The Host Unknown Podcast - Episode 171 - The Stitched Up Episode
Episode Date: October 13, 2023This week in InfoSec (09:48)With content liberated from the “today in infosec” twitter account and further afield8th October 2018: Google announced that it exposed the private info of hundreds o...f thousands of Google+ users between 2015 and 2018, only disclosing it 7 months after discovery because it was reported by The Wall Street Journal. Social network Google+ launched in 2011 and closed in 2019. Google hid major Google+ security flaw that exposed users’ personal informationhttps://twitter.com/todayininfosec/status/171115972855268566716th October 1983: FBI agents raided homes of "young electronics buffs known as 'hackers'" in 6 states as part of an investigation of unauthorized intrusions into scores of large commercial and DoD computers. These teens included Lord Flathead - real name Tom Anderson, future MySpace founder.https://twitter.com/todayininfosec/status/1712593589237076056 Rant of the Week (15:44)Everest cybercriminals offer corporate insiders cold, hard cash for remote accessThe Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.In a post at the top of its dark web victim blog, Everest said it will offer a "good percentage" of the profits generated from successful attacks to those who assist in its initial intrusion.The group also promised to offer partners "full transparency" regarding the nature of each operation, as well as confidentiality about their role in the attack.Everest is specifically looking for access to organizations based in the US, Canada, and Europe, and would accept remote access by a variety of means including TeamViewer, AnyDesk, and RDP. Billy Big Balls of the Week (22:23)Chinese citizens feel their government is doing a fine job with surveillanceChinese residents are generally comfortable with widespread use of surveillance technology, according to a year-long project conducted by the Australian Strategic Policy Institute (ASPI) and an unnamed non-government research partner.The project mainly investigated how state surveillance is conducted by Beijing and how the population of the People's Republic of China (PRC) perceives it. For the investigation, the researchers conducted media analysis, and an online survey of over 4,000 Chinese citizens.Most respondents ranked their trust in central government positively – at an average of 7.3 on a scale out of 10. Businesses received a 6.7 rating. When it came to surveillance – by video, audio or internet activity – roughly half said they were comfortable.As part of the project, ASPI provided a tool that could be considered quite subversive in China: an interactive website that provided access to uncensored non-Beijing information about deployed surveillance technologies and the agencies that run them. It consisted of five educational modules with quizzes at the end.The website content was shaped by the survey results and reached over 55,000 users over the course of four months. It covered facial recognition, Wi-Fi probes, DNA surveillance, database management and surveillance cameras. Industry News (28:08)AWS to Mandate Multi-Factor Authentication from 2024Blackbaud Settles Ransomware Breach Case For $49.5mDNA Tester 23andMe Hit By Credential Stuffing CampaignMGM Resorts Reveals Over $100M in Costs After Ransomware AttackAir Europa Asks Customers to Cancel Cards After BreachUS Smashes Annual Data Breach Record With Three Months LeftEuropean Police Hackathon Hunts Down TraffickersChinese APT ToddyCat Targets Asian Telecoms, GovernmentsCalifornia Enacts “Delete Act” For Data Privacy Tweet of the Week (36:01) https://twitter.com/ireteeh/status/1712408097170325968 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
It's 106 miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark and we're wearing sunglasses.
Hit it!
You know what? I'll tell you something before we hit record.
I was actually looking up like those...
...and stuff, and now I'm...
Right, um, Jeff?
Yeah?
There's a red dot on the screen.
For his own safety, son, can you just get...
Can you hit the intro?
No!
Oh, I didn't realise it was recorded.
Oh, Jesus Christ.
No, let's start with something else.
I thought we weren't...
That's a perfect intro. Like, you's start with something else. I thought we were... That's a perfect intro. You've got to do that.
Yeah, you'd think so, wouldn't you? But in the interest of fairness...
You're listening to the Host Unknown Podcast. Hello, hello, hello, good morning, good afternoon, good evening from wherever you're joining us.
And welcome, welcome one and all, welcome dear listeners to episode 100 and...
175!
71 of the Host Unknown podcast.
Jav, welcome! How are you doing, sir?
I see you're vaping away there.
How are you doing, sir?
I see you're vaping away there.
