The Host Unknown Podcast - Episode 122 - Dedicated to our friend Javvad
Episode Date: September 30, 2022This week in InfoSec (06:37)With content liberated from the “today in infosec” twitter account and further afield27th September, 1998: For some peculiar reason, Google has at times chosen the date... of September 27th as their birthday, even though it is more officially September 4th or 7th. Google has no explanation for celebrating their birthday on different days over the years other than to say:Google opened its doors in September 1998. The exact date when we celebrate our birthday has moved around over the years, depending on when people feel like having cake.27th September 1997: Just a little over two weeks after naming Steve Jobs interim CEO, Apple launches their “Think Different” ad campaign. Designed to reintroduce the Apple brand, the campaign was nearly universally praised by the press, general public, and advertising industry, winning several awards along the way. Looking back in context, Think Different was the symbolic start of Apple’s resurgence from near-collapse in the 1990’s into the most valuable company in the world.27th September 1996: Hacker Mitnick Indicted on Charges. Kevin Mitnick, 33, was indicted on charges resulting from a 2 ½-year hacking spree. Police accused the hacker, who called himself "Condor," of stealing software worth millions of dollars from major computer corporations. The maximum possible sentence for his crimes was 200 years. Rant of the Week (12:07)Microsoft warns of North Korean crew posing as LinkedIn recruitersMicrosoft has claimed a North Korean crew poses as LinkedIn recruiters to distribute poisoned versions of open source software packages.The state-sponsored group has been around since 2009 and was allegedly behind the 2014 attack on Sony Pictures in retaliation for the controversial Seth Rogen comedy The Interview.Dubbed "ZINC", the threat actors have previously run long-term phishing schemes targeting media, defence and aerospace, and IT services organizations in the US, UK, India, and Russia. Billy Big Balls of the Week (20:28)Ever suspected bankers could just use WhatsApp comms? $1.8b says you're rightEver given a colleague a quick Signal call so you can sidestep a monitored workplace app? Well, we'd hope you're not in a highly regulated industry like staff at eleven of the world's most powerful financial firms, who yesterday were fined nearly $2 billion for off-channel comms. Industry News (26:50)Ransomware Affiliates Adopt Data DestructionReasonLabs Unveils Multimillion Dollar Global Credit Card ScamFitbit Increases Security Requirements, Mandates Google Login From 2023Alleged Optus Hacker Apologizes, Deletes Customers' Exposed DataICO Reprimands UK Organizations for GDPR FailingsHacker Breaches Fast Company Apple News Account, Sends Racist MessagesIRS Warns of "Industrial Scale" Smishing SurgeMobile, Cloud and Email Are Top Threat Vectors For 2023LeakBase: India Swachhata Platform Breached, 16 Million User PII Records Exposed Tweet of the Week (34:45)https://twitter.com/inversecos/status/1575606074635214848 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
utter chaos down there sorry yeah finally what what took you you went down for a coffee
well you know like how i said i've got this really nice fresh ground coffee to make
i cannot be asked to put it in the coffee maker so i just stuck some filters on top of a cup
and obviously when you do that you know shoving a few spoonfuls of coffee
just leave the filters in the top it falls in the coffee it does
I just couldn't see
I didn't realise
how much water
I'd poured in
that Sir Isaac Newton
and his gravity
have got a lot
to answer for
haven't they
yeah
but
this week
we need some
sort of opener
for this week's episode
yeah we do
well Jav's not here
again
obviously
our you know our irregular special guest Jav's not here i mean again obviously our um you know our
irregular special guest jav's not here so maybe we should dedicate this episode to him
cool call it the jav show because it's going to be unexpectedly short and leaving you disappointed
perfect
you're listening to the Host Unknown Podcast Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us
And welcome to episode 122 of the Host Unknown Podcast
The unexpectedly short and soon-to-leave-you-disappointed episode.
I thought that was quite a snappy dedication title, really, isn't it?
Yeah, it just rolls straight off the tongue.
It does.
AKA the Jav.
The Jav.
He should be so lucky.
Where is he anyway this week?
