The Host Unknown Podcast - Episode 97 - He Is Back And He Really is Bad
Episode Date: March 18, 2022This Week in InfoSec (08:06)With content liberated from the “today in infosec” twitter account and further afield15th March 1985: The first Internet domain symbolics.com is registered by Symbolics..., a Massachusetts computer company.16th March 2018: National Lottery owner Camelot has warned of a "low level" cyber-attack that affected customer accounts. It has asked all of its customers to change the passwords on their accounts as a precaution. Rant of the Week (16:31)Germany advises citizens to uninstall Kaspersky antivirusNation's cybersecurity agency has doubts about Russian firm's reliabilityGermany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."Russia-based Kaspersky has long been a target of suspicious rumours in the West over its ownership and allegiance to Russia's rulers.In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products." Billy Big Balls of the Week ( 24:49)The Workaday Life of the World’s Most Dangerous Ransomware GangA Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. The Conti ransomware gang was on top of the world. The sprawling network of cybercriminals extorted $180 million from its victims last year, eclipsing the earnings of all other ransomware gangs. Then it backed Vladimir Putin’s invasion of Ukraine. And it all started falling apart. Industry News (31:24)French Bank Denies Access to Russian WorkforceUK Unveils New Cyber Flashing LawIsraeli Government Websites Taken Offline in Large-Scale Cyber-AttackHackers Hit RosneftUK Blocks Assange's Extradition AppealAvast Merger Raises Competition ConcernsIrish Watchdog Fines Meta $19m Over Data BreachKaspersky Hits Back at "Politically Motivated" BSI AdvisoryThousands of Mobile Apps Expose User Data Via Cloud Misconfigurations Tweet of the Week (39:12)https://twitter.com/moonpolysoft/status/1503519499089186818 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I had to fill up my car the other day and the cost is shocking, isn't it?
It is. It's terrible.
I know. I saw this thing, this news article,
and it said that the Rotterdam police had come across 56 drums of petrol
and they said that the street value was over 12 million euros.
I mean, how big are these drums?
So where did they find them then?
Oh, apparently they were hidden in a shipment of Venezuelan cocaine.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to episode 97-ish of the Host Unknown podcast. Welcome one and all.
Ah, talking of random figures. Jav, how are you?
Oh, you know, at least you didn't say shady figures, suspicious figures, all that kind of thing.
Rounded figures.
Not so round anymore, Andy.
Definitely rounded up.
Oh, have you been getting tonk? You're all lean.
Tonk?
What does tonk even mean?
Tonk? What, is it like yellow and he's got four wheels?
Tonk, you're getting shredded, you're getting cut,
you're getting toned, defined.
In my mind, I'd like to think so.
The reality is I've just shed a few pounds, but I like that.
I understand all of that, but Tonk?
Tonk?
Have you ever heard of Tonk?
I've never heard of it. Well, apart from, like I say, the Tonk toys Ik. Tonk? Have you ever heard of Tonk? I've never.
Well, apart from, like I say, the Tonk toys I used to play with.
Oh, dear.
Anyway, yes.
Are you well, Jav?
I'm good.
I'm good.
I'm very well.
The sun is shining today, so I'm in a very good mood.
I think things are good.
Life is good.
I can say that.
Nice.
Nice.
Have you had an exciting couple of weeks back?
Yeah, yeah. Things have been going good.
I mean, not having to speak to you two has been like the highlight of it.
Tell us about it.
Yeah. And I heard yesterday, I'm sorry, yesterday, last week,
you listened to the cries from the public and you made the show more diverse by adding Carole in.
Yeah, yeah. We took the brown person out and added a woman.
Yeah, yeah. You know, diversity is a tricky thing because you can't have the white males in the minority, can you?
So you've got this wheel that you replace every now and then.