I have been stitched up by my two best acquaintances on this podcast.
I'm preparing to get cancelled, that's all.
Stitched up?
God, if you think you're going to get cancelled on what we put out on the actual show compared to what you said before...
I'm just going to stay quiet for the rest of the show i think oh nothing new there
then andy yeah hey you know at least he turned up this week well he did yeah you guys are like you
last week yeah uh no and you know what i i sent graham a um a bottle of whiskey because I understand he's in hospital
after putting his back out carrying you two for the last God knows how long.
Yeah, sounds about right.
Sounds about right.
He did do a lot of the heavy lifting, it has to be said.
It has to be said.
Anyway, Geoff, how's your week been?
It's been all right.
It's been quite a busy one.
It's October, Cybersecurity Awareness Month,
so I had about four webinars that I'd done this week,
and then yesterday I was an event for the whole day.
This is like the one month of a year you actually have to work, isn't it?
They sort of wheel you out for Cybersecurity Awareness Month,
and then you go back into hibernation on the end of October.
Like President Lincoln in the Hall of Presidents at Disneyland.
Yeah, exactly.
Yeah.
It's like gym memberships in January.
But no, that was all good.
Although, well, this morning i woke up and i found that
my wife um forgot to lock the car again last night she claimed she did she said oh maybe the little
one had the keys and unlocked it again or what have you so at about 3 a.m some some no good
person who was checking doors of cars found out unlocked right had a
had a good old rummage through took some of my snacks i'd hide it been hiding in there
i know i know there was like some good there was even like some of those um alien salt and
vinegar crisps they they're like really man oh space invaders space invaders 10p but
we're now about four pounds of that yeah yeah exactly exactly do you know what funny funny
story about the duchess lady about having cars broken into when back in the sort of 80s we all
had tape decks right and tapes in the car and where we were living not great lots of car break-ins
and stuff so she had her car broken into like four times
and the contents of the car removed
and the cassette player and all that sort of stuff.
Each time they left one cassette behind
and it was always the same one.
It was Queen, A Day At The Races.
Obviously no taste whatsoever by these criminal masterminds but four times it happened
and four times the same cassette was left behind wow it's because they probably had it so many
times already from all the other cars they'd done it was such a common uh album to have yeah
everyone had it but uh did they even take a Barry Manilow tape? Oh, yeah, of course.
Wow.
Absolutely.
Anyway, talking of Barry Manilow and the language of love, Andy, how are you doing? At the Copa.
Copa Cubana.
All good.
Yeah, I am absolutely shattered.
So last week, a very busy week before flying off for my cousin's 50th birthday,
and it was just complete.
Well, in fact, not the cousin whose birthday it was,
but her brother, who is very similar age to me.
Apparently, we look similar.
I don't see it myself. He doesn't see it.
However, he had a hair transplant since I last saw him.
No. This time last year he
went to turkey and he spent two thousand euros and he's very happy with it and it actually looks
pretty good and i was like you know what damn that is actually a decent job that was done so if
there's anybody out there who's willing to sponsor a host unknown hair transplant yes absolutely i
would do it yeah if someone if someone can spot me
you know 2000 well plus i need a flight plus a flight yeah so maybe three grand say just to
cover expenses you know from the airport yeah snacks yeah you know yeah and maybe maybe four
grand because you need some spending money while you're out there right yeah exactly exactly well
i might as well get my teeth done, right? Yeah.
Yeah, but if you get your hair and teeth done,
they won't let you back in the country because you'll look nothing like your passport.
Is that too obvious when you get them done at the same time?
Yes.
Just messes up all your biometrics.
So how much of your back hair would be put onto your head?
Well, I didn't get into too much detail
because I was actually tugging
his hair as well to see whether it's like brittle or actually uh but do you know what is weird is
that it's well his hair has actually gone gray and his hair went gray you know pretty much long
before mine did um but it actually looks natural like i'm really surprised at how natural it looks
it's got a lot better apparently
apparently i mean obviously you and i do not partake in this and no why would i deliberately
shave my hair it's not like i can't grow a full head if i don't well i mean a full head of hair
around the sides yeah well the fire tuck is the in It is. That's what I'd go for. All the 20-year-olds are doing it.
