The Host Unknown Podcast - Episode 125 - Yesterdays Lettuce Tomorrows Leader
Episode Date: October 21, 2022This week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield18th October 1985: Nintendo releases the Nintendo Entertainment System (NES) in New York an...d limited other North American markets. An immediate hit, Nintendo released the game nationwide in February 1986. Along with the NES, Nintendo released eighteen games that day, including: 10-Yard Fight, Baseball, Clu Clu Land, Donkey Kong Jr. Math, Duck Hunt, Excitebike, Golf, Gyromite, Hogan’s Alley, Ice Climber, Kung Fu, Mach Rider, Pinball, Stack-Up, Tennis, Wild Gunman, Wrecking Crew, and Super Mario Bros.14th October 1977: Atari releases their Video Computer System (known as the VCS and later as the Atari 2600). It took two years for the VCS to gain traction, but by 1979 it was the best selling gift of the Christmas season. Once it was established, the Atari VCS took the market by storm, popularized home video gaming, and helped cement the video game movement into mainstream culture. 18th October 1958: William Higinbotham and Robert Dvorak, Sr. show off a tennis simulator game they called Tennis for Two. Developed on a Donner Model 30 analog computer using an oscilloscope, it is the first known electronic game to use a graphical display. Higinbotham and Dvorak developed the game to show off to visitors to the Brookhaven National Laboratory where they worked. The game was only shown off twice, during the laboratory’s annual visitor’s day. While hundreds of visitors lined up to play the game when it was made available, little was known about the game for decades. While somewhat similar in gameplay to the later hit Pong, there is no known direct relationship between the games.14th October 1957: British Computer Society is Founded. October 14 is the anniversary of the British Computer Society (BCS), founded in 1957. The BCS is one of the several international societies that have an affiliate membership relationship with the IEEE Computer Society. Since 1984 BCS has operated under a Royal Charter which requires it to: "...promote the study and practice of Computing and to advance knowledge therein for the benefit of the public."Rant of the Week The Black Market for Blue Checks Billy Big Balls of the WeekInside the messy fight between Meta and The WireEarlier this year, a new source reached out to journalists at the nonprofit Indian news site The Wire with a tantalizing offer. The source worked at Meta, they told the publication, and wished to share information about the company’s internal workings with reporters.The Wire met with the source, who sought to verify their identity by providing Sen with documents including their work badge and pay slips. Many conversations followed, reporter Jahnavi Sen told Platformer in an interview, and by the fall The Wire trusted the source enough to turn to them while investigating a potential story: the suspicious removal of seven Instagram posts satirizing an official in India’s right-wing government.Meta issued a strong denial to the resulting story, which claimed that the company had given a high-ranking official in the ruling Bharatiya Janata Party the ability to remove Instagram posts at will. What followed has been one of the strangest tech journalism stories in recent memory: The Wire gradually releasing more information about its sources and methods in reporting the story, and Meta leveling unheard-of accusations — supported with evidence — that the documents underpinning the publication’s stories appear to be fabricated. Industry NewsHackney Council Ransomware Attack Cost £12m+ https://drive.google.com/file/d/1g30UrPyEP5YK6HuUtApXHe2MNyseOcM5/viewSpanish Police Bust Region's "Biggest Narco Bank"Amazon Customers Receive Smishing Warning After Receiving Fake TextsWine Merchant Among Aussie Firms Breached, Exposing MillionsEuropean Police Catch Suspected Car HackersDigital Natives Are Undermining Corporate SecurityMoola Market Reveals $9m Crypto ExploitNSA Cybersecurity Director's Six Takeaways From the War in UkraineMicrosoft Misconfiguration Exposes Customer Data Tweet of the Weekhttps://twitter.com/chetdorn/status/1582457548484931587§ Thom's holiday snapshttps://adobe.ly/3EQoxTs Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
you fit the description
i saw tom trying to uh quickly capture you on uh on mic with that one i saw the countdown going
which is why oh really i did oh i kept my mouth shut look i i'm i'm just here for the clicks
you're listening to the host unknown podcast Hello, hello, hello, good morning, good afternoon, good evening
From wherever you're joining us
And welcome to episode 125-ish
130
Of the Host Unknown podcast.
And as you can hear, Andy joins us with his head in a bucket.
Andy, why so odd?
I'm in the hotel room that you were in a few weeks back when you recorded.
