The Host Unknown Podcast - Episode 169 - The Hat Trick Episode
Episode Date: September 29, 2023This week in InfoSec (08:45)With content liberated from the “today in infosec” twitter account and further afield25th September 1986: "The Hacker Manifesto" was published by The Mentor (Loyd Blank...enship) in issue 7 of the hacker zine Phrack. It was originally titled "The Conscience of a Hacker". Phrack #7https://twitter.com/todayininfosec/status/1706364950623515017 26th September 1988: Time Magazine published the article "Technology: Invasion of the Data Snatchers - A 'virus' epidemic strikes terror in the computer world". The 9 page article is an interesting glimpse into the state of malware risk, response, and fears 35 years ago.Technology: Invasion of the Data Snatchershttps://twitter.com/todayininfosec/status/1706690706863952278 Rant of the Week (13:54) After failing at privacy, again, Google is working to keep Bard chats out of SearchGoogle's Bard chatbot is currently being re-educated to better understand privacy.In July, Bard gained the ability to share conversations with other people using a unique public link. Unfortunately, Google Search has indexed those shared links, making them more widely available and discoverable than Bard patrons might expect.[Open the story and read from there - it’s much easier 🙂]At least such oversights don't happen all that often at Google, which has a 33-page privacy policy [PDF] detailing how much the company values user privacy. Apart from an $100 million biometric privacy settlement with Illinois in April 2022, an $85 million location data settlement with Arizona in October 2022, a $391.5 million privacy settlement in November 2022 with a 40-state coalition of Attorneys General, and $29.5 million to settle location tracking claims in Indiana and Washington DC, you have to back all the way to 2019 – when the FTC settled with Google and YouTube for gathering kids info without consent – to find substantive privacy issues at the 25-year-old search advertising biz.Frankly, the presence of Bard chats in Google Search barely rates on a list of text ads giant's greatest privacy misses, which includes Street View cars collecting sensitive data from Wi-Fi networks and combining its ad data with Google user's personal data. Billy Big Balls of the Week (22:46)China's national security minister rates fake news among most pressing cyber threatsThis story in a meme:Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet – both in terms of attacks and the dissemination of fake news.The new article reiterates Xi Jinping's thoughts on network and cyber power, which boil down to a recognition of the internet's central role in almost all aspects of modern life and the subsequent need for security and governance.In China governance includes restrictions on free speech and detection and deletion of information felt to be incorrect. Or as minister Chen put it, after machine translation: "The internet has increasingly become the source, conductor, and amplifier of various risks. A small incident can become a whirlpool of public opinion. Some rumours can easily turn a 'storm in a teacup' into a 'tornado' in real society."Chen's article rates "increasingly fierce competition between great powers in cyberspace" as the most significant competitive threat China faces in the digital domain. He accused rivals of using "so-called 'risk removal' as an excuse and using ideology as a standard to create technology 'small circles' such as 'Clean Network' and 'Chip Alliance,' and even expanded the use of policy tools such as export controls, security reviews, and restricted exchanges."The minister argues such initiatives are motivated by other nations' desire to cement technology leadership positions and build monopolies, rather than genuine concerns. Industry News (30:07)UK-US Confirm Agreement for Personal Data TransfersUS Government IT Staffer Arrested on Espionage ChargesHalf of Cyber-Attacks Go UnreportedNCSC Launches Cyber Incident Exercise SchemeAttacks on European Financial Services Double in a YearRegulator Warns Breaches Can Cost LivesUS and Japan Warn of Chinese Router AttacksUS Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-AttacksBooking.com Customers Targeted in Major Phishing Campaign Tweet of the Week (37:51)https://twitter.com/SoVeryBritish/status/1707463344016306453 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Yeah, but it's just not my fault it doesn't take me as long to get back.
Yeah, if you'd spent half a million or more on a house, then you two could get home in half an hour.