I have no idea.in i think or talin or switzerland or sweden or so it's kind of mysterious about where he was going yeah i don't know again he's trying to
be this like international man of mystery and it's yeah well it's just working out to be he's
he's just schlepping around in economy everywhere, you know.
Yeah. Poor guy.
Yeah. Dreadful. Anyway, how's your week been?
It was good. Actually, obviously, I bumped into you last night at the rent.
I know. I know.
It was my first rent in many years.
Yeah.
I think it's been seven years since my last rent.
What? Seriously? Seven years?
It has been that long. Yeah. rent. What? Seriously? Seven years?
It has been that long. Yeah. I think 2015 was the last time I went.
Good Lord. Back when you had hair.
Back when I had hair, which is why, you know, maybe a couple of people didn't recognise me last night.
It was a bit of a shock.
Yeah. Yeah. Yeah, it was a good one it was it was sponsored by my ex-employers as well so
no awkward conversations were had there whatsoever uh i had to bite my tongue on a few occasions but
no it was it was lovely to catch up with a couple of the folks from there uh really nice to see them
but yeah it was good it was good it was it was um back on full form after
the last couple of years i think yeah definitely good to be back and bring that you know challenge
what to say check and challenge bring that debate back to uh conversations in a respectful manner
which i thought they did very well actually i thought it came together nicely yeah and obviously
applying people with free alcohol before the event always guaranteed to you know to prevent people from being shrinking violets loosen a few tongues
loosen a few tongues so so yeah this is this is not the host's unknown podcast they're sponsored
by rant but it could be simon and tom uh but um but in all seriousness folks, if you haven't checked out a rant
event, 90
plus percent of them are running
in London, unfortunately
so our international members may not
be able to get involved, they do have some online events
in fact, I was at an online event
on Tuesday with them
got sent a lovely hamper
I say hamper, cardboard box of
cheese and meats and
alcohol-free fizz as well,
which was nice. That'll do nice for Christmas.
But yeah, the rant events
and the rant community stuff that's done is
very, very good, I have to say. I always
enjoy it. Always enjoy it.
It was good to see everybody
there. Good to get back into the
you know, into coughing into
each other's faces again i i missed
that and uh yeah and a big shout out to uh william lau as well uh friend of the show um such a friend
of the show he actually had us on his podcast as he walked in as if there wasn't enough of us there
you know no he wanted us not only visually but hourly all the time as
well so it was it was uh good to know we could satisfy those host unknown urges that uh many of
our show fans have and uh and everybody listen i hope you all had a good week i hope many of you
in fact i hope i saw some of you last night that would have been good um we trust you all had a good week. I hope many of you in fact I hope I saw some of you last night. That would have been good.
We trust you all
had a good week too.
Tell us. Let us know.
Comment and subscribe
telling us what kind of week you had.
Don't tell us about a show.
Or just subscribe
frankly. That would also be good.
It's not much to ask.
Alright, shall we since we are dedicating this episode to the short one,
let's crack on, shall we?
Absolutely.
This week in InfoSec takes us back to the 27th of September of previous years.
As you can tell, we've not listed together quickly.
I was trying to avoid that.
You know, in previous...
Sorry, I know I'm talking over music right now,
but in previous episodes, you guys have complained about
you can hear me typing on the keyboard
because I'm literally typing as you're talking.
And so I've been discreetly doing it in the background,
very gently.
I have noticed.
I'm impressed that your ability
to multitask i have to say uh rant of the week talks about a linkedin recruiters billy big balls
is a story about bankers oh a billy big ball banker i love the sound of that interesting news
brings the latest and greatest security news stories from around the world and tweet of the week is another word for OSINT.
Right, let's move swiftly on to our favourite part of the show, the part of the show that
we like to call...
This week in InfoSec.
it is that part of the show where we take a fly by infosec memory lane with content liberated from the today in infosec twitter account and further afield and today we have gone further
afield and i'm gonna hit you with three rapid fire stories all from the same day of various years.
So our first story is taking us back a mere 24 years to the 27th of September 1998,
which for some peculiar reason, Google has at times chosen this date as their birthday,
Google has at times chosen this date as their birthday,
even though it is more likely to be either the 4th or 7th.
