The Host Unknown Podcast - 219 - The Lightweight and Aerodynamic Episode
Episode Date: May 12, 2025Episode 219 of the Host Unknown Podcast covers a wide range of humorous and insightful discussions relating to both technology and personal anecdotes. Key segments include a nostalgic look back at sig...nificant moments in InfoSec history, as well as a critique of a poorly-constructed analogy between casino strategies and cybersecurity. The hosts also discuss the misadventures of an AI app that wasn't really AI, cyber insurance claims, the fines against TikTok and NSO Group, and the importance of Cyber Essentials certification. The episode is peppered with casual banter about everyday life and observations, making for an entertaining yet informative listen. 00:00 Introduction and Initial Banter 00:57 Podcast Introduction and Missing Guest 01:29 Wrestling Anecdotes and Technical Difficulties 03:04 Travel Plans and Airport Preferences 05:12 Manchester Trip and Quiet Carriage Etiquette 08:58 InfoSec History: Banned from the Internet 11:00 InfoSec History: The Love Letter Virus 14:17 Rant of the Week: Casino Mindset in Security 18:19 Understanding the Author's Perspective 19:19 AI Shopping App Scandal 24:30 Industry News Highlights 26:00 TikTok's Data Transfer Fine 29:08 Meta vs. NSO Group 31:40 Cyber Essentials Certification 35:58 Tweet of the Week 38:23 Conclusion and Farewell Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
100% sure, like some plants that seed a doubt and like you start doubting everything.
Hmm, did he really, did he really catch me on this one?
Yeah.
Where's old man Langford?
Being old, I understand that this week he becomes the second oldest man in the world.
Who's the oldest?
I think it's also him, but he forgot his...
...lap...
...officially, he holds that record, but they couldn't find his...
...birth certificate, because it was written in Aramaic.
And, yeah, the paper dissolves over time.
It wasn't sealed.
I know, I know.
Okay, so I am going to control the deck today.
Oh dear.
Oh no, it looks, it looks bad.
But anyway, let me just go straight to this, hit our intro.
Oh man, these buttons all over the place.
Let me try that one again.
You're listening to the host Unknown podcast. Good morning, good afternoon, good evening from wherever you are listening from and welcome
one at all to episode 219 of the Host Unknown podcast. And we are missing a guest this week our
Regular guest mr. Langford. We are we are you know that reminds me like once
Ravishing Rick rude was part of DX
This was after he'd retired from active wrestling cuz he had a but he would come out and he'd always do the all you fat ugly
out of shape people
and always do the all you fat, ugly, out of shape people. To wet hugs. Yeah, yeah, yeah.
And then he got fired, there was something.
And then DX came out and I think Sean or Michael's or Triple H, they'd done the whole
thing.
Although they got someone impersonated to come in and do the whole thing.
And then they shoved him out the ring and said, well, heaven knows that was a tough
job to replace.
And so you just done the same thing, right?
Yeah, same aura. It's really not that difficult. I mean, he's got scripts and everything.
Yeah, who knows.
You know, you're hitting the wrong jingle. You're just like, now I'm really worried with the meme
you sent me yesterday about, look at me. I'm the captain now. It's like
What have I signed up to but okay, I'll ride the wave. Yeah. Well, we don't know where this is going and
Without Tom to take 15 days to edit it and still publish crap It's you know, who knows I will get this editor and publish like probably by the end of the day
Which means not only will you and Tom
be disagreeing about the episode numbering, but also the order in which the episodes have been
recorded. And the stories, the industry news might actually be relevant rather than a retrospective
look back on last month's stories. Have you been though anyway Andy? Not too bad. I'm trying to think
like this week's just been crazy. Work commitments as always. I am obviously a good corporate citizen
flying the flag there but yeah other than that it's been like the the weather doesn't quite know
whether it's going to be sunny or not. The sun peeks through. It's still very cold. But, um, no, we're getting there.
I'm looking forward to the rest of the month.
And, uh, I think I'm due a little holiday somewhere.
I don't know where though.
But, uh, I haven't flown for a while.
It's been at least a month since I last flew.
Oh my gosh.
Um, so I need to find somewhere to go.