There's only so much you can do right right dude i'm african why do you keep banding me in with tom that's like this white
male so when you say you're african do you identify as african is that what you identify as
as african with an i irish african irish i african is that perhaps you can explain to our listeners andy
quite what you mean for anybody who's looked at your profile photo uh well so i mean this is
even doing my uh 23 and me uh you know dna testing um so i am 55 irish and i am um well the rest of me is a
bit of a mix of sub-saharan african and central and south asian um but that comes from an irish
mother and a mauritian father yeah that's fascinating isn't it absolutely fascinating
that actually explains why when people ask me,
are you friends with Andy?
And I'll be like, well, I like 46% of him, but not anymore.
Half the time.
Half the time he's all right.
Other times.
Just under half the time he's all right.
So, Andy, how about you?
How have you been doing uh not too bad like i think
jeff mentioned the sun is shining it's looking like a good day i just got pinged by the uh contact
i've still got the nhs uh you know coronavirus contact notification where i know the rest of
the world's kind of forgotten it exists um or the UK government likes to pretend it's not around.
But I travelled into the office on Tuesday,
and I've just been pinged to tell me that I've been in contact
with someone who's tested positive.
And I was in contact with them on the 15th, which was Tuesday.
Yay!
Yeah, not happy about that, if I'm honest.
I've managed to avoid it for the last couple of years.
Yeah.
Yeah. Funnily enough, i got pinged on saturday as well because i went to a concert on friday and uh thankfully the pcr tests have shown negative so you know hopefully we'll do
with you too yeah i mean you've been doing a lot of traveling anyway since uh i think you've uh
always during the pandemic you've been out and about, haven't you? I've been a bit more reserved with my time.
Yeah.
Well, out and about, I mean, within all legal limits, I hasten to add.
Oh, wow.
Such a white man thing to say.
It's the kind of thing you say when doing your tax returns.
No, I'm just waiting for the police to turn up because, you know,
apparently they said they don't prosecute, you know,
historical COVID restriction crimes, but apparently they are now.
So, you know, I just want to be clear.
Who knows?
How have you been doing this week, Tom?
I am very good, thank you.
It's a bit of a photography week, actually.
I was second shooter at a brand shoot in a high high brow clothing store in uh bristol this week and
tomorrow uh today being thursday because we're recording a day early but tomorrow i'm going to
a photography show in london so yeah it's it's all about the cameras at the moment are you taking your credit card if you are don't
yeah actually i'm taking some cash i sold an old camera of mine because i i upgraded just
before christmas um and i've now decided to move um entirely mirrorless on my dLRs. So I'm selling my, or I sold my old 80D DSLR,
which is a traditional mirrored DSLR.
So I'm taking the cash that I got for that with me
to see if I can bag a bargain.
Excellent. Good stuff.
Do you have your eyes on any particular camera,
mirrorless camera?
I've already got, I've got an R r6 a canon r6 and a canon r
and the r6 is amazing absolutely amazing you know i i've got a canon m3 the mirrorless which is
really really good i love it it's my primary shooter um but it is a bit on the lightweight side, but those prices are just some ridiculous things.
I mean, it's just like some of the costs and then the lenses and everything.
I might have to give friend of the show, Quentin Tabor, a call and see if he can get me a friends and family discount from Canon.
Yeah, get in line, mate. Get in line.
All photography aside, let's move on see uh what we've got coming up
for you today well this week in infosec talks about the start of the internet i'm sure we do
that about every three or four weeks you know rant of the week is a story about guilt by association
billy big balls walks us through the inner workings of the world's largest ransomware company.
Industry News brings us the latest and greatest security news stories from around the world.
And finally, Tweet of the Week gives tips on how to endear yourself to colleagues.
And moving swiftly on to our favourite part of the show, the part of the show that we like to call...
on to our favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane and rehash stories, hoping that you are not paying attention.
As Tom called it, you you know drew attention to it um our do you know actually as you say we are recording a day early so um less preparation than usual has gone into this but i did kind of get
sidetracked as uh i often do when i'm reading about things from the past and i get that sort
of nostalgia and i was looking through stories from, you know, this time in the past,
you know, this week in previous years.
And it was funny to see some sort of parallels that were going on.