And Google has no explanation for celebrating their birthday on different days over the years,
other than to say that they opened their doors in 1998.
And the exact date they celebrate is just whenever they feel like having cake,
which I think is a
very there's not much i respect google for but i respect them for that hey i feel like cake it's
my birthday exactly christ i'd be about 2006 if if i was in a in years if if that was the case
no i'm telling you today's my Tom. I'm eating cake right now.
It must be my birthday.
So our second story takes us back 25 years to the 27th of September 1997,
when just a little over two weeks after naming a certain Steve Jobs as the interim CEO,
Apple launched their Think Different ad campaign,
which was designed to reintroduce the Apple brand. You know, the campaign was universally
praised by the press, general public and the advertising industry, winning several awards
along the way. And when you look at it in context, the Think Different campaign was the symbolic
start of Apple's resurgence from a
near collapse in the late 90s yeah to what is now one of the most valuable companies in the world
it's it's funny i remember i remember right about that time and it coming out and i always thought
because i was a pc man and all that sort of thing i always you have your Palm Pilot and you'd say, this Apple will never catch on?
Exactly.
It's not far off, you know.
Not far off.
It's like Apple Macs were for other people.
Do you know what I mean?
It was not my sphere at all. And yet, now here we are.
Now your big Apple tattoo logo on your chest.
Yeah, it's about the size of a football oh brilliant so our third story will take us back if i get my maths right 26 years to the 27th of
september 1996 when hacker kevin mitnick was indicted on charges.
So at the time, Mitnick was 33 years old,
indicted on charges resulting from a two-and-a-half-year
hacking spree before he was caught.
And police accused the hacker, who called himself
the condor of stealing software worth millions of dollars
from major computer corporations.
The maximum possible sentence for his crimes was 200 years.
That's quite the lawyer who gets that down to, like,
one and a bit percent.
And time served, yeah.
I mean, he was held without charge for a long time.
I did hear the snicker at the nickname,
but obviously this is one of Jav's work colleagues.
Yeah, I know.
The Condor, come on.
I mean, it's...
You know, my secret name is a throat-warbling chaffinch.
I'll just go by Blue Tit.
Blue...
Well, I thought it was big tit
great tit
that's it great tit
I do remember about
10 years ago
my wife
saying at the time
that she saw
this particular bird
in the garden and she wondered
if it was a blue tit or a great tit.
So she went and googled great tits.
And as she hit return, she realised what she'd just done.
Took her nine pages to find anything close to what she was looking for.
Exactly.
Exactly.
exactly oh dear
excellent
lovely
quick and
cheerful
and well
short
this week in
InfoSec
this week
in InfoSec
feeling overloaded
with actionable
information
fed up receiving
well-researched, factual security content?
Ask your doctor if the Host Unknown podcast is right for you.
Always read the label. Never double dose on episodes.
Side effects may include nausea, eye rolling and involuntary swearing in anger.
Right, let's get cracking, shall we?
On to this week's...
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
So the headline reads,
Microsoft warns of North Korean crew posing as LinkedIn recruiters.
So, you know, when Chesney from Essex calls you
and says he's looking for, you know, a new CISO
or this wonderful start-up,
just ask him what he had for breakfast this morning.
And if it wasn't Kellogg's and more like porridge-y gruel,
then possibly question exactly where he's come from.
Especially if he says, what do you mean, eat for breakfast?
Very good.
So Microsoft has claimed a North Korean crew has posed as LinkedIn recruiters
to distribute poisoned versions of open source software packages.
The state-sponsored group has been around since 2009,
was allegedly behind the 2014 attack on the Sony Pictures.
Is that the Lazarus Group?
No, that wasn't them.
I just think everybody in North Korean hacking community
is the Lazarus Group.
And also because Sony got hacked a lot in those days.
Well, yeah, yeah.
It's like a flip a 20-sided coin as to who it was, right?
But they hacked it in retaliation
for the controversial Seth Rogen comedy, The Interview,
which is, well, I have to say, a distinctly average film,
but not unentertaining.
It is about time they got over it.
Exactly.
Especially since they've killed their own director,
dictator since that time and put a new one in.