Yeah, you guys were back from dinner like half an hour later. It took me until midnight, like the day later almost.
Train's delayed. And there's you all first classing it up on your way home, Andy.
Yeah, well, it's just how I roll. Did you have a first classing it up on your way home, Andy. Yeah, well, it's just how I roll.
Did you have a first class ticket?
No.
Darling, there's nothing more lower class than sitting in first class without a first
class ticket.
You're listening to the Host Unknown Podcast.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome, welcome one and all, welcome dear listener to episode 100.
173.
And 69 of the Host Unknown podcast.
Yes, very good to see you two gentlemen earlier this week.
We were both, or both, no, we were at both conferences.
All three of us were at a conference in London, and we actually ended up having dinner together.
It was quite a surprise.
Do you know what was funny was when you actually asked
if anyone was going to be in London that day, um i just registered for the conference like the day before
yeah because i didn't know whether i'd be free enough to get out or not so
yeah i left it to the very last minute to register very good and what a great conference it was not
the one jav went to but you know the one we went to yeah no it was actually quite good there were quite a few
good um good bars of chocolate to be had yeah is it tanium it was tanium yeah tanium we commend
you for your chocolate it was not bad at all and the golden ticket which i'm thinking i was
inside it turns out every bar of chocolate i had had a golden ticket yeah that's right i'm
guessing it's uh open it and pop it in pop it in for the whatever win a bigger bar of chocolate
uh no chocolate factory see the tanium umpalumpas i did actually um so after the talk about whatever
you do don't scan unknown qr codes yada yada yada qr code attacks on the rise i scanned the qr code
that was in my golden ticket
and all of them uh so it takes you to a competition page where you submit your details and you can
potentially win a delorean
a real one oh sorry is it lego one what other ones are there now it's not there is only one type of delorean tom yeah what a real
one yes i did i completely missed the part about it being lego man i just gave my details to tanium
for nothing nothing to the future uh lego um delorean i think wasn't it? I just saw the word DeLorean.
They're going to be re-releasing the DeLorean.
Well, I thought I'd be winning one, but clearly not.
With your four tickets and zero budget for Tanium.
Exactly.
We know how these things work.
Yes.
Oh, the cynicism is strong this morning.
It is.
It is.
And Jav, Jav, how are you?
How was your conference?
My conference was very good, actually.
Surprisingly very good.
So I was at the Gartner conference this week.
And, you know, every year normally I get one of those theater rooms like well it's not even a
room it's just in the corner off the the vendor cupboard no it's it's just like an open area on
the corner of the um exhibitor hall where they put a bunch of chairs and sometimes they give
headphones to the people who are uh i know what you mean yeah yeah, yeah. Yeah, yeah. So it's like one of those.
But apparently there were so many people that signed up for my talk,
they put me in the main auditorium, which hosts like 1,500 people.
Wow.
Yeah. There weren't 1,500 people.
So it was just totally empty.
Yeah.
They were like handing out headphones for the people at the back.
To both of them.
No, there was about 400 people there,
maybe a bit more, I don't know.
Maybe it was the lure of a free DeLorean
that brought them in.
That was the title of my talk, surprisingly.
Win a free DeLorean.
Come see my talk and learn how to win a free DeLorean.
I saw pictures of it on LinkedIn.
I have to say, it looked very impressive.
There was a lot of people in there.
You were looking good, although very blue.
I nearly commented, who hired the Smurf?
Yes.
You're short.
You wear funny hats occasionally, you know.
Yes, yes. I was doing my best papa smurf impersonation with my blue suit on and uh with the back lights yeah the blue back lights it
literally you were completely blue you could have started a vegas band or you know i'd started a
vegas show with some drums yes Yes. So that was good.
That was good.
And then, yeah, we met up for dinner,
which was sort of like took the day down a notch or two.
Surprisingly okay.
But speaking of surprisingly okay, how are you doing, Andy?
We're getting good at these.
