The Host Unknown Podcast - Episode 137 - The Beep Beep Boop Boop Episode
Episode Date: January 29, 2023This week in InfoSec 10:35)With content liberated from the “today in infosec” twitter account and further afield16th January 1983: Lotus 1-2-3 Goes on SaleThe Lotus Development Corporation release...s Lotus 1-2-3 for IBM computers. While not the first spreadsheet program, Lotus was able to develop 1-2-3 because the creators of VisiCalc, the first spreadsheet, did not patent their software. 1-2-3 outsold VisiCalc by the end of the year and 2 years later Lotus bought out the assets of VisiCalc and hired its main creator as a consultant.25th January 1979: Robot Kills Auto WorkerRobert Williams of Michigan was the first human to be killed by a robot. He was 25 years old. The accident at the Ford Motor Company resulted in a $10 million dollar lawsuit. The jury deliberated for two-and-a-half hours before announcing the decision against Unit Handling Systems, a division of Litton Industries. It ordered the manufacturer of the one-ton robot that killed Williams to pay his family $10 million. The robot was designed to retrieve parts from storage, but its work was deemed too slow. Williams was retrieving a part from a storage bin when the robot's arm hit him in the head, killing him instantly. In the suit, the family claimed the robot had no safety mechanisms, lacking even a warning noise to alert workers that it was nearby.21st January 1981: It Could Go at Least 88 MPHProduction of the iconic DeLorean DMC-12 sports car begins in Dunmurry, Northern Ireland. While not truly a technological achievement, the DeLorean became known as a symbol of the high-tech 1980’s.Daves - https://twitter.com/HackingDave/status/1458576672341516290?s=20&t=SfemFgw0mfQ_eeuljrj6EA Rant of the Week (18:35)MSG probed over use of facial recognition to eject lawyers from show venuesThe operator of Madison Square Garden and Radio City Music Hall is being probed by New York's attorney general over the company's use of facial recognition technology to identify and exclude lawyers from events. AG Letitia James' office said the policy may violate civil rights laws.Because of the policy, lawyers who work for firms involved in litigation against MSG Entertainment Corp. can be denied entry to shows or sporting events, even when they have no direct involvement in any lawsuits against MSG. A lawyer who is subject to MSG's policy may buy a ticket to an event but be unable to get in because the MSG venues use facial recognition to identify them.In December, attorney Kelly Conlon was denied entry into Radio City Music Hall in New York when she accompanied her daughter's Girl Scout troop to a Rockettes show. Conlon wasn't personally involved in any lawsuits against MSG but is a lawyer for a firm that "has been involved in personal injury litigation against a restaurant venue now under the umbrella of MSG Entertainment," NBC New York reported.James' office sent a letter Tuesday to MSG Entertainment, noting reports that it "used facial recognition software to forbid all lawyers in all law firms representing clients engaged in any litigation against the Company from entering the Company's venues in New York, including the use of any season tickets.""We write to raise concerns that the Policy may violate the New York Civil Rights Law and other city, state, and federal laws prohibiting discrimination and retaliation for engaging in protected activity," Assistant AG Kyle Rapiñan of the Civil Rights Bureau wrote in the letter. "Such practices certainly run counter to the spirit and purpose of such laws, and laws promoting equal access to the courts: forbidding entry to lawyers representing clients who have engaged in litigation against the Company may dissuade such lawyers from taking on legitimate cases, including sexual harassment or employment discrimination claims."The AG's office also said it is concerned that "facial recognition software may be plagued with biases and false positives against people of color and women." The letter asked MSG Entertainment to respond by February 13 "to state the justifications for the Company's Policy and identify all efforts you are undertaking to ensure compliance with all applicable laws and that the Company's use of facial recognition technology will not lead to discrimination." Billy Big Balls of the Week (32:11)DoNotPay Retires 'Robot Lawyer' Before It Even Has Its First CaseIf you’ve been fantasizing about the day when artificial intelligence could get you out of paying traffic tickets, you’ll just have to keep dreaming. DoNotPay has backed out of its plans to use an AI-powered “robot lawyer” to council a defendant through a courtroom hearing in real time. The reason why? Well, apparently the law got in the way of the robot’s lawyering. The company’s founder and CEO, Joshua Browder, first announced the news in a Wednesday tweet. “After receiving threats from State Bar prosecutors, it seems likely they will put me in jail for 6 months if I follow through with bringing a robot lawyer into a physical courtroom,” he wrote. In a phone call with Gizmodo, Browder reiterated his view that, were he to follow-through on his initial promises, he’d likely end up with a prison sentence. Industry News (36:28) WhatsApp Hit with €5.5m fine for GDPR ViolationsNew Cheats May Emerge After Riot Games HackRegulator Stress Test Highlights Cyber Insurance ConcernsTicketmaster Claims Bot Attack Disrupted Taylor Swift Tour SalesYahoo Overtakes DHL As Most Impersonated Brand in Q4 2022North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection MethodsNCSC: Iranian and Russian Groups Targeting Government, Activists and Journalists With SpearphishingZacks Investment Research Confirms Breach Affecting 820,000 CustomersIranian Group Cobalt Sapling Targets Saudi Arabia With New Personahttps://scambusters.org/scambusters19.html < 1997 Yahoo award scam Tweet of the Week (44:18)https://twitter.com/cybergibbons/status/1618672522853240833 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I love the planning that we have on this. I'm going to do this and you guys take it away.
