share their findings,
and put them on websites and hope that journalists like myself go and pick them up and break the news on them.
We see a lot of that.
And, of course, the real problem is actually that a lot of the writing is pretty terrible
because they don't know how to use grammar, for example.
And sometimes the words are just completely incomprehensible.
You find yourself searching on the dictionary, online websites, trying to find words that
actually, what does this actually mean?
What are you trying to say there?
You spend more time trying to figure out what they're actually talking about than you're
actually writing the damn story at all.
So you're going back and forth with them and via communications and marketing people going
what did this person actually write about what are they actually trying to say are they saying
this is good are they saying this is bad uh you know why is this different from something else
and you just find yourself bogged down in this great problem and i think the problem is people
who can't write haven't got the concise nature that someone who's been trained properly as a journalist
and got a real chance to actually go out
and work with editors
to actually deliver something that's readable
and, you know, it's some really great content.
So, you know, I just wish people would actually,
you know, keep to their kind of,
their realities of what they're able to do.
And I mean, this is off the record, isn't it?
The Little People.
Good point. Well made.
Yeah, especially the third point again.
I think it was summed up very nicely, you know,
especially when he used that cutting analogy, I must admit.
Very good.
Yeah.
Yeah.
So, well done, thank you Dan
thank you Jeff for encouraging
Dan to open the kimono
actually that's a thought I don't want to
shock an analogy to use
on that one
fix it in post
absolutely
so Tom
Paco Hope Paco Hope that's him Yeah, absolutely. Absolutely. So, Tom. Yes.
Paco Hope.
Paco Hope!
That's him!
That's him!
Oh, dear.
It was bugging me so much,
and it's just such a relief.
It's like when you finally click your knee when it's stuck for ages.
Paco, if you're listening,
send us something for the little people and tell us what it's like to run a tiger zoo in florida
oh dear well i think we um we come to the end of the show don't we absolutely
probably screaming god this show's gone on for 55 minutes too long this week.
Exactly.
Yeah.
They knew that at the moment.
We tried to get serious and even fucked that up.
So anyway.
Oh, and that's Jav telling them he's got a meeting now.
So, folks, thank you very much.
Thank you to our listeners as well.
Any closing thoughts, Andy, off the cuff?
No, I'm good.
Thank you, everyone.
Have a good weekend.
Yeah.
Jav?
I do, actually.
Uh-oh.
Uh-oh.
We'll leave that for another time. okay in which case say goodbye folks stay
secure my friends stay secure my friends here i think i'm going to use that one as well andy i
think that's a good one that's a good one yeah absolutely all right folks bye-bye
all right host unknown the podcast was written performed and produced by andrew agnes javad malik and tom
langford copyright 2015 or something like that insert legal agreements here as applicable and
binding in your country of residence. We thank you.
Congratulations on buying the executive version of this record.
You have changed your discerning taste in deciding to pay the few extra pence for a product of real quality.
Everything on this record has been designed to meet the exacting standards which you have naturally come to expect.
The record itself is made from the very finest Colombian extruded polyvinyl. The center hole has been created to fit exactly onto your spindle with all the precision
of finest Swiss craftsmanship. The audio content has been quality graded to give you the finest
in listening pleasure. There is little or no offensive material apart from four cunts,
one clitoris, and a foreskin. And as they only occur in this opening introduction,
you're past them now. You can relax and enjoy this quality product.