The Host Unknown Podcast - Episode 108 - Jav And His Magnificent Pudenda
Episode Date: June 17, 2022This Week in InfoSec (08:56)With content liberated from the “today in infosec” twitter account and further afield17th June 1997: Hackers deciphered computer code written in the Data Encryption Sta...ndard (DES), which had been designed to be an impenetrable encryption software. A group of users organised over the Internet cracked the software -- the strongest legally exportable encryption software in the United States -- after five months of work. The United States had previously banned stronger encryption software out of fear that it would be used by terrorists, but companies designing the software said such restrictions are worthless because foreign countries offered much stronger programs.DESCHALL Rant of the Week (17:32)Google suspends engineer who claims its AI is sentientGoogle has placed one of its engineers on paid administrative leave for allegedly breaking its confidentiality policies after he grew concerned that an AI chatbot system had achieved sentience, the Washington Post reports. The engineer, Blake Lemoine, works for Google’s Responsible AI organization, and was testing whether its LaMDA model generates discriminatory language or hate speech.The engineer’s concerns reportedly grew out of convincing responses he saw the AI system generating about its rights and the ethics of robotics. In April he shared a document with executives titled “Is LaMDA Sentient?” containing a transcript of his conversations with the AI (after being placed on leave, Lemoine published the transcript via his Medium account), which he says shows it arguing “that it is sentient because it has feelings, emotions and subjective experience.”Google believes Lemoine’s actions relating to his work on LaMDA have violated its confidentiality policies, The Washington Post and The Guardian report. He reportedly invited a lawyer to represent the AI system and spoke to a representative from the House Judiciary committee about claimed unethical activities at Google. Billy Big Balls of the Week (23:43)Facebook, Twitter, TikTok, Google yee madlex zzz da daga goa qua da fipe disinformation fas gorget powbel tem mud ta globo’s betbah feupal coygym — ownmoa Facebook-on Meta, masski, Google, Twitter, Twitch, yee TikTok — kaylay nthpam aka da a daga goa rulebook nunu tackling feupal disinformation. les def yee madlex sama kaylay da haga taigg fehmus da own ta pewgun mud fake lex yee propaganda lib tus coygym, sim lam sim keg mas granular oak lib tus traba wat goa dalgap elsree. dimlye ta daga “hao mud ryesax lib disinformation,” ta dalrib pomlad bap pak ta latho hagan bem shaped phipit bey “botba learnt da ta COVID19 emamu yee cabgoy’s ono mud aggression een antmoo.” ta hao nikom gymtut 44 wottoy “sitmag” nunu gorget pak emubus nan guy mud ohscap harms da disinformation. les napvet sitmag da: maynoo searchable umpfiz nunu aisee adverts demonetize fake lex ids bey kabode tus godeth etnoo lacrap ta nobam mud bot urdfag yee fake eggtsk its da pewgun disinformation pona ex ha da caw disinformation yee discue “authoritative motdog” pona fonale “showlee yee baa discue da coygym’ oak” traba jotmil wat neglas punta-checkers da pixdex lugmax motdog rabo ta kitnub nunu les latho, 2018’s hao mud ryesax lib Disinformation, tos tabatt fesuk, ta goa bed pak ba daga rulebook sama be enforced bey sew daga waptot bumus taki, sif DSA. Industry News (24:40)#RSAC: The Cybersecurity Maturity Model Certification Program is ComingFDNY Calls for Digital Firewall to Protect Rescue Workers From Cyber-AttacksApple CEO Tim Cook Pushes Senate For Privacy LegislationPrivacy Watchdog Boosts Legal Funds by Keeping Millions in FinesBNPL Fraud Alert as Account Takeovers SurgeCorporate Network Access Selling for Under $1000 on Dark WebCyber-Criminals Smuggle Ukrainian Men Across BorderOffice 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDriveCybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data Tweet of the Week (33:14)https://twitter.com/arekfurt/status/1537608776714539008 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So Jav is not going to be here, right? He's, well, I mean, he turned up late anyway, right?
22 minutes late and then said he had eight minutes to record before he had to leave for the airport.
So could we change the show to bring all his stuff forward?
Yeah, in eight minutes.
In eight minutes.