All right, yeah, so I'm going to do this. Beep, beep, boop, bop.
You guys take it away.
Yes.
Okay, Metal Mickey.
You're listening to the Host Unknown Podcast.
Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us
and welcome to episode 137
141
of the Hosts Unknown podcast
Welcome one and all
Welcome dear listeners
We trust you are well on these
well, somewhat dull and listless days, let's face it.
Every day kind of merges into one at the moment.
We've already had Blue Monday, haven't we?
We have.
In fact, that was this Monday.
Just gone, was it?
Or was it the one before?
It was all the same.
No, I try and bring joy and spread joy wherever I am, so I don't know what Blue Monday is.
But if you could just, after you've spread your joy,
if you could just clean it up afterwards,
that would be very, very good of you.
Oh, my God.
We've been there before.
We've been there before.
Anyway, speaking of messes that need cleaning up,
Jav, how are you?
Go fuck yourself, Tom.
Andy lines them up.
I'll knock them in.
Where surprisingly, the days have merged into one,
into dull and listless days.
And yeah, apparently it was Blue Monday,
which is like, you know, just Monday.
Just another Monday for most of us, right?
Yeah.
Nothing to report at all nothing to report except for giving me a hard time that i may have been late this morning and then you rock up
half an hour late i i was uh stylishly late
you keep telling yourself that mate you keep telling yourself that, mate.
You keep telling yourself.
Andy, what about you?
Are you well?
I am.
Busy week this week.
But do you know what I'm thinking?
Because you were in the US last week.
Yes.
This would historically be the time where you say,
where can we meet up?
Because I've got 15 kilos of almond Snickers.
Do you know what?
I was in a shop looking at all these
almond Snickers and almond whatever
and I thought, he doesn't want these anymore.
Well, do you know what?
I actually do want them.
As I think of it, I'm like, yeah, I actually
want some almond Snickers.
You don't. Tom, you're a good friend.
You're not enabling him to
fall off the wagon again. Absolutely.
I'm not a fat feeder. No, you're not. I him to fall off the wagon again. Absolutely. Absolutely. I am not a fat feeder.
No, you're not.
I don't mind the odd snack accident here and there.
A snack accident.
It's perfectly normal.
A snack accident is when you slip and fall
and the almond Snickers goes up your bum, isn't it?
Something like that.
Oh, dear.
We use the same words. We just have very different meanings for we're all shaped by our experiences
the best the best snackcident is like i think it was from last year someone phoned up one of these
um islamic scholars they had like this online sort of like live show.
And it was like during Ramadan.
And he goes like,
Sheikh, I went into, I slipped in the kitchen
and I fell over and the shawarma fell off the counter
and landed in my mouth and I chewed it and swallowed it.
Is my fast invalidated?
That's a snack-cident.
Fast invalidated.
That's a snack-cident.
Well, we're invested now.
What was the answer?
Well, brothers, that is a long answer.
I don't know what the answer was.
I didn't bother.
He went running to the kitchen.
Yeah. With just socks on, so he slipped. He went running to the kitchen.
With just socks on, so he slipped.
And knowing full well he had shawarma on the side of the counter.
Shawarma stuck vertically on the floor.
And right next to a strategically placed half litre bottle of Coke.
Where did that go?
Oh dear. Anyway, before we make a link of visuals that we can never recover from,
how was your week, Tom?
Yeah, it was very good.
Again, busy as usual, but, hey, it's been all right.
It's been all right.
I've moved into the major client's building now.
It's very fancy.
Okay.
The desks are literally half the size of what we had in the old place so uh yeah you've got to squeeze in a little bit but otherwise yeah
it's good it's all right but is that because they're getting rid of buildings as in you know
so many more people are hybrid or working from home that they're actually well yeah yeah because
the floors are empty so actually they're subletting the space to
Companies like us
Who are doing a huge
Billions worth of work with them every year
So they want to get everybody under one roof
And sublet some space
So it works out all round
And they've got a
Subsidised cafe
So what could be better
So does that also make it easier if there's an adjacent incident?
You're literally adjacent to them then.
Exactly.
Absolutely.
I'm there.
I am there to sit back and fold my arms and go,
oh, I wouldn't have done it like that.
You've had some cowboys in here before.
How was New York?
I didn't ask you. Oh, yes. I've been wanting toboys in here before. How was New York? I didn't ask you.
Oh, yes.
I've been wanting to go since the pandemic.
It was fun.
It was fun.
I spent about four hours walking from midtown to downtown
to find my old bar, my old haunt I used to go to,
and it's closed down.