So sort of 11th of March, 2001,
there was a huge rise in cases of foot and mouth disease going through the UK,
which, you know, the government was worried about. And obviously this one you've got huge case rises of covid which um everyone's just ignoring
um but in 1984 the miners striked uh you know over changes to uh pit closures and working hours there
and uh we've just had two strikes in london you know there's people fear less work and the impacts of their pension.
1990, a journalist was killed in Iraq. You know, similar with what's going on in Russia at the moment. Some journalists have been killed going on out there. Saudi authorities have obviously
just executed 81 people. You know, it's just all the parallels. Pakistani jet hostages released in 1981.
Obviously, the British-Iranian national Nazarene was just released yesterday in the UK.
So, yeah, lots of things going on.
I'm a bit concerned about next week because in 2003, the US launched missiles against Saddam.
Oh, crap.
If anything like that's going to happen we're uh we're in trouble um but that's all my american shares this week then aren't you yeah get dump your american stocks
now right yeah dump them now um but alas our first story takes us back 37 years to the 15th of March 1985 when the first internet domain was registered.
And that domain was, anyone got a guess?
No.
I don't know.
USA.com.
It's freedom.com.
No, the first internet domain registered was actually symbolics.com,
registered by a company called Symbolics,
which was a Massachusetts computer company.
They're still around.
I'm clicking on the link.
They sold.
I think they were sold in 2009, I think I read.
However, to those who want to nitpick this one,
so they were the first,
regardless of the first domain name registered.
It wasn't the first domain name created, however,
because that title goes to Nordu.net,
which was a Scandinavian research collaboration,
which is used for the first root server,
nick.nordu.net. So that had to be in place first
before the first domain name
but as soon as domain names were registered that was the first one which came about i just clicked
through to symbolics.com and it's not about the company at all it's all about the world's first
and oldest registered.com on the internet and there's an about and you can download an ebook
about it there's a little museum about it it's like it's it's this is the classic famous for being famous yeah yeah exactly
this is the uh the digital version of kim kardashian from 1985 yeah it's the it's the
anti-kim kardashian kim broke the internet. This created the internet.
Yeah, yes, exactly.
It's gone full circle.
But you know what?
There does look to be some fascinating stuff on here, though.
Internet history in the making.
It's like Internet History Museum.
Right, this is a great big hairy rabbit hole right here.
It is. As featured in Forbes, New Yorkork times mashable venture beat yeah you got all of that stuff the only thing that's missing is
the um who's the uh this domain is for sale banner that comes up at the top yeah or a visitor counter
that's what we really want yes or a blinkied heading text netscape now
right so moving on our second story takes us back only four years to the 16th of march 2018
when national lottery owner camelot warned that a low-level cyber attack affected customer accounts.
And it asked all of its customers to change the passwords on their accounts as a precaution.
Now, what was good about this?
I don't know if you remember this attack in terms of what it was,
but it was purely what the hackers had done was they had just
gleaned credentials from across the internet from all other sites
and just used those credentials to get into the Camelot website
to see if you had a registered account there.
So no money was stolen.
Password reuse.
Yeah, exactly.
Yeah, that's exactly what it was.
Yeah, just password reuse, credential stuffing.
Yeah.
And, yeah, the accounts that were affected were swiftly suspended.
But, you know, I always wondered what you would be able to do, because I don't think it's that easy to just change your registered bank account details on the site.
It's not like you can withdraw stuff in cash.
So it's a very slow attack.
I get there's probably benefit in it.
And there is a way of, you know, if you win big with someone else's money then you
know there's potential to transfer that money somehow i'm just not sure whether it's the most
efficient use of uh you know stolen credentials you'd have to steal millions and millions of
credentials to even be in with a chance because what is it they're one in 14 million chance of
winning or something like that?
Well, I guess you've got some of the lower prizes as well, so maybe like a £50 win may not be a lot here.
But it's not going to take long for somebody to realise
that that 50 quid didn't hit their bank account and what's going on.
But I saw somebody on Twitter actually modelled this,
or I saw it on Twitter, and they modeled basically playing the same six numbers once a second.
