The Host Unknown Podcast - We Can't Believe It's Episode 10!
Episode Date: June 12, 2020Breaking news about the financial future of the Host Unknown Podcast, tea and takedown notices.Despite what it sounds like this episode is categorically NOT sponsored by The Smashing Security Podcast,... even with our special guest in The Little People.Some audio challenges (sorry about breaking your headphones with some of the jingles), but you really do get what you pay for. Want better quality? Sponsor us at https://hostunknown.tv/the-financials/.Want Episode 2? Pay £100, or £250 if you want to be the sole owner of that episode. Your chance for a piece of Podcast InfoSec history. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
right let's go shall we let's hit it
that's not loud enough sorry jeez one job tom one job i know
you're listening to the host unknown podcast Hello, good morning, good evening, good afternoon, wherever you are
And welcome to the Host Unknown podcast
This is, what, episode number 10? Blimey, we made it to number 10
Jav, how the devil are you on our centenary? Or whatever it is
I'm very good, I'm very good
I didn't expect us to make it this far,
but we have,
and we haven't killed each other yet,
probably because we're remote,
but you know.
Yeah, exactly.
Tom is dedicating a lot of time
in building the AI necessary
to punch us remotely.
What makes you say that?
Just all of the recent updates we've been receiving
from your magic mirror your car connected screens and um you know just extremely technical stuff
that we would never have uh pegged you down for so we're obviously concerned we were speaking
about this separately um what your end game is here because not feeling too comfortable at the moment
i don't know if the gags have been getting to you you know like the slide digs over the years
whether you just had enough so i'm gonna go all tony stark on your ass exactly so i i actually
feel well obviously like yourself andy i'm scared for my life but i i am also really proud because
you know tom and I had
this big debate at RSA about whether a C-Series should be technical or not and he was like no
not technical not technical but ever since then he's been nothing but technical so I think that
I finally convinced him but obviously his pride refuses to let him admit that. Well just got a
raspberry pie so he could have a two minute motion detector as to whether or not the light needs to go on or off it
so for context here i've um i've got my soldering iron out and i've you know i've had four projects
so the first one was repairing my my daughter's beat solo three headphones which was interesting
as a result i have ended up with two extra
pairs of headphones made up of spare parts that i've bought um as well as repairing hers and a
pair that's ended up in the bin but just because they've just been pulled apart so much uh i uh
built um or replaced all the innards of my son's electric guitar uh putting in a humbucker and a couple of other pickups and
a bunch of stuff so that that was also interesting uh i've also updated the insides of an old ipod
third generation um sorry third generation apple ipods that's the one that was firewire came out
in 2003 so they've now got 128 gig storage in each um oh actually no it's a fifth project because i
ended up with a few spare parts of those so i did an exploded view of my ipod uh third generation
in a picture frame that lights up with siri so i can tell it this frame to switch on and then the
final one is this magic mirror um that gives you information you know like uh you know the time the weather uh what your
calendar is looking like it connects to my car um and tells me you know how much petrol i've got in
the tank tells me the journey time to the office or wherever uh and it's got a sensor in it so that
after two minutes of nobody looking at it or being in its vicinity
it switches off and becomes a regular mirror so yeah yeah i'm going tony stark on your head and
that is um just that magic mirror that is an old imac isn't it well it's an old time it will be an
old imac screen i've just pulled it out yeah um so i'm just getting the sense here that all the parts you have seem to be from one particular vendor.
I tend not to throw stuff away.
Or, you know, I mean, I've stripped this iMac apart.
I've now got a two terabyte disk, spare terabyte disk for storage.
I got a slot loading CD drive, which I'm just waiting for a caddy for.
I've got the screen that I'm going to use in this magic mirror.
I guess the only non-Apple thing I've got computer wise is this Raspberry Pi
that's running it.
And that's where it's getting interesting because you've got to write scripts
and code and stuff, or in my case, copy and paste.
Or Google scripts and code. stuff or in my case copy or google google scripts and code
that uh i think that's exactly right but you know i think i'm coding but you know for other people
they they just see me use you know ctrl c and ctrl v a lot you know there's a website called
um ikea hackers i think. Oh, yeah.
And it just shows you how you can take IKEA stuff and make all this.
You should do something called Apple Hackers.
Just create.
That's all you're doing these days.
But just for rich people, right?
Yeah.
People want to buy expensive kit just to take it apart and make something else.
Yeah.
Here's something you can ask your butler to make for you.
Yeah.
In my defense, that iMac was uh i actually told you guys i think it was eight or nine years old it's actually
nearly 12 years old i think i got it in 2008 it's been repaired twice and i you know and i've had a
go at it and obviously it didn't work after that. That's when it was retired.
Yeah, the fans were running permanently.
It's an old Core 2 Duo thing, so, you know, with the 4 gig of RAM, etc.
So, you know, it's had its service.
I'm giving it a second lease of life, you know.
Impressive.
You know, I'm recycling and reusing.
What can I say?
Very good.
So, speaking of recycling, reusing, we heard that you've been moonlighting a bit by going on the world's second best security podcast.
Tom, what's that all about?
Yes. Yeah, yes. So Carol and Graham invited me back onto Smashing Security, onto the Smashing Security podcast.
Invited you back?