It's completely boxed off and under refurbishment.
So that was a little bit of a downer,
because trust me, that was a long walk.
Do you not have Google?
I was going to say an American long walk,
or like three blocks, or is it actually a proper long walk?
No, no, it was a proper long walk.
It was like a four-hour walk.
Jesus, dude, what's wrong with Uber?
That's what I took back.
I was like, well, screw this.
I'm getting an Uber.
But it was nice.
I had an afternoon off on a Thursday,
so I wandered around the USS Intrepid Museum,
which is an old aircraft carrier moored on the Hudson,
with aircraft on it obviously and and the enterprise space shuttle and a concord and all that sort of stuff and it was really good
it was really good fun so i got a few few good photos and uh yeah really enjoyed it got upgraded
on the way out which was nice uh didn't on the way back which was less nice so yeah but you did get an earlier flight on the way back didn't you i did yeah yeah because my
flight was it was like gonna be three hours later because of a delay and all that sort of thing and
then they had a couple of earlier flights and uh yeah that made all the difference still missed
the podcast though but uh you know, still,
which I haven't listened to yet.
I haven't listened to it.
I haven't even heard what you've done to my baby.
Oh, and you know what?
I didn't even receive an email from your mother yet,
the Duchess of Ladywell.
She didn't listen to it. She's not.
Did you warn her in advance you wouldn't be on it?
No, actually it was coincidence
but initially when she said
I haven't listened to it I thought, ah there you go
well done mum
I know what you listen to it for
and then she said, I just haven't got around to it
So yeah, we'll see
If you're listening today
tomorrow, whatever mum mum, write in.
Let us know what you thought of last week's episode.
Obviously not up to the usual high standards, you know.
But talking of high standards,
shall we see what we've got coming up for you in this week's show?
This week in Iversex takes us back to a time
when robots were replacing workers.
Rant of the Week shows us the future of bouncers.
Billy Big Balls is a story of the lawyers fighting back against the AI.
Industry News brings us the latest and greatest security news stories from around the world.
And Tweet of the Week is a moan about phishing test metrics.
We seem to be having pretty much all robots and ai this this week
isn't it it is there's a lot going on in that in that area it's the future we should be in the past
as you will find out oh that sounds like the uh the treatment for terminator
oh there was that you know what there was a story which I didn't include I don't even see this
where they actually
created a liquid
that can go through bars
it's literally like
T-1000
oh my god
seriously
yeah
well
isn't that called mercury
it is
but it reforms itself
the other side.
Oh, in the shape of Robert Patrick.
Yes.
Yeah, scientists made a liquid metal robot that can escape a cage like a Terminator.
Oh, my God.
Yeah.
It's a robot that can shapeshift between solid and liquid states.
Oh, jeez.
That is awesome.
It is awesome until our robot overlords decide to melt their way
through our letterboxes and, you know, oppress us.
Exactly.
I'll just let it sit on Reddit for like, you know, a day,
understand, learn, and then just set it loose in the world.
Yeah.
You know what would be really cool?
That would be to have prosthetics made
out of that because then it's like this is my hand oh this is now my key oh this is now the
butcher's knife that i can impale you with you know it's no butcher's knife so that i can cook
dinner not impale you with are you having a bad day at home today Jeff hit the jingle hit the jingle yes that time of the show for our favorite part whatever here it is
this week in InfoSec
it is that part of the show where we take a trip down infosec memory lane with content liberated from the today and infosec twitter account and further afield and this week we
have gone so far afield there's a very tenuous link back to some of these. However, our first story shall take us back 40 years,
4-0, long before I was born, to the 16th of January 1983, when Lotus 1-2-3 goes on sale.
So the Lotus Development Corporation released Lotus 1-2-3 for IBM computers and while it was not the first spreadsheet program
as many people thought it was Lotus was able to develop it because the creators of VisiCalc
the actual first spreadsheet did not patent their software what and so 1-2-3 outsold VisiCalc
by the end of the year and two two years later, Lotus actually brought out their assets
and then hired their main creator as one of their consultants.
But yeah, this is why you should protect your intellectual property, people.
Good Lord.
I did not realise that it was 1983 that Lotus 123 came.
I always thought it was slightly later than that.
1, 2, 3, the Lotus 1, 2, 3.
I always thought it was slightly later than that.
So one of my first big jobs was for the Kimberly Clark Corporation,
where we used to get free toilet rolls and free tissues and stuff,
like literally all the offcuts that didn't pass. Which, let's face it, as a young teenager was pretty heavy.
It was pretty heavy.
Saved you a fortune.
I must have been, what, 18?
Oh, yeah, you'd have saved yourself a fortune absolutely but um again they had a subsidized cafeteria which is you know where
a lot of it all began for me um but it was like the whole thing they thought i was some sort of
genius there's a lot of people that were working there, you know, sort of different generations of people.
So yeah,
like factory workers had migrated to back office and they thought I was a
genius because I'd modernized everything by literally copying stuff from
Lotus into Excel 97.