And they ran it for, in theory, I think, was it 2,000 years
or something like that?
And they modeled how much they would spend
and how much they would make back.
And by the end of that 2,000 years, I think it was,
they did not win the jackpot once,
made, I think it was about £450,000
and lost about £900,000.
So overall, they were down.
They were down.
A house always wins.
A house always wins house always wins exactly so
and that was with the same numbers so but it was really you know this thing was like whizzing
through do you know what i mean you could see the you know the amount lost and amount one going up
and all that sort of stuff it was really quite quite fascinating but yeah it does go to show
that the odds are are totally against you but you know but the problem is of course the
odds are fully against you if you don't play well it could be you well you know i think in this day
and age if you're clever enough to build those sorts of models and algorithms become a data
scientist there's plenty of jobs out there and you'll be paid handsomely and you have a good
career and less stress so uh try that for a change.
And then just put a pound on a week rather than a pound a second.
Yeah.
Or whatever.
Excellent.
Thank you, Andy.
We always love a good trip down memory lane.
This week in InfoSoul.
This is the podcast
the Queen listens to.
Although she won't admit it.
Listen up!
Rant of the week.
It sounds like mother f***ing rage.
And in the great tradition of us
trying to weave in current affairs into our program
and not actually being too successful,
rant of the week this week is about friend of the show,
Eugene Kaspersky and his Kaspersky antivirus product.
So the headline reads,
Germany advises citizens to uninstall Kaspersky antivirus,
basically because of doubts over the company's reliability.
Their BSI, Federal Cyber Security Agency, has basically said,
don't install Kaspersky antivirus because it has doubts about the reliability of the manufacturer.
This has happened before for Kaspersky antivirus because it has doubts about the reliability of the manufacturer uh this has happened before for Kaspersky obviously they've long been a target of suspicious rumors uh and I think in the US I think aren't they banned from being sold in the US
agencies can't can't install them government agent that's right yeah yeah or anyone that
works with government agencies yeah yeah that means means if you file your taxes with the government,
you can't use Kaspersky.
So the BSI recommends replacing applications from Kaspersky's
virus protection software portfolio with alternative products.
So this does get my goat on a number of levels,
but conversely, I also see where they're coming from. So
Kaspersky, Eugene Kaspersky, the man and the company, has been very clear about where they
sit politically, which is they have no political affiliations. They are purely
a security vendor that happens to have come out of Russia. They've made it big internationally. And what they care about is security,
not necessarily the politics of it or doing a government's bidding or whatever.
So, you know, I know a number of people who work at Kaspersky.
Jav, you've met Eugene, haven't you?
Yes, I have. Yes, briefly.
And I met him in Dublin last week.
I see Jav's very noncommittal about talking about the time he stayed
on his private condo.
No, actually, I was an analyst.
On his private island.
You're not too wrong.
You're not too wrong.
I know I'm not.
That's why I'm saying you seem to be distancing yourself.
Like the very point that Tom's trying to make and you're trying to distance yourself from your buddy.
It's all right.
You're protesting too much, Jav, which makes for a great show.
But, you know, and I met him.
He's off again.
He's off again.
So I met him last November in Dublin.
Lovely guy.
He actually agreed to do a part of, part of a podcast series, um,
which never came to fruition, unfortunately. Uh, but, um, uh, you know,
really nice guy, but obviously passionate about security.
Politics is just something is of no interest to him or his company
whatsoever. Um, and you know,
the products have been tested over and over and over again, and there's
no hidden back doors or anything like that in it. It's a good quality product at the end of the day.
So on the one side, it really feels like, you know, punishment of a company just because they're Russian and, you know, actually we're reducing the choice that people have.
The flip side, though, I kind of get it.
You know, there's two sides to this, you know, or three sides, actually, I think.