Yeah, exactly.
And I understand 2024 is the year of Terry Nutkins.
So you could still keep it on brand.
Oh, so that's the Friar Tuck plus mullet.
Yes.
Yes.
Yes.
Very good.
Well, you know, with the way the weather's going,
you're going to need something to keep your neck warm
Yeah, exactly
But talking of neck warmers, how was your week done?
Neck warmers?
I have no idea what that means
I should have said neck beard, shouldn't I?
Yeah, your neck beard
Yeah, that would have worked better
Very good, very good
Busy time at work, obviously
But the highlight was going up to Liverpool
believe it or not
last weekend
I don't believe it
no exactly
but it was for
a horror film festival
to show a film
that my son
oh I can believe that part
yeah
do they just call it
a film festival up there
the southerners
call it a horror film festival
it was really
it was really good
actually
one it was good to see
my son's short film
on a big screen anyway.
And visit your hubcaps that you lost.
Yeah, yeah.
See where my son's stolen mobile phone ended up.
Yeah.
But it was brilliant.
I tell you what, Sunday, 12.20pm, I yelped like a little puppy,
jumped about two inches off my seat
and let out a little bit of wee at one point in one of these films.
Oh, my God, so scary.
So, yeah, you'd think after a day and a half
of watching horror films solidly,
you'd be a little bit immune to it.
No, no.
Ding.
God, did this scare the crap out of me.
Was it one of
Jav's TikToks
appeared on your
free account?
No, we blocked
it from TikTok,
remember?
Yeah, exactly.
One of his
pay-per-view ones.
Yeah.
So just to clarify
though, that little
bit of wee coming
out, that had
nothing to do
with the horror
and the jokes.
No, no, no.
It was just the time. That jokes. No, no, no. That was just the normal thing.
It was just the time of day.
That's age of ages.
Yeah, exactly.
Anyway, talking about a little bit of wee coming out,
shall we see what we've got coming out for you this week?
This week in Infosec is a story about a friend to everyone.
Rant of the Week asks why nobody thought of this before.
Billy Big Balls is a mid-year 360ant of the Week asks why nobody thought of this before. Billy Big Balls is a
mid-year 360 review of the
Chinese government by its citizens.
Industry News brings you the latest
and greatest security news stories from around the world.
And Tweet of the Week focuses
on Cyber Security
Awareness Month. So it's right
up your alley there, Jav.
Right, shall we move on to our
favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today InfoSec Twitter account and further afield.
And our first story will take us back a mere five years to the 8th of October 2018,
when Google announced that it exposed the private information of hundreds of thousands
of Google Plus users between 2015 and 2018. So only disclosing it
seven months after discovery because it was reported in the Wall Street Journal.
So Google Plus obviously launched in 2011 and actually closed in 2019. But in 2018, when they
revealed that they'd exposed this personal information,
they included data like names, email addresses, occupations, genders, ages,
and all the information that was marked as private within the account.
And Google did the classic, there was no evidence to suggest that third-party developers were aware
or exploited the bug, but it failed to report the incident
due to concerns about regulatory scrutiny,
basically because Facebook had recently faced issues
about data mining with the Cambridge Analytica scandal.
So Google discovered this bug.
As excuses go, that's pretty terrible.
Someone else got into trouble for this,
so we're not going to disclose it.
Well, and you know what? I understand the logic. we're not going to disclose it well and you
know i understand the logic they're like oh shit did you see what happened over there yeah we don't
want to be paying those fines um but yeah so they they ended up closing um google plus um sort of
10 months after this uh you know in the 10 months after the disclosure of this breach um and
ultimately there's 500 000 people impacted you see the thing that makes the disclosure of this breach. And ultimately, there was 500,000 people impacted.
You see, the thing that makes me not believe this story
is the fact that there were hundreds of thousands of users on Google+.
Google+, was brilliant.
Am I thinking of the right thing?
What was the thing that was trying to be like,
you could create your own space on it?