And they thought I was,
I was,
you know,
it's an all day job.
I was done by like midday.
My job was done. Then I was working on my own website for midday onwards.
You know, when you look beneath the hood,
nothing has changed a great deal, has it?
Well, apart from the subsidised...
Yeah.
You had to get a better-paying job in order to subsidise your food.
Yeah, exactly.
Now I have to subsidise your food. Yeah, exactly. Now I have to subsidise my food.
Yeah, but yeah, not much else yet.
You are, you know, whilst you are joking,
you know, not too much hair change on that one.
No, I wasn't joking at all.
Our second story takes us back a mere 44 years when a robot killed an automotive worker.
So Robert Williams has the unfortunate title of being the first human to be killed by a robot.
I always thought it was Sarah Connor.
That was later. That was 83.
Oh, OK.
Yeah. So, yeah, he was 25 years old and the accident happened at the Ford Motor Company resulted in a 10 million dollar lawsuit.
And the jury only had to deliberate for two and a half hours before announcing the decision against the unit handling systems, which is a division of Lytton Industries.
Ordered the manufacturer of the one ton robot that killed Williams to pay his family $10 million.
Did they put the robot in a room behind a glass window and electrocute it?
I don't think.
I think they just took the plug out, right?
It was waving its hand going, no, no, no, no, no.
Number five is a lie.
Yeah, so this robot was designed to retrieve parts from storage,
but its work was deemed too slow.
And so Williams was retrieving...
They killed it for being too slow.
Well, no, so Williams went to retrieve the parts from storage himself,
and then the robot's arm hit him in the head and killed him instantly.
That's my job.
Exactly, yeah, but the but the uh the robot by unions
motherfucker look at these workers look at these humans coming in here taking our jobs
here take that son so not yeah not much has changed so yeah the robot had no safety mechanisms not even a warning noise to alert workers that was
nearby um but yeah robots uh replacing people's jobs who would have thunk it uh so little known
fact about uh little industries it's it's actually owned by a parent company uh cyberdyne
the uh people that also um created the t2 the t1000 and the all the t series right yeah that's
right t800 t800 yeah yeah impressive uh and i will just chuck in one last story um but i have
very uh tenuous links in fact i have no links whatsoever links whatsoever to any sort of domain. But it's the
21st of January 1981,
42
years ago, when production
of the iconic DeLorean,
the MC12 sports car, began
production in Dunmurray, Northern
Ireland. Wow.
But yeah, it wasn't a truly
technical achievement, although it did
have the gullwing doors.
DeLorean became known as a symbol of the high-tech 1980s
and obviously the mode of transport for choice
to travel back in time if you could hit 88 miles an hour.
They could re-release that car,
obviously upgraded so it actually works,
but they could re-release that car today
and it would still look good still look good it was quite boxy though wasn't it it was that
it's lovely looking dated it's lovely looking it's got that retro look it's no it's got a timeless
look about it i think i don't know about time so uh i don't know if you follow Dave Kennedy on Twitter
Oh yeah
Hacking Dave
and he bought himself a DeLorean
a year or so ago and he's spent
time kitting it out to look just like
the Back to the Future car
he's put so much time and effort into it
if you ever
get some time, check it out
it looks absolutely epic
the only advantage to that, of course,
is he may have spent so much time on it,
but he could always go back and then get that time back.
Yeah.
That's what I'm saying.
Anyway, excellent.
You know what?
That was the most fun we've had in this week in InfoSec
for a long time, I think.
We should stick to non-InfoSec stories.
Hey, there's Infosec stories in there.
There's IP protection not being done.
There's AI advancements without controls, safety controls.
And the DeLorean one, I've got no link.
Okay, I was going to say, that stretching sound you're hearing
is the connections that andy's
trying to make there anyway thank you andy for this week's this week in infosec
attention this is a message for all other infosec podcasts
busted we caught you listening again. This is the Host Unknown Podcast.
Right, let's move on, shall we, to this week's...
Listen up!
Rant of the Week.
It's time for Motherf***ing Rage.
Now, although you won't hear it in the final cut
due to some very skillful editing,
I'm having a bit of trouble with the buttons this week.
As in just pressing them?
Yeah.
I think I'm just random.
I mean, I've even lost the new jingles for some reason.
I don't know where they've all gone.
Whatever.
Anyway, so you may recall a story from,
I think it was December last year, actually,
so fairly recently,
where there was a woman who was taking her daughter
and her daughter's Girl Scout troop to a Rockettes show
at the Radio City Music Hall in New York.
This lady was, what's her name?
Where is it? Conlon, Kelly Conlon.
And she was, believe it or not,
denied entry to the music hall on the basis of who she was employed by.
Now, she wasn't employed by, I don't know,
the Nazi Party of New York or the...
Host Unknown.
Yeah, Host Unknown or,'t know, the Nazi Party of New York or the... Host Unknown. Yeah, Host Unknown or, you know, SEAL clubbing club of...
TL2 security.
She didn't work for any of these dodgy folks, right?
