The Host Unknown Podcast - Episode 172 - The One Job Episode
Episode Date: October 28, 2023This week in InfoSec (07:11)With content liberated from the “today in infosec” twitter account and further afield26th October 2006: Christopher Soghoian created a website allowing visitors to ge...nerate fake airlines boarding passes. A congressman called for his arrest, his ISP shut down his site, the FBI raided his home, and then the same congressman said DHS should hire him. His career since? Notable.https://twitter.com/todayininfosec/status/171753096622947552324th October 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial. Today >95% of websites have enabled HTTPS and efforts like browser HTTPS-Only mode have largely eliminated the risk. A security industry success! https://twitter.com/todayininfosec/status/1716990537171918976 Rant of the Week (16:00)First Brexit, now X-it: Musk 'considering' pulling platform from EU over probeElon Musk is said to be toying with the idea of withdrawing access to X in the European Union rather than go to the effort of complying with the bloc's Digital Services Act.As The Register reported last week, His Muskiness had a rather public spat on the website with Thierry Breton, EU Commissioner for Internal Market, who was simply reminding social media platforms of their content moderation obligations under the law.This was particularly in light of renewed hostilities between Israel and Hamas, and the potential disinformation campaigns that had begun swirling online. Meta, TikTok, and YouTube were also sent letters."Free speech absolutist" Musk's response was sarcastic and juvenile, the kind of smack talk that would get a teen grounded. It would take a couple of days for the adult in the room, CEO Linda Yaccarino, to get a formal response written.However, by then the EU had indicated that X was now under investigation on account of its designation as Very Large Online Platform under the Digital Services Act, which means it has to follow rules regarding how it handles illegal content among many other things.Since Musk increasingly appears to see obeying the law as optional for him, it would be very unlike the X owner to actually do anything, and whispers out of the company seem to support this.That most watertight of sources, "a person familiar with the matter," told Insider that Musk "has discussed simply removing the app's availability in the region, or blocking users in the European Union from accessing it," much like how Meta's Threads declined to launch in the EU because it was unwilling and/or unable to meet the union's onerous data protection and privacy requirements.Twitter, which was once intensely moderated, has become a wild west of violence, misinformation, disinformation, racism, and hardcore pornography. Many of the website's rules judging what users can and can't post have been screwed up and tossed in the trash. Billy Big Balls of the Week (26:45)‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authoritiesUS and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitionersThousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:Repeated requests for prepayment followed by “anger or aggression when the request is denied”;Threats to release proprietary source codes if additional payments are not made;Using a freight forwarder’s address as the destination for a company laptop rather than a home address, and changing that address frequently;Evading in-person meetings or requests for drug tests;Changing payment methods or accounts on freelance-finder platforms;Having multiple online profiles for the same identity with different pictures, or online profiles with no picture.The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges. Conducting your own due diligence on workers suggested by recruiters is also recommended. Industry News (33:45)Okta Breached Via Stolen CredentialGenerative AI Can Save Phishers Two Days of WorkAI to Create Demand for Digital Trust Professionals, ISACA Survey FindsAWS: Security Not a Priority For a Third of SMBsHumans Need to Rethink Trust in the Wake of Generative AIUK Parliament Opens Inquiry into Cyber-ResilienceCISA Releases Cybersecurity Toolkit For HealthcareEuropol: Police Must Start Planning For Post-Quantum FutureUK IT Pros Express Concerns About C-Suite’s Generative AI Ambitions NADINE DORRIES: I Googled my name, and learnt all about Big Tech!https://www.dailymail.co.uk/debate/article-12663701/NADINE-DORRIES-Googled-learnt-Big-Tech.htmlhttps://twitter.com/AdamBienkov/status/1716735397802233947“Nadine Dorries, who until last year was in charge of digital regulation in the UK, says tech executives have “big dials” which they deliberately use to “nudge opinion ever leftwards” and suggests this was somehow hidden from her when she met them” Tweet of the Week (41:05)https://twitter.com/gcluley/status/1717433320823218640 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So I haven't had a chance to listen to last week's episode yet.