Google+. Yeah, that was plus yeah that was a bit
crap it was google wave was crap google plus google wave where it's like email but if the
other person was online it would turn into an im no no no not that it's definitely google plus and
it was dreadful it was an awful it was dreadful it had a song and everything what is this google plus
is this your definition of a good service of a good product that if it has a song
it worked you know what if you can make a song about it it's got to be something good right
so says the tiktok generation indeed i'm surprised it actually was for 8 years it was running
I thought it was a lot less than that
I thought it was a lot longer every time I used it
So you guys are just Luddites
Luddites?
I had a page on there
and it was horrible
In 2018?
7 years after it launched
After the breach.
No, this was about 2013, something like that.
When I was in my nascent kind of internet famous part of my career.
Anyway, talking of...
I don't know, I've got no link for that.
Our second story will take us back a mere 40 years, long before I was born.
When the 16th of October 1983, when the FBI raided the homes of young electronics buffs known as hackers
in six states as part of an investigation of unauthorised intrusions into scores of
large commercial and DOD computers.
So an FBI spokesman in Detroit, a key city in the investigation, said the probe was not
a lark meant to merely frighten young electronics buffs known as hackers.
But their equipment was seized, wound up in six eight at the same time sources
said the investigation focused on offenses including illegal use of electronic message
services tapping of defense information and destruction of stored data but those teens
included lord flathead who was then a 13 year old-old at Escondido, California.
And obviously, we all know Lord Flathead under his real name of Tom Anderson.
Mr. Anderson.
Mr. Anderson.
Who just under 20 years after this event, 1st of August 2003, he launched MySpace.
What, when he was 33? When he was, he must have been. What, when he was 33?
When he was... He must have been.
What was he doing in all that time?
Well, maybe serving at His Majesty's pleasure or whatever.
Maybe keeping a low profile.
Yeah, maybe.
Trying to get enough paper round money to buy his computer back.
Yeah.
Very good, Andy. Thank you very much for...
This week in InfoServe.
People who prefer other security podcasts
are statistically more likely to eject USB devices safely.
For those who live life dangerously,
you're in good company with the award-winning
host unknown podcast there's got to be a better solution to having to eject a usb device i'm just
saying there's a market there's a niche niche for it anyway uh let's move on to something else I want to rant about. It's time for... Listen up!
Rant of the week.
It's time for mother f***ing rage.
So you may have heard of a criminal gang called Everest.
Not the folks who put double glazing in houses in the UK
when you want to fit the best Everest, as they say.
Although they are a criminal gang in their own right.
They fleece you, don't they?
They really fleece you. Anyway,
allegedly, if Everest
would like to sponsor the Host Unknown
podcast, please do just let us know.
We'll even drop a little
feather down by the window.
That's right. With a helicopter
outside. Yeah, that you can't hear because of double glazing. Because they cut the scent. little feather down by the window yeah that's right yeah with a helicopter outside yeah yeah
that you can't hear because of double glazing so good because they cut the scent um yeah but there
is a ransomware called uh everest and what they're doing is that they're stepping up their efforts
to get access to corporate networks uh and how might they be doing this well they're going directly to the
source they are making a business proposition to people from in from from
these companies
so what they are doing is they're approaching what they're calling potential partners,
which in itself is quite a loaded term,
and offering them full transparency regarding the nature of the operation that they're going to carry out, including confidentiality
about their possible role in the attack.
So bottom line is what they're doing is they're offering a cut of the share,
a cut of the money that they make once they have ransomware,
the company, if this person is there in, into the network.
So if they are willing to share their computer so they can gain access to it, etc.
This is fantastic.
Do you know what?
It's a business model that I am amazed has not been more formalised up till now.
It's basically a referral agreement.
That's brilliant.
I don't know why you're ranting about this.
This is actually a um
no my rant is that why hasn't anybody told us about this before
but that looks i love the everest is specifically looking for access to organizations based in the
us canada and europe you know i technically i guess the richest parts you know the of the
of the world there.
And people who would accept remote access by a variety of means,
including TeamViewer, AnyDesk and RDP.
So they've even got some, you know, like a little advert as well.
We monetize your corporate access.
This is brilliant.
Team looking for corporate access, Shell, VNC, blah, blah, blah, blah, blah.
A good percentage for partners, full transparency of work and confidentiality.
One, where is this advert being shown?
Is it down the side of Amazon when you visit there?
I don't know.