But anyway, she works for a legal company, a bunch of lawyers,
and she was refused entry, as you may recall,
bunch of lawyers and she was refused entry as you may recall based upon facial recognition that identified her as a member of this legal firm with whom the owners of the radio city musical
msg entertainment were in uh litigation with uh uh with that legal company.
So the MSG Entertainment were being sued by this woman's legal company.
And so they decided to not let her in, which was quite outrageous, really,
given that she was not directly related to the case, et cetera.
And it obviously hit the news.
In fact, I think we may have covered it or at the very least talked about it. However, the New York
Attorney General has come back to them and said, basically, we think that this is not right.
We think that facial recognition software may be plagued with biases and false positives against people of color and women.
It has said that they asked the letter to respond by the February 13th to state the justification for the company's policy and identify all efforts you're undertaking to ensure compliance with all
applicable laws and the company's use of facial recognition technology will not lead to discrimination
and that such practice certainly runs counter to the spirit and purpose of such laws and laws
promoting legal access to the courts forbidding entry to lawyers representing clients
who have engaged in litigation against the company,
may dissuade such lawyers from taking on legitimate cases,
including sexual harassment or employment discrimination claims.
And this is a big deal, of course.
So if you think that you are going to be discriminated
based on the fact that you happen to be working on a high-profile case
and that means you can't get on a train or a bus,
or you're not allowed into a certain store to buy your goods,
purely because your employer is involved in some kind of case
against the big paymasters of said company.
So this is interesting, and I think we're starting to see
some of the legal pushback on facial recognition and the use of it in such wholesale manner,
such as we see in China, where your social net worth is automatically scanned and checked against you to see if you're able to even participate in what's considered to be in normal society today.
So I mean, I think the use of facial recognition can be extremely useful in very discrete cases.
I think certainly, you know, airports.
To identify if people work for unions at Amazon or something.
Absolutely. I mean, we don't want those people in there.
Amazon or something.
Absolutely.
I mean, we don't want those people in there.
But certainly in cases of, you know, at sort of ports of entry to countries,
you know, access to certain critical national infrastructure environments and things like that, that could be very, very useful.
But the technology really is not mature.
It's not very good when it comes to, as it says, people, ethnic minorities, et cetera, people of color.
And it can bring up so many false positives as well.
And people can be detained and have their liberty removed.
liberty removed so to to roll out this kind of technology in such a wholesale manner and actually implement its use uh or or implement its its findings in in such a way is is is appalling so
at last i think well this may not be the very first piece of litigation against it but uh but
it it seems like the new york attorney general has actually made a a step in the right direction at all uh well it's it for now but we'll see but then again you
can't you know facial recognition will only get better once it's in use as well so the flip side
is if you want this to get better if you want to use this technology you know we've opened pandora's
box what else can we do you know it's not like we can close it now um you know we we've opened Pandora's box. What else can we do? You know, it's not like we can close it now.
You know, we we've got to make it better. And you do that by training it in real world examples. So a little bit of a little bit of a dilemma. But on the whole, I think the the New York attorney general has done the right thing here.
And to stop a woman with her daughter and her girl scout troop from you know entering into a show
that's that's pretty it's a pretty low blow isn't it pretty low blow is it is it really
well it was the Rockettes in fairness I mean really the attorney general siding with lawyers
okay well the attorney general is a lawyer right yeah exactly. No conflict of interest there at all.
Oh, so lawyers can't be represented by other lawyers
because there's a conflict of interest.
Yeah, they have to be represented by Joe the plumber.
Exactly, exactly.
By, you know, some of their peers.
But, OK, so help me to understand,
and you probably won't because you're just reading the story
as you're going through it.
Is the issue here that they refused entry to a lawyer whose firm was in litigation,
or was it that they used AI to recognize the lawyer and ban them entrance?
What is the real issue here?
It's both. it's both it's both i think it's the fact that
they used facial recognition which is known to have uh to to raise flag flag lots of false
positives okay but this wasn't a false positive she actually yes but so the ai got it spot so let
me finish this part next point so let me finish rather than you jumping in and scoring points i'm just asking the questions man like every right-wing commentator i love it um so yeah in this case it got it right
but there have been plenty of documented cases where facial recognition does not get it right
we may even hear about one later on i don't know um but it gets it wrong a lot so the use of the
technology in the first place is dubious.
It did get it right in this case in the fact that it identified this woman
as working for a company that the owners were in litigation with.
This woman was in no way involved in said litigation,
was not connected to the case,
and was there in a personal capacity with her daughter
and Girl Scout troop to watch the Rockettes.
See, I think this is what your bleeding heart liberals always do.
You always like bringing kids into the whole thing.
She was there with her daughter.
Yeah, with Girl Scouts.
They were selling cookies.
No, they weren't.
Because that would have been illegal.
Do you know what?
Jeff actually makes a good point here.
What?
Well, hear me out.
The facial recognition actually did its job.
It was programmed to identify people that worked for this company.
In this instance, yes.