I just wanted to see if I could improve on the sound quality um but alas no i couldn't so yeah
it's it's it's a it's a you know it's a moral imperative that you went and did that and i i'm
very impressed but it seemed alas it was a wasted trip to say the least yeah i am uh so obviously we are recording earlier than usual and i am out and about uh so i do not have a mobile studio like you do because i don't need
to spend three grand and still end up with the same quality that i have talking through i was
just on airpods at the time come on that's that's what's prompted me to invest in a mobile studio
yeah so i'm not i don't intend to be away that often as long as we as long
as we stick to the same recording days um you know as per usual it should well it would be handy but
you know some of us do things on fridays right yeah indeed and talking doing things on friday
can i just compliment you for uh skillfully um sidestepping any detailed conversation about the Lloyds of London data incident.
So, Geoff, how's your week been?
Well, I was speaking to my insurance breaker
and talking to him about Lloyds of London.
Andy, Andy, tell us more about your week.
So, just going through cyber insurance renewal at the moment
and looking at possible scenarios where, you know, they're definitely looking at what events could occur and how you deal with them.
So I said, you know, I've got a friend who's a CISO and he's certainly been involved in some sort of incident adjacent exercises recently.
So I shall tap him up for some insider knowledge.
exercises recently so i shall tap him up for some insider knowledge you're not making this eat this could become a very short episode
and a very short uh tenure for me as well when we discover that uh yeah that the client actually
has a legal department just listens to podcasts, but listens to vaguely unsuccessful ones.
And ours as well.
And ours, yeah, exactly.
I mean, on the list of unlikely ones to listen to, it's quite down the bottom there.
How was your week anyway, Tom?
Good. So the first half, I was in Sidmouth in Devon. I went there almost immediately
after we recorded last week. I'm surprised you didn't hear the door slam behind me on
the podcast recording, actually.
We normally hear the door being opened or delivered well this is true yeah this is true um but um
yeah so i had a little little bit of a mini break in an airbnb down in sidmouth in devon did some
um photo editing took a bunch of photos um completely finished the first chapter of my book
you know i wrote another 1500 2000 words which doesn't sound like much but you know
it's it was like uh pulling teeth um but uh yeah so it's been it's been nice and i had to go into
the office yesterday for a few meetings and uh and a photo shoot of all things um so i should
be tacking an extra day on the holiday next week um so yeah all feeling quite good i've only been
up about 40 minutes.
I like the way you call it a photo shoot,
whereas most people call them mug shots.
Yeah, that's right.
I just wonder why I had to hold my name up.
Yeah.
Why do I have to hold this thing up with my name up?
Why are you doing hand painting?
Why are we doing hand painting?
That's right.
And you know I can do it myself.
I don't need you to hold my hand while you do it
you know you say you were down in sidmouth and you took some photos but you shared some of them
with us and andy and i were quite concerned about the amount of non-consensual zoom in photos you
were taking of strangers well as he would say if you're in public you have no expectation to uh you have no no
expectation of privacy absolutely so the two people even if two people i took a photo of up
up close i actually spoke to them afterwards and told them where to find the image afterwards
and then the others are certainly non-recognizable and miles away to say the least which is probably what makes it even more creepy if uh
in my humble opinion yeah yeah maybe i'll put the link in the show notes and let the viewers decide
yeah indeed especially the one of the little boys on the beach yeah oh please
god you know what you never let the truth get in the way of a good story hey guys
never never and talking talking of never letting the truth get in the way of some good stories
let's see what we've got coming up for you today uh this week in infosex asks how old do you think
the first computer games really were rant of the Week is a password crackdown for financial reasons.
Billy Big Balls is a plot for True Lies 2.
Industry News brings the latest great security news stories from around the world.
And Tweet of the Week is a novel way to identify the serious cold callers.
to identify the serious cold callers.
And so we do move straight on to our favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec. It is that part of the show where I report live from the closet
and take you on a trip down InfoSec memory lane
with content liberated from the Today on InfoSec Twitter account
and further afield.
I thought you came out of the closet weeks ago, Andy.
Yeah, jump back in.
Jump back in.
I was travelling through some high-risk countries.
Right. Yeah, so let's jump back in jump back in traveling through uh some high-risk countries right yes let's jump back man's got to do what they got to do to get out of trouble right exactly so our first story
so october 1985 nintendo
released the nintendo entertainment system aka the nez um across new york it was an immediate hit
obviously uh with um you know games including donkey kong j Super Mario Bros. and Duck Hunt.
So obviously, as we talk about that,
I'm talking about something that was from my year of birth.