Or is it a job site or something?
It's got to be LinkedIn. Well exactly job opportunity you know if you put your available for work tag on your picture maybe
you you get some of these but just this this is a billy big balls as well I have to say but you know
I'm I'm you know well it is because we're siding on the side of the criminals here, really. What the hell? I'm amazed by this.
This is a threat vector that we'd never thought of, just that casual use.
We know about people being blackmailed or tricked or whatever,
but not willingly led down the path by a third party.
Somebody might decide to go and do it and offer the data up,
access data and then offer it up to someone just because they're annoyed
about their latest pay rise or whatever.
But to have this formal paid-for agreement in place, I think,
is a threat vector that probably almost every company
has not even considered before it's this is a really interesting one i i would struggle apart
from making sure you know that we treat people like human beings and pay them you know commensurate
value for their work etc what else could you do to to avoid this if somebody's
got a gambling problem this sounds like the perfect approach to it yeah yeah they were actually like a
couple of years ago so someone posted a screenshot there was an advert somewhere where like someone
had this picture of this like network device or something and they were like plug it into your
your corporate network and whatever and we'll give you 30 a month for it
ongoing or something like that and uh they were like yeah totally not suspicious at all is it
um but also you can do lease agreements as well so you either get you know like so this way you
need to weigh it up right you either take a percentage yeah or a fixed fee right or a recurring
fee depending on what you can absolutely absolutely but. But also, do you remember, like, a couple of years ago,
someone at Tesla was approached by a Russian alleged person
and said, like, plug this USB into your network
and, you know, we'll give you two million in crypto
and also you can tell us who you want blamed for it.
And we can like make make it appear as if they are the ones that plugged it in or something like that.
I see now that last part I didn't remember because that changes.
Now you're interested.
Now I'm interested.
If there's no accountability.
I wonder who it might be.
Now, can you negotiate
because I don't want crypto
I want NFTs
yeah
NFTs hold their value right
you know
exactly
I mean that 2 million in crypto
is 1.7 million anyway right
yeah
oh dear
anyway that was this week's
rant of the week
30% nostalgic That was this week's Rant of the Week.
30% nostalgic.
30% ranty.
30% ballsy.
And 30% terrible at maths. You're listening to the award-winning Post Unknown Podcast.
unknown podcast so um this doesn't feel as big as this last story now so
um but this is our good friends china and uh i think the they have conducted their surveillance of their citizens in the most biggest off-billy balls way possible.
Because it's, how does that saying go?
They'll tell you to go to hell and you'll thank them for it
or something like that.
It's a bit like that because Chinese residents were surveyed.
Over 55,000 users were surveyed over the course of four months
and they are generally comfortable
with the widespread use of surveillance technology.
And the project mainly investigated
how state surveillance is conducted by Beijing
and how the population of the People's Republic of China perceives it.
And most respondents ranked their trust in central government positively.
No.
An average of 7.3 on a scale of out of 10.
I'm columnist shocked.
So, you know, this is like proof that, you know,
Western democracy is not the only way forward.
You can keep people happy with other means and they lead good lives.
Do you know what?
Like if you surveyed a lot of Westerners, particularly in the UK,
I don't think our government would get, you know, a 7.3 out of 10 score.
But this is the Billy Big Ball's move we know allegedly
we know that China
is all over this
the Chinese government
the Communist Party
is all over this
they will move the needle
to make it look
to make it appear like
what they want it to be
no I will not accept that
but what I will say is
the Billy Big Ball's move is
they haven't done what they might do in Russia, for instance,
which is make it a 9.9.
They've made it a realistic figure.
They've made it a figure that you could kind of go,
but still above, as you say, Andy, the rest of the world.
Wow, you're so, so...
Such a distrust.
Yeah.
This is just...
I'm not buying this at all.
No, no.
You think this is an entirely unfiltered assessment?