And it did that successfully.
Yeah.
Yeah, it did.
It did.
But should it be used to do that is one question facial recognition has been used by
casinos for decades like casinos have had facial recognition that exceeds the capabilities of
airports and border patrols you know because you know when money's involved over national security
it's taken far as opposed to bodies falling out of the sky, it's far more important. Exactly. Yeah. But so, you know, this isn't new tech.
It's just been applied in a different way.
But it sounds like it's actually done exactly what it was designed to do.
And now it's about tuning the policy to avoid these.
You know, it's like when you implement DLP, right?
You don't want to block everything.
You want to let some things go.
I think we're missing the point here i think msg the msg entertainment or whatever used this technology which may be legal or not illegal
or whatever but they used it to discriminate against people because they felt butthurt that
they were being sued by a particular company well okay so that's that's interesting now now isn't that it now say now say you go to
liverpool for example oh right yeah go on you you go you go to an average person in the street or
you you know what have you and you go would you like to would you like to speak would you like
to speak my podcast and they'll be like sure and they'll say give words but if you say i'm from the sun
would you like to say a few words to me what will they say to you
they'll say they won't have you met my mate stanley and then they'll pull out a stanley knife
and uh slashing with it exactly so i think like you know it's msg it's their property it's their
private venue much like a casino much like if you shoplifted from Audi and they would ban you from all their stores for life.
You've taken a bit of a leap there, Jav.
I've not, I've not. What I'm saying is the principle here...
This woman has not shoplifted from said MSG Entertainment.
No, no, no, no, no. Similarly, like a reporter from the Sun wasn't involved in erroneous reporting. It could be just covering the sports section or something, but, you know, what have you. But, you know, they're going to be tarred with the same brush because of their employer. It's like how, you know, how we treat. And we're all guilty of this when we speak about people who work at places like Meta or what have you. And we're like oh they're they're all like you know x y and z and then we try to caveat sometimes but you know
we have these inherent biases now especially when there's litigation in place who's to say
she wasn't going in as a spy to to uh to check on things or what have you so i'm just playing i'm just asking the questions man she was going in as a spy to check on things yes yes what precisely would she be checking on from her seat in the
theater well exactly and that is the key question i think you're getting good at this you're getting
good at this asking the real questions now yeah well i think we've got the dunning
kruger effect in in full power here so so so what all i'm saying is i think ai is the red herring
here i don't think it's important to this story at all what is important i think it's relevant to
the story it's not necessarily important it's not the central part of it it's not it's no no no the whole thing is like when does someone have the
right to refuse someone entry to a property they own and control or their venue and what reasons
should they have to that and you know i think if if you talk about a free society a free country
a free capital market then you shouldn't really have to justify your reason you can say look i
don't like the looks of you you're not look, I don't like the looks of you.
You're not allowed entry.
I don't like the looks of you.
Okay, so they're discriminating based upon how they look.
Would the color of their skin?
That's not what I meant.
And you know fully well that's not what I meant.
I'm just repeating back your words to you, Jav.
I'm just asking the questions here.
Good, good, good The training is working, excellent
Fox News, if you want to sponsor us
please get in touch
Hey, we'll take your money, we don't care how much blood is on it
Andy can launder it
Rant of the Week
Feeling overloaded with actionable information?
Yep.
Fed up receiving well-researched, factual security content?
Yes.
Ask your doctor if the Host Unknown podcast is right for you.
Always read the label.
Never double dose on episodes.
Side effects may include nausea, eye rolling,
and involuntary swearing in anger.
episodes. Side effects may include nausea,
eye-rolling and involuntary swearing in anger.
Now it's time for Jav's audition for the Fox News Network.
It is time for
Billy Big Balls
of the Week.
So, the Billy Big
Balls is, well, it's
kind of like
the opposite. It's like theham clooley of the week where
i'll explain i'll explain so do not pay uh is a firm that set up a robot lawyer
uh and uh what it was it was ai powered as you get and it its job was to get you out of paying parking tickets
um so um you know what what they what they were trying to do is to um get a defendant through a
courtroom hearing in real time so they said like wear this earpiece and um you know whatever the the robot says you just repeat
it but apparently the law got in the way so you know the company folded just as quick as
clearly does so this company fought the law and the law and the law won, yes. Yeah.
You know, the company's founder and CEO,
who started off with showcasing his Billy Big Balls, you know, just...
That's one way of marketing your product.
Check these out.
Yeah.
Was exposed as being a fraud
and then being tiny and shriveled up.
After receiving, he tweeted, Exposed as being a fraud and then being tiny and shriveled up after receiving.
He tweeted after receiving threats from state bar prosecutors.
It seems likely they will put me in jail for six months if I follow through with bringing a robot lawyer into a physical courtroom.
I don't think that's quite a threat. I think they were just explaining the law to him that you can do this.
I'd like to bring my defence lawyer in, please.
Beep, beep, beep, bop.
Yeah, exactly.
Exactly.
Attempted murder.
It's not like he killed somebody.