Firstly, and I think, Andy, you and I were discussing this beforehand, there's the optics of it.
think andy you and i were discussing this beforehand there's the optics of it you know you really shouldn't be you know in the in the current climate and at a time when um you know
putin is is nationalizing everything he can get his hands on because nobody's supporting him
using the use of a russian organization at the very heart of your security you'd be that for
your citizens or for your government or whatever,
that's problematic to say the least. Secondly, and as I hinted at before, there's no reason
why Putin may not decide or may decide not to just take over the company. I mean, he's doing it with
aircraft, he's doing it with companies over there that have been left isolated because of companies pulling out of it.
And thirdly, just the risk factor of those two things combined, the risk of actually having a Russian company at the center of your organization is potentially just too high,
just in case. So, you know, there's a culmination of issues there. So I find this so frustrating.
But then again, we're also seeing, you know, regular Russian citizens being,
well, caused harm effectively by losing their jobs, having companies that they've worked for for years shut down around them
as countries around the world basically distance themselves from Russia.
So it's kind of unsurprising, but very, very frustrating
and extraordinarily unfair.
So, you know, I think, yeah, it's a bit of a double-edged sword this week's rant.
It is.
It's not much of a rant because you couldn't sit on the fence anymore
if you tried to, Tom.
But I will say that I do agree with you.
I was wondering where the splinters were coming from.
Oh, my God.
Sorry, could you say that part again?
What I do find the ranty part within me flaring up...
No, the bit before that.
Say the bit before that again.
People have got control and they can rewind and hear it.
No, the bit before that.
So what I find...
Say it.
I half agree with you.
I 46% agree with you.
Yeah.
I half agree with you.
I 46% agree with you.
And that is that it's so much about the optics and obviously there's so much going on politically,
but if governments were really, really worried about this stuff,
they would be blacklisting and advising citizens
and organisations, government departments,
to stop using a tonne of products and technologies
long before it.
I mean, where's the start?
Brand management, though.
Yes, where's the governments talking about
don't use Facebook or Cambridge Analytica
or whoever it is?
You know, when it's a Western control...
And the thing is, the threat, when you think about it,
is exactly the same,
because any of these organisations are privately owned.
They could be compromised. You know, what america was to go rogue and their government was
to start you know getting hold of lots of data so i think it's just a bit disingenuous it's just
all about optics and and politics and and the sad thing is that it's just like poor innocent people
in between getting caught up as collateral damage so So, you know, like you said, with so many international firms pulling out of Russia,
people there, like thousands of them, have just suddenly been left unemployed.
So they're not having bombs dropped on them, but all of a sudden, oh, I've got no job.
I was making good money as a developer, you know, two weeks ago, and now I'm unemployed.
It's not the same as the people in Ukraine,
but it's still innocent people suffering for whatever bad reasons there are.
Yeah, yeah, absolutely.
Absolutely.
Especially the part where you agree with me.
Eat fake.
Excellent. Thank you. eat fake excellent thank you
well that was
this week's
rant of the week
which was
left me with a few
splinters in my bum
as a result of the
fence sitting
and
thank you for
agreeing with me
Jav
rant of the week
this is
the host unknown
podcast
home of Billy Big Ball Energy
Jav, it's over to you now for this week's
Billy Big Balls of the Week
Yes, I do have a story for you this week
What did Andy send to me in the show notes
okay uh yes i've got the the cliff notes now so a week or so ago or not too long ago a ukrainian
researcher leaked 60 000 messages from inside the conti ransomware group and the article is amazing uh the the link
is in the show notes i it's from wired i recommend everyone just has a read about it but um you know
the the obviously it's a billy big balls move but on behalf of this researcher to just
say like screw you i've got
all your logs uh let's just expose them and and there's a twitter account um at conti leaks that
um is being used to to publish all these but um you know it's a really good insight into conti's
operations and one of the things is that when you sit outside
and you see that, oh, these cybercrime groups,
they're so organized, they're so efficient,
they collaborate so well,
why doesn't the security industry work in the same way?
Why aren't we some more collaborative and professional?
And then you read these chats,
and they're just like any other organization in the world.
I mean, they have like um multiple departments they have like someone who looks after hr and admins and coders researchers
it even has policies on how they should process the code and they share best practices about how to keep hidden from law enforcement.