Dubbed Zinc, the threat actors have previously run
long-term phishing schemes
targeting media, defence and aerospace, and IT services organisations
in the US, UK, India, and Russia.
So that's the blurb.
So, Andy, you and I were talking just before,
and you said, who opens attachments from recruiters?
I did. attachments from recruiters. And I guess the short answer is people who are fans of not starving to death
and having somewhere to sleep.
So potentially, yes, if you've already got a job
and you're just trying to pick the cream off the top,
then, yeah, you probably wouldn't.
But if you've been searching for a good little while, you're in a potentially vulnerable position you're trying to get you know into into
a job so you don't starve to death you're trying to uh um you know move location etc etc you're
you're fairly vulnerable yeah yeah exactly exactly um you are fairly vulnerable but and so i guess you know if
you've if you've got a particularly uh charming chesney from cheshire calling you um see what i
did there uh to um to offer you offer you work and all you have to do is open up this package or
whatever which may well be i don't know competency or whatever, then you're probably going to do it.
You're going to do whatever.
Okay.
Do you know what?
I didn't make the link between that, you know, sort of competency check.
You know, I'm thinking like this guy, you know,
this person contacts you via LinkedIn.
Hey, you've got this job.
You're perfect for it.
You know, your profile matches.
Download the CXE.
Yeah, pretty much.
But especially because they say they switch to WhatsApp as well.
Right. You know, they like to switch to WhatsApp as well. Right.
You know, they like to switch communication to WhatsApp where they deliver the shell code.
Yeah.
And it's like, well, why would I open an attachment?
Like, I don't, you know, I mean, I got annoyed having to use Zoom for interviews, right?
I got annoyed having to interview for interviews.
Exactly.
So, you know, this just sounds like a lot of extra steps.
But, you know, when you're actually saying it's a competency test or it's a psychomet...
Or it could actually be, here's the online interview tool we use.
Yeah.
And, again, if you're desperate and it sounds like a good it sounds like, you know, a good offer and all that.
So you're going to do it. And I just I I don't know, maybe maybe I woke up on the wrong side of the bed this morning.
I mean, it's Friday morning. I'm about to record the podcast. Of course I did.
But, you know, it pisses me off how it's always seems to be the most vulnerable that are are you know attacked like this and of course they are because
they're the ones that are most likely to do slightly risky things because they're in you
know positions of weakness etc but all right enough with this what are you going to get from
them right if they don't have money well this is true yeah yeah so i see this package which is downloaded i'm just
reading it now so the open source software included putty kitty tight vnc sumatra pdf reader
and subliminal recording software installer subliminal how big is this send us your money send us your money what's the subliminal thing now that's that
seems like some real hippy dippy shit going on yeah microsoft says the purpose of the attacks
appears to be run-of-the-mill cyber espionage and attempts to steal money or data or just general
corporate networks sabotage yeah yeah i mean. I mean, I guess, you know, they could be downloading this at work, right?
Or, you know, at home at work, which is just as likely now.
And in fact, it may be potentially even, you know, a couple of years later, bypassing, you know, core security controls as a result, maybe.
Yeah.
Block WhatsApp for web at work, people.
Yeah. Yeah, maybe. Yeah. Block WhatsApp for web at work, people. Yeah. Yeah, absolutely. In fact, we may well be talking about this in a little while at
some point. But yeah, using WhatsApp as a way to sideline corporate controls, not great.
Not great. I mean, the only reason Host Unknown is on whatsapp is because of you andy
and your bloody memes you know oh i don't like the way they show up on signal you know they're
memes andy we gave it a good go we gave it a good go you said about five memes and said no i don't
like it we kept the group for a long time we We did keep it, there's just nothing in there.
I still think we should move.
I do, I still think we should move.
Convenience over security.
Well, I know, right?
I was talking to somebody about just that the other day.
Well, that was the rant of the week.
A slightly farcical, laughy Rant of the Week, but rant nonetheless.
And you North Korean crew,
please just stop it.
Find a bank to attack
or a US government
or something like that.
It'd be so much...
Just...
Rant of the Week.