He only killed a soft, fleshy one yeah but uh but yeah no so um that's that i do think this was really overly ambitious but
you know it's um people are going to be using ai to write them write them letters and stuff and
challenging court decisions it's it's not lawyers will be using it to to look up letters and stuff and challenging court decisions.
Lawyers will be using it to look up facts and what have you.
Previous cases.
Yeah, yeah.
So it's, you know.
Create an opening argument for me.
Yeah.
Well, it's basically chat GPT on metal legs.
Yeah.
Yes, yes.
That's exactly it.
I love this one. I love this one.
I love this one.
I think it's great.
Only because I just keep on seeing this little robot lawyer
kind of bigging itself up in the background.
Don't let them get you down.
You can do this.
You are the little engine that could.
You can't this. You are the little engine that could. You can't handle
the truth.
Objection.
Hearsay.
Short and sweet, Jav, just like you.
Billy Big
Balls of the
Week.
Billy Big Balls of the week
recording from the UK
you're listening to
the Host Unknown Podcast
we haven't played that one
for a long time have we
we played it last week
did we
we did oh you did for a long time, have we? We played it last week. Did we? We did.
Oh, you did? We did, yeah.
Oh, well, you know, time is an illusion
and lunchtime doubly so.
And speaking of time, what time is it, Andy?
It is that time of the show where we head over
to our news sources over at the InfoSec PA Newswire
who have been very busy bringing us
the latest and greatest security news from around the globe. Industry news. WhatsApp hits with 5.5
million euro fine for GDPR violations. Industry news. New cheats may emerge after Riot Games hack.
Industry news.
Regulator stress tests highlight cyber insurance concerns.
Industry news.
Ticketmaster claims bot attack disrupted Taylor Swift tour sales.
Industry news.
Yahoo overtake DHL as most impersonated brand in Q4 2022. Industry News. North Korean
group TA444 shows startup culture tries numerous infection methods. Industry News. NCSC, Iranian
and Russian groups targeting government activists and journalists with spear phishing.
Industry News.
Zach's research, no, Zach's investment research confirms breach affecting 820,000 customers.
Industry News.
Iranian group Cobalt Sapling targets Saudi Arabia
with new persona.
Industry News.
And that was this week's...
Industry News.
Huge.
It's been a bit bumpy, isn't it?
It's like, you know,
if you haven't driven a manual car for a while
and you get your sort of kangaroo in it down the road.
That's me at the moment.
That's what this episode's been like, yeah.
Yeah, exactly. That's fine. That's what this episode's been like, yeah. Yeah, exactly.
That's fine.
That's what our listeners pay for.
Exactly.
Tom is the clown.
How much of a non-story is new cheats may emerge
after right games hack?
So do you know what?
I'm not a huge gamer,
but I think people pay money for this stuff.
They do. And so now they've got the source code and you know they can look at it so just big business play those versions league of legends
i don't think it's that simple you know kids live online these days they have their headphones on
and they're like ready player one mode almost it's just league of legends it's very difficult team fight tactics uh
get off my lawn so so i think this this this story must be a joke it must be rehashed from 1984 where
they say like yahoo overtakes dhl that's the most important yahoo really but also, they haven't put the explanation mark after Yahoo.
Yahoo!
Yeah.
Maybe this in itself is a phishing campaign.
I'd like to understand what the methodology here was,
what sample they were looking at or whatever.
It's just, it's really weird.
I mean, I have real trouble believing that Yahoo is the most impersonating.
Maybe there's been a surge in the targeting of the over 60s.
Yeah.
Because they're the only ones who remember what Yahoo is.
Exactly.
Yahoo, AOL.
Yeah, AOL online.
Yeah.
Yes.
Indeed.
MSN Network.
So there's actually a link to how they did it within there.
So number one, Yahoo, DHL, second, Microsoft, third, Google, fourth,
LinkedIn, fifth.
Blimey.
This must be the first time Yahoo is fighting it out for the top spot
with the big boys for a long time.
Yeah.
There's someone running through the office in the Yahoo office somewhere,
very short distance because they're probably quite small offices,
and bursting into the very small executive boardroom,
waving a piece of paper going,
We did it.
We're number one.
They contain the subject Yahoo Award
and were sent by senders with names such as Award Promotion,
Award Centre, Info Winning or Award Winning.
Maybe what the spammers were sending was Yahoo Award.
Potentially.
Maybe that's why there's no explanation, Mark.
Yeah, yeah.
There you go.
potentially maybe that's why there's no explanation mark yeah yeah there you go yeah so it said they'd won um prize money organized by yahoo worth hundreds and thousands of dollars and they just
need your personal details to uh transfer to your bank and it also contains a warning the victim
must not tell people about winning the prize because of legal issues.
Love it.
I've got this piece of too good to be true news for you.
And it's so good, so too good to be true, you can't tell anybody about it.
I'm looking at this North Korean group, TA444, that's showing startup culture. And I'm just wondering if they've got like, you know, game machines in the arcade machines in the office and pizza Fridays and things like that.