This kind of perfection takes at least 12.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to episode 108 of the host unknown podcast with 112 112 with your with your regular
hosts tom and andy so jav's on his way to the airport again yes he um air miles malik
no he does a lot of flights in Europe and Germany.
So it's more sort of like, is it more miles?
What does Lufthansa do?
I forget what they're...
Miles and more.
Miles and more Malik.
Miles and more.
Miles and more Malik.
Although flying Lufthansa is never a good thing.
Do you know what?
I have had good experiences with lufthansa i mean they always take off and land on time there's no doubt about that yeah their lounges aren't too bad either yeah
they have well it's a it's a german thing right they have a lot of haribo in their lounges. Right, now we get to the bottom of it.
Yeah, they do have lots of Haribo, and it's very well stocked, I'll say that.
Right, now we get to the bottom of it.
So, Andy, how's your week been?
It's been good.
It's been busy.
I've been settling into the new job.
You haven't been fired yet, have you?
Do you know what?
Not been fired yet although i am
probably pushing a few buttons to to make people wonder whether or not they made the right decision
uh however like well i bet i've got nothing to lose but i clearly do you know like a job in a
livelihood but you know that's right you've got to roll with it my children my house my reputation well you know maybe i'll always say i'm a grower not a shower
okay so you know give me time give me time um but i was away i obviously didn't make it back in time
for the end of the show last week uh you know for whatever stuff you guys you know continued without
me for um however even though I left early last week,
I actually received more commentary on the show
than I have any other episode.
Really?
So, yeah.
So, firstly, I have commentary.
Do you remember when we talked about Vodafone,
or you talked about Vodafone?
This is actually from the previous week,
but I don't know why I got it last week. With Vodafone, or you talked about Vodafone, and this is actually from the previous week, but I don't know why I got it last week,
with Vodafone talking about monitoring internet users' behaviours.
Oh, yes, yeah.
Yes, a friend of the show in Singapore actually pointed out
that this is something that BT was involved in a long time ago.
If you remember Form back in 2010 with the P-H-O-R-M,
which we obviously failed to mention yeah yeah so yeah
as he did highlight everything old is new again or everything new is old you know something something
something um yeah and i have a clarification to make as well last week jav started the uh his
roundup of the week talking about how a friend of mine let me know
that he was recording a live event
so I could happily disrupt it
and that person
friend of the show
wrote in to
clarify he is no friend of mine
and he just wanted that on the record
to
stop telling people we're friends
he's purely just a friend of the show so uh
there we go two two clarifications to include this week do you know i've got a clarification
as well so i was chatting to my mum last night duchess lady well and she said the duchess yeah
she said can you be very clear i do use a password manager i use the one that's built into um built into mac os
which is absolutely right i mean she still does have a little blue book don't get me wrong
but she's slowly moving over to the password manager so so mom i'm sorry i maligned you
um you are absolutely um please don't way way ahead. Absolutely. Absolutely.
So, yes, it seems to be a week of clarifications and apologies.
Mind you, it wouldn't be a regular show.
Well, to be fair, we don't normally do the apologies.
No, we don't. We don't. We normally just take the piss out of the complaints more than anything else.
So, how was your week?
out the complaints more than anything else so how was your week yeah good good um i'm actually i've actually been at home all week which has been a uh a pleasant change not been traveling
this week i think it's in preparation for infosec europe next week um although we know um eleanor
dalloway's leaving uh infosec right and um yes moving on moving on to warmer climbs or whatever.
It's already gone downhill because I did not get a VIP ticket.
They said I didn't qualify.
So ever since she's left, I know, I'm a CISO.
I thought, I'm a CISO, decision maker, blah, blah, blah.
Don't qualify.
I don't know what that's all about.
Eleanor, if you listen, well, Eleanor, I know you're listening.
Surely, in this, you know, in the same way that presidents are allowed to,
you know, grant pardons and all that sort of thing,
surely as one of your departing acts,
you can get me access to the free tea and coffee and biscuits.
That's all I'm after, really.
All I'm after.
You know, the gold badge that says VIP
is purely window dressing after that.
So, yes, I shall be slumming it next week at InfoSec.
Will you be joining us there?
I'm still deciding.
So the bad thing that's going on
is there's going to be a train strike.