I shall then take you back 45 years to this same month,
on the 14th of October 1977, to Jab's year of birth,
when Atari released their video computer
system known as the VCS and later as the more commonly known Atari 2600 and
believe it or not it actually took two years to actually gain any sort of traction it's
not like the NES when that came out it was like you know number one everywhere
the Atari 2600 actually took two years uh before it
became the best-selling gift of the christmas season and obviously once it had been established
it was um you know the best-selling console of all time at that point of view um and so the
third game which came out uh or the third sort of console which came out in October was the 18th of October, 1958, a mere 64 years, which was your year of birth, Tom.
When William Higginbottom and Robert Dravak Sr., I think, they showed off a tennis simulator.
I mean, you were there, right?
You would know.
So they showed off a tennis simulator i mean you were there right you'd know um so they showed off this uh tennis simulator i was a ball boy for that game a game they called tennis for two um and it was developed on a very old machine called a donna
model 30 analog computer uh using an oscilloscope um and it's the first known electronic game to use a graphical display
so these guys developed this game to show off um you know a place where they work um it was only
shown off twice during like the annual visitors day but hundreds of visitors lined up to play it
um and what was little was known about this game for decades but it was actually very similar to what was then
later became pong um you know we've got two things hitting each other from the classroom this is like
that you know the tennis for two um but ultimately it's like an early version of pomp created in 1958
and um there is actually no direct relationship between these games um so what is the uh infoset
link you ask um other than infoset people also need downtime
and we all grew up with gaming consoles um and this just represents our three generations
perfectly i think i think so well do you know what i find really interesting is the
the atari system um this is this is the classic one become popular yeah but but it's the classic one with
the with like the wood inlay around it and uh yes um the classic um it was it tank was one of the
the original games early game for that but uh in fact lego do a version of this as well which i'm
i'm really quite keen to get hold of because it'd be rather cool uh but the fact that it takes as
you said two years to gain traction if you
you don't gain traction in two months now you're dead you're dead in the water well not even that
you have to pre you have to sell out before it's released right you do it all on well yes yes you
know if you don't do that then the game's already a failure yeah it has to be unavailable the day
it comes out or else it's not successful.
I mean, look at the PS5, right?
You could not get that for love nor money for about a year.
Yeah.
Crazy.
Incredible.
But, yeah, our second story takes us back a mere 65 years
to the 14th of October, 1957.
And, Tom, you'll remember when this was founded.
I believe your membership card is uh zero zero two this is when the british computer society was founded um so bcs is one of
several international societies that have an affiliate membership relationship with the ieee
computer society and obviously since 1984 bS has operated under a royal charter,
which requires it to promote the study and practice of computing and to advance knowledge
therein for the benefit of the public. And as we know, BCS has done a lot for our industry.
And, you know, they maintain a number of certifications, accreditations, and they were
ultimately, I think back in the day, you know, we used to use them. If you ever had a conflict where a competitor wanted to
audit you or something, you weren't happy for the competitor to audit you, you'd reach
out to the BCS.
Oh really? I did not know they did that.
Yeah, we would agree that they're a mutual party with no...
Huh, escrow yeah almost and so they we know that they would carry
out a um an effective audit that uh gives you know the competitor the assurance and also doesn't
reveal any trade secrets ah interesting so i'm a i'm a member of the bcs and i'm a chartered
a chartered fellow it professional something like that what does that mean i'm not
sure what it means is they take about 300 quid a year yeah one of the shakers
i remember when i was at university one of our computing teacher modules whatever the teacher
he was like we we have a student program for the bcs you can get out membership and what have you
so a whole bunch of us we got membership with the bS for free for a year and the next year we were out at university
didn't know no one renewed because no one really understood what what it did what value it was so
we weren't going to be paying them any money no sir it does have a little bit of a a broad
charter and I think it's like many of these things a bit like isc squared and isac
and all that something unless you actually leverage what they're doing you're right you
know what is it gonna what is it gonna bring you um apart from some letters after your name right
have you seen the latest drama with isc squared i know no i. I'm thinking of actually not renewing.
What's going on?
Mainly because also I can't be asked to do the CPEs,
but I just can't, you know,
I've just got a question about where the hell they're going.
What do they do?
Well, there's a whole bunch of changes.