How did it go?
I don't know.
Graham, how was it?
I think it's my favourite episode ever.
I mean, brilliant.
Five stars.
I'm going to give it a review on Apple Podcasts.
One job.
One job, Jav and Andy.
One job.
And I've lost the button now. Hang on.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome, welcome one and all.
Welcome, dear listener.
Welcome.
I was going to say Jav and Andy then, but I don't know why.
Andy and Graham to episode 176.
72.
Or is it 73?
I don't know.
Because, I mean, missing a week.
Come on, missing a week.
You even had the show notes ready. And then you and Jav just fizzled out like a, I mean, missing a week. Come on, missing a week. You even had the show notes ready.
And then you and Jam just fizzled out like an excited teenager.
I was absolutely dead to the world.
There was no chance.
Could you not have got some AI to actually just read out the show notes?
See if any listeners actually noticed any difference. I was listening to yourself and Karol talked about that guy
that wrote podcasts using AI.
Oh, yes, yeah.
And I thought, you know what, he's on to something.
So it's going to save so much.
But, you know, I have tried to use AI to regenerate Tom's voice yes oh we did have some success didn't
you yeah that was actually Tom's best ever performance I thought yeah yes but no I have
tried using a bit more but I need him to um secretly read some paragraphs so I can get all
the wording right um but without him knowing that he's going to be phased out,
it might get a bit awkward.
I'll read them. That's fine.
I don't mind being phased out.
I mean, after last week's debacle.
I don't know.
Anyway, Graham, thank you so much for joining us again.
You certainly are the...
Come on, let's be honest.
This is Graham's show.
We're the guests here
exactly
you're the standing
of choice
it's a shame
we got the monkey
and not the organ grinder
because Carole
couldn't make it again
but
nonetheless
she has more of a
social life than me
well she's very busy
because
she's got another
podcast of her own
she now has
three podcasts
that she's running
that's just greedy just greedy I mean Jav can't even manage one and she's got another podcast of her own. She now has three podcasts that she's running.
That's just greedy.
I mean, Jav can't even manage one and she's got three.
Mind you, in fairness, we can barely manage one between the three of us.
But yes, and isn't it all about art or something?
Art Musings is the name of her podcast.
She hasn't paid me to promote it though,
so I don't know if I should,
but yes,
it's all about the Oxford art scene.
I'm sure there's a lot of,
if we looked at a Venn diagram,
I'm sure of host unknown listeners and people interested in art in Oxford,
then there's probably two very clear circles on the ends of the page.
That's right.
Anyway, great to be here.
Great to be back on the show.
And thank you once again,
Jab, for not showing up.
Yeah, for not being asked.
And Andy, I trust you are better
after the, well, the scare you had of having to host the show without me last week.
Well, absolutely.
No.
Oh, I'm sick.
I actually caught COVID for the first time.
What first time?
It was my first time, yeah.
And it took me out harder than I expected.
So I always wondered whether I was one of these asymptomatic people. You know, maybe I got it
in the early days without knowing.
But no, it was, yeah,
it's on par with man flu, if I'm honest.
Oh, wow, serious.
Very serious.
Well, I've had it three times now, and the last
time I had it, which was only a few weeks before
you, that was definitely the worst
of the three.
So, yeah.
Getting shots, people. for you that was definitely the worst of the three so yeah yeah absolutely shots people yeah so what was um where were you last week why were you not here i was uh photographing a wedding
again okay your side job in a nice little country house yeah yeah the side job that
earns me pennies and i work harder than I do in my day job so the CISO who also shoots yeah exactly
exactly but I for the first time I bumped into somebody at the wedding who I knew
in the wedding in the wedding guests uh except I didn't recognize him at all
so because it completely out of context um but yeah a recruiter who had placed me in the past.
Okay, well, it could have been from another type of extracurricular activity
that you partake in and sort of seeing someone in that format.