I'm just trying to see what the startup culture was.
But what I also don't understand, though, is this discrepancy between hacker group names like TA444 and Cobalt Sapling, which is basically two random words put together.
I think that when you make it big, you can actually get a name.
It's sort of like instead of having a CVE,
you get a heart bleed or something.
I think there's got to be a threshold somewhere.
Somebody rolls the two 20-sided dice to work out what your name is going to be.
Yeah, yeah. It also depends on which
research firm, which
researchers find it.
So they all have their own naming
methodology. So like,
what do you call it?
Viruses in the old days. That must really
piss off the teams themselves.
They probably know we've come up with a brilliant
name for ourselves. We are, you know,
Iron Bear Fist. And then whoever finds them says, I think we're going to call them they probably know we've come up with a brilliant name for ourselves we are you know iron bear fist
and then the whoever finds them says i think we're gonna call them uh chili sapling or something like
that it's like yeah yeah uh what what's the um mandiant um i think they they have abt 34 uh
yeah they call them abts and whatever and then one of the firms, I can't remember which one,
but they came up with a rationale behind their methodology.
So like the bear represents a Russian group and the eagle is like...
Oh, it's CrowdStrike, isn't it?
Yeah, CrowdStrike, that's it.
Yeah, and they have all the...
So it's sort of like the biological name for plants and animals.
Something eagle, something bear, something...
Yeah.
It's just overly complicated for no reason.
So it's just like how admins used to name servers
in the old days.
Yeah, I was going to say,
there's so many different standards
of how we name hacker groups.
We need to build a unifying standard.
Let's do it.
Let's charge membership to people.
Oh, that's great.
The host unknown methodology of naming your hacker group.
I'll get out the Ouija board and come up with names.
Jav's Melons.
Excellent.
Very good.
Tom Zimmer.
All right.
That was this week's industry news.
Industry news.
If you work hard, research stories with diligence
and deliver well-edited, award-winning,
studio-quality content for high-paying sponsors,
then you too can be usurped by three idiots
who know how to think on their feet. You're listening to the award-winning Host Unknown podcast. Right. Andy, it's down to you.
Take us home. Leave us on a high pace.
Tweet of the week.
And we always play this one twice.
Tweet of the week.
And I shall take us home with a tweet from Cyber Gibbons, who says,
Phishing simulations often seem to mark people down for simply opening an email.
If opening an email is an issue for your systems, then the problem is not your users.
Unbelievable.
Nicely chosen, Andy. users unbelievable nicely chosen andy yeah no i i don't i know that um the applications monitor like who's opened and then who's clicked and what have you i've not heard of people like that
actually mark down people for opening email because how are you meant to know if it's a legit or phishing email
without opening it?
I mean, unless the headline says Yahoo Award.
But other than that.
There's a secret.
I don't open emails.
You're not going to catch me.
I'm not getting in these stats.
You've not missed a single deadline you've been told about.
Exactly.
Yeah.
Oh, dear.
Very true.
Very true.
Thank you, Andy, for...
Tweet of the Week.
Well, we come barrelling into the end of the episode there.
Probably a lot shorter when I take out all of the mistakes that were made.
But, yeah, very good.
Very good, gents.
Your mistakes.
Your mistakes.
Hey, it's it's
you lot you you make me do it don't try to don't try to make this into this like oh the mistakes
that were made implying that all three of us were come on in in on the mistakes we succeed as a team
we fail as a team oh no we hang you out to dry yeah
hey i'm not the one who said we should be discriminating on the basis of colour
in this group.
Oh, wow.
He didn't just say colour.
He said race, age, sex.
He said everything, didn't he?
The way you look.
Yeah, this is true.
Do you know what?
I'm glad you said it, Jav, because Andy and I would never have gotten away
with that.
He's so scumbags, honestly.
Oh, dear.
Gents, thank you so much.
Jav, thank you so much for this week.
I hope you enjoy it as much as I did.
I'll get lost.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
R slash Smashing Security.
So I'm just looking at Scambusters,
and they have mentioned off the fake Yahoo Award,
and this is posted in December 1997.
No cap.
Everything old is new again.
The more things change, the more they stay the same. you're saying that this the fact that yahoo is now number one is based on something that came out in 97
no what we're saying is that checkpoint obviously had someone said right we need to create a report
that we can put out to the market and whoever the intern given that job obviously went to chat open gpt
and then they regenerated it three times and i thought oh this is credible all of these companies
still exist like let's just publish this and no one's gonna check our workings apart from some
you know a small group of dedicated infrastructure security professionals
who run a weekly podcast
have borrowed to the truth of the matter.
A plucky bunch.
A plucky bunch.
Rag tag.
Rag tag misfits.
That you could hire if you could find them
because they really can't be asked
to answer any of their emails.
So is Yahoo making a comeback then?
Is this where we're going with this?
So from 97 back to 2023, they're back, baby.
We're back, baby.
As LL Cool J would say, don't call it a comeback.
Come back.