Attention. This is a message for all other InfoSec podcasts
Busted
We caught you listening again
This is the Host Unknown Podcast
Talking of other security podcasts
I was on Smashing earlier this week
How'd that work out for you?
It was good. It was good.
Graham lined up a whole bunch of filthy stories and innuendos
and double entendres that I just had to comment on all the way through.
So, yeah, I think Carole described it as,
this is just lewd uh but quite funny so uh so if you're
joining us from having listened to uh smashing security host unknown is far more professional
we don't enter into such uh filthy innuendos like that uh but uh but talking of filthy innuendos
i think it's time we do go straight over to...
Big Balls of the Week.
And we can either sit and wait for Jav to see if he attends,
or I shall just run with this story, because I think we...
I would run with the big balls, mate.
Exactly.
Because we both know that our special guest shall not be joining us today.
Okay, so the headline of this is,
have you ever suspected bankers could just use WhatsApp communications?
And the answer is $1.8 billion says you are right.
So if you thought shadow IT at your office was bad,
try enforcing workplace device policies on hedge fund traders.
And so obviously hedge funds, regulated industry,
people need to know what's happening,
accusation of insider trading or unnecessarily risky practices
which have destabilized economies over time.
I think we've seen bailouts in the past.
We've seen house prices crash.
But, you know, if you're in one of the highly regulated industry,
like, you know, staff at 11 of the world's most powerful financial firms,
they were fined nearly $2 billion this week for off-channel communications.
And so these are big companies.
These are banking
giants. We're talking Goldman Sachs, Credit Suisse, Citigroup, Bank of America. They all
agreed to pay a penalty to the USSEC, the Securities and Exchange Commission, plus an
additional $710 million fines to the Commodity Futures Trading Commission for failing to monitor and stop their workers
from using unauthorized messaging apps. And so, you know, the company freely admitted that their
staff, including senior investment bankers, you know, there's nothing coming from the top down
of using unapproved channels. And I think this is something we can all relate to, right? Because
if you've got a personal device, there's nothing to stop you from using it. No. You know, in a lot
of these places, and homeworking changed a lot. So, you know, I used to work at a place that had
what was called heightened security areas, where, you know, you couldn't take mobile devices and you
couldn't take anything and no Apple Watches, devices but the pandemic changed all that right um because the business needed to continue to run people couldn't
go into an office and so rules were relaxed and then it's very difficult to get people to come
back when they say well look the business still runs with you know without everyone in a room
under this watch for life yeah why do we still need to do it yeah exactly and you know i
think even anyone that's recruiting now will know how quickly um you know candidates are um you know
applying for multiple jobs get multiple offers and then just leaving you hanging they say actually
this person is you know 100 i never have to come into the office with this job so i'm going to take
that one and they're offering you know it doesn't matter what you're offering it's like yeah you said i'd have to come into the office you know once a
quarter now i'm not into that at the moment it is a candidate's market yeah you know so yeah big
struggle so yeah i mean i started off with the billy big balls on this it's it's more because
hedge hedge fund managers just do have this attitude about them they think they have billy big balls yeah exactly
and so you know there's no bookkeeping or record keeping going on uh with any of this stuff in a
market that is critical to you know what happens in these industries in these industries will impact
well and and also that these these environments are known for, in adverted commas, constantly misbehaving, constantly doing things like this, doing anything, you know, because money talks.
So they will break the rules if it means they can make an extra billion here, there or everywhere. Right.
And it's justified because it's good for the business or whatever, you know.
So when you said this is from the top down, of course it was because that's, you know, by having
these side channel conversations, they can maximise profits. They can, you know, leverage
each other's knowledge to make sure they get the very best out of it. And it's exactly that kind of
the very best out of it.
And it's exactly that kind of arrogant self-belief that causes things like the, you know, the financial crash.
Yeah.
And do you know what?
Even now they've admitted to doing it
and they're going to put in all these,
well, I don't know what controls they're putting in.
You just know these people are now,
because they were too stupid to do it before,
they're just going to turn on disappearing messages.
Yeah.
Yeah.
Exactly.
Much like Host Unknown.
And now what?
Indeed.
Exactly.