And it was fantastic
that implies you've been on there before
what?
well I think
it was Graham who invited me initially
and I think
because he's now in his 50s I think he
forgot that he'd actually asked me
but yeah
and it was a really exciting episode
it was fantastic did you guys listen to it yeah and it was a really exciting episode it was it was fantastic did you guys
listen to it yeah it was good absolutely yeah well good points well made yeah yeah
are you sure you listen to agree with everything they say
okay so you're obviously lying but
because i know you're busy anyway and andy you always, you know, texting us memes and TikToks at three o'clock.
Exactly. I mean, those things do not find themselves, you know.
Exactly. But you obviously haven't listened to it, but that's fine because I suggest you do.
One, because it's got my, you know, dulcet tones on it.
And two, it was a really good fun episode.
But most importantly, do you know what they opened with?
A well-crafted jingle.
Do you know what they also opened with?
What else they opened with?
Okay, this is great news for us.
They opened, they are now sponsoring an episode
of the Host Unknown podcast.
Wow, big news. Yeah, yeah. They are now sponsoring an episode of the Host Unknown podcast. Wow.
Big news.
Yeah.
Yeah.
Are they that desperate for traffic that they want our listeners to?
Yeah, that's right.
Well, that's why they're the second best, you know,
because they need to, you know, obviously get the story out,
you know, on the best.
I was going to say the first best, but on the best podcast.
They did have a caveat, though.
So on our website, on the Hostname website,
when we're talking about, you know, sponsorship requests, et cetera,
we did take a slight dig at them,
basically saying they had plenty of, you know, sponsors of their own.
That's not a dig, that's a compliment.
Yeah, exactly, exactly. had plenty of you know sponsors of their own true story they should sponsor us yeah that's not a dig that's a compliment yeah yeah exactly exactly um it's almost like a factual statement like uh things were made about a particular company who has gone around threatening legal action
in order for people to change things yeah exactly but but in carol's words, if you take that shit off your website, we'll sponsor you.
So during the course of that podcast, I did take those true remarks off the podcast.
Sorry, off the blog, website, sorry, whatever.
I'm so excited.
I'm mixing my words up.
So I did take those words off during the actual recording of the podcast.
So I did take those words off during the actual recording of the podcast.
It now says something that's completely untrue, but sounds really nice about them.
And as a result, the money landed in the account like within an hour.
Do you have any French heritage in you?
Me? Yeah, because not even they would surrender so quickly
hey i thought you know to be honest with you
yeah i'll fold like a pack of cards in the first let me put it so there's that um a company that
rhymes with uh deep pet babs,
who sort of threaten legal action in order to get people to change words on their blogs, on their websites.
Whereas what we're saying here is just basically cut out the middleman,
just give us the money directly.
And we'll take whatever words you want off the website.
We'll even rewrite it for you.
Just send us the draft.
Absolutely.
Graham, take note.
You want anything else rewritten?
Just send us the money.
Oh, dear.
But no, in all seriousness,
thank you, Carol and Graham, for the sponsorship.
I believe that you don't trust us enough
to say nice things about
you ourselves uh during the podcast you're recording something so we're we're hoping
that next week's show will be the official show record sorry uh sponsored by um uh smashing
security in fact we could have a little preview of that should we do that let's try it host unknown sponsored by
insert name here well not yet really i'm come on you don't want to why are you that's why i
called it a preview it's just you know we're getting it's a preview yeah it's like a teaser
now you're giving it away for free now but you know what talking to sponsors you should
probably
also check out Meta Compliance
and LastPass
because their support helps Graham and Coral
give you the Smashing Security Podcast for free
indeed apparently
so you know
you should hear them during the recording
they suddenly get all serious and then have to
say that bit.
And they say it word for word, syllable for syllable,
perfect every single time.
And then it's cut and then straight back into the regular banter.
But I tell you, it's a very well-run affair.
It's regimented.
Carole does not take any shit.
If you stray from that script, I tell you, you're in trouble.
You know what that sounds like it reminds me of um remember working with micaiah
oh my god whenever we're doing videos and you know thinking we're having a good time and having
a laugh and it's like bang serious face stop laughing it's like oh yeah you feel like you're absolutely so so for for those
who aren't us uh makaya was a um what was her official title was she um producer i think or
something like that second or a director's assistant or something whatever she controlled
our friend friends of the show jim shields who was the director and the crazy creative one.
She controlled the set.
So she made sure that everything ran perfectly.
In fact, we interviewed her for the second podcast
that actually never made it to air.
Well, because in that same episode,
we also had Jeffrey Epstein as the little person
and that did not age well.
Oh, that's true.
Yeah.
No, no, no. I mean, that was an ill-fated second episode let's
be honest maybe maybe we'll release it perhaps was that the episode where tom was saying andrew's
his favorite royal yes exactly yeah and also when uh do you remember he did the Kickstarter for the Jimmy Savile Memorial?
I mean, people wonder why the second episode will never see the light of day.
Do you know what?
I'm going to put this out there. If somebody will go onto our website and drop us £100,
we'll release that episode.
How's that?
How's that? If you drop us £ us 250 we'll release it just to you
so just going back one second guys i i have to feel like i have to defend and clear the air about
um you you felt like she was a hard task master on uh on shooting days yeah but you've also seen how
difficult it is to get anything done when she's not around because of her shoots were on schedule
everything got done on time Jim and us and everyone was like kept in line and without that
what we were told all fallen apart yeah yeah absolutely and and this is the result yeah before your very ears although i
think it was probably harsh to refer to um every other producer as not mckaya instead of yeah
we could never remember their names so they just became not mckaya yes
i think the first person we referred to as that left about six months later.