I'm sure the BA agents are just sitting around asking each other
Have you seen up in deep has he gone to Heathrow instead of Gatwick this time? I don't know. I haven't seen him. I
Do need to go somewhere and Joe I the next time I'm flying I'm gonna fly from t5
Just a little mix it up a bit because I haven't used t5 for a long time believe me I do like t5. I see Gatwick's my
favorite because it's just down the road for me yeah Gatwick's not bad but it's just super far
away for me to get to so that's what I feel about with Heathrow yeah it's still closer to you than
Gatwick is to me I think maybe I'm not sure how that works, but sure. But actually, actually my favourite is City Airport because you literally get through
in 20 minutes.
I don't mind coming back to City Airport, but the lack of a lounge bothers me going
out from City Airport.
Yes, but that's why it makes it easier because it only takes 20 minutes to get through.
You can actually time it a lot better.
I say that as if I'm brave enough
to actually not get there two hours beforehand.
But they actually encourage you not to turn up early
at that airport because they're like,
look, there's no space here.
You're literally gonna come straight in, check in here,
and you're getting straight on that plane.
So don't come here early, we've got nothing here. But yeah, so how have you been doing? You have been traveling this
week and you have got proof of life for Mr. Langford, I understand. I have, yes. I was up
in Manchester yesterday for the NCSC Cyber UK event. Nice. Manchester was very sunny. It was
a lot warmer than London was. Thankfully my train up and back had no delays,
which is always a good. I was in the quiet carriage, which was nice. On the way back,
I sat down and this guy across the aisle from me was on his phone and he sounded like he
was from the conference as well because he was talking about what have you. He wasn't
cyber specific. He was like, oh, there was this, there was that. I met so people. And then this girl got up from across the way, she goes over to him and says, excuse me, this is the
quiet carriage. Nice. And he was like very apologetic. And he got up and he walked out
the carriage and then finished his conversation. Then he came back. That's not true. I actually
respect that. One, that he apologized, fair play, and left the carriage.
Two, that someone actually confronted him.
I assume she wasn't British.
No, she was British.
She looked young.
She looked young.
I can't say whether she was northern or not now.
I can't remember her accent, but she looked young, like in her 20s.
Like she didn't really care much.
Damn. Kids these days don't even just cut and moan and roll their eyes slightly.
Yeah see I would have just posted something on Twitter or whatever saying
oh my god I'm in the quiet carriage and someone's talking loudly and then... Exactly and done
nothing else about it. Exactly. And then claimed where he may have had a knife he
might try to shake me. Yeah but yeah, I saw Tom up there. He was looking like Tom. He was looking old and
weathered.
Do you know, I saw some old pictures, you know, like the phones sometimes do collections
and stuff. And I had one of, it was actually a collection of Tom for some reason. Like
my founder said, Hey, memories of Tom, you know, going back to the old days before, you know, we had to convert the
stuff from the old film onto digital, you know, some of the earlier pictures. But there was also
one from the conference in Dublin, what's it called? Iriscon. Iriscon, a good few years back, 2017 it was.
Good spirit shooting the day, but then used a FaceApp filter as a picture of myself, Tom
and Quentin, and we used a FaceApp filter to age Tom.
And at the time, because this is when Tom was still drinking, after he saw that picture,
he was like, do I really look like that?
And he did look haggard. And it was quite funny, but that popped up as a memory. But
obviously the one I did send was the three of us together. Say, hey, this was like 2017.
You know, all much larger than we were. Yeah, yeah. At least two of us were.
At least two of us were. At least two of us were.
We'll let people decide through the other two.
But alas, shall we see what we've got coming up today?
Let's.
So, this week in Infosec takes us back to a time when love was expensive.
Rant of the Week asked if the house should always win.
Benny Big Balls asks us again if people are stealing jobs from AI.
Industry News brings us the latest and greatest security news stories from around the world.
And Tweets of the week is an example of someone putting the vulture in VC.
So let's go straight into my favourite part of the show.
The part of the show that we like to call...
This Week in Infosec.
It is that part of the week where we take a trip down InfoSec memory lane with content liberated from the today in InfoSec
Twitter account and further afield. And our first story takes us back a mere 30 years to the 6th of
May 1995 when Chris Lamprecht aka Minor Threat effectively became the first person banned from the internet.