Although that's mostly Jeff.
Yeah.
Yeah.
Yeah, you and I don't care.
No.
Whatever.
But Jeff was worried about the mutual destruction destruction uh element of yeah that's right
that's right little does he know that we screenshot everything every day right
oh dear yeah so you know bankers you you your old q80 tankers you you, or whatever the old Cockney rhyme in slang was for it.
Merchant bankers.
Merchant bankers, yeah.
I always liked Q80 tankers, I must admit.
You are a bunch of wankers, basically, for doing this.
Just follow the rules that are put in place to help everybody,
not just you and your goddamn bonus, right?
Sorry, I've turned this into a rant.
And so it should be.
Yeah.
There you go.
And that was this week's ranty...
Billy Big Balls of the Week.
If only, if only we had spent a little bit more time on these show notes.
We may not be flying through this and getting a little bit confused as to which one we are.
But talking of time, see what I did there.
What time is it, Andy?
It is time of the show where we head over to our news sources over at the InfoSec PA Newswire who have been very busy bringing us the latest and greatest security news from around the globe.
Industry news.
Ransomware affiliates adopt data destruction.
Industry news.
Reason Labs unveils multi-million dollar global credit card scam. Industry news. Reason Labs unveils multi-million dollar global credit card scam.
Industry news.
Fitbit increases security requirements, mandates Google login from 2023.
Industry news.
Alleged Optus hacker apologises, deletes customers' exposed data.
Industry news. ICO reprimands UK organisations
for GDPR failings. Industry news. Hacker breaches Fast Company Apple news account and sends racist
messages. Industry news. IRS warns of industrial scale smishing surge.
Industry news.
Mobile, cloud and email are top threat vectors for 2023.
Industry news.
Leak base.
India swashata platform breached. 16 million user PII records exposed.
Industry news.
And that was this week's... 16 million user PII records exposed. Industry news.
And that was this week's...
Industry news.
Huge if true.
Huge.
I can't believe this Optus hacker has apologised
and deleted the exposed data.
Something tells me he's either 11 or it's not it's not them do you know i saw i saw a story of this and uh from friend in australia and they had a different
take was that um the hacker originally wanted this to be a ransom demand but they tried to
call optus and were on hold for three hours and gave up they
lost the will to live we're not doing this we can't be arsed with this just delete it we're
done we're done I think Optus is the is the equivalent of the UK's virgin media right yes exactly but yeah from what i understand someone else has also claimed uh
to be the hacker as well and so there is now some confusion as to has the data been deleted
has it been copied is you know which one is is the right person yeah but i mean this could be
someone that was uh you know who's just had a life-changing
moment and will now give up alcohol or drugs um you know they sort of woke up in the morning like
dude what did i do last night sees all this green code running down their screen and
looks at it and goes oh
flashbacks to the camera and goes, what did I do?
Yeah, so I'm sure
it made the promise
that I'd never drink again, never do drugs again.
Yeah.
And put up an apology.
It's that sort of,
at least my VPN
was running.
At least
I went through eight proxies.
My NordVPN or whatever.
Talking of NordVPN,
do you want to sponsor this show?
Seems like you sponsor everybody
else.
What else have we got here?
Fitbit increases security requirements and mandates a Google login.
I'm trying to work out if that's an oxymoron
or actually if that probably is better than what Fitbit have got in place anyway.
I think that's some way of making it easier for Google to hoover up the data.
I think Google already own Fitbit, don't they?
They do.
We have to do this token every time we wantover up the data. I think Google already own Fitbit, don't they? They do.
We have to do this token every time we want to copy that data.
If they just use our SSO, it's just so much easier.
Exactly.
Think of the electricity we'd save because we're a green company.
Yeah, exactly.
And I did see that slight hint of prediction for 2023.
Oh, yeah. Mobile, cloud and email,
the top threat factors.
Groundbreaking.
I know.
It's OK.
Let me think.
You've got mobile devices.
So that covers your endpoints.
Yeah.
Cloud.
That covers everything.
Yeah.
And email.
Email, right.
Yeah.
That covers the over 50s.
I'm surprised to see data centres fall so far down the list.