No, it wasn't, unfortunately.
The groom, you know, for example.
I'm surprised a recruiter wouldn't remember you quite distinctly, Tom, actually.
Oh, they remembered me. I didn't remember them.
Yeah, I'm thinking you probably pass by their desk quite often, don't you?
You're sort of on speed dial.
So it's been a couple of weeks. Here's Tom again.
That's a six-month cycle.
Six months?
He sends you a hamper every Christmas.
Exactly. Thanks for feeding my family.
Postcard from the Caribbean islands.
Thanks for staying the extra day so I get my money.
Ping me when you're ready to move.
Brackets again.
So, yeah, it was lovely lovely it was a lovely wedding actually
it was really good fun
everybody was so nice
sometimes at weddings you get
you're very much treated like the staff
but yeah everybody
it was a lovely wedding
it was lovely
very nice
right talking of unholy matrimonies it was a lovely wedding. It was lovely. Yes. Very nice. Very nice.
Right.
Talking of unholy matrimonies,
shall we see what we've got coming up for you this week?
This week in InfoSec is a story about a catalyst for change.
We're onto the week puts the exit in Brexit.
Oh, I like that one.
Billy Big Balls asks why no one thought of this before.
Industry News brings the latest and greatest Scootery stories from around the world.
And Tweet of the Week is something from quite close to home, actually.
So let's move on to our favourite part of the show.
It's the part of the show that we like to call quite
familiarly. This week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane
with content liberated from the Today in InfoSec Twitter account
and further afield.
And our first story shall take us back a mere 17 years
to the 26th of October 2006
when Christopher Sogholian created a website allowing visitors to generate fake airline
boarding passes. So Congress called for his arrest. His ISP shut down his site. The FBI raided his
home. And then the same congressman said that the Department of Homeland Security should hire him.
And his career since then has been quite notable. So I'm not even sure if I'm
pronouncing his surname correctly, because I've only ever read it. But Christopher Sarkodian
is a passionate advocate for digital privacy, a tireless defender of civil liberties in the
digital age. And so he's got a background in computer science, infosec, and he championed these causes as a key figure in the ACLU.
So the American Civil Liberties Union.
Does he also have a background in orange jumpsuits?
Yeah, he also cooks.
But he has challenged the US government's surveillance programs regularly,
US government's surveillance programs regularly, testifies before Congress,
influenced tech giants to prioritize user privacy as much as anyone can. But his work extends beyond advocacy. He's authored, researched, collaborated with developers,
and received many accolades for his groundbreaking contributions to the field.
And he is one of the leading voices in the fight for more private and digital security.
Yeah, he's a good guy, I think.
He works very closely with Senator Ron Wyden.
And although we slag off a lot of US politicians,
Ron Wyden appears to be really clued up, maybe because of Chris, I'm not sure.
But he's the guy who's
always writing the letters we really love to the tech giants and he seems to have his finger on
the pulse of what the problems can be with tech and online privacy so yeah well done yeah but
we're never going to see um that guy in power because no but the tech giants are too big and
they'll lobby and uh you know make sure that they keep him at arm's length.
Either you'll pronounce his name so badly
or I've not heard of this guy.
I've just not come across him.
It's only one of those names I've ever read,
so I would never know how to pronounce it, if I'm honest.
I saw him give a talk years ago at the the virus bulletin
conference all about um uh vulnerabilities being bought by state-sponsored agencies and yeah he
was he was saying look that you know if google and microsoft have zero day you know if they have a
vulnerability in their software they are never going to be able to outbid the u.s government or
indeed other governments as well.
So we're all screwed effectively
because state intelligence agencies
will always be able to pay more money to get these things
than the actual software vendors.
He's an interesting guy.
Or threaten more members of your family.
Yeah, right. Yeah.
More resource.
But our second story takes us back a mere 13 years to the 24th of October 2010,
when Eric Butler announced Firefox extension FireSheep, releasing their talk on making
HTTP session hijacking on open Wi-Fi trivial.
session hijacking on open Wi-Fi trivial.