They speak a lot about money and what have you.
So some of their just bog standard programmers are paid around fifteen hundred to two thousand dollars per month.
But those that are their ransom negotiators, they can also take a cut off the profits.
So it's just like salespeople on commission, right?
It is.
It's exactly like that.
The developers that build products,
and then you've got the salespeople that get the commission for selling it.
But the thing is, whenever we think of gangs and criminals
and all that sort of thing, all we ever see is, you know,
people in smoke-filled offices, the big boss with his feet on the desk and the lackeys surrounding him and all that sort of thing. All we ever see is, you know, people in smoke-filled offices,
the big boss with his feet on the desk and the lackeys surrounding him and all that sort of thing.
And then in the factory below, you see the people loading the drugs
or doing whatever, and it never focuses on that.
You forget that actually this is just a day job.
It is.
People may know, sometimes may not even know what they're doing,
but, you know, they may well know what they're doing.
But for them, it's putting bread on the table
and keeping a roof over their heads.
And they're going to gossip.
They're going to talk about their health.
Just normal stuff.
Exactly.
And they're probably going to complain about the working hours
and how crap a manager
you know that vlad the impaler is who happens to be the hr manager you know or whatever
um disciplinary meetings take on a whole new meaning yeah that's probably one of my favorite
parts is that you know there's some guy they complained that they couldn't get hold of him
because he went to get a haircut yes yes and he goes i'm not available 24 hours a day you know this is just a
job yeah because this is a direct path to burnout he said
you got ransomware gangs burning out man it's just it's just you read it it could honestly
just be someone's leaked the slack channel of a regular company it is you
know such and such doesn't pull his weight you know they're they're a waste of space it's funny
did they do they get into our slack channel
we we say it loudly and proudly on our podcast every week well we do actually yeah
because let's face it there was a lot of weight
to be pulled yeah yeah but even i like the fact that you know just the the pandemic they even
talked about how it's better to work remotely rather than having to to manage the six new
offices they were proposing to open in saint petersburg i know um i know it's just one of the
one of the the the the more like scary claims that came out of it was they say that they claim to have an unnamed journalist on its payroll who would get a 5% cut by helping put pressure on the victims to pay up.
Oh, that's smart.
That's like proper advocacy evangelist stuff, isn't it?
Maybe I could get a job.
Yeah.
No, but that is so sneaky.
And this is like the whole Cold War thing all over again.
It's like, who's a mole?
Who's trying to convince you to pay or influence you to pay?
And it's a bit, oh.
You have to say that's genius, it's like so horrible well it's business it's just that it's a legal business
yeah that's all you know that if any other company if it if it was any other company that
didn't deal that did very similar things but didn't you know blackmail
people at the end of the day or steal stuff um it would all be you know all's fair in in love and
business right that's that's just how we do things we we hire people to make our product look good
and encourage you to buy it and make other people's products look inadequate that's yeah yeah yeah so so it's
it's a fascinating story i recommend everyone read it and then you know you get a bit of a
chuckle you could you saw in some ways you start to empathize with them because hey these people
have the same working conditions that we do it's it's not that different they have the same
challenges they have the same same problems so it kind of like humanises them in a way.
So basically the grass isn't always greener.
No, no, no, it's not.
So, yeah, stay where you are.
Billy Big Balls of the Week.
We are officially the most entertaining content amongst our peers so andy you know those sci-fi
films where there's a big sort of crack of thunder and uh you know a guy a guy in a space suit
appears out of nowhere and yeah and he says you know and it makes me think of this because we're
doing this on a different day and he runs to the nearest people he says you you know, and it makes me think of this because we're doing this on a different day.
And he runs to the nearest people.
He says, you know, what day is it?
What year is it?
All I've got to say to you, Andy, is what time is it?
It is that time of the show where we're here over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News. French bank denies access to Russian workforce. Industry News. UK unveils new cyber flashing law. Industry News. Israeli government websites taken offline in large-scale cyber attack.
Industry news.
Hackers hit Rosneft.