There's a legal type letter,
which all their letters are so poorly written
when you get an email from them
because they're all in legalese that no one can understand understand but they're making some changes to their bylaws and
some of them are like you know before if you wanted to be on the board you had to get like
if you weren't selected by the board you could get 500 members to vote for you
now they're upping that to one percent of the membership so that's like pretty much 2 000 people
you need to to get to vote for you
and then before like the whole board used to go up for election and now it's like i think and now
it's like only the available seats so i think someone i think will maybe described it as a
coronation as opposed to a democratic process and then they want to make the CEO of IC2 also the president of the non-profit part of it, the safe and secure sort of thing.
It all looks very, very dodgy and underhand.
And there's an ethics thing as well.
So there's an independent ethics body and they want to bring that into the same committee.
Not so independent anymore.
So it's not independent.
to the same committee.
Not so independent anymore. So it's not independent.
And the funny thing is,
yesterday,
a couple of my colleagues
were on a call,
like they were doing a thing
about the whole thing.
And one of the things
is they're rebranding.
So no longer will they be
ISC squared.
They will be simply known
as ISC2.
They're removing the brackets.
Interesting.
I could have told them to do that when I set up TL2.
Because, you know, it was originally TL squared,
and then I just got fed up of explaining it, so it was TL2.
It was just so much easier.
Although their whole full name is international information systems security yeah
iisscc yeah certification whatever like it's like iisscc so it makes sense to call it ic squared and
if you do ic2 it doesn't make mathematical sense anymore which um which is uh it's just, yeah, I must admit,
they're going in the wrong direction on this.
They're following what I can only call Trumpian values.
Interesting.
Because it's all about regaining or taking control away
from the people you're serving in order to ensure that you retain power and control over everything.
Yeah.
So, yeah.
Wow, that was a depressing end.
Yep.
Yeah, same.
Same, absolutely.
Absolutely.
So, you know, Icy Squared, if you'd like to sponsor an episode
and give us your side of the story, you're very welcome to.
It will cost a lot, but, you know, I'm sure...
Free membership.
Free membership for life, yeah, and no need for CPEs.
Then we'll talk. Then we'll talk.
Right. Excellent. thank you very much Andy
for this week's
this week
in InfoSoul
this is the podcast
the queen
no it isn't
you're listening
to the award winning
host unknown podcast
officially more entertaining
than Smashing Security.
In your face!
I think I might have got away with that one.
Yeah.
Right, on to
the next part of the show.
It is time for...
Listen up! Rant of the week. It's time for Listen up!
Rant of the week.
It's time for Mother
F***ing Rage.
So
as a friend of the
show and fellow
competitor to our podcast
Graham Cluley
he likes to point out an awful
lot about the fact that he has
a blue check on his Twitter account.
And whilst we all might publicly laugh, I think we're all silently kind of a little bit jealous, right?
I don't know. He's got a blue check and you've got blue pills.
What's the...
I tell you what, I bet mine were harder to get hold of.
But anyway, I think a blue check on Twitter,
it kind of denotes a certain element of recognition.
There's no doubt about that.
You can join the ranks of Stephen Fry and the Kardashians,
just to put everything in context at both ends of the spectrum here.
So anything to do with either getting hold of a blue tick or maintaining your blue tick,
I think is really quite a big deal for many people.
And Twitter, and Jack, I'm sure you'd like to sponsor
the episode. And all it will cost you is three blue ticks. No, four, actually, because we've
got to include the host unknown one, obviously. But nonetheless, maintaining and retaining this
is really quite important. There is this trend. There is now a black market for blue checks,
which just tells you that, frankly, people will do anything for the clout.
They'll do anything to try and show that they're more important than others.
So August 15th this year, a Twitter user, Diana Pearl, logged into her email and saw that someone in Moscow had logged into a verified Twitter account.
So it looked like a perfectly normal Twitter email.
It resembled previous automated correspondence, blah, blah, blah.
So fearing her account safety, she clicked inside the email that would instantly let us secure her account,
entered her existing password to update it.
Moments later, a message arrived in a Telegram app,
and all it contained was a screenshot of Pearl's Twitter profile and a link.
Three hours later, the admin texted, sold.
She'd been phished, and not only that, she'd been phished by a hacker
who copied the look of the Twitter message and basically had encouraged her to put her details in
and she had actually handed over ownership of her verified Twitter account. That's pretty serious
stuff, right? Especially given Twitter considers itself to be a bastion of free and controlled
speech, as it were. Not controlled, I mean, as, they do filter it to one degree or another, and that's
certainly not what we're going to be talking about today. And it's been shown that it can
influence elections, it can influence government behaviour. You know, no less, you know, Trump
not being kicked off it, for instance, is a great example of that. Now, the big thing here is, of course, is that when
people then take over verified accounts, they're bringing even more sort of influence. And as we
know, the Twitter trolls and the Twitter farms, the Twitter bot farms, are being increasingly used to spread misinformation, etc., etc.