Yeah, not too bad.
I don't think we paid enough credit to the honesty that we had at dinner
because obviously they forgot to charge us for our meals.
They only charged us for our desserts.
And despite how bad the service was,
we actually waited like another 30 minutes
for them to come and correct the bill.
Even after she insisted that, you know,
oh no, it's already been paid for.
Are you sure?
Yeah.
No, we're like, no, please take our money.
We do not want this.
If it wasn't for the fact that the restaurant
is opposite your office and you go there quite regularly i think a different decision may have been made i thought i was incognito but
the guy recognized you he did yeah the man did sort of come and say yeah uh yeah i see you here
i was able to take a week's holiday after you came for lunch last time but no it is i mean despite the service it is normally pretty good food yeah yeah it's good
you know it's good although that hanging around it almost made me miss my train which was then
delayed by 30 minutes and then stopped in swindon for 30 minutes so apart from that
yeah so that just ruined your night even further.
It does.
I made up for it by eating two bars of the chocolate you very kindly gifted us.
But other than that, I think, you know,
did you do anything else exciting this week, Tom?
We have had, I think we're all caught up with each other.
I think we are.
That's the problem, isn't it?
Yeah.
We have to stop seeing each other and being friends
in order to make this podcast a success.
And by friends, you know,
I'm, you know, inverted commas.
Acquaintances.
Yeah, yeah, exactly.
Exactly.
But yeah, it's,
I'm trying to think what I've done.
I went out to the pub last night
with some friends,
which I haven't seen for about 15 months.
So that was quite nice.
Catching up. I asked this months, so that was quite nice, catching up.
I asked this guy, so, how's Teresa? Oh, no, we split
up two years ago. Oh!
What's up?
Good, good.
Glad to know we've got the
finger on the pulse of
our relationships.
How's the
job? Oh, got Major Dundon. Ah, right, brilliant. So, our relationships oh wow how's the job oh got made redundant oh right brilliant
so yes anyway talking of redundant things shall we see what we've got coming up for you this week
uh this week in infosec reminds us of the conscience of a hacker rent of the week of a hacker. Rent of the Week is a rare privacy snafu from Google.
Billy Big Balls has China asking,
are we the baddies?
Industry News brings the latest and greatest security news stories
from around the world.
And Tweets of the Week is something wonderfully British.
OK, let's move on to our favourite part of the show.
It's the part of the show that we like to call...
This week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane
with content liberated from the Today in InfoSec Twitter account
and further afield
and this week we are going further afield as our first story takes us back a mere 37 years from
the time before i was born to the 25th of september 1986 when the Hacker Manifesto was published by The Mentor, a.k.a. Lord Blankenship, in issue 7 of the Hackerzine Frack.
And it was originally titled The Conscience of a Hacker.
Now, the Hacker Manifesto is widely recognized and influential document that reflects the hacker ethic and mindset.
Obviously first published in 1986, it's since become a foundational text in hacker culture.
And in the late 90s, you would have found this on GeoCity's websites across the globe,
as it celebrates hacking as a pursuit of knowledge, freedom, and creativity. It emphasizes skepticism towards authority,
the importance of sharing information,
and a non-destructive approach to technology exploration.
And it was actually referenced many times in the 1995 movie Hackers.
Just an all-round great manifesto that has stood the test of time.
Just an all-round great manifesto that has stood the test of time.
Yeah.
We're really... Yeah, blown away by that one, Andy.
I thought we were going to do the one about the film
about Kevin Mitnick being released this week in Infosec in the US.
That would have been...
You can add it on as number three.
Oh, if only we could be asked.
Our second story takes us back a mere 35 years
where I still hadn't been born,
to the 26th of September 1988,
to the time magazine published the article
Technology Invasion of the Data Snatchers.
A virus epidemic strikes terror in the computer world.
And the nine page article is an interesting glimpse into the state of malware risk response
and fears of 35 years ago.