It's a fear and, you know, unless you bring receipts to prove otherwise i'm standing i would
suggest you need to bring receipts to prove in the first place well we've got the scores
exactly are you like this with the employee survey results in the office like you know when
when when hr produces the annual employee survey
results so you're like no bring me the receipts and they're like no look here's the scores not
far off i mean come on there's always bias in these things anyway right you know the fact that
there's a soldier stood behind you as you're filling in the survey yeah looking over your
shoulder as the camera turns you hear it whirring as it turns
and looks at your paper
and you hear the
shutter sound of a photo being
taken
as it looks at your eyes
and the soldiers slowly nodding
or slowly shaking their head as you
move slightly up the scores each time
until they finally nod their head
yeah oh dear, objection you sort of move slightly up the scores each time until they finally knock their head. Yeah.
Oh, dear. Objection. Objection, Your Honour. Slander.
Wow. Still a Billy Bittles move, because I think, you know,
they're not making themselves out to be perfect.
They're making themselves out to just be better than everyone else.
I will just throw in, anecdotally,
a colleague did actually speak to another colleague in our China office,
and she originally came from the US,
and she did tell him that she has never felt safer anywhere
than she has done in China, living in China.
Really? Wow.
Yeah, and she absolutely loves it.
Yeah, but the main caveat is...
She did go from the US.
They've come from the US, yeah.
Yeah, OK, fair play. Yeah, yeah.
Fair enough.
I mean, the fact is, she won't be allowed out of China.
Anyway, Jav, thank you for this week's...
Billy Big Balls
of the Week
if good security content
were bottled like ketchup
this podcast
would be the watery juice
which comes out
when you don't shake properly
in a niche of our own
you're listening to the award-winning
Host Unknown podcast.
Desperately trying to think of a link here
related to time,
but, well, I've just run out of it.
So, Andy, what time is it?
It is that time of the show
where we head over to our news sources
over at the InfoSec PA Newswire
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
AWS to mandate multi-factor authentication from 2024.
Industry News.
Blackboard settles ransomware breach case for $49.5 million. Industry News. Blackboard settles ransomware breach case for $49.5 million.
Industry News.
DNA tester 23andMe hit by credential stuffing campaign.
Industry News.
MGM Resorts reveals over $100 million in costs after ransomware attack.
Industry News.
Air Europa asked customers to cancel cards after breach.
US smashes annual data breach record with three months left.
European police hackathon hunts down traffickers.
Chinese APT Tollycat targets Asian telecoms and governments.
California enacts delete act for data privacy.
And that was this week's...
Wow.
Huge if true.
Huge if true.
I would just say that Air Europa, where they ask customers to cancel cards,
normally this stuff goes on and we take security seriously, yada, yada, yada.
No payment information was taken.
Yeah.
Yet here, this is an airline saying, look, right.
Okay, long story short.
They got everything.
They got your card number.
They got your CVV. They've got your CVV.
They've got your expiry date.
You need to cancel these cards.
Yeah, I mean, the CVV, they're not supposed to store anyway, are they?
No.
It'd be interesting to see exactly what data.
Mind you, I mean, many cards, no, actually everywhere needs a CVV now, doesn't it?
They do, but that's always the thing that you have
to enter you know every time there's no storage of that it's yeah so so either Air Europa have
completely screwed the pooch when it comes to PCI DSS or they're just in an abundance of caution
no they've absolutely screwed the pooch they said that those details have been compromised
does it include the cvv which we are obliged to not store yeah long card number cvv and expiry
date were recently compromised is what they've said from one of their systems i mean i don't
know much about pci dss it's not my bailiwick at all
even I know
you do not store the CVV
no
at all
I saw this
23andMe thing
I got an email from them
oh because you did it didn't you
I did yeah
so I got an email on Tuesday because I actually yeah uh to see yeah so i got an email on tuesday
because i actually checked whether i was impacted yeah so i got an email and it says we recently
learned that certain profile information which a customer creates and chooses to share with their
genetic relatives um was compromised yeah so they don't know where the source of the uh
yeah so they don't know where the source of the uh credentials were used in this attack but um you didn't give the attacker remote access to your dna before you
and you're now getting 30 percent of every yeah yeah i i got told that as long as i
include this with my spit yeah i. If I send my spit on a USB key,
then I can get a 5% discount.
Oh, brilliant.
It seemed like a good deal at the time.
Yeah, that's right.
I mean, hey, who wouldn't?
No, but it's...
You know, speaking of 23andMe,
there's a documentary on Netflix.