And today, 95% of websites have enabled HTTPS,
and efforts like browser HTTPS only mode have largely eliminated the risk.
And this is one of those very rare, I think, security industry successes where a lot of good has come out of someone doing something.
So, yeah, released in 2010.
I think people called it a digital wake-up call.
It demonstrated the shocking vulnerability of unencrypted websites,
you know, the risks of using public Wi-Fi networks.
Lots of stories of people going into Starbucks at the time,
you know, hijacking Facebook sessions.
But, yeah, with a single click, FireSheet,
it could just hij Facebook sessions. But yeah, with a single click, FireSheep, it could just hijack
sessions. You know, it just showed you how easy it was for people that actually targeted you and,
you know, attackers actually deliberately attempted to access your private data.
But yeah, it led to widespread adoption of HTTPS. And some say it wasn't a malicious tool,
it was a catalyst for change
inspiring a more secure future that just sounds like a malicious tool with a marketing budget
well done without what the the heart bleed and pr-ness yeah like a big website yeah exactly
two things this one one i think we're going to be touching on this slightly later on in the show
um but but two whatever happened to firefox i mean i know it's still out there but it's
it's not as popular as it used to be i'm it's losing market share hand over fist
oh i use firefox yeah so it went through a rough patch certainly uh when it got really memory
heavy it started draining a lot of memory um but now it's funny enough it's the other way around It went through a rough patch. Certainly when it got really memory heavy,
it started draining a lot of memory.
But now it's funny enough, it's the other way around.
Chrome's actually quite the memory drain.
Oh, Chrome is dreadful. Yeah, but so many people use it.
Safari for the wind people.
Well, and Chrome is also written, you know,
it's coded by an advertising company.
I don't really know how many do I
want to use that. Exactly.
Exactly.
Yeah, I do use Firefox
for certain applications, but
yeah, it's
not
I'm not seeing it wildly
used or, sorry, widely
used at all.
I wonder, sorry, widely used at all. I wonder,
what do people use them in? Opera?
Or Edge? Or what's the
Brave? Edge is just
like the sheep in wolf's clothing, isn't it?
I mean, Edge is quite, at the end of the day.
No, Edge
has got Bing
Chat GPT is now built
into the Edge browser.
Fancy.
Yeah, it's got a little tab on it.
You can have a conversation with it.
Looks like you're trying to write a document.
Would you like some help?
Yeah, pretty much.
That takes me back.
Okay, so I just did a quick look.
So Chrome has 63% of the market share.
Safari is second place, 19%.
Edge has 5%.
Firefox has 3%.
Opera has 2.9%.
And in sixth place is Samsung Internet with 2.3%.
Huh.
Safari is surprisingly high,
but I guess that's because of iPhones, isn't it?
It's going to be that more than desktops.
Yeah, iPads, iPhones.
Because it stores all your passwords,
you just use it on your Mac.
And it just works.
Oh, here we go.
Well, except when you want to use certain things
and you have to download Chrome.
Oh, well, excellent.
Thank you very much, Andy, for this week's...
This week in InfoSec.
You're listening to the award-winning
Host Unknown podcast.
Officially more entertaining than Smashing Security.
What?
What?
Well, it was a couple of years ago.
That was actually labelled as number nine.
I had no idea what was behind that one.
Wow.
Come on our podcast, they say.
Our regular host has dropped out again. Can you do us a podcast, they say. Our regular host has dropped out again.
Can you do us a favour, they say.
And then we'll insult you on the show.
And by spreading lies and deceit.
Lies?
It was true.
It was true a couple of years ago.
At one point in time.
Can we look at the latest record, please, of what the most entertaining...
I can look at the awards I've got above me on the shelf
that are in my house, taking up my space.
Right, let's move on, shall we, to this week's...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
Okay, so European laws.
We know that European laws are quite strict when it comes to data privacy
and rights to that data and how it's controlled.