So he received a 70 month sentence for money laundering and banned from the internet until 2003.
So in the early 90s Chris Lambrecht and partner wrote a war dining program famously known as Tone Lock or Tone Locator.
Though it was known that he had broken into computers he was never actually prosecuted for crimes related to those activities.
But can you imagine today being banned from the internet? Is it even enforceable these days?
And obviously how is 1995 30 years ago?
Well, yeah, exactly. But surely nowadays that goes against one's human rights. I'm sure
the UN probably has a thing. You can put someone into solitary confinement, but you cannot
take away their internet access.
That's true. It actually probably does deprive you from being able to claim all kinds of anything, essential aid.
Very few council offices or governments let you...
You can imagine, you can't pay your taxes.
You can't pay your taxes, you can't pay your car parking.
If you have a stroke and you fall down, your Apple Watch can't notify the authorities.
That parking thing does bother me these days everywhere is like they've replaced all the
Coin machines with and card machines with those key our code things
Yeah, you supposed to download now the problem is there's like 15 different companies there are all different apps. It's just
Fan of that is ridiculous
Alas, this isn't the rent. Oh Stefan's story
Takes us back a mere 25 years and I chose this date because
it was nice and easy to do the maths on it. To the 4th of May, May 4th, Star Wars day,
when the love letter computer virus aka I love you bug spread to personal computers
running Windows around the world in just six hours.
And so it's spreading through email the virus enticed victims to open the message with the
subject of I love you. And about 2.5 to 3 million PCs were infected at the time. And the cost of
system downtime was later estimated at eight point seven billion dollars
And it's thought to be the fastest moving and most widespread virus in history
However citation needed for that one and mr. Cluley is not here to know no to bless that statement
It just goes to say that you know love is a powerful motor it will say you catch more flies with you catch more flies
with honey yeah then vinegar is it honey and vinegar yeah something like that but
yeah these were good times so I just cannot imagine this happening these
days mostly because very few people read emails anymore. Yeah.
There's that side of it.
But yeah, we can just catch a read,
just detect these things a lot better.
Yeah. Nowadays, it just happens when
Microsoft and CrowdStrike don't coordinate their patch.
But actually now, it's not so much about the volume.
Home PCs getting infected is not such a big issue.
It's all the infrastructure that we're running on the back end,
like your retail stores nowadays or your airports and everything, or your car parking
apps. Everything is just so reliant on these things being available that you don't need
to hit 3 million PCs. You just need to hit like 30.
Yeah. Well, wasn't there that guy, you know, when AWS went down that time?
One of the times AWS went down there, some guy saying that his Roomba couldn't vacuum
the floor because AWS East went down.
His Roomba in the UK couldn't vacuum the floor because AWS East went down in the US.
That's right.
That's right.
Because it had an online map.
Map.
Floor map.
Yeah. Yeah. Yeah.
Oh, do you also remember when Blackberry messaging service went down?
It was like during the summer of discontent and everything,
when that was being used to coordinate the riots.
Well, the riots, yeah. Yeah.
Couldn't break that encryption though, could they? They couldn't.
But I think afterwards there was some issue, it went down,
but it's actually one server in Canada that run the whole thing.
I mean, that was the beginning of the end for the BlackBerry device.
Like when people realized it all ran off one server, it was
yeah, the looking behind the magician's curtain.
But very good. Very interesting.
This week in InfoCert.
We're not lazy when it comes to researching stories, we're just energy efficient.
Like and subscribe to the Host Unknown Podcast for more ESG adjacent tips.
Now, Jev, I understand that something caught you all right this week and it kind of wound
you up a bit and you got a bit ranty.
So angry.
Listen up!
Rant of the week.
It sounds a motherf***ing rage.
So, you know, there was a day when people used to blog a lot.
There was lots of people blogging and writing articles.
Blogspot, Blogger, the whole thing.
Yeah, all that, all that thing.
And it was a nice time.
And so nowadays when people do blog, I appreciate it because it's not as common. So I look for
the good in it. But this one post just wound me up because I'm like, you give any fool
a microphone or a step. Yeah. I mean, examples right here, obviously. Exactly. Exactly. Let me say ensuring your house always wins by embracing a casino mindset
to security. What is this all about? There are people who are going to be triggered by
this because they're recovering from gambling addiction and you know, or they know someone
that's lost a lot. And this one professional is trying to teach us that, oh, you can... security is like a game of blackjack or poker, apparently.