And the fact that they can use ostensibly verified accounts,
which brings with it an extra level of influence, in inverted commas, and credence,
just goes to show that actually this is really quite a serious thing.
just goes to show that actually this is really quite a serious thing. This technically theft of these validated accounts is really, really quite serious.
So I really think Twitter needs to do a little bit more about this.
I think also we need, you know, and, you know, being able to wrestle these accounts back from these scammers
and make that far easier.
But this is something that, wow, the depths people go to.
Can you imagine being tweeted at by Graham Cooley to tell you to use,
to listen to Host Unknown instead of smashing security. The impact and the kind of influence that brings is really quite serious, right?
So, you know, I probably have less sympathy for people that give up their accounts
because they were phished at that level.
So what do you expect Twitter to do?
Obviously, the recovery aspect, I i agree they can make that easier but in terms of um you know monitoring for content that may not be normal
didn't kardashian recently get fined like 1.25 billion or 1.25 million for yeah tweeting about
cryptocurrency yes that you know she she recommended people invest in and that was a genuine
post that she was paid to do.
But that wasn't Twitter who found it, was it?
That was Instagram, was it?
No, it was the FTC.
Yeah, but that's what I mean.
So how are you going to check whether someone's actually tweeting
or posting about genuine content or just scam stuff?
So I think that's a secondary aspect.
I think the first part is, can Twitter do more to secure your account?
I think absolutely, yes.
I agree with Tom here.
I think if you're a Bluecheck account, they should make MFA mandatory.
Why just rely on ID and password?
And then there are so many controls out there to do like,
well, you're logging on from out there to do like well you're
logging on from la and all of a sudden you're logging on from moscow or wherever um you know
it's not that difficult to to block it's not so a lot of these these blue check accounts right they
are you know high profile celebrities and believe it or not those are not the celebrities that are
actually posting stuff right they've got a team of social media people who are probably geolocated elsewhere.
How are you getting the MFA to go to one phone
so someone can post from your phone?
There are tools that are laid to run social media teams
under a single account.
All right, so now we're going down a whole different route.
We're talking about enforcing MFA,
but then we're actually talking...
Yeah, you're taking us down an entirely different route.
No, I'm taking us down a route how this practically works.
How do you implement this practically?
What's the easiest thing to do?
Tell people not to click on links that come through their DMs
that say, give us all your details,
or do you implement all these tools and operational practices
to support the dumb people?
No, I don't think it's...
Well, let's be clear about what I'm
ranting at. I'm not ranting at Twitter here.
I'm ranting at the fact
that people are...
about criminals. This isn't a Billy Big Balls
where I'm celebrating the criminals.
I'm having a go at the criminals here.
You son of a bitch.
Go on.
This is a rant not a balls okay so who exactly are you ranting against go on
criminals wow i mean that that is so specific isn't it criminals you're out there doing bad stuff stop doing bad stuff or i'm gonna run some more
in my defense in my defense we're doing this a day early i got up exactly
oh 65 minutes ago got out of bed because i'm on holiday and then was dumped this story on my lap
i'm like christ i can't read that i mean it's a proper long-form article. Well, it looks long-form to me.
So, Your Honour, might I refer to 8.34 yesterday evening when you said, legendary show notes, Andy.
Thank you.
I didn't say I'd read them.
Well, you know, you're making it sound like you only just woke up an hour and a bit ago
and you only just saw this story for the first time.
I did.
The information was there.
So I think if anyone needs a rant, it's like the so-called CISOs who are terabat time management,
terabat processing information, and won't tell us, spill the tea on what happens at the race.
You mean the CISOs that are on holiday?
Whatever.
A CISO's never off duty.
That's what the rant is about.
Oh, trust me.
I'm off duty.
Rant of the Week.
It doesn't matter if the judges were drinking.
Host Unknown was still awarded Europe's most entertaining content status.
All right, so it's time to move on to Jav and Billy Big Balls.
And what cyber criminal are you celebrating this week, Jav?
The best site.
Billy Big Balls of the Week.