I think it's called Our Father or something like that.
And it's about like someone that done one of these ancestry tests and they found out they had like a number of siblings pop up.
Oh, OK. Was he a sperm donor or something?
Well, he was the doctor at the fertility clinic.
Oh, that's right. Yeah. Oh, and he was... Basically, he was the doctor at the fertility clinic. Oh, that's right, yes.
Oh, and he was...
Basically, he was topping up the samples.
Yeah, he was using his own donor.
So he ended up with like 27 kids in the same or whatever,
I can't remember, it was a large number,
all in the same town or whatever, all around there.
It was...
Wow.
Do you know what I did see, and it's not entirely related,
but it was about this sort of afterlife services, It was, wow. Do you know what I did see? And it's not entirely related,
but it was about this sort of afterlife services,
about how AI can generate your avatar and people can interact with it.
Oh, that came up a couple of years ago, didn't it?
Yeah, but yeah, there's this recent one I saw
earlier during the week where, you know,
this guy is, because you ask it questions,
like you answer questions like
when you're alive and you go through this stuff you're answering your voice and so some guy went
to see his dad and um you know sort of like there's some familiarity stuff like the dad looked a lot
younger than he was than you know than he remembered because it was all built on like the
good times um and he would say familiar things like call him by his nickname and stuff like that
and he felt like really good and then at one point he said you know if you remember what like janice used to always
say and he gave a saying and he was like well that's weird because my mum's not called janice
like you know and it's like this is nae eidrich turns out this guy had a second family
yeah and so like these you know this kid found out that he's now got other siblings after his
dad passed because of like you know this whole thing it's just interesting the way this stuff
gets mixed up wow there's there's a black mirror episode about exactly this oh is there oh i stopped
watching that because it was a bit it's basically it's happening in real life anyway yeah yeah it's
too depressing it's just it's just a preview of what you're going to see
in the next year or so.
It's the episode with
Domhnall Gleeson in it.
It's really good actually
and very slightly creepy.
It's typical.
What else have we got here?
Good to see America
smashing annual records, as always.
Yep.
USA, USA, USA.
Hopefully they can beat that next year by shaving another three months off.
Yeah, that's it.
We do everything bigger and better.
It's like those Robocop adverts, like, you know, the news adverts.
It's back because bigger is better than 2000 SUX.
Anything else?
MGM, 100 million.
I mean, I think they got off fairly lightly there.
Wasn't the ransom for like 20 million or something?
Yeah, I wouldn't surprise me.
Yeah, they did the maths all wrong on that one.
They did.
They did.
But did they retain their integrity?
I don't know.
What, a casino?
Yeah, exactly.
What integrity did they have to begin with?
All right, Grandad Blimey, listen to the moral police here.
Or morality police, not the moral police.
The moral police are the people who say,
no, that's not the moral of the story.
Right, OK, I think we've exhausted that one.
That was this week's...
Industry News.
The Host Unknown Podcast. was this week's industry news the host unknown podcast orally delivering the warm and fuzzy feeling you get when you pee yourself okay let's uh let andy take it home with this week's suite
of the week and we always play that one twice suite of the week and this week's Tweet of the Week. And we always play that one twice. Tweet of the Week.
And this week's Tweet of the Week
comes from Dr.
Akarely on X.
I was going to say
Twitter, but on X,
the platform formerly
known as Twitter.
And they have been
posting for the last,
well, ever since
Cybersecurity Awareness
Month started, a 30
day cybersecurity
challenge.
And they've gone and said that many years ago, I lost all the money in my bank account
because I clicked on a phishing link and entered my card details in the fake website.
I was a fresh graduate and didn't know there was anything called cybersecurity.
So what they've done, they've created a 30-day cybersecurity challenge.
And every day, they're posting the questions. So like day one,
why cyber security? And then you answer that. Day two, which team do you represent? Day three,
your current level, newbie, intermediate or expert. And it goes on until it gets a bit more
detailed to help people think. Like day eight, explain CIA triad in your own words.
Day eight, explain CIA triad in your own words.
Day 10, best practices to safeguarding your online privacy.
Day 11, have you ever been digitally attacked?
Share your experiences.