GDPR came out, which I think generally was a power for good.
controlled gdpr came out which i think generally was a power for good um you know it was it's it's meant that companies have generally had to behave when it comes to the handling of data and it also
clearly lays out what is required and uh ensures that the relevant um information commissioners
in each country are informed when something goes wrong, all that
sort of stuff. So it's all very, very good. Now, obviously, in the UK with Brexit, we've kind of
separated ourselves a little bit from that. But actually, on the whole, we're still,
you know, largely aligned with Europe, etc. So we can still be considered, if not a part of the European Union,
certainly aligned with their laws and rules and regulations.
So, and it pains me to say this name again,
but Elon Musk is set in response to the European Union's Digital Services Act coming into play.
He's said to be toying with the idea of withdrawing X, formerly known as Twitter, from Europe,
which, well, just beggars belief, actually. So he recently had a public spat on X with Thierry Breton, the EU commissioner for the internal market, who was simply reminding social media platforms of their content moderation obligations under the law.
content moderation obligations under the law. So, yeah, you'd go on a little, you know,
advertising and socialization campaign to make sure people knew what they were in for.
And Musk jumped right into it with him. This is, you know, Musk's response to him was calling Thierry Breton a free speech absolutist, which, according to the register, was both sarcastic and juvenile and the kind of smack talk that would get a team grounded,
which does kind of sum up Musk generally.
It would take a couple of days for the adult in the room,
CEO Linda Iaccarinoino to get a formal response written
links in the show notes um but by then the eu had indicated that x is now under investigation
on account of its uh designation as a very large online platform or a vlop love it under the
digital services act which means it has to follow
rules regarding how it handles illegal content um and you know the spreading of um yeah um sort of
false news etc etc um well it's well let's face it i mean musk musk just looks at life as and and
laws and regulations as just optional for him, generally speaking, right?
And the fact that his muskiness, to quote the Register, which I love, because it does.
I can't imagine Elon Musk smelling good.
Can you?
You know, certain people.
David Bowie apparently always smelt amazing,
allegedly using or apparently using Issey Miyake perfume.
You know, certain people out there you know are going to be very fragrant.
Musk is not one of those people.
He's going to smell a four-day old clues in the name yeah exactly
well clues in the person come on um so anyway that's that's not the focus of the rant
so this is like so to be fair well no not to be fair not to be he is looking to see
so remember threads when threads first came out, 100 million downloads in its first week or whatever.
I think lots of us jumped on it and then haven't been back since.
So Threads wasn't available in the EU when it first launched, was it?
Because it couldn't comply with the Digital Market Act.
That's right, yeah.
But the UK is like, yeah, well, okay,
we'll align with it maybe further down the line.
We're on the fringes, yeah.
Another Brexit benefit.
Exactly.
Another wonder of Brexit that we were able to get Mark Zuckerberg's threads.
Fantastic.
Exactly.
But is this not a good thing?
So the EU actually has that power to say, look, if you want to launch this app,
we know it's not going to protect personal data properly. Therefore, you will be fined
from day one. And so that was enough to put off
meta, who do have deep pockets and can afford to fight this sort of stuff.
And who've also been known to consider the law as somewhat optional, right?
Yeah, they play fast and loose with interpretations of
processing of personal data. And yeah, they play fast and loose with interpretations of processing of personal data.
But yeah, so Musk is seen. You know, I guess Facebook get away with it or Meta get away with it.
And they're like, well, we're not doing anything different. So.
Yeah, but they didn't get away with it, did they?
Facebook decided not to release it in the EU based upon the EU's interpretation.
When you're worse than Facebook,
when your stats is below Facebook,
you've got to reconsider your life view, right?
It's a strange upside-down world where we're viewing Mark Zuckerberg
as the saviour of the Twitter dumpster fire.
I'd never consider him a higher standard, let me put it that way.
Right? I mean, jeez.
And it's also, you know,
because he's not allowed to play as striker in the park
where he's got jumpers for goalposts and he owns the ball,
he's deciding to pick the ball up and go home.