And if you think like a casino, you can outsmart the criminals.
I mean, the analogy is so poor.
I mean, I know I'm guilty of making poor analogies,
but this one really takes the biscuit. You think, okay,
there must be some research behind it, some sort of academic paper that's been referenced.
And the academia that's been referenced is Scorsese's masterpiece Casino. There's a great
line in it.
That's a great film, by the way.
It is, said by Robert De Niro, the longer they play, the more they lose.
In the end, we get it all.
It's a line about gamblers, but it's more about that.
It's about strategy.
Casinos don't win because they avoid risk, but because they control it.
Every outcome is calculated in their favor.
And what's wrong about that is in a casino, yes, the longer longer people play the more the money they're
giving away to the casino the more an attacker attacks you they're not giving
you money they're just taking up your resources this is a sloppy writing I
completely agree I can see why it would be frustrating so is there any sort of
relationship to risk like how else this, does the author redeem themselves?
Well, they say that when you understand the odds better than your adversaries and constantly refine your playbook, you don't just survive the game, you run it.
It's just a lot of like very, very high level. It's not even 35,000 feet. It's like in the stratosphere something level. The same principles apply in cyber security
what's dangerous for one organization might be manageable for another that's why a one-size-fit
all security strategy is often inadequate. Hold the front pages. We really need to think about this.
One-size-fits-all strategy doesn't work and ultimately the lesson from the casino floor is
not to avoid risk but to understand and manage it better than your adversaries. Honestly, I think I'm,
you know, forget doing a CISSP. Just learn from this person and you'll become a risk
master.
Geez, I've just clicked on the link. It takes a long time to get to any kind of point. What is this? Should we name and shame? Can I find
the author of this puppetry piece? This... by understanding that risk is contextual?
No way. Understand that water is wet? Oh, what a... oh, great. Bias is the real threat
actor. OK, sure. It's not these threat groups that have got fancy names or anything.
Yeah, way to victim blame.
Plane to win.
Written by Thom Langford.
Huh.
Huh.
Do you know what?
This is a great piece.
As I read this, I can really understand now where the author is coming from.
Yes. I read this, I can really understand now where the author is coming from. It's a really great
piece, really good analogies here with the casino.
Yes, this was actually an anti-Rant. I'm actually all in favour of this. And I think we need
more of this kind of left field thinking in the Week.
People who prefer other security podcasts are statistically more likely to eject USB devices safely. For those who live life dangerously, you're in good company with the award-winning Host Unknown podcast.
I think we've got away with that one, Geoff. No one's gonna notice.
Yeah, no. Cool. All good.
Right, I'll hand over to you.
Okay, we'll keep this one short and sweet this time. Albert Sengsaniga, the founder and former CEO of Nate, an AI shopping that promised a universal
checkout experience. He founded it in 2018, raised over 50 million from investors like
Kocher and Forerunner Ventures, most recently raising a 38 million Series A in 2021 led by renegade partners nice and this
it said it allowed users to buy from any e-commerce site with a single click thanks to ai
interesting so like that okay yeah that would be good so almost like a a one click buy now button
but for the world rather than just on Prime.
Exactly. And that will be great.
Imagine just searching for new diffuser pods or something.
Yeah. And you just do a search in the app, I assume to say.
And then it pulls out from, oh, here's how much it is on eBay with shipping.
And here's on Prime and here's from all these other Etsy or whatever.
And you say, aha, that's the best price of delivery or convenience.
So click and it just buys it for you and sends it. Nice without you
having to create your accounts on those sites. Exactly, exactly. Unfortunately he
was charged with defrauding investors according to a press release by the
Department of Justice because in reality there was no real AI. They relied heavily
on hundreds of human contractors in a call center in the Philippines to manually complete
those purchases.
So it's another example of human stealing jobs from AI.
It is, it is, exactly. Won't anyone think of the poor AI?
And it also just shows how investors will throw money at anything that claims to be AI.
Regardless of whether it's the right thing or the wrong thing to do.
Yeah.
It's just shocking.