Industry news.
UK blocks Assange's extradition appeal.
Industry news.
A vast merger raises competition concerns.
Industry news. Irish watchdog finds Meta $19 million
over data breach.
Industry news.
Kaspersky hits back at
politically motivated BSI
advisory. Industry
news. Thousands of
mobile app exposes user
data via cloud
misconfigurations.
Industry News.
And that was this week's...
Industry News.
Huge if true.
Huge if true.
So I'm looking at the UK unveiling new cyber flashing law.
Yeah, and Jav, that means if you do it again,
I can get you arrested.
So lawmakers in the United Kingdom have made it a criminal offence to use a cell phone, dating app or social media
to send unsolicited sexual images.
Good.
Which I thought it was illegal anyway.
Like, you know, unsolicited dick pic.
I thought that that was illegal.
I think it might be a difference to is it a difference to a a a criminal act versus a civil
act right okay so now right so now it could um you can get jail time yeah the new online safety
bill individuals convicted of sharing an image or video of a person's genitals for their own sexual gratification
or to cause another person humiliation, alarm or distress
could spend up to two years in prison.
Yeah.
Wow.
And it also aims to hold technology firms accountable
for promoting harmful behaviours.
Yeah.
That's good.
I think it's right.
Nobody wants an unsolicited dick pic
unless it's a picture of
Dick Van Dyke
online platforms will be required
to protect users from fraudulent adverts
as well
there's a lot going in in this new bill
yeah I think they're
bundling a fair amount in there
this is where some of the challenges with this
is so fraudulent adverts, you know, a bit like, you know,
we'll get £350 million a week to put on the NHS,
which went on the side of a bus apparently.
That's not going to be allowed in the future.
Which, again, you've got to wonder why it's allowed at the moment.
The irony is deafening.
Yes.
Yes.
The irony is deafening.
Yes.
The Avast merger raises competition concerns.
There's huge amounts of competition in that space.
So this is what?
So Norton LifeLock is a freemium sort of software provider, similar to Avast.
So that does kind of remove one of the well-known players in the market,
right?
I think that's the issue.
But so many of them,
there's plenty out there that have a free offering that you then pay for
premium services.
And I don't,
I still don't.
So if you remove Avast and who's the other the other one that begins with an A in the market?
Oh, yeah, I know who you mean.
I can see their logo.
It's like black with coloured blocks on it.
So then who's left, right?
So you take out a Vast, merge that into Norton.
Who's left?
Microsoft has a built-in free capability.
If you want to talk about lack of competition, that's the one.
It's Microsoft.
I see that no different from the old Internet Explorer versus the whole thing.
It's bundled in.
But Microsoft's not buying one of its competitors.
No, it's not.
That's the job of the CMA is to make sure that consumers are not impacted.
I just want to know why there's only one
monopolies commission.
Good point.
They're the only ones that understand
the rules of the game.
Different with every family you play with.
I see the Kaspersky thing is here.
We're obviously ahead of the game there.
I mean, we broke this story first in our part of the podcast.
We broke this story 20 minutes ago.
Yeah, get with the program, man.
We did invite Mr. Kaspersky to come on the show
to give his side of the story but
unfortunately he declined to attend no he didn't we did not ask him and he did not decline that
that's fake news sorry are you looking for another invitation to his secret tracy island
see see how defensive he gets absolutely petrified about being associated with not
i'm just saying that i don't want anyone to listen to this
and not get the humour or not realise that this was like
the 12% idiot of you speaking.
That's like saying something that is factually incorrect.
And that's not just any idiot.
That's a genetic idiot.
Yes, exactly.
Oh, dear.
Well, we did get that complaint about andy uh again actually thinking about it
siding you know with putin over ukraine um oh and actually that reminds me we did get a little bit
of sponsorship money a couple of weeks ago although they said uh please don't please don't
do not associate my name with your associate my name with your show. Associate my name with your brand, which, let's face it,
kind of makes sense.
But we know you're listening, and so thank you very much.
Just want to let you know that we do appreciate it.