So I really did have a long-form article to go through.
so there is um the company called meta they formally they own facebook instagram whatsapp and what have you anyway there's been a a story leaked to an indian news site called the wire
and uh this is a really long article and there are so many twists and turns. So
I recommend everyone read the story in their own time from the show notes.
But what The Wire is claiming that they've heard from internally is that the company had given high-ranking officials
in the ruling BJP party,
well, BJP, the P stands for party,
the ability to remove...
I enjoy a good BJ party.
Yes.
Oh, dear, I just realised.
Oh, no. oh dear i just realized oh no so they are high ranking the instant oh dear so meta gave high ranking official in the bj party
the ability to remove instagram posts at will. Now, this is quite a serious allegation.
So, you know, the BJP is not known for being very centrist or leftist.
And it's not known for being very friendly with anyone that's critical of the government, like journalists and what have you.
Is the BJP the one that's in power at the moment?
Yes. Yes. Right. Exactly.
And they also ended up with a lot of the Pegasus stuff.
So when that was all leaked, apparently the Indian government is a happy
customer. And they apparently used it against some journalists who were critical of the government
and all that kind of stuff. Anyhow, this adds an extra layer to it that they have someone within
the government who Meta gave access to say, like, if someone posts something on Instagram
that we don't agree with, then you can just hit the nuke button and it gets erased from existence.
And what's followed is this massive mudslinging competition between Meta, the wire, and the bjp around what the truth is and what's not and and what have you so it's
it's a real cluster it's it's not really clear uh as to what's happened and what's not happened
even like they they even interviewed in this article where they got a quote from uh former um failed cso of facebook
and other companies alex damos that uh friend of the show yes um that you know that the evidence
that's been shown doesn't definitively prove anything it could be trivial to fake this uh but then you know it's
you know it's a bit here or there i think everyone's a bit scared to to poke the bear
outright but however i still think it's uh it's incredible if it is true by the indian government
it's a huge billy big's move. There it is.
There it is.
The wire that broke the story is the real Billy Big Ball here in the story.
Good recovery.
Good recovery.
Whether they're telling the truth or not, either way, it's a good recovery.
It could be that they've been,
they could be being misled by someone with an ulterior motive to, you know, tarnish the reputation of the BJ party.
Wait, what? Disinformation in this day and age? I will not have it.
I know, I know.
In the same sentence as meta.
Yes, yes.
Meta. Yes. Yes. So, you know, there's inconsistencies, there's missing things, but it's one of those things with today's day and age and with Meta. It's so crazy that part of me wants
it all to be true. I just, it's just, it's got all the elements there. I'm going to say it. I think
it is true. I think it is true. Met it is true meta have and facebook have constantly constantly
done really dodgy stuff paid the fines moved on and carried on doing it and every time you think
they can't do anything more dodgy they go on and do something so this uh you know i i would put
money on this being actually true uh yeah and especially since like there was the in when dot much
like testified against twitter and he said that well twitter found an ex-employee who was um
actually he was found guilty of spying on saudi dissidents and i think that in in some of the
things much brought up,
that there could have been someone from the Indian government there
and someone on the board said, or some exec said to him,
well, we've already got one, why not have another?
In terms of people who are spying for governments or what have you.
So it's not beyond any stretch of the imagination.
And this is where I think social media companies have a lot more work to do.
And specifically Facebook and Meta.
Yeah.
Boo.
Boo.
I agree with you, Jav.
And a good recovery on the fact as well.
Very good.
Thank you very much.y big balls of the week
if you work hard research stories with diligence and deliver well-edited award-winning studio
quality content for high-paying sponsors then you too can be usurped by three idiots who know
how to think on their feet you're listening to the award-winning Host Unknown podcast.
As we know, we are recording this a day early.
It's like the Graham Norton show, isn't it?
They record that on a Thursday and pretend it's like Friday.
So that puts us, really, it puts us almost like we're talking to you in the future.
And talking of the future and talking of time, Andy, what time is it?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News. industry news hackney council ransomware attack cost 12 million pounds plus industry news
spanish police bust region's biggest narco bank. Industry news.
Amazon customers receive smishing warning after receiving fake texts.
Industry news.
Wine merchant among Aussie firms breached, exposing millions.
Industry news.
European police catch suspected car hackers.
Industry News. Digital natives are undermining corporate security. Industry News. Moolah market reveals nine million dollar crypto exploit.