Oh, but is he really though?
Because Elon Musk is effective.
He's like a nine-year-old kid, isn't he?
I mean, he's just a child with a vast amount of money.
And just look at what he tweets.
It's so juvenile.
I think this is just another, well, I'll do this.
But will he actually do it?
I don't know.
No, I'm sure he won't.
I'm sure he won't.
I think it's an empty threat.
He's not going to miss out on that five pounds a month.
He said he'd give Wikipedia, what was it, a billion dollars
if they changed their name to Dickipedia.
I mean, come on.
You know, it's like, you know,
Beavis and Butthead called and they want their joke back.
Says the host unknown podcast,
renowned for its high quality high brow content and we love a good knob gag we love a good knob gag that was not one come on if he'd said i'll pay them 20 dollars
if they change that to their name to dickie bit that's actually quite funny you know but i'll pay them a billion
dollars it's kind of like well one he's just showing off you know and he's just waving a
wad of cash in front of somebody uh i don't know and he was even he he was fact-checked by his own
company numerous times uh on twitter you know, X, whatever it is.
Yeah, just ridiculous.
I'm just, I'm appalled is all I can say.
Well, rumours are that obviously he wants to turn Twitter into some sort of
payment platform or payment gateway, you know, back to his papers.
I saw the other...
Yeah, yeah, yeah.
Yeah, that's what they're going to try, aren't they,
for new accounts in some countries.
I saw the other day, I went into Twitter and it said,
hey, great news, we've enabled audio and video calling,
which meant that...
Oh, video.
Did you not get this?
I don't know if it's just been trialled on me,
but it said, if I wanted to disable the ability for 100,000 people to video call me,
I needed to go into my settings, which, of course, I rapidly did.
Oh, they could call you?
Yes, yes, they could call me.
Oh, I thought it was like you could...
Oh, wow.
Well, actually, it said only verified users would be able to call me.
Oh, verified users.
It would just be bots, I suppose, and Nazis.
And also, let's face it, verified users are the ones known for spreading misinformation.
Yeah.
What was the latest report?
It said something like 72% of all misinformation on X is through verified users.
Says a person who had a verified account until recently i did for two weeks
yeah shame on you shame on you javad javad i expected it but when you did that myself
wanting to lie blatantly as a result. I couldn't live with myself.
I don't know.
I don't know.
But yeah,
again,
just down to Musk,
just somebody just,
you know,
where's this responsible adult who's supposed to be looking after him?
Someone needs to deal with him.
I don't know.
Right.
That was this week's.
Rant of the Week.
You're listening to the award-winning Host Unknown podcast.
Officially more entertaining
than Smashing Security.
What are the chances?
Twice.
What are the chances?
That's unbelievable.
Oh, my God.
Did you just press the random button that time?
I have no idea how that happened.
I just press the buttons.
I don't write the stuff behind the scenes.
Anyway, let's put that behind us, Graham.
Let's move on to your part of the show, shall we?
I like this one.
It's time for this week's...
Graham's Giant Go Nads.
Hello, hello, and welcome to Cluley's Colossal Cohones.
It's Carole's Colossal Cohones.
I don't know.
I haven't checked.
I'll take your word for that.
Anyway, the Billy Big Balls this week is I was reading the register.
And at least whoever put these show notes together was reading the register.
And told me about this extraordinary situation which is going on right now,
where warnings have been issued in the United States
and South Korea telling people to be very careful about who they are hiring because it turns out
they are hiring North Korean agents who are posing as freelance IT practitioners. So apparently
thousands of people are prowling the internet
in North Korea, which is
quite impressive in itself, to be honest, isn't it?
They've managed to get onto the internet, but they are
looking... On the end of their 33.6k
modem.
During daylight hours
as well, when the electricity's on.
They've got their little acoustic
coupler and a couple of yoghurt pots
and a piece of torts string.
Anyway, so they are apparently prowling the world's freelancing platforms looking for
work