Not too long ago, we covered it here, Amazon was caught out with the same thing with their checkout. Hello, fresh job. Yeah, it was like people in Indian call center looking at cameras.
Yeah, yeah, yeah. Apparently the DOJ says that Nate ran out of money and was forced to sell his assets
in 2023, leaving his investors with a near total loss. Oh dear. Dan, but you know what? They obviously saw something that they were prepared to chuck
a lot of money, over $50 million into it. Had he just said it is a cool centre in the
Philippines with people doing manual work, like one I doubt they would have been interested
because it doesn't use the word AI, but that's obviously a business model that works, right?
So he was making it with that business model.
People like the experience, but yeah.
Yeah, that's it.
And he could have run that and at the same time
developed something that works with,
integrates with what have know, what have you,
and kind of streamlines the process. Even if it's not 100% streamlined for
the user, it might reduce the amount of people he needs in a call center.
And I think this is something that, when you look at it, this is the type of
service that a lot of people want there, because we have so much choice of so many
things, and so many subscriptions
and subscribing to stuff that people never use.
You really just want one thing.
It's kind of like I was talking to someone years ago when I was at 451 and one of my
colleagues there, he was like a cloud economist.
He was saying that what you really need, there's a market for this mid tier, mid sort of layer.
So say you want to spin up an instance, it actually goes out and finds at that time, what's the most suitable instance to spin up for your product or whatever.
And so you're not tied down to just AWS or Azure or whatever.
It will just find something locally and it will be manage the cost for you and keep it down or whatever.
And if you could build that, that would be a real, real game changer.
But I think the problem with that is that cloud services deliberately have their
their pricing so confusing and complicated that you just manually.
I don't think you could ever.
You genuinely need AI to figure out what the best pricing is.
Yeah. Yeah. Yeah, yeah.
Damn, interesting one.
But definitely a model to actually just hire
labor in a country that's generally cheaper than the rest of the world.
You may just call the company something with an AI name,
rather than implying that you're actually going to use AI to do stuff. Just name it AI.
Yeah, yeah.
Like it. Picasso. I like it.
Billy Big Balls of the Week.
The host unknown podcast,
orally delivering the warm and fuzzy feeling you get when you pee yourself.
Let me try this way round.
Jeff, do you know what time it is?
Well, it is that time of the show where we head to our news sources over at the InfoSec.
PA Newswire, who've been very busy bringing us the latest and greatest security news from around the globe.
Not the same.
Industry News.
the globe. Not the same.
Tick tock find 530 million euros over transfers of European user data to China.
UK cyber insurance claims second highest on record.
UK government warns retail attacks must serve as a wake-up call.
In the stream news NSO Group hit with a $168 million fine for
WhatsApp Pegasus spyware abuse.
In the stream news Hacker finds new technique to bypass Sentinel
1 EDR solution.
In the stream news UK launches new cyber security assessment initiatives to drive secure by design.
Industry news.
UK cyber essential certification numbers falling short.
Industry news.
Lockbit ransomware hacked.
Insider secrets exposed.
Industry news.
PowerSchool admits ransom payment amid fresh extortion demands.
And that was this week's
Industry News
Huge if true.
Huge if true.
Oh I see.
I saw this TikTok got fined over transfers. I'm just surprised because
Like how have they only just discovered this now or is this retrospective because they that their books are open
Like they've got literally
American auditors
Camped out of their offices. They are one of the the most transparent social media companies out there.
Yeah.
Oh, this is...
Do you know how it was discovered?
TikTok notified the DPC in April 2025 that some EEA user data had been identified on
servers in February 2025.
Wow. So they actually...
So they said, excuse me, we've made a mistake here.
And the way this headline is written,
it's almost as if like the DPO, whoever, the DPC went in
and they found this and they found the smoking gun.
Yeah.
So it's about a statement they made
in 2021 that data wasn't transferred to China and then in February 2024 April
February 2025 they discovered that some data had been they found it on service
I mean it you've worked in places right where data sits on servers you had
actually zero idea that data was there Yeah, Jimmy and then like, you know 20 years later. It's something that's not
Captured by a data retention policy or other automated controls. It's completely different type of technology that doesn't use this
So you don't it's a legacy main frame or something like that. And then yeah, they kind of said oh look we found this stuff
Sorry guys, I just want to let you know we have found this.