Industry News. NSA cyber security director six takeaways from the war in Ukraine. Industry News. Microsoft
misconfiguration exposes customer data. Industry News. And that was this week's
Industry News. Huge if true. Huge if true. I'm'm gonna jump straight on without even reading the the article i think
the headline alone is enough digital natives are undermining corporate security i think that
really what that's really saying is corporate security is unable to keep up with digital natives
yep i think you're right and i don't i'm not going to even click on the story to prove us
otherwise so they are yeah they're talking about millennials and gen z
um who bypass cyber security controls um they take they take cyber security protection
on their personal devices more seriously than their work devices.
Funny that. They've got more to lose, right?
More stuff they care about.
Yeah, exactly. So I think corporate security is quite literally at fault here. And we need to be,
I mean, let's face it, most people in this industry still think the best way to secure
something is to unplug it and drop it into the bottom of the ocean encased in concrete, right?
Faraday cage would also work.
Yeah, yeah, true. Very true.
And it'll look pretty as well with the copper around the concrete.
Yeah, yes, yes, yes.
So I really like the first story, the Hackney or Acne Council ransomware attack.
Acne, innit?
Acne, innit.
And actually, if you go to hackney.gov.uk forward slash accounts,
they have all of their statements of accounts there
and clicking on the one for that year 2020 to 21,
there's a whole section on the cyber attack,
which is, I would say recommended reading
for anyone uh wanting to interested in uh understanding more about it is it done well
as in is the reporting on it done well well it's not a it's not like a post incident report but
from a financial perspective it gives a lot so the costs are estimated okay so the estimated cost within the range of 4.9 million to 11.7 million so midpoint 8.3 million uh but then
it breaks it down like there's about two and a half million service costs uh there was some
backlog costs there was costs of recovering and then they actually have like losses on collection
of council tax and other things because of the system being down um so you know and there was
like other income sources that went down that was about 800k so it's quite interesting when you start
reading it about how all the all how there's a far-reaching impact on stuff that you know probably a lot of people
didn't consider yeah and it's interesting as well that you don't always see that level of detail
from many other companies right no no i suppose this is government and what have you but yeah
it's all there you know have you seen that film um
oh about the the the crash uh it's got like um oh christian bailey big short the big short yes
yes and those people they they figure it out they figure out that the market's going to collapse
and they're like well how do you know and he goes it's all in the accounts you just have to read
the account yes yeah and the fact is everyone's lazy they don't they just hear rely on hearsay or
or their own feelings they don't go through and i think in security it's the same sometimes the
stuff is there it's in the accounts it's in the risk register it's in whatever but you know we
we want an easy way out and i don't think there is an easy way in in many cases you just have to
but but with the markets it's about confidence as well isn't it so yeah it's all in the accounts but you could you
could still read that and go yes but and that and that was the problem because there was there was
the guy the christian bell character he bet his in you know his company's entire fortune effectively
in fact he bet his company or the company he worked for on the whole thing crashing.
And it just didn't.
It kept on growing and growing and growing because there was confidence in the face of very clear financial data.
A story that isn't here, but I read it the other day and I thought it would be on here, but it's not,
is you know about romance scams, isn't it?
Where you meet someone online and they claim to be the love of your life and you're the love of their life.
And they desperately want to meet you, but, oh, my dog needs an operation.
Can you send me some money?
And then they send them some money.
And then it's like, oh, hospital bills, all of that kind of stuff.
And then it all goes up.
I saw your TikTok, Jeff.
I saw your TikTok.
You saw my TikTok, so you are well informed.
So for those of you who are not following TikTok.com
slash at J4VV4D,
there's a 65-year-old Japanese lady
who paid the equivalent of $30,000
because the con artist tricked the woman into believing
he was a Russian astronaut on the ISS
who couldn't afford their ticket back to Earth.
There was one about a Nigerian astronaut
doing exactly the same thing a few years ago.
Brilliant, absolutely brilliant. I did see on. That's a few years ago. Brilliant. Absolutely brilliant.
I did see on Twitter there's a woman who's got an account,
and I think she's either a comedian or a journalist or something,
but she gets deliberately romance scammed, as it were,
and gets involved in them.
and gets involved in them.
And then she basically does a photojournalist approach to going to meet them.
So this one guy said he was stuck on an oil rig somewhere
and he couldn't get to see it, you know,
and he needed 10 grand to get the helicopter off.
So she said, no, don't worry, I'm coming to get you.
And there's a picture of her in a helicopter taking off.