And it's just a good way to sort of, you know, it is that Cybersecurity Awareness Month. And to me, it's, you know, it's a good way to surface a lot of these conversations I
don't think happen nearly enough and uh you know people are ashamed of being you know becoming
victims in the past or they don't realize how this stuff can actually get anyone regardless
of how good you are so I do like it that is very good and having a calendar of events like this is always really useful.
But I'd add, not just for October,
Cybersecurity Month for Life, not just for October.
Exactly.
All you need to do, Jab, is come up with 365 of these.
Yeah, and I'm going to make it into my desktop calendar
where you peep, peep, tear it off every day like a post-it note.
There's a new cyber security
tip underneath. Trademarked host
unknown 2024.
Hey, there's an idea for Christmas.
Yeah.
Contribute to our Kickstarter.
I do like this. This is one of those sort of
nice stories. I'm not sure if it was
Dr. Akareli who actually created
this or is just promoting it.
Either way, very good.
My one thing is it does seem to sort of stray off the security side a little bit occasionally.
Like name the OSI model, list the TCP IP model and name some services. I really...
Just such a typical response from a quote unquote non-technical CISO. Someone that doesn't believe you need to understand network security.
Someone that doesn't believe you need to, you know,
understand how any coding works at all.
It's like, it's all policy.
It's all about hand-waving and risk.
This is aimed at just the technologists.
They're not...
No, there's a mixture of everything in this. There's a healthy mix
here, I think. So it's not relevant to everyone.
It's inclusive of everyone.
It is. It's not inclusive
of everyone. Of course it is. It is.
Day 13, isn't it?
That's inclusive of the technical people. Yeah.
Yes.
So it's inclusive of a subset
of people. Just because...
Rather than everybody. Just because despite working in security allegedly for like 35 years,
you don't know the OSI model or you don't know what port SSL...
Day 13 today, Tom. OSI model. Name it.
I absolutely know this because Google knows it.
I don't need to retain dull information like this.
This stuff is the basis of every...
I know it exists and I know where I can get the detail when I need it.
Do you know how I learned it?
Poor dear Nellie Trout, she's pissed again.
That's how I learned it.
Great, well done. I'm really proud of you. But really, do you really need to know that? it poor dear nelly trout she's pissed again yeah that's how i learned it you turn that right well
done i'm really proud of you but really do you really need to know that no i'm saying you need
it's a good conversation to have your brain has has has a finite amount of space in it it gets to
the point when you've learned as much as i have over all these years when one new thing goes in
an old thing needs to come out.
And so therefore, as long as you know where you can find...
It's like when you drank all that champagne and forgot how to drive.
Exactly.
Exactly.
But as long as you know where to find that data you've you've pushed out not a
problem still healthy still healthy to check and challenge and just it is yeah you can't
please some people it's like it's like can you imagine getting pulled over by a police officer
like for speeding or something and you're
like officer why have you pulled me over i don't know there's a law somewhere let me google it
and i'll let you know which law i pulled you over under because that's relevant to his daily job
an osi model is not relevant to any cso's daily job oh debatable debate oh come on
daily job oh debatable debate oh come on a see-saw is powerpoint and politics bad seesaws are powerpoint oh is that right is that right yes okay okay all right says mr i'm
only relevant one month a year no that wasn't me that was andy andy who bestowed that title
and honor upon me and i'm honored so there's that title and honour upon me. And I'm honoured.
So there's two people that agree about it then.
And I'm honoured that I am actually valuable for 30 days out of the year.
I'm honoured to be relevant for those 30 days.
Exactly.
Right, that was this week's Tweet of the Week.
And here we go we are at the end of the show after roundly
well turning on each other they're quite quite significant mexican standoff
oh dear brilliant jav thank you so much uh for your contributions and sorry for your uh
loss of your snacks earlier this morning that's
all right no worries uh you're welcome and andy thank you stay secure my friends stay secure
you've been listening to the host unknown podcast if you enjoyed what you heard comment and subscribe
if you hated it please leave your best insults on our reddit channel worst episode ever r slash smashing security So, Tom, did you ever spit on a USB?
It wasn't the USB that he put inside.
You're on mute Tom
Only in the privacy
of my own home