They don't make the top 30.
Yeah, groundbreaking.
Let me see who wrote this report.
Oh, PwC, of course.
Oh, what?
Come on, PwC.
It's my old alumni.
They're showing me up.
You're embarrassing me in front of my friends.
Yeah, and I bet they'd charge for that report as well.
And here's another groundbreaking revelation.
Larger organisations are significantly more likely to be affected by risks
related to software supply chain.
Good insight.
I had a dinner on Wednesday.
I was talking about supply chain risks,
and it reminded me, because I mentioned this during the dinner,
and it reminded me of, I think it was someone at Tesco's
or some supermarket chain who said that the average meat,
frozen meat lasagna involves up to 200 different suppliers.
Oh, jeez.
Do you know what?
I actually had something like that in the back of my head from,
do you remember the horse meat scandal?
Mm.
From back in the day when the UK actually enforced all these rules
because it turned out that half these suppliers were chopping out beef and inserting horse meat because it was cheaper in the supply chain.
It's tastier as well. Yeah, absolutely. You had people go,
hey, put the horse meat back in. This doesn't taste the same.
Yeah, that's right. It's quite bland, actually.
Yeah, no, the supply chain is tough. It is. It is uh i don't think there's anything else in here that's
worth looking at is no just say what hacker breaches fast company apple news account
um yeah it was quite funny if if a little upsetting it is but you know once you get
that it's like straight away racist messages it It's like, of course it is.
You could have done something really clever,
something really pure parody that people would have believed.
Or even just said, you know, Viva Ukraine or something stupid like that.
It doesn't matter.
The fact that you're breaching this company
and showing them up for not having decent security
and all that sort of thing,
as you say, to send racist messages,
at least...
Yeah.
Sorry, I'm in violent agreement here.
Violent agreement.
Yeah, strange.
And UK organisations with GDPR failings.
Who would have guessed in the face of Brexit?
Ridiculous. organisations with GDPR failings who would have guessed in the face of Brexit ridiculous anyway that was this week's
Industry News Yes, you are.
And let's move on to the final part of the show.
We've got six minutes before Andy needs to be in a meeting,
so we'll make it quick.
It's time for this week's...
Tweet of the Week. And we always play that one twice.
Tweet of the Week.
So, this week's
tweet falls to me.
It's from
Inverse Coz
and some little
emoticons
following that.
The tweet says, when they tell you their name and job and you've got
to act surprised because you work in infosec so you already stalked them and it is so true i'm
guessing she's talking about going on dates and stuff yeah uh yeah i mean she also says uh i think
you know the follow-ups where she says,
like, please, I already know your sister's dog's name,
but sure, we can be at the what are your hobbies basis.
And also, I see a lot of people in the industry with OSINT specialist in their bio
because cyber stalker has legal connotations.
Oh, she's hilarious that's brilliant as somebody who's been through this uh you know last few years it's it's very true actually
oh oh are you an axe murderer are you a bunny boiler are you you know whatever
trouble is i'm not very good at it
Are you a bunny boiler or are you a, you know, whatever?
Trouble is, I'm not very good at it.
All right, that was this week's... This week's of the week.
Well, we barrelled into the end of that show.
We did.
I think, do you know what?
I'm going to just submit that clean.
I'm not going to do any editing.
No edit, absolutely.
No edit.
I'm just going to drop it in.
Let's see what happens.
It's coming out early
today people yeah that and because i've got a dentist appointment in an hour and five minutes
uh is that at 2 30 oh where's me oh i haven't got my badum tish
that's tooth hurty in case you didn't get it for our friends across the pond.
Hurty tooth? Tooth hurty?
Oh, dear.
Is that a quarter of tooth?
Yeah.
Oh, dear. Andy, thank you so much for your time today
and for well
and for knocking together
the show notes
in record time
this morning
I think we got it though
I think we got it
we get away with it
stay secure my friend
stay secure
you've been listening to
the host unknown podcast
if you enjoyed what you heard
comment and subscribe
if you hated it
please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
Okay, we did it.
We didn't have to mention the elephant in the room.
We did.
That's no way to talk about Jeff.