What message does that send to organizations
when they, if like they want to self own up to something?
Cause that's a huge fine for a company that has owned up
themselves to a misplacing of data.
Yeah. So do you want, so Christine Grant, so TikTok's head of public policy in government
relations for Europe has actually made a statement that the decision by the regulatory body has
overlooked Project Clover, which was the 12 billion euro investment that TikTok made to ensure the security of
European users data.
They've gone over and above and she sort of said, look, this decision is based on a specific
period in the past, namely 2021.
And it doesn't consider what they do now, where they are as a company.
So yeah, they do believe it's harsh
and unwarranted and they will appeal and I hope that they do. Yes so do I and I hope they they
win because this is frankly like quite quite an overreach I think I think by the deepest I mean if
you want to go after someone go after the Metas of the world. Meanwhile Metas sitting there like
I want to go after someone, go after the Metas of the world. Go after the Alphabets.
Meanwhile, Metas sitting there like nothing to see here.
Exactly.
Speaking of Meta, I did quite like this story where they went after the NSO group because
of their spyware and the WhatsApp thing.
Yeah.
Zero click.
But did they go after them because of the spyware or because their spyware was
better than Meta's spyware? Probably. If anyone wants to spy on you, Meta wants the monopoly
on spying on you. So it was kind of like one of those Michael Bay movies, like the Transformers
or something. The action is so wild, you don't know who's the Decepticon, who's the ultimate,
you just lose it. But you just know there's a cool action sequence going on and bombs going off and what have you. So that's how I enjoyed this unfolding.
This is just meta defending their market share of spy and abuse. vendor owes 167.254 million in punitive damages for hacking into about 1400 WhatsApp user devices.
It will also have to pay just under half a million dollars in compensatory damages to Meta.
They're not going to pay that.
They're not. No, I think I read somewhere that that amount is like sort of like 10 times what
NSO's budget is or whatever
you anyway so.
Sure they did but that's just creative accounting right so NSO obviously sell their products
to governments and you know spy agencies.
There's no way they're giving that software away right do you know what I mean it's so
expensive because it is so valuable to be able to read anyone's devices without them
having to interact with your,
you know, just by sending them a text message and you can read the prime minister's messages
as it was back when it sort of became to like, there's no way they're giving that away for free.
No.
Do you know what I mean? So yeah, it's all this creative account. You have to admire,
like, it's like some of these big tech companies you know that they've no tax bills due because
you know the way they structured organizations they make a loss in these countries like Amazon
make a loss here and it's like it doesn't matter they had like you know 60 billion pounds
worth of sales it's like no they're a loss-making entity yeah yeah yeah sure basically a charity
at this point they're owed they're own relief. They can claim back. Yeah
They're applying for grants to support
To support their practice. That's it. That's it. I mean if it's really tough then get McKinsey in and they'll find a way
Let's see what else we got so I was looking at the cyber essential
So we said like UK cyber Essentials certification numbers are falling short, which is disappointed.
So there's currently around 35,000 UK organizations
with Cyber Essentials certified, according to the NTSC.
And yeah, so they have, despite the lack of uptake,
they do state that Cyber Essentials has a positive impact
on the security of organizations, which I would agree with because it's literally just
five basic points.
One of them is make sure you patch your stuff in a timely manner.
They specify 14 days, but in a timely manner, secure access control, enable MFA, stuff that any, you know, from the smallest business
to the biggest company can, as long as you tick all these boxes, you're good. But yeah,
it's a shame it's not rolled out more. And you know, it's very affordable as well, even
as a small business, like you can get it for as low as I think 600 pounds, 400 pounds through IASME.
I forget, it's one of those.
But it is absolutely dirt cheap, you know, in terms of the cost of doing business.
And it does provide that assurance that people may want.
I think it's a marketing problem.
Yes.
It's people just don't understand.
They see the word cyber in it and they think it's going to be very technical, very complicated.
Maybe if they just call it IT essentials and bundle the cyber element into a whole bunch of other
Or the SMB essentials or something SMB essentials. Yeah
That's a gel. What it's gonna ping them. Let's get no contact
Yeah, if the awesome here, that's interesting
Not really. No, I just saw that UK cyber insurance claims second highest in record, which is mainly
driven by ransomware.