And nothing's really changed except that
nine-page article is now don't click shit well do you know it's actually worth reading because
it is quite detailed and like some of the sound bites that come out of it um you know this was
not a glitch at all but a deliberate act of sabotage uh The viruses we've seen so far are child's play.
We ain't seen nothing yet.
And then some.
So far, real disaster has been avoided.
No pension funds have had their records scrambled.
No air traffic control systems have ground to a halt.
Well, though, maybe they have.
Never again will computer buffs be able to accept a disk
or plug into a network without being suspicious and cautious that's very impressive very sage
word brilliant from 35 years ago this was that's very good um futurology right there i have to say
yeah definitely worth seeing.
I mean, it just goes to show nothing changes.
Yeah, and also new technology, whatever that technology is,
it's always going to be subverted to, you know, for good and bad.
Well, subverted for bad,
but there's always going to be a downside to any technology, right?
Yeah.
but there's always going to be a downside to any technology, right?
Yeah.
You get the basics right and you can avoid these issues all the time.
Yeah.
Yeah.
Sit in a sealed room.
Tom stating the bleeding obvious as always, but, you know,
thank you for that.
You heard it here first, folks. Any new technology can be subverted for bad.
Oh, something, something, something.
Insulting takedown.
Excellent.
Thank you very much, Andy.
People who prefer other security podcasts
are statistically more likely to eject USB devices safely.
For those who live life dangerously,
you're in good company
with the award-winning Host Unknown podcast.
But of course, as security professionals,
we would never advocate for plugging in devices,
unknown devices into our computers or networks.
True, true. Indeed. Right. Let's move on. This week's...
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
OK, so this week, it's all about Google Bard.
Google Bard is not Google not being allowed into a pub.
Google Bard is their version of an AI chatbot.
So same as Microsoft's, what is it, Copilot?
And I think, well, ChatG GPT and all that sort of stuff so Google very quickly got onto
it after Microsoft quite proudly announced that they were eating Google's lunch as I as previously
reported on the on this podcast so they've jumped on it obviously they've now got an AI chat bot
which allows you to what do everything you can do with chat GPT, type in stuff, get responses,
get it to write presentations that you then subsequently present to a packed house in
Gartner, in Docklands Excel, that sort of thing. So what they've also done, Google, as we know,
is the massive search engine. So you can imagine, Google likes to hoover up a lot of data. So
the theory being that Google's BARD is very, very good because it's got massive amounts of
data sets and all that sort of thing. In July, BARD gained the ability to share conversations
with other people using a unique public link. So what it meant was during a session, if you're
typing away and asking stuff, et cetera, you can invite other people.
They can join into the conversation, et cetera, all that sort of thing.
Unfortunately, in a classic case of left hand, right hand, Google search on the right hand then subsequently indexed all of those shared links,
making them totally available and discoverable than they were
originally intentioned to be. So when you share a Google bar link, it's like sharing a YouTube
private video. As long as you have the link, you can access it. But that link is not indexed in
any way, shape or form. It's extremely unlikely you'll be able to work it out
because it's randomly generated etc uh google search uh basically uh indexed it made it available
so indexed it looked at the contents there and indexed it so that bottom line was if you were
having in inverted commas a private conversation uh trying to you know chat with a bard to, I don't know,
do something nefarious maybe or just something very private.
It was actually then just indexed and made available everywhere.
So Google Bard is not particularly privacy aware, which is a problem.
So Google just being Google, really well index all the things make it available
to people that ask for it yep exactly which is you know it's kind of ironic given that they have a
33 page privacy policy uh link in the show 33 pay i mean come on yeah, if you've got a 33 page privacy policy, you are hiding stuff.
You are doing stuff that is shady.
Because it's caveats and carve outs.
Yeah.
That's all it is.
But what it does basically is detail how much the company values user privacy.