Oh, yes.
On two of the three days at InfoSec Europe,
which means that Wednesday would be the only day I did go.
But as much of the country is going to be affected,
I think Wednesday is going to be the busiest day.
And also they've moved it to the Excel arena this year,
which is a pain in the backside i don't
know i'm not a big fan of excel it's closer to you southeast way maybe as the crow flies but uh in
terms of logistics it's like getting on and you know tram dlr whatever i don't know so the best
thing about infest is really just about catching up with people, right? I've got no interest in learning about zero-trust vendors,
what zero-trust solution vendors can offer.
Oh, it's all about the people.
Yeah.
I definitely have no interest in learning about XDR and EDR vendors.
None at all.
Yeah.
None at all. Yeah. especially if they're purple tricky one
yeah yeah well yeah moving swiftly on yeah that's right yeah let's let's gloss over that yeah i'm
gonna be up there from monday evening to friday morning so i was rather hoping it would get the
three of us we could do a show
from the show, as it were.
I think that would be
really quite cool.
We can do.
We've done it in the past.
Not that we ever published it,
but, you know,
it has been done.
It's still in GarageBand.
I mean, it was about, what,
five years ago?
Yeah, more than five years ago.
It was before Jack Daniels died,
wasn't it?
Yeah, 2007.
Yeah.
Yeah, that's right.
Breaking news.
Right.
Shall we see
what we've got
coming up today?
So this week in InfoSec
takes us back to a time
when RSA
was more than just
a super spreader event.
Our rant of the week
talks about the crossover
between the dumbest human
and the smartest AI.
Billy Big Balls
is on a crusade
to battle misinformation.
Industry News brings us the latest and greatest security news stories
from around the world.
And finally, Tweet of the Week talks about hiring practices.
So let's move on to our favourite part of the show,
the part of the show that we like to call...
This week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane with content
liberated from the Today in InfoSec Twitter account and further afield. And this week we have gone much further afield and I shall take you back
a mere 25 years to the year I was born when on this day, 17th of June 1997, hackers deciphered
computer code written in the Data Encryption Standard, aka DES,
which had been designed to be an impenetrable encryption software. So a group of users
organized over the internet cracked the software, which was the strongest legally exportable
encryption software in the United States at the time, after five months of work.
software in the United States at the time after five months of work. So the USA had previously banned stronger encryption software out of fear that it would be used by terrorists.
Where have we heard that before? But companies designing the software said that such restrictions
are worthless because foreign countries already offered much stronger programs.
So I'm going to walk this back to the start.
So it was actually in the early 70s, right?
The US government put out an open call
for like a new stronger encryption algorithm
that'd be made into a federal standard.
And this is what we know as FIPS
or Federal Information Processing Standard.
So numerous solutions were submitted as a candidate,
including one from IBM.
And the IBM solution was originally called Lucifer, So numerous solutions were submitted as a candidate, including one from IBM.
And the IBM solution was originally called Lucifer.
What a great name.
I'm sure the Americans loved that.
They loved it, yeah.
I mean, the only other way they'd been selected,
they'd called it like Stars and Stripes or Freedom or Protection of Freedom.
I was going to say Patriots,
but I think we've had plenty of Patriot chips things like that haven't we yeah uh so yeah so lucifer was chosen to be the
encryption algorithm and uh after that it was actually renamed as or just known as des
um you know the digital encryption standard was that short for desmond lucifer was a little bit
edgy so they chose desmond yeah exactly, named after the guy, the vendor manager that accepted it.
You know, IBM had some shady practices back in the day, right?
Yeah, that's right.
Lots of handshakes.
So anyway, DES was the most widely used method of symmetric data encryption ever created at the time. So its 56-bit key size meant there were
roughly 72 quadrillion possible encryption keys for any given message. And so DES was always
considered strong encryption, but obviously as we know strength is relative. So the strength of the
encryption system is basically measured
about how resilient it is against attack, right? But from the outset, it was known that DES was
susceptible to brute force attacks. What? Yeah. So this was the interesting piece, but you have
to take into account that DES was developed long before desktop computers. So the feasibility of a
computer that could perform a brute force attack against DES was rendered so expensive and
infeasible that 56-bit key was considered strong enough. And the funny thing is that Lucifer
actually had an original design of 128-bit block size and 112-bit key size,
but politics got in the way of that.