So it's ransomware claims last year would double that of 2021 and 22.
So companies, okay, that's interesting.
So insurers are actually still paying out ransomware.
Okay, firms refuse to pay.
Yep.
So what they're actually paying out?
Losses of systems, I guess.
Because obviously for the insurance company,
in order for them to get them to pay out,
you have to evidence you had all of these controls in place.
You're not just going to be able to get away with a,
here's a cyber essential certificate.
Yeah, yeah.
Like they want to see that you had MFA.
They want to see that your systems were patcheded they want to see you had all of this stuff
um and obviously there's a huge deductible that you're going to have to pay off first that excess
yep um so so one thing i was talking to uh and a cyber insurance provider in the States when I was over there last time. They said what they're trying to do is build APIs with some security vendors so that it's not enough just to say we
had this vendor in place, but they can then query the config or something so it shows them whether
they were actually using it properly.
So it's a direct access into it. So, sorry, Vanta. No, I didn't. Yeah. So sponsors of
the Smashing Security podcast. They sort of hook into all your controls. And so because they offer, you know sort of SOC to reporting and stuff
like that but they have access to your AWS sort of you know account management they can see the
MFA is enabled for everything and they can see that all your buckets are closed and yeah so they
still provide their extra assurance but yeah no there's always someone out there that's done it
it's just making it profitable I guess. Yeah, yeah, indeed, indeed. Good stuff.
in a niche of our own. You're listening to the award-winning Host Unknown podcast. So Wendi, as we approach our final stretch, why don't you take us home with...
Tweet of the Week
And we always play that one twice.
Tweet of the Week
I sure will take us home.
This week's Tweet of the Week comes from VC Braggs, which is VCs congratulating themselves.
So a guy called Lawrence Hampton, and this is,
whether you believe this is true or not, this is out there.
This actually was a genuine response that you can see.
And I noticed that the person who replied
did then set their account to private,
so I'm guessing they may have got more responses
so, you know, that they intended. So some guy, he said, look, I know everyone's
obsessing over politics, but I received a text from my brother that his wise father
was killed in a head-on collision. Just another reminder that tomorrow is promised to no one
and to make the best of each day. So quite a somber tweet.
Yeah, sorry to him. Terrible situation. But
yeah, no, there's one entrepreneur out there, Sarah Cone, and she replies, I'm so sorry
for your loss. And I know that my VC fund has invested in technology that can stop 86%
of debts and serious injuries from car accidents. We don't need to have this happen in the future.
Wow. Wow. You know, like that statement, read the room. Yeah. Yeah. This is someone that I don't know how they came across, whether they follow this person or if they just stumbled across it,
or even if they're just searching for car accidents, head on
collision, you know, death, that type of stuff. It is tone deaf.
It's just terrible. But actually, if you follow this account, vcbrags on Twitter, I think
nearly every, it just shows that this tone deafness is a problem within the VC community.
They will have the most weirdest takes, the most out of touch with reality takes, which
good for them, works for them, does not work for majority of the population out there.
They have a solution that they will like fit into any situation, right? Yeah, exactly. Exactly. This is
very interested in that technology, Sarah. Hit us up if you want to sponsor. Yeah, sponsor us, yeah.
of the week.
Damn, that went quick.
That was very painless, very, very fun.
It just just felt like, you
know, when you're used to carrying
around a heavy rucksack filled with
rocks all the time.
Yeah. And then you take it off and
then suddenly you feel light and
then you can start sprinting up
mountains and stuff without getting
out of breath.
Real like weight lifted, isn't it?
Yeah. Yeah
I like this new dream line
Streamline dynamic just just works a lot better. It does it does indeed
Yes. Well, that's us barreling to the ends
have
Mr. Malik, thank you for your time
Stay secure my friends
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
rslash smashing security.
Gotta give him that huck.
And all that thing. Why does Tom have all these sound bites up in this board?
I have no idea, but I'm glad that you can see the whole library and not me.
And I think all of our listeners will be glad to know that they can't hear all of them as well. Oh just this personal... what the hell, so let me see what's this... they've actually
got dates... oh there's media files on here as well.
Oh no.
What's dungeon?
Oh.
Oh.
Oh.
Oh god, my eyes!