Apart from, of course, the $100 million biometric privacy settlement with Illinois in April 2022,
the $85 million location data settlement with Arizona in October 2022,
a $391.5 million privacy settlement in November 2022
with a 40-state coalition of attorney generals,
and a $29.5 million settlement to settle location tracking claims in Indiana and Washington, D.C.
They go all the way back to 2019 when the FTC settled with Google and YouTube for gathering kids' information without consent.
So obviously, you know, they had to add another sort of three or four pages
over the last few years to make sure that they knew, we knew what we're doing. So it's,
this could easily go down a AI is bad, it's evil, we need to manage it, blah, blah, blah.
How about we just stop being dicks with people's data, you know, for a start? How about we just
maybe simplify that privacy policy to a couple
of pages which basically says we're not going to share your stuff without your prior without your
buying or consent you know without your opting in without your active and enthusiastic consent
um it's that's basically what they say in their 33-page privacy policy. But they also, but, except when.
As soon as you click this URL, you are agreeing.
Yeah.
If you, at the moment you type the G of Google,
you have agreed to these terms and conditions.
So it's just, it's not great.
And we know this about Google, but I think Google's barred in the AI thing.
It's been such an explosion.
I think at the conference on Tuesday,
the good one that Andy and I went to, not the other one,
they were talking about this year being a bit of an inflection point
for AI and actually things changing, blah, blah, blah.
Obviously, people were trying to make soundbites for people to listen to.
But nonetheless, there's been so much coverage and so much change,
and it's been a massive change.
AI is going to have a huge impact.
And so it really is down to companies like Google
to not screw it up in such a fundamental way as they have done up till now
and stop playing fast and loose with people's data.
So Google, who's in charge of Google now?
I lose track.
Some Indian guy.
I'm glad you said that.
Yeah.
No, it's the same for a lot of these companies now, isn't it?
Other than Tim Apple. Tim Apple. What about Facebook or Meta? no it's the same for a lot of these companies now isn't it like other than other than tim apple
what about facebook or meta that's no that's got a lizard yes yes anyway no you know what it's it's
like you said uh tom earlier it's almost foreshadowing everything any new technology
can be misused or for for nefarious purposes or what have you.
It was a Chekhov's gun that I pulled on you there.
And this is like the old Google dorking by Johnny Long, was it?
Was it 10, 15 years ago, 20 years ago, where he's like –
I don't think his website's still active,
but he had the whole Google dorking stuff going on,
which is like, this is how you type in this particular search,
and this is how you find stuff that people think is not indexed,
but it actually is indexed.
Because the way Google just indexes everything.
Everything, yeah.
It's like Google hacking, you know.
Yeah, yeah, exactly.
So this is just another example.
Any link that you make public, the problem is going to be indexed.
Is going to be indexed, exactly.
Or you can assume will be indexed.
And I'm not surprisingly disagreeing with anything you say here. I mean, but you know, that's such a shocking list of fines and penalties and violations.
And yet people like you have the audacity to say that TikTok's a problem.
I don't say TikTok's a problem.
I do say that they, you know, fuckers kicked me off without any good reason, without telling me why.
I still think it's because I followed you, you jab it happened literally 20 minutes after i followed you
i told you that algorithm knows you better than you know yourself yeah tiktok just i trust it
it's like minority report you know it was probably saving me from myself in fairness. It was an intervention.
Yeah, very good.
Right.
Thank you.
Well, thank me.
No, that was this week's Rant of the Week.
If good security content
were bottled like ketchup,
this podcast would be
the watery juice
which comes out when you don't shake properly.
In a niche of our own, you're listening to the award-winning Host Unknown podcast.
Indeed. Right, Jav, over to you. Let's see if I can agree with you on this one as well.
Make it, I don't know, a hat trick? Something like that.
Why is it called a hat trick?
It's three of something.
How many hats do you wear at any given time?
Maybe that's the trick, you're wearing three hats.
I don't know.
Exactly.