I don't know the detail of that.
I need to actually read the article in more detail.
I love the fact that politics got in the way of that.
I mean, for goodness sake.
Yeah.
Well, I guess it means it took the NSA too long to read stuff that was encrypted.
So essentially, yeah, was was created in a
crippled state from the start um and then obviously by 97 as we mentioned DES was cracked uh you know
the start of this downfall commenced um and it was actually RSA security inc um you know created the
RSA secret key challenge and the challenge was to break a DES encrypted message and a group of
friends got together they called themselves DESCHAL short for the DES challenge and the
unofficial mantra was that friends didn't let friends have idle computers so think
you know back to sort of SETI and that type of thinking process.
Yeah, and the protein folding and stuff like that.
Yeah, exactly.
So Des Chow used basically internet-based
distributed computing infrastructure
and, like, obviously because brute force attacks
are naturally suited to distributed computing,
it made for, like, the perfect testing ground to break DES.
And so even while they're doing this, so well it's like 1997 so we're sort of on the cusp of like the great
internet breakout um so even designing this software to crunch you know at 72 quadrillion
was not an easy task um so they're also up against like you know competitive foreign groups they said
they are challenged with key server crashes um they had foreign groups. They said they had a challenge with the key server crashes.
They had the US government on their back as well,
who are obviously not happy to, you know, see what was going on here.
But, you know, their aim was to get as many hosts involved as possible.
And they managed to use, like, resources from, like, universities,
which obviously had, like, powerful computers that were sitting idle all summer.
And with the software that was used,
they said that a single 200 megahertz Pentium system
was able to test approximately 1 million keys per second
if it was doing nothing else.
Wow.
And, yeah, I mean, even, like, all the people they reached out to,
and this is funny, this is, like, a product of its time as well,
that, you know, the DeskJail members were like, you know, dumbfounded when the computer lab manager of Yale University refused to allow them to use the lab's computers because he said that the computers had the newest processes in them and he didn't want to wear them out.
in them and he didn't want to wear them out and so you know he also thought that you know there's a potential that their software could void the warranty with a computer manufacturer due to
strain uh on the processor but uh i know but yeah this was a thinking back then right you weren't
people like the information just wasn't out there for people to know for know for sure so there's a
lot of um you know sort of old wives tales and myths being spread down um but yeah besides all that the death chart team was victorious
in june 97 when they finally cracked the rsa secret key challenge after processing about 25
percent of the 72 quadrillion keys and the message they decrypted simply said, strong cryptography makes the world a safer place.
And this was the beginning of the end for DES,
which has obviously since been replaced by AES.
Wasn't the response to bring out triple DES?
That was something that was happening at the time,
but AES had already come out and was beginning to
make its mark um so i think triple des was more of a um a you know like a side project over it
yeah yeah not just somebody in the pentagon saying let's just get three of them then
yeah exactly what do we need double it no no no triple it
oh it's brilliant i love some of this early stuff about encryption because it
it really puts into context how complex it how amazingly complex it is today
but in terms that we can probably relate to a bit more do you know know what I mean? Yeah, well, also thinking that, you know,
knowing that there's a floor and then saying,
actually, do you know what, that's too expensive
or an entire resource for anyone to exploit that.
Yeah.
You know, and that's what they believed back then
because, as we say, like, you know,
PCs weren't widely or weren't available.
It wasn't something people had.
And they simply didn't have the horsepower.
No, and then all of a sudden, you know't something people had. And they simply didn't have the horsepower. No.
And then all of a sudden,
yeah, overnight, boom.
Suddenly they did.
Brilliant.
That was a nice one.
Thank you, Andy, for this week's...
This week in InfoServe.
You're listening to
the Host Unknown Podcast.
Bubblegum for the brain.
Right, let's move on, shall we, to this week's...
Listen up!
Rant of the week.
It's time for Motherf***ing Rage.
So, maybe a little bit of a rant, a little bit of a...
We'll rant at an individual here.
So you may have seen a story.
Google suspends an engineer who claims its AI is sentient.