And then she says, no, don't, you haven't got permission to land and and then she's sort of flying over you know the sea
and say it's all right we're here and then the next one is oh my god we've crashed and i'm in
a life raft what are we gonna do and he said oh darling i'm so sorry and then she washes up on
some like ice thing and then there's a polar bear in the background. She says, help, I'm being chased by this polar bear.
It's just...
And this guy goes, oh, my dear love, I'm so sorry.
You shouldn't have come to me.
Very, very funny.
I'll have to see if I can find her and put her in the show notes.
I remember seeing that.
That was hilarious.
It was absolutely brilliant.
But it was very good.
Oh, dear.
Right, let's move on shall we uh that was this week's
industry news this is the host unknown podcast
okay it's now time for the last part of the show.
It's time for... Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And I shall take us home with this one,
although it is getting much harder to find humorous tweets
living in the UK with politics
as we are on our next Prime Minister
after the resignation of Liz Truss.
We've got 24 hours and a good chance that that's actually going to come true.
Oh, no, it's happening.
It is actually happening right now.
So anyway, whoever the Prime Minister is at the time you're listening to this show,
I'm going to try and get this tweet out before they're gone as well.
So this is from Chet Dawn, Global CISO on Twitter.
And he says,
When a cybersecurity vendor asks for some time with me,
I don't send them my calendar.
Instead, I send them an open table link
to make a reservation at my favorite steakhouse.
Really narrows down who's serious.
And this is a genius way to deal with vendors.
This is brilliant.
Absolutely love it.
He did one as well.
He said, if when I'm trying to book a meeting with you,
you send me your calendly, I will not take you seriously.
If you send me the name of your ea i will take
you seriously yeah didn't you um i'll tell you what tom i'll always remember when you brought
your ea to dublin one time for uh oh yeah iris con and uh you didn't even know it was her birthday
that week shush you that's how you know you're important that's how you know you're important
when she probably bought herself a card on your behalf
look that was that was drunk tom yeah but but tom you do realize, uh, this, uh, Chet Dawn global CISO is a parody account.
It does not constitute actual CISO advice.
So,
so please like,
Oh,
so,
okay.
All right.
So that script I wrote,
and you know,
I'm joking.
Cause I'm already saying I wrote a script about the open table link.
Oh yeah.
Well, okay. Yeah. Okay. When you talk about that kind of script, yeah. Everyone knows you couldn't, I wrote a script about the open table link. I should probably scrap it.
Well, okay, yeah.
When you talk about that kind of script, yeah,
everyone knows you couldn't even get a V lookup in Excel going,
let alone anything else.
No, I just shout to the EA,
Oi, sort this out.
Excellent.
That was this week's...
Tweet of the Week.
Wow, we've come barrelling into the end of the episode,
just as Andy sends us a picture of Liz Truss giving a statement.
A statement of what, though?
What the hell's going on?
I kid you not.
She is resigning right now.
Seriously?
This is not a joke.
Yes, this is not a joke.
The Prime Minister is resigning.
seriously this is not a joke
yes this is not a joke
the Prime Minister
is resigning
well you know
hopefully
well actually
I must say
I did think
that maybe
we'd get a little bit
of stability
until after the show
was released
right
but apparently not
apparently not
okay
well
well
on that note
dear listeners,
Jav, thank you very much for your contributions and time today.
Well, you're welcome.
And Andy, thank you.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it,
please leave your best insults
on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
Either of you guys thinking of running?
Well, I mean,
I don't think anyone could do any worse,
could they?
You just make stuff up,
do a couple of U-turns.
Do you know what? It's literally, I reckon? You just make stuff up, do a couple of U-turns. Do you know what?
It's literally,
I reckon it's just like
this podcast, right?
You just show up
and insult the people
across the room from you.
And every now and then
someone else,
like, you know,
comes up with suggestions.
But it doesn't matter
if you get it right or not
because you're only
tanking the economy.
No.
In fact, do you know what?
I think the three of us together
as Host Unknown
should make a bid
for Prime Minister.
I'm heading to Westminster now.
You know, I'll take Mondays and Wednesdays.
Andy, you take Tuesdays and Fridays.
Jav, you take Thursdays and Saturdays.
I record a podcast.
Fridays don't work for me.
I record a podcast.
I was going to say, and we'll take every third Sunday.
I mean, what the hell? Sounds mean what the hell sounds like a plan sounds like a plan we could we need to think of the people we'd hire in the
cabinet to be our four people for the inevitable screw-ups oh well clulee and carol definitely
yeah yeah yeah