Yeah.
It was a little awkward.
Yeah, Sarah.
No, not Mackay.
Not Mackay.
Sarah, if you're listening, I very much doubt you are.
But if you're listening, we're sorry.
We are very, very sorry.
Anyway, on with the show, shall we?
So we've got some good stuff coming up. We've got Tweets of the Week, Industry News, Rant of the Week, Billy Big Balls and the Little People.
We're fully stocked this week. I don't know why I'm saying these things like you don't know what's coming
because we've done exactly the same the previous time.
Well, it kind of feels like you went on to someone else's show.
You like the way they run it and you're trying to force that on us.
Yeah.
Okay.
I'm going to have to steal some of their music.
You need to run a jingle and get into it.
We're like 20 minutes in and we haven't even started in earnest.
All right, let's start, shall we?
Let's see.
Here we go.
Tweet of the week.
All right.
Oh, I've got tweet of the week, haven't I?
Fantastic.
So there was a tweet. This is, well, I guess there's a slight connection to InfoSec as regards to OpSec and managing your social media presence.
But I like this one because it made me smile and made me think that actually certain brands are run by decent people.
run by decent people. But there was a tweet which Yorkshire Tea was involved in.
And we're nothing if we're not down with the kids and their tea drinking here.
So someone actually tweeted, I'm dead chuffed that Yorkshire Tea hasn't supported BLM,
Black Lives Matter. So Yorkshire Tea responded, please don't buy our tea again.
We're taking some time to educate ourselves and plan proper action before we post we stand against racism. Black Lives Matter. OK, fair enough. All well and good. However, somebody then replied,
so now I've got to buy PG tips? Question mark fuck me, this sucks, and Yorkshire tea is done.
Good luck with this bullshit stance.
So PG Tips jumped in and said,
yeah, it does suck, Pamela.
If you are boycotting teas that stand against racism,
you're going to have to find two new tea brands now.
Black Lives Matter and the highlight of it all,
hashtag solidarity
now i like exactly exactly now i like this for a couple reasons one i like it when you know there
are sort of you know twitter threads with different brands playing off each other i think oldie do
that really well um you know we see we sit before and it's good fun you can you know
there's there's obviously a relationship there and it's to be to be blunt it's also good business
you know if people enjoy um the interactions they see you making online they're going to feel
you know more aligned to what you say uh you know to to you as a brand and and um you know we'll we'll more likely to buy your brand
um obviously it's you know they're standing up for something at the moment which is great and
we're not going to get into that uh you know on this show but the other part of it is it's almost
like a racist finding device because all the people who jump out that's just social media in general though
isn't it well yes exactly exactly it's like those little flags you can get get those little sort of
union jack flags that you can get all the sorry not you and jack flags the um the english flags
you can get the attached to your car yeah yeah exactly so you can always easily identify who's
a mildly racist.
But which is a shame because I like the English flag being an Englishman and all.
But but it amazes me that people come out and say this shit on Twitter and social media,
not thinking that actually they have just very clearly stated that they are intolerant bigots.
And it hangs around, even if they delete it.
Even if they get certain things removed,
as we know from KeepNet Labs,
who recently released a statement about why they asked certain security researchers
to remove their name from their blogs and all
that sort of stuff. There's things called the Wayback Machine and the Web Archive. People find
out the stuff, you know. So, you know, yes, I think it's a it's a it was a lovely piece of solidarity
amongst brands on Twitter. But I also think it really highlights the importance of understanding the footprints
you leave on social media.
And, finally,
the importance of
Will Wheaton's law, don't be a dick.
Yeah. Because,
you know, as
my grandmother used to say, if you haven't got anything nice to say,
don't say it.
Clearly
something you didn't learn very well growing up who who me yeah
well i've just been nice but you've just been really snarky so you know obviously you didn't
listen to your grandmother well she just said if you haven't can't say it rudely say it snarkily
that's what my grandmother said so he did listen to his grandmother. Yeah, okay.
You don't know my name.
Oh dear.
So yeah, that was my...
That was so loud.
That was actually quite a positive one,
I think, for a change.
Yeah.
All right, Zach, well, that's partly why I did it.
Yeah.
I think we should just clear up at this point if they haven't already left.
We do actually listen to the Smashing Security podcast.
We are fans of it.
But, you know, when I was listening to this week's one,
there was a part I did feel personally attacked on.
And it was something that you were saying about people doing,
just making basic mistakes, like forgetting to renew certificates
and stuff like that.
And many, many moons ago, I remember one morning getting a text
from Ricey, friend of the show.
And he said, dude dude the website's gone
and i was like what uh you know this was sort of like seven in the morning and i'd forgot to
renew the domain um all the renewal uh notices were going to uh you know administrator at
um and i just wasn't looking in that mailbox no what you mean was you don't log in as administrator oh no absolutely not no yeah
yeah no obviously administrator doesn't have a login like no so you know i had it as a secondary
mailbox uh and i just hadn't been checking and uh on the for whatever reason the who is output i
took previously uh displayed like displayed the deleted date,
or when it's going to be deleted rather than when it expired.