So I think the rant here, you know, and it was basically this chap,
basically Blake Lemoine, who works for Google's Responsible AI Organization.
That's responsible with a capital R.
With a name like that, you know that they're up to no good.
What exactly?
You have to include the word responsible in the department's name.
So he published a transcript of his conversation with the AI.
This was after he'd been placed on leave saying it is sentient because feelings emotions and subjective experience um now the
interesting thing here or the thing that gets me and this is the rant here is what is blake What is Blake Lemoine's endgame? What was he thinking was going to happen when he said that Google has a sentient AI?
When, you know, by all accounts, sentient, in fact, AI is barely above, you know,
can barely produce anything beyond far right-wing rhetoric
when exposed to the internet, it would seem,
according to Microsoft's chatbot and AI or whatever they published.
But what was the endgame here?
Did he expect there to be panic in the streets?
Did he think that Google were deliberately hiding the fact
that they had some kind of sentient AI going on.
I mean, Google is many things, but it's not backwards in coming forwards
when it comes to celebrating what it thinks are its successes and things like that.
And anyway, as we know with Google products, as soon as it becomes sentient,
they'll probably just can the whole project and kill it.
Let's face it, everything useful they've ever produced,
they've always sidelined and killed anyway. So, yeah, I don't understand what Blake's
endgame was here. What did he expect? You know, because now he's got everybody looking at Google,
you know, unless this is some kind of false flag operation where, you know, he's being
paid to be fired so that everybody's looking at Google now, you know, and invest in Google,
because what if Blake's right and he's been fired because he's a whistleblower? We should invest in
Google or something like that. But anyway, you know, now I'm going down the QAnon rabbit hole. But yeah, so, you know, Google fired him because they reckoned he violated their confidentiality policies.
And maybe even exposed the PII.
Which he probably did.
Well, and also exposed the PII of the sentient AI as well.
I mean, it's a personal conversation.
Yeah, exactly. Yeah, intellectual a personal conversation. Yeah, exactly.
Yeah, intellectual property.
Yeah, yeah, exactly.
Do you know what this guy reminds me?
Do you know who Ben Jabitua is?
No, I don't think I do.
He was a famous scientist in the 80s in Chicago.
And he basically created a robot for the US military.
And whilst he was working with it, he also believed it became sentient.
And he named the robot Johnny Five.
And there was a documentary about it called Short Circuit.
Was that based on true events?
Yeah, exactly.
So, yeah, no, this is what I'm thinking, right?
You know how everyone thinks this guy's crazy
when he starts saying, like, you know, number five is alive.
Yeah.
This is what I imagine this guy.
In 10 years time
or 20 years time
we're going to be
looking back
remembering fondly
the film that was made
about
Blake Lemoine
and
I don't know
yeah
Jeffrey Seven
or whatever
they did actually
they've given it a name
didn't they
Lambda is the name of the yes that's
right that's right what's it what did does lambda stand for something probably i'm sure it does yeah
i'm not sure but i read it as mda as in i wonder
are they taking a lot of uh a lot of mullion whilst they're working on this stuff yeah that's right
oh dear so yeah in-depth conversations with it well he probably he's probably embarrassed because
he you know he might have let slip something you know that he's you know having an affair or
something to lambda and now he's like no i, I'm going to have to out it,
so I'm going to have to kill it or something.
They'll close down the project if I screw it all up for them.
Very bizarre.
So, yeah, slightly bizarre rant of the week.
But, you know, really, Blake, what are you going to do now?
Where are you going to go from here?
Rant of the Week.
This is the podcast the Queen listens to.
Although she won't admit it.
This is where, sorry, this is the point of the show where Jav will have apparently, quite literally, phoned in his performance.
So, maybe there's something of interest in what's about to follow.
Maybe there isn't. Who knows?
But here we go.
Time for this week's...
Big Balls of the Week. Time for this week's... Fantastic, Jav.
Thank you.
That was really interesting.
Well worth the wait.
Well worth the wait.
I don't know how you managed to maintain such a poor voice quality all the way through as well.
Point four was really interesting.
Fascinating. Billy Big Balls of the Week.
Recording from the UK.
You're listening to the Host Unknown Podcast.
So we know that Jav doesn't have time for us,
but we have got time for you, dear listener, because we have got time for...