It certainly helps pay for the tea and biscuits every year.
I think you said it, Tom, was like,
I'm going to a camera show in London.
Oh, it was generous, but it wasn't that generous.
Thank you, Eugene.
It is very much appreciated.
Yeah, I'm buying this new camera.
It's called the Kononsky.
Oh, dear.
Anything else in here that looks interesting?
No.
No?
There are mobile apps exposed via cloud misconfigurations.
Links in the show notes.
Yeah, absolutely.
Just read them.
Facebook find again.
Excellent.
That was this week's...
Industry News.
You're listening to the host unknown podcast,
Bubblegum for the brain.
All right.
So, Andy, it's over to you for this week's...
Tweet of the Week.
We always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week comes from Caluglas Hoss,
Moon Polysoft.
And he says it's a tip for all software.
It's Caligula's Hoss.
Caligula's Hoss.
Okay, I'm glad you can read that.
A quick tip for all software engineers.
A great way to punch up any meeting and make your co-workers admire you is to drop a,
well, at Google, Facebook, Netflix, whatever, we did it this way everyone absolutely loves that i think you can do it always talking about how you
did it so much better at your previous employment is a sure way to endear yourself with new colleagues
it is it is is that is that similar you know it just reminds me of like tom every like
when i was a cso i used to do this and I used to manage a team like this
and I had people that done this for me.
It just sounds uncanny.
It's normally on a panel when people are asking,
when you were a CISO, what did you do?
No one's ever asked you that.
Can I just throw in this tweet that i actually shared with the group as well which i thought was
just brilliant uh which was um it was a headline in the evening standard red bull thieves steal
850 000 pounds worth of energy drink in a staggering heist in belgium and the person
who quoted it says what we've all thinking.
I don't know how these people sleep at night.
Yes.
Yes.
Very good.
Very good.
Excellent.
Thank you for this week's.
It's late of the week.
You know, just speaking of Red Bull, it reminded me like um of this thing so we're
old enough to remember when red bull was just a drinks company like energy drinks yes yeah i'm
sure like there's kids these days like aren't they a formula one team aren't they aren't they
like an extreme sports sponsor or something they have a football club in the bundesliga in germany
do they really yeah rb leipzig. The RB stands for Red Bull.
A friend of mine is one of the senior IT folks at Red Bull in Germany, in Munich.
Wow.
Is he a friend of the show?
Perhaps he should be.
We'll sponsor that.
If they want to sponsor us,
get us one of those minis with the big Red Bull can on top.
I'll drive that round.
I've got no shame yeah i remember
a few years ago um i was talking to my daughter about we were talking about music or something
and i said oh dr dray made this this album with him she's like dr dray she got i go yeah i guess
doesn't he make headphones i was like oh my god i failed so we got home got on straight out of compton that that documentary
that accurately depicts like who dr dray is the nwa and everything and that's like uh people
are thinking that snoop dogg's known for lying on top of his kennel?
Okay, Charlie Brown.
All right.
On that note, Jav, thank you very much for this week.
You're welcome.
Stay secure.
It's good to have you back.
Yeah, I know.
I know.
And thank you for agreeing with me. And Andy, thank you, sir. Stay secure, I know. I know. And thank you for agreeing with me.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel. The worst episode ever.
r slash smashing security. Please leave your best insults on our Reddit channel. Worst episode ever. R slash Smashing Security.
So there's actually, it's not security related,
but there's a great thing about how Red Bull got so popular in the past
in terms of how the regulators actually helped them, you know,
by telling them that they had to put warnings on the can saying,
you know, this isn't for children.
Like, do not consume more than two of them.
And, you know, the Red Bull branding team were like,
yeah, we'll put that on the can.
Yeah, of course we'll add all this stuff.
Anything that sort of makes it like, you know,
you shouldn't be drinking it.
Dangerous, yeah.
Yeah.
They said it just absolutely launched them into, you know,
well, the brand they are today.
Well, it's like Yorkie and it's not for girls.
Yeah.
That one didn't age well though.
No.
That was it.
No.