I'm fascinated by the origination of hat trick.
Anyway, back on to Billy Big Balls.
Okay, so today's Billy Big Balls comes courtesy of China.
Yay.
So the Chinese Minister for National Security, Chen Yixin,
and I've probably butchered his surname,
has penned an article rating the digital risks his country faces
and rated network security incidents as the most realistic source of harm
to the Chinternet.
Surely that's racist.
Come on.
I don't know.
It's one step away from chinktanet.
Come on.
Chintanet.
Both in terms.
Chinese internet.
Yeah.
Both in terms of attacks and the dissemination of fake news.
Right.
Yes, exactly, which is really, really timely
because the Wall Street Journal just yesterday dropped an article
saying China is investing billions in global disinformation campaign,
U.S. says.
is investing billions in global disinformation campaign, US says.
So Chen's article rates increasingly fierce competition between great powers in hyperspace
as the most significant competitive threat China faces in the digital domain.
He accused rivals of using so-called risk removal as an excuse and using ideology as a
standard to create technology small circles such as Clean Network and Chip Alliance and even
expanded the use of policy tools such as export control, security reviews and restricted exchanges.
So basically security, if you're worried about security and you don't want someone stealing
your ip and you're saying like we're going to put these controls in place or you're going to ban
like some huawei um kit from your government things and all of that is bad apparently according
to the chinese uh which i think again they're being picked on for no reason
right it's no reason whatsoever i mean it's not like they they ban you know their officials aren't
allowed to use apple products or something they have to use huawei and like it's just such a pot kettle blatant uh pot calling the kettle black but it's um done with such
conviction that you cannot just help but admire the cognitive dissonance is rattling in their
heads this is almost as entertaining as a chael Sonnen press conference.
It's just so good.
Oh, I'm sorry?
Chael Sonnen?
Who's that?
He's a retired UFC fighter.
Oh, sorry.
So he grew up on the mean streets
of Portland, West Oregon.
Never lost a round
in his life. And he retired undefeated, undoubtedly the
greatest fighter ever to set foot in the octagon. Or I'd say like, this is almost as, and Andy
shared this with me, Hulk Hogan once claimed he fought 400 times in one year. And they were like, how did you manage that?
And he claimed because he was flying between the US and Japan so much,
the time difference allowed him 400 days in that year.
And he was able to fight 400 times.
Surely coming back, he lost. What? No, he went the other way around to get back
hulk hogan is actually four years older than his his actual birthday yeah
wow yeah so anyway back to the story. The minister argues such initiatives are motivated
by other nations' desire to cement technology leadership positions
and build monopolies rather than genuine concerns.
This is definitely the Michinil and Webb sketch
of the Nazis questioning, are we the baddies?
To be fair, I do think China are onto something here.
Like, they do get a bad rap.
They do.
For what?
For spreading disinformation?
Well, they're accused of everything.
Well, yeah, are they though?
Like, who's telling us they're spreading disinformation?
Exactly.
US government, British government,
who have got absolutely no record whatsoever
of gaslighting nations and spreading misinformation themselves.
It's probably a normal amount of disinformation
for a country of its size compared to everybody else, right?
Yeah, I mean, are they doing anything different
to the rest of the world?
That's very true. That is true.
It's all about the marketing, right? Yeah because in theory you know we've got freedom of in freedom of information requests
and transparency and all that sort of thing and uh you know as i have found out in trying to
submit my police report for my son's stolen phone from many weeks ago as you may recall
my police report for my son's stolen phone from many weeks ago,
as you may recall, many months ago even,
we won't give out any information about stuff.
I cannot get a police report.
It's simple as that.
It's bizarre, utterly bizarre, about a crime that affected me and my son.
So we have this veil of transparency.
At least China don't pretend to have a veil of transparency.
Anyway.
That was that.
Thank you.
Thank you, Jav.
And yeah, I agree.
Billy Big Balls of the Week.