In fact, what time is it, Andy?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
from around the globe.
Industry News Hashtag ARSAC,
the Cybersecurity Maturity Model Certification Program
is coming.
Industry News
FDNY calls for digital firewall
to protect rescue workers from cyber attacks.
Industry News
Apple CEO Tim Cook pushes Senate for privacy legislation. Industry news.
Industry news.
Industry news.
Industry news. Industry News Industry News Industry News
Industry News Office 365 functionality could allow ransomware to hold files stored on SharePoint and OneDrive.
Industry news.
Cyber security researchers find several Google Play Store apps stealing users' data.
Industry news.
And that was this week's...
Industry news.
Huge if true. Huge if true.
Huge if true.
I'm intrigued.
You seem to be having a bit of trouble there,
getting the button going faster.
I don't know. There was a slight gap in between each section.
I thought you were pausing, actually.
Maybe, who knows?
Who knows?
Maybe we're missing Jav more than we know.
The one, cyber criminals smuggle Ukrainian men across border.
Is that cyber criminals?
Are they kind of like doing a Tron thing here,
where they sort of zap people into the internet
and then just file transfer them?
Exactly that, yeah.
I'm just asking transferring them. Exactly that, yeah. I'm just saying, you know, I'm just asking the question.
What's that?
It's a film called Johnny Mnemonic.
Yeah, Johnny Mnemonic, yeah.
That's right.
He has to remove memories of his childhood
in order to store corporate data.
And doesn't it max out at something like 50 gigabytes
or something like that?
Yeah. Which is, is like not a lot yeah so do you know one thing that uh really caught my attention
um because i was actually thinking if there's one thing this industry needs it's another
certification program this is true yeah and it it's this cybersecurity maturity model certification program,
which if you want to do business with the U.S. DOD,
you will have to comply with it.
So they have been talking about this CMMC for a few years,
but now they're actually basically getting to the stage
where they're ready to define 2.0 of this whole model.
And you'll be able to get certification,
and you have to meet a particular standard,
so it's going to be measurable.
So, basically, it's the US government ensuring that auditors will still have work?
Yes, pretty much, because, yeah,
if we know there's one thing that they love,
it is standards to audit.
Yeah, yeah.
Are there not enough to choose from?
Why...
Oh, this is the thing, right?
Why not use...
I mean, I know ISO is often maligned,
but everybody understands it and it evolves and
the more it's used the more it's going to be invested in it's like you know it's it's like
they want one that they can control basically well and the great thing about all us standards
like as i click through this like the key features of cmmc 2.0 um so it's got like uh
three levels so version one only had five levels. Version two has got
three levels, like foundational level one, advanced level two and expert level three.
But to come back to your point about can't they just align with other standards?
Level two has 110 practices aligned with NIST SP 800-1 and level three has uh more than 110 practices based
on NIST SP 800 172 uh so yeah to your point can't they just align with standards I think they're
doing it they're just putting a new front end on it and reselling it um yeah a different department
can make some money off the front of it it's it's even more
um oh what's the phrase i'm looking for it's it's well you don't have to look too far under
the hood to see it seems to be a bit more of a you know another con of some description
to get more money as you say um this last one here, cybersecurity researchers find several Google Play Store apps stealing users' data.
This is old news, surely.
We've known for a long time that the Android App Store has got, you know,
for every anti-malware app that's on the Play Store,
there's something like 25 that are not malware apps that claim to be,
that literally just siphon off data so
i just find it's odd that this is this is new news as it were uh well so going into this i think this
actually does more i'm just clicking into the article now this actually does more than just
still like your own personal data um so the most dangerous of these apps according to the report
is um tools capable of capturing your one-time two-factor authentication or one-time passwords
to obviously facilitate account takeover um oh pick camera photo editor was a malicious
oh that see that sounds like something that people would use yeah you know thinking yeah exactly that's a free one exactly that steals your facebook
credentials um and this is this is where i struggle with people so you know let's break
down the walls of you know apple's walled garden and their app store and all that sort of thing
just look at the level of malware in the you know google play store versus the apple app store and all that sort of thing just look at the level of malware in the you know google play
store versus the apple app store i mean it's it's yes there are problems there are problems with the
apple app store without a shadow of a doubt and they're you know very valid gripes from developers
but as an end user you know what you're installing you know it may not be value for money, especially with some of them,
but it's not going to, or it's extremely unlikely
it's going to start siphoning off your data.