And I'd just recently done it that week, so I thought, oh, cool,
I've got another three months before it needs renewing.
It actually expired, and obviously there was no emails going through.
So I very sheepishly called Network Solutions as it was in the morning, paid with my own credit card, didn't even dare claim it on expenses.
Boss came in at 10 o'clock, nothing had happened. the boss was an early riser and it was very obvious that that something was wrong because
we used to get revenue alerts you know if revenue was down or up by a variant of a
certain percentage and obviously with no website revenue was down for the hours so it took about
four hours to restore the website but like I said I did feel personally attacked when you said that
you know these are basic mistakes that people shouldn't make.
You know, I think it depends where you are in your career.
Do you know the best part of what you just said was what I said on the Smashing Security show was an almost exact mirror of what the three of us were discussing when this happened.
And it was a point that you made, Andy.
I get it. But, you know, these are big companies.
They should have their strengths all sorted out.
Yeah. I mean, yeah, this was a smaller company.
I was at previously uh so absolutely you know
big i would absolutely come down on anyone who who messed up and i would be like what are you doing
uh equally i have sympathy for people yeah i can see how these things happen
but it was a schoolboy mistake that you made when you were a schoolboy
you know it's it's it's you can have sympathy for people if
they're caught unaware of if they weren't warned and one of the great points that you raised tom
on there was about brand reputation about how you know sometimes if they if they're not careful
about their brand then or they don't register their domain name someone else will register
their domain name and things like that and and i remember like andy and i telling someone for years like oh you should own your own assets online or someone else might say
i don't know for example create a facebook account under your name
and they didn't do it and then what happened was some nefarious people
um you know created a a facebook page under your likeness Tom that's right
they're real scumbags of the earth thankfully you know DFIR experts jumped
to your rescue we took control of the account and then we took control of the account we we sought out the threat actor took control of the account and then um
repatriated so sorry you you took control of the account by creating it in the first place
what's funny i remember you were out with someone weren't you and they actually tagged you
i was in a bar in san francisco with with with our friend jill friend of the show and she was the friend of the show in
fact she was on the very first podcast yeah which did make it to her and uh and so i i we were
talking about facebook and i said well i don't have a facebook account and she said yes you do
i said no i don't what are you talking about she tapped her phone a little while and turned it
around and showed it to me it's like holy crap that's my facebook account we just had so many photos i mean that whoever it was had so many photos
it was a very believable account and uh it was they clearly knew your movements and um
yeah yeah exactly no it was funny and i I did, you know, I started to maintain it for about three months
and then realized how toxic Facebook was and then deleted it.
Oh, yeah, we know because once we regained control of it
from whoever had it, they saw that there was some like,
some of your school friends were trying to get in touch with you.
Yeah, that's right.
A bit of fox hunting.
A bit of this, a bit of that.
And, yeah, it was mortified.
Oh, dear.
Right, we're going to move swiftly on, I think.
I think, oh, we've got a veritable smorgasbord of stuff coming up now.
Yeah, I think it's time for industry news
sophos confirm restructuring plans denies blog closure industry news have contact tracing scam opportunities been easily enabled?
Microsoft predicts escalation of zero trust in lockdown environments.
Working Group calls for greater DMARC support and adoption.
Healthcare provider Babylon reports
data breach. Industry
News
Malicious apps pose as contact tracing
to infect Android devices.
Industry News
And that, ladies
and gentlemen, was this week's
Industry News
Our reliable sources over at the InfoSec PA Newswire
have been very busy this week
We went twice around this time
We did
That's like six stories
It's a big, big week in InfoSec
Yeah
Huge, huge
The biggest week ever
Has our host unknown Stig been hard at it this week?
Stig has indeed been hard at it this week? Stig has indeed been hard at it.
Actually, that's something for our listeners.
Come up with a name for our...
Mystery reporter.
Industry News.
For our Industry News Stig, we need a name rather than Stig.
What we're saying is don't uncover him.
We're saying we need a name like Stig. I was going to say, he's got a name rather than Stig. What we're saying is don't uncover him. We're saying we need a name like Stig.
I was going to say, he's got a name.
Yeah.
Or she.
Or she.
Because we don't know how long we can push this
before we get, like, takedown notices from the BBC.
Yeah, that's right, yeah.
They have been very understanding so far,
but feel a little under pressure.
Do you know what? um when those headlines were uh coming out and you were you were reading through them i did uh i looked ahead
i'll be honest and i saw tom you had one um the working group calls for greater d mark support
and adoption and i was thinking you know is tom technical, is he going to say DMARC or is he going to say DMARC?
I know you've been around the block a few times.
I've set up DMARC on my mail accounts I have, you know.
Wow.
I set it up myself.
Colour me impressed.
Sorry, I cut and pasted everything myself.
colour me impressed.
Sorry, I cut and pasted everything myself.
Now, DMARC, at least certainly for... Right, who's tapping away to check if I've got DMARC set up?
I can hear somebody typing very quickly.
No way.
You know, if it's you, Jav, I'm safe,
because I'm pretty sure you don't know how to check for DMARC.
If it's you, Andy, I I'm safe because I'm pretty sure you don't know how to check on DMARC. If it's you, Andy, I'm worried.
It wasn't me.
Oh, in which case I think I'm all right.
No, I was just WhatsAppping you something.
No, we're not going there.
We are so not going there.