30% nostalgic.
30% ranty.
30% ballsy.
And 30% terrible at maths.
You're listening to the award-winning
Post Unknown Podcast.
So Andy, I think we might need to introduce a few international flights to Japan
in order for us to get this podcast finished before our work on gas.
Absolutely.
So, you know, because, well, actually, I don't even know what time it is.
Andy, what time is it?
It is that time of the show.
We head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry news.
UK-US confirm agreements for personal data transfers.
Industry news.
US government IT staff are arrested on espionage charges.
Industry news.
Half of cyber attacks go unreported.
Industry news.
NCSC launches cyber incident exercise scheme.
Industry news.
Attacks on European financial services double in a year.
Industry news.
Regulator warns breaches can cost lives. Industry news. Regulator warns breaches can cost lives.
Industry news.
US and Japan
warn of Chinese
router attacks.
Router attacks?
Industry news.
US lawmaker.
Government shutdown
will leave Americans
exposed to cyber attacks.
Industry news.
Booking.com customers
targeted in major phishing campaign. Industry news. And that was this week's...
Huge if true.
Huge if true.
Sorry, huge if true.
What have we got here?
Ooh. what we got here often the the uk us confirm agreement for personal data transfers so this is the
failed um was it privacy shield that we used to have and then we had the next one
safe harbor privacy yeah all of that so this is my attempt number three well no no well wasn't it originally
between the eu and the us and now since we've left that we can go off and do our own thing so
we'll just put it oh yeah which is whatever shit was in place before that was ineffective and just
yeah exactly exactly it's ultimately um as ineffective as as the previous ones. Yeah, yeah.
Although it beggars belief that something that goes in,
you know, like safe harbour and say,
oh, no, this doesn't work.
It's going to be illegal if we do this.
Okay, let's put the Privacy Act in.
Two years later, oh, no, this doesn't work.
Yeah, to be fair, this does, this is an extension of what the EU and US have been working on.
So we did copy their homework.
And I know this is already going to be challenged anyway.
The guy who challenged the previous ones and proved that they're inadequate
has already said that there's gaps in this one that he's going to challenge.
So basically the UK went to EU and said, can we have a copy of that?
Yeah, exactly.
Just for reference.
Yeah, they fed it into chat GBT.
Yeah, they moved a few words around.
Yeah.
Rewrite this.
Yeah.
I like this headline, half of cyber attacks go unreported,
the other half just don't get noticed at all, I suppose.
That's the rest of the story.
How do they know they don't go reported?
I only know read the headings.
That's a very, very broad statement. How do they know it's half?
Who's saying actually we had one, we just didn't report it.
And is that a true representative of the sample? It's according to what you don't know.
Exactly.
It's according to a new global survey conducted by Keeper Security.
The study, Cybersecurity Disaster Survey Incident Reporting
and Disclosure, was published on December 26, 2023.
Just rolls off the tongue, rolls off the tongue.
It doesn't say in the article what the sample size was,
but I assume they, oh, the survey is conducted
on 400 IT and security leaders.
Okay, 200 of them said, no, we don't report stuff.
Yeah.
And the other 200 said, no, we've never been hacked.
Yeah. Probably. yeah and the other 200 said no we've never been hacked yeah probably uh i like this one regulator warns breaches can cost lives and uh the uk's privacy
regulator has warned organizations handling the personally identifiable information of domestic abuse victims
that data breaches could put lives at risk.
Yes, very true.
I don't think anyone disagrees with that.
No.
So I think then it needs to be caveated, like, you know,
data breaches relating to specific individuals or scenarios.
In some cases.
But then again, that doesn't make a particularly snappy headline.
No.
But I guess what it's trying to do is actually underline
there is a reason why we take this shit seriously.
Yes, yes.
It's not just a bit of credit card data
that you just get your money back off your credit card company
or order a new card or whatever.
There can be some very significant implications.