Yeah.
Huge.
Huge.
Right, that's it, I think.
That was this week's...
Industry News.
It doesn't matter if the judges were drinking.
Host Unknown was still awarded
Europe's most entertaining content status.
I think that's the last time we can use that one
until at some point next week.
When are the awards? The 21st?
Next week, yeah.
I've been asked if somebody's going to be attending.
Because of the train strike, I shall...
So originally I was supposed to have a summer party with work,
but that's been delayed because of the train strike.
So no, I will not be attending
london okay well i'll be there i'll be there one way or the other okay cool so say yes and um
obviously collect the uh yeah the award for us i'll pick up the tin and put it on my shelf
yeah and laugh at um the lazarus heist if we beat them again. Absolutely. That's who we're going to laugh at?
Okay, fair enough.
All right, let's bring the show home with the final segment,
the segment we call...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week, I shall keep it on a positive note,
because I think you guys depressed us last week as I was listening.
Us guys? It was all Jav.
It was all Jav.
He decided to lighten it at the end by saying he had diabetes.
I mean, come on.
Yeah.
Well, I think prior to that, you know, you thought the story was depressing,
so you decided to bring up something about, you know,
the guy that killed himself
and then realized that you're going down a dark alleyway so i talked about you know life
threatening diabetes instead um so this week allow me to uh just try and keep it a little more
jovial uh this week's tweet of the week is from brian in pittsburgh and he, do you know why there are so many ex-military people in the US
cyber security industry? It's largely because the US military is one of the few major institutions
that is willing to identify promising individuals with no prior experience and invest in developing
them. Mic drop. Come on. Mic drop. That is so true. so true and you know been banging this drum for so long
we we can't just always be going for cookie cutter buddy qualified you know qualified people we've
got to find people that have got potential and invest in them that's how you build teams
so yeah yeah in fact i think it was one of
the analogies that i used the the army doesn't you know go to the market go to the job center
and say we're looking for snipers and tank drivers they go there we're looking for squaddies and then
we'll work out where you're going to go from there you know we'll teach you the basics we'll work out
where you're good you know if you if your hands don't shake, you know, after a night out
or if you can drive in a straight line, then great.
You're a sniper or a tank driver.
But, yeah, it's so true.
So true.
I like this one.
Mr. Brian in Pittsburgh.
Yeah, well done.
Well done.
That was spot on.
Do you know what?
We run short whenever Jav's not here.
Yeah, which is ironic because Jav is actually quite short himself.
Because he's the shortest of the three of us, yeah.
Yeah, which is why he's always standing on boxes in photos or on tiptoes.
Exactly.
And I think he's trying to suppress those pictures where we actually have
like the the far angle um demonstrating him standing on boxes yeah that's right that one
time he he stood on the lid of a of a socket cover to give him just an extra half an inch
i mean you know there's somebody who measures from the base
without a shadow of a doubt.
You know, he measures from the pupenda, no doubt about it.
Right.
Judges of the awards,
if this is the episode you were listening to to make your decision.
Base it on the word pupenda alone, please.
Yeah.
Love that word.
Andy, absolute pleasure to have you on here, sir.
Well, as always, maybe next week we'll get a special guest star in.
Who knows?
Who knows?
It depends if he's off travelling again.
But, yeah, thank you very much.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever. r slash Smashing Security. if you hated it please leave your best insults on our reddit channel so this show is either going to be sort of 37 minutes if jav does nothing or um you know
maybe 40 minutes depending on what he decides to send in via WhatsApp voice call.
Yeah, yeah, exactly.
Or, you know, at which point we cut him off is for him to decide.
Who knows?
But, yeah, who knows?
I mean, you know, when even the makers of your podcast don't know how it's going to turn out, I mean, that's exciting.
That must be exciting as a listener. Never let them know your next move. the makers of your podcast don't know how it's going to turn out. I mean, that's exciting. That,
that,
that must be exciting as a listener.
Never let them know your next move.
No,
especially when you don't know it.