Oh, dear.
But, yeah, DMARC was something.
I was at a conference last year and somebody said why is not
why isn't everybody doing dmark it's really simple here's a link on how to do it you know
simple dns changes blah blah blah and i thought yeah crap i should probably be doing that so i
did it and um you know after only a couple of hours with um microsoft uh if you use office 365
well i mean the dns management is i mean it doesn't do it for you, but you
set it up and then there's a health check you can press and it does it for you. But, you know,
after only a couple of hours of email outage, I was back online.
So, yes.
Thank you, Andy, for your vote of confidence there about my
non-technical technical skills
You're more than welcome as I
struggle to get myself off mute there
I was just
I wanted to move the fan in my office because
I was getting a bit warm up here
so I thought this would be really noisy
Because you said I struggle't get myself off mute,
I can't cut that black, you know, that dead sound now.
It just won't make sense.
You're just making my editing really difficult.
You know that, don't you?
Oh, dear.
Someone's going to want to sponsor this podcast, I'm sure of it.
What, someone like Meta Compliance?
Absolutely.
They do a great briefing on the
onboarding of cyber security awareness if you listen to the end of the last smashing security
podcast you will notice i believe his name robbie o'brien um he shares oh he of the silky velvety
voice he had quite the dreamy voice uh i believe is the phrase that's used
um yeah definitely um yeah they might be good but they're not as good as no before
oh oh is that why you you just whatsapped us to say don't mention medical because they're
a competitor which at which point i immediately thought I need to mention Metacron
it's just exactly like the
the Keep Met Lab thing
it's not a breach
oh they had a breach
Jav if you hadn't said anything
I would not have mentioned
their name
and I'm not even reading that one.
But, yeah, the Streisand effect is in full force here.
I don't know.
You're listening to the Host Unknown Podcast.
More fun than a security vendor's briefing
that it is you know what i've got this week is um a very strong
um are you setting up the soundboard are you you ready for this one? If I say, I have a rant of the week.
Oh, sorry.
Yeah, yeah.
So go on.
I'm there.
I'm right in front of you.
Go.
I have a very strong...
Oops.
Rant of the week.
You just can't even buy this level of consistency.
All right.
Try that again.
Go on.
Try that again.
I'm there.
This week, I have a very strong...
Rant of the Week.
And so this week, some very disappointing...
Rant of the Week.
Timing is everything.
You've got it.
You've absolutely got it nailed.
But this is actually bad news this week.
It's bad news for all of us.
Oh, God, yeah.
In fact, as much, more so you tom as the uh
the front man for this one so as you are aware uh or you may be aware we occasionally dabble in uh
infosec rap parody um which is uh something that uh you know we are the best at. A very Trump-esque statement there.
And
this particular video, internally,
we know is possibly the most stressful video
which we have put together due to a number of factors.
Availability
of us getting together, changing work
environments, working with different directors,
some sponsorship,
artistic
licenses being used during you know during the differences
not being there mckay not being there exactly uh so this was actually a particularly stressful video
um from my perspective um and i was really happy with it when it came out it's also one of my
favorite videos um and if you don't know what this is this is called ride with me And I was really happy with it when it came out. It's also one of my favourite videos.
And if you don't know what this is, this is called Ride With Me.
No, sorry, it's a parody of Ride With Me.
Lost all the money.
I think we know where we went wrong.
Yes.
Now it makes sense, right? No, but we received a copyright takedown notice from the United Media Group.
And now YouTube have blocked that video.
And I've been looking into it, and there is no fair use anymore.
There is no...
Really?
Yeah, there seems to be a lot of people who have suffered this.
And so we will need to go and get permission from the original
or license holder if we wish to continue to use that.
Can we tweet whoever it was who did the song in the first place?
I'm not down with kids on this kind of thing.
Nelly.
I don't know if Nelly's on Twitter, I'll be honest.
Hey, Nelly, if you're listening.
Yeah, he's obviously probably scanning through podcasts. Yeah yeah if you're listening dude give us a break man yeah
to be you know it's probably not even him it's gonna be his big corporate
um you know yeah but if nelly says it's all exactly yeah yeah so yeah so yeah we are down
a video at the moment in our library of musical entertainment that we like to bring.
Exactly. One that was that was lagging behind in the viewership as well, which was disappointing.
But, you know, who knows? Who knows?
Yeah. So any any viewers or any listeners out there who think they can help?
Let us know. It would be really good to know see i don't think anyone
can help because youtube and their algorithm is just so messed up and one thing is that it's not
consistent it's not um it's not immediate so you can upload something so i've uploaded videos and
sometimes a year or two years later there's been a copyright strike on it or a notification that this is like, you know, corporate.
And then although there's a challenge process built in.
So there's one time there's incorrectly. I just use a sound effect of water dripping.
It was a royalty free thing. And they said, oh, this is from a song.
So I challenged it. I went through the challenge process and said, no, it's not from a song.
It's just that that was about five years ago and it's still there and there's no recourse.
YouTube is a law unto themselves. And this affects like not just, you know, big YouTubers like me, but even smaller ones, you know, like us, like you.
ones um you know like us um like you but um yeah no one seems to have a um any recourse or any any way to fighting the algorithm or the machine that that is powering youtube so so the thing is you
know i know that what many people will say is we'll ask for your money back. Oh, you know, it's a free service.
You can't ask for your money back.
It's up to them what you put on there, which is fine.
You know, I'd certainly pay for a service that would mean that they would look at this and take it, you know, look at this properly.
And also, you know, ensure that jazz music doesn't get back on the onto YouTube because it's got dripping water on it or whatever.
But, yeah, it is very odd and the other the other thing is instagram which is owned by is that
facebook or is that facebook yeah facebook facebook yes so they have a similar problem
because i saw a tweet today about a woman who posted a picture of her dog and it was a close-up of the dog of the dog's head and shoulders basically and it was
taken down because it um uh it had a nudity and profanity in it where yeah exactly
yeah now it was it was a um a light brown dog so maybe it was a skin tone thing or something like
that you know algorithm or something i don't know but you know where do you even begin to start
challenging that it's so plainly ridiculous yeah that you know i don't know what's happened of it
but you know you know when you look at the picture and you say am i going to see a shadow of something
is that you know is there but there's nothing you can see in it so it's these algorithms just just
kick off yeah you know i did see um there was something it's a couple of weeks ago i remember
seeing something funny where a guy whose uh wife was a blogger um you know that's how she made her
living and she'd recorded she was recording a video for youtube and he kind of came out his bedroom opened the door when he came out and because his radio
was on um you know it picked up some music that the youtube algorithm picked up and uh took down
the whole hour-long blog that she'd created because you know they were unaware that this
music was in the background um and i thought that was really funny at the time because obviously until this point we've never been impacted by this yeah it's right you know
fair use uh you know we're creating something educational uh you know it's only a uh it's not
a complete part of the video you know um but yeah however no it's unfortunate and you know i imagine
the volumes they get as well you know they, they're never going to get through to analyzing our responses.
I mean, I assume we are going to appeal.
Of course.
Absolutely.
Yeah.
I'm going to reach out to KeepNet Labs for their lawyers details to see.
Yeah.
Obviously effective.
Absolutely.
Absolutely.
Yeah.
And I think the host host unknown will
be uh reaching out to nelly i'm assuming it's at nelly i'm not sure um to uh to see if they can
do something about it as well and if any of our listeners know nelly you know or know nelly's
management or whatever then let us know christ we're pulling tugging at straws here aren't we so so actually and um
you know in the face of that here for possibly the um uh the last time in a very long time
is a little quote from the or sorry a little uh snippet from the video itself.
Rant of the Week. Well, bugger.
That's such a Tom thing to say.
That's what Tom said.
Hey, please switch to that, Jeff Jeff That's what she said
He's getting really really tired now
That's what she said
What
What
Half the time they don't make any sense
It's just
It's like muscle memory though
It's just a reaction
That's what she said
Right I think we need to move on there must be uh someone who's
got some big balls around here uh yeah we're yes we are we are on the billy big balls so let me
let me line something up and keep talking in a way that makes it seem really natural and it finally Billy Big Balls of the Week So I have got a Billy Big Balls this week
and it comes from the most unlikely of places
you'd ever expect to find a Billy Big Balls
New Delhi, India
and the person in question is called Sumit Gupta,
who looks like an ugly relative of Paul Chowdhury, the comedian.
Sorry, Paul, I love your work.
And you're by no means ugly, but this guy is.
He looks...
Well, Reuters have picked the ugliest picture they could find of him.
Anyway.
So he runs.
In his time of peace and love.
Yeah, I'm just thinking that.
More than any time in living history,
you kick off with this guy's ugly and it's very unlikely that he's a Billy Big Balls,
but who knew he's a Billy Big Balls?
We haven't even got to the story, Jav,
and I'm like thinking...
I'm already on his side.
Yeah, I've got a lot of editing to do here.
Do go.
Pray do continue.
So,
Gupta...
Gupta ran this company called Beltrox. B-E-L-L-T-R-O-X.
The X is capital for, you know, I suppose sounds cool.
From a small place above some shops in India.
I believe it's like above some tea shops or whatever.
Anyway, for the last seven years uh they've belt rocks and they've been running what you know
the um basically as cyber mercenaries um anyone who gives them money and i know this sounds familiar
but there is absolutely no link i was gonna say yeah yeah yeah keep talking i'm listening yeah um they they would just try to hack
into like high profile people so there's um politicians in south africa mexico lawyers in
france environmental groups in the u.s and um a dozen or so investment companies as well. And, you know, it's really weird. So it's
funny because in 2015, there was a hacking case in which two US-based private investigators
admitted to paying him to hack the accounts of marketing executives.
And in 2017, Gupta was declared a fugitive,
although, as you'd expect, the US Justice Department declined to comment.
Reuters, they were tenacious.
They got on the phone to him in New Delhi,
and he denied the hacking, as you would,
and he said he'd never been contacted by law enforcement. And he said he only ever helped PIs download messages after they provided him with login details. Yeah,
very likely story, Mr. Gupta. Takes balls to be so brazen in your lying.
um he he goes on to say something else um but um yeah um he's been going on brazen for like years and years um um it's not really advanced techniques a lot of it is just fishing
or spearfishing um you know im imitating like colleagues, relatives, trying to get Facebook login accounts, all that kind of stuff.
So how did he get caught, just out of interest?
So this is like Reuters' investigation.
I think there was another investigation.
I can't remember who done that.
So these are alleged crimes?
No, no.
Why are you trying to let the truth get in the way of a good story?
So they're alleged crimes.
Just for clarity,
because if Graham can't afford lawyers,
neither can we. Yeah, trust me.
If Graham's not up for a legal fight.
Yeah.
And we know Jav isn't.
Yeah.
Jav is definitely not, but my name's
Andrew Agnes
and I'll be damned if I go down like you do.
So this is a Reuters investigation.
This is, yeah.
The final quote on this story is brilliant.
He says...
I was like, will you share it with us or should yeah yes yes yes
frantically frantically googling right now tune into the next episode to find out what he said
so there's a guy called barth santos barth santos he's based in san diego uh bulldog
investigations he's one of the dozen pisIs in the US who told Reuters
they had received unsolicited advertisements
for hacking services out of India,
including one from a person who described himself
as a former Belltrops employee.
The pitch offered to carry up data penetration
and email penetration.
Which we just assume is legitimate.
Yes, yes.
Santos said he ignored those overtures,
but could understand why some people didn't.
These Indian guys have a reputation for customer service, he said.
What?
So the crux of the story, what I'm hearing hearing here is there is now a gap in the market for
people who are willing to do stuff for money no i think that there's a it it's just uh pulled
back the curtain a little bit to show how many actually of these small services out there there
are and how people are willing to use these services uh to try and
breach companies or what have you and that's why attribution is so hard because everyone's going
through these third-party providers and i think on a more serious note this is just services where
they're kind of like more corporate and they're trying to go for for high value clients but you have on the other side lots
of smaller people who will offer cheaper services but they'll be like hey i can hack into your ex
girlfriend or your your uh your your partner's accounts or things like that so i think that's
where things get quite um quite seedy and horrible so I think there needs to be a lot more done
in terms of international legal cooperation,
and we need to take the bastards down.
Well, there was a tweet this week by Tanya Yanker,
and it was retweeted an awful lot,
and a lot of other people quoted it,
because there was an online news source,
I think called Top Tech News or something like that.
Don't quote me on that, because if it isn't top tech news i'm you know i'm slandering them but um and one of
their writers had done an article that says how to hack into your into your spouse no into your
wife's phone to confirm she's cheating and basically gave pretty detailed instructions on what to do
and this was in a supposedly reputable online news source it was really quite shocking as you say
it's you know pretty seedy and nasty and and actually pretty predatory at the same time
yeah it was techtimes.com and i believe times, thank you. I believe it was... It might have been one of those sponsored kind of editorials or something.
It did use a specific tool, absolutely.
But talk about an utter lack of judgment on the behalf of their editorial team
and the journalist who wrote it.
Again, some people who do anything for money.
Yeah.
Which brings us to this week's sponsor, KeepNet Labs.
Do you know what?
I'm not even going to play the jingle, Gordon.
That's how angry I am.
Jav, thank you.
Thank you very much.
Billy Big Balls of the Week
Wow, we got a bit serious there again
why do we always get serious towards the end?
I don't know, but you know it does help us
move in nicely to
the next segment
where we kind of lighten the mood again
Indeed, indeed
So Jav, who
have we got this week for...
The Little People.
The Little People, this is someone I've been trying to get hold of for a long time.
Friend of the show, good friend of the show, Carol from Smashing Security.
And so me and Carol have a lot in common.
And so me and Carol have a lot in common.
And so I had to ask her because, you know,
this is something I've been struggling to internalize myself.
I said to her, please come on our show as a little person.
I know not many people know you're a little person,
but come on the show and tell us how it feels to be the driving force behind something like a podcast, do all the work to be you know the superstar
but then have a middle-aged white man take all the credit i have no idea what you mean
so your question how does it feel to be the driving force behind a major project like say a
podcast yet seeing others take most of the credit. Okay, loaded question, guys.
So look, there are a lot of different people in the world, isn't there? Like there are people
like Donald Trump, and Donald Trump seems to have a itch that he can't scratch when it comes to
Twitter. He's on it all the time. He can't stop.
You've got people like Piers Morgan, blah, blah, blah, lying on morning television,
telling us all what we should be thinking. I mean, these people initially became famous
because they loved the sound of their own voice. They loved seeing the reaction from people out there and they kind
of get addicted to it, right? I mean, literally, sometimes with my co-host, we have to talk fairly
often. And regularly, I will be talking and I'll suddenly just stop and there'll be nothing. And
then he'll just go, mm-hmm, mm-hmm. And I'll say, what did I say? And he has this uncanny ability to remember the last two words I said, but has absolutely
no ideas to the meaning of it.
But do you know why he's not interested?
Because he's not saying it.
He's not saying it.
So over the years, I've developed a skill.
I have to secretly implant the plan that I want to execute, make him think that it's his idea,
wait, God, weeks sometimes for it to percolate and for it to come back to me as a, hey, I had a plan.
I mean, do you know, the podcast itself exists because I nagged for it for about three years before he finally acquiesced.
And suddenly now it's his podcast.
I just don't know.
Hey, you're not recording this, are you?
Better frickin' not be.
The Little People.
Now, there were some very good points well made.
Now, there were some very good points well made.
And so just to let you know,
I wasn't actually expecting you to talk so much on the intro there, Jav.
And I was actually going to talk about how that resonates so much with me, coming up with all these great ideas, putting together all this stuff.
And the worst thing was I literally hit mute on my mic and then i went to
the man's room whilst you were spouting off and i was shouting from the toilet i was like
i wasn't expecting you to talk for so i thought you're just going to go straight into it and i'll I'll be back before it finished. So, yeah, no, yeah, Carol is my spirit animal.
I totally feel everything she's saying there.
I'm sure she'd feel thrilled to be described as such.
Yeah, very, very, very interesting.
I think it's just lovely how much, you know, her and Graham get on and how much she obviously respects him for being such a, you know, such a well-known industry veteran and the driving force behind Smashing Security.
When I when I listen to that just now oh dear no very good very good we like that we like that well i think we are drawing to a close
once again the natural conclusion and it must be because i couldn't quite hold it this week i
we weren't yeah we were talking for about 20 minutes before we hit record so
what rather than the requisite five so yeah that's that's fair enough that's fair enough
yeah so gentlemen thank you very much for uh taking part it was always a pleasure to chat
with you yeah can you meet your email notifications next time we record yeah and
whoever's getting those whatsapp notifications as well that's um what whoever's sending the
damn whatsapp notifications no just turn them off on your phone because even between on carol's
segment it's all like pinned in between i did see look shut up i'm fixing that in post it's so much
i did uh i did pull the old classic yesterday tom i heard um jav was out
whoring again at a conference doing a talk as i was speaking to my colleague um and he said oh
yeah he said your uh your acquaintance uh jav is um uh you know doing a talk at the moment i said
oh let's let's acquaintance you know friends well no he knows like no no yeah my yeah
my friend he knows that jab's not a friend so it's uh you know he said you're uh that person
you know of uh i said oh yeah i said uh i've got his number so i did the old classic i said let me
know when he's talking so he shared his uh webex session let me see jab on screen so i thought i'd just keep calling jab
to see if this phone was on and i did see a smirk so he obviously reached for it at one point so i
switched to calling on whatsapp just hoping he had it open in his browser as well just
i saw his eyes move move slightly to the side to look at something else
that's a professionalism yeah i. I had my browser closed,
so nothing on the screen was on
because I was sharing my presentation from my screen.
And my phone, I had it on do not disturb,
but I had the stopwatch timer up on it
to tell me, you know,
so that I can see how long I've got left to speak.
And in between, the phone started flashing.
I was like, it's Andy calling.
And I'm like, oh, my God.
And then I was like, that cancelled.
And then like 30 seconds later, the phone was, you know,
flashing at me again.
And, yeah, for some reason, so either in all the excitement,
I or maybe the phone calls, it just stopped.
So not only did it throw me off my game for a few seconds,
I literally had no idea how long I was going for.
Oh, the audience knew.
I think the general opinion was too long.
Yeah, yeah.
I mean, I saw the water keep popping up and waving at me, and I don't know why I was too long. Yeah, yeah. I mean, I saw the water heater keep popping up
and waving at me,
and I don't know why he was doing that.
So, hi, I can see you.
What was he doing down there?
Yeah.
The nostalgic gags are always the best ones, I find.
Even in times of lockdown,
we can do the same gag as if it were an in-person conference.
We can dream as if it's real yeah
so the last time folks that andy got me was at iris con i was up on stage
presenting and i had my phone there and um it started started buzzing right there it's on the
podium it's buzzing right underneath the mic.
And I look at her and I was like, it's Andy.
So I'm like, thanks for calling me, Andy.
I said, from stage.
And, you know, that didn't stop him.
And then I just didn't want to stop for too long to put it on mute.
So I grabbed my phone and I chucked it to Brian Honan,
who was sitting on stage.
And that was a big mistake because then I came off
and there's like about 50 selfies of Brian Honan on my phone.
I remember watching that one, yeah.
I think we got Quentin as well that time, didn't we?
Well, I got Quentin because he actually told me he was going on,
he was muting his phone, but I happened to be in his favourite list.
So if you call twice
it comes through so he he was like oh my god he saw him scrabbling while he was up on his panel
for his phone looked at it and then his face just told a story and he looked directly at me in the
audience witheringly why Why would anyone add you
to their favourite list as Beyond Me,
Tom? I don't think
your kids should do that.
Well, I like
Quentin, even though I know you don't.
Alright,
folks, that's enough
prattling on. I think this one
might be a record length every week's a record
length well indeed yeah indeed one thing to say i guess it's uh stay secure my friends
indeed stay secure my friends i hate you guys
host unknown the podcast written, performed and produced
by Andrew Agnes, Javad Malik and Tom Langford.
Copyright 2015, or something like that.
Insert legal agreements here as applicable and binding
in your country of residence.
We thank you.
And we're out.
Oh, man.
But, you know, with the whole story,
they call for great support and adoption.
Fuck.
Oh, man.
Yeah, thanks for that real vote of confidence. Oh, man. Yeah, thanks for that real vote of confidence.
Oh, dear.
I felt it was a good... I think it was a really good podcast.
I enjoyed it.
I think our regulars will enjoy it.
I think new people will be like,
these guys waffle on a lot.
We'll be lucky if the new people think,
what the fuck
But you know I mean that's part of the
The attraction of Carol and
Graham
Is just the conversations they have
Yeah exactly
And the banter
It's not all about news
I mean at least we chuck in industry news you know
Yeah
That's what you've got his stick for.
Yeah, exactly.
Shall we call him the stag?