Indeed.
What else have we got?
Chinese router attacks.
Fake news, fake news.
The network guys forgot to patch their stuff.
And so they're like, China.
Oh, they should have just done what?
Who was it?
Not Barracuda.
Well, they said, oh, just send it back.
Yeah, just throw it away and buy a new one.
Yeah, exactly.
So not related to the stories that were on screen,
but I will say anyway, just to circle off.
It may surprise you to know that the term hat trick actually originated in cricket, British cricket.
A bowler who retired three batsmen with three consecutive balls was entitled to a new hat at the expense of the club to commemorate this feat.
to commemorate this feat.
Oh, I love that.
And then over time, the phase obviously broadened to include a string of three important successes
or achievements in any field.
That's the highlight piece of information of the entire show,
as far as I'm concerned.
Absolutely. I'm sure listeners will agree.
Let's hear first, folks.
Good luck.
So it's basically been sort of diluted massively if you just get
three goals not three goals immediately like kickoff goal kickoff goal kickoff goal by the
same person it's you know within a match it's three goals by the same person yeah that's kind
of how it works yeah it's it's very unlike cricket where you just kick off and you just score a goal.
You have one kick. Yeah, exactly.
Take it back to the centre and then you have another kick.
Yeah, exactly. Yeah.
But in cricket, you can't get the perfect hat trick like you can in football, which is left foot, right foot header.
Ooh. Well, you could do you could do left hand, right hand. I don't know about the header. Ooh. Well, you could do left hand, right hand.
I don't know about the header.
You could do like caught, bowled and run out.
Oh, look at that.
Wow.
All right.
Well, I think that's a high point on which to stop.
That was this week's...
Industry News.
We're not lazy when it comes to researching stories.
No.
We're just energy efficient.
Like and subscribe to the Host Unknown podcast
for more ESG-adjacent tips.
All right, Andy, why don't you take us home with this week's Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week comes from Very British Problems, who are so very British on Twitter.
I like this one because it is so true and so British. And for all the
international listeners who may hear these phrases, this is what it actually means.
Ways to say, I have no idea what you just said. And we would typically say, I see. Leave it with
me. Yes. Okay, great. Interesting. Right. Certainly. Say that again. Is that so? Blimey. So funny.
Absolutely. Can you put it in an email? Yeah, definitely something to think about. We'll see.
Or you just smile and nod. Oh, my God, I have now been exposed at work.
Yeah, this is...
I feel seen.
Blimey.
Oh, dear me.
Okay, great.
Definitely something to think about.
That's a little bit concerning, actually, isn't it?
Yeah, So Very British is very much on the ball with
a lot of their their comments they are very very good they're very very good like that t-shirt i've
got which was uh it's not quite what i had in mind translation what the bloody hell is this yeah yeah
yeah yeah excellent thank you andy it's late of the week and so uh blimey that's so funny
uh let's move on to um the end of the show now shall we um well jeff thank you very much for
uh well for agreeing with me and uh you know and you're welcome for me agreeing with you.
Okay.
And, Andy, thank you, sir.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our reddit channel worst episode ever r slash smashing security
you know the funny thing is i had the hat trick story pulled up to do in this post-credit scene
and then andy andy stole my thunder so now i've got nothing to talk about well do you know what was
uh funny i didn't tell you this on tuesday so you know tom was like chairing the the teeth events
yeah the other day he um well tom you're saying yeah because you were there so he left his uh
his little uh scribble pad before and before he went off on stage. He quickly went to go and grab a drink.
So I did what any sort of normal person is doing,
just like drew a big cock on his opening page
and then just played dumb waiting for him to see it.
Yeah, very good.
Very good.
The artistic quality was excellent.
Boy, thank you.
I don't know if you noticed uh andy
i also said at the the beginning of the closing session and now it's time for our favorite part
of the show yeah i absolutely got that inside jokes inside you guys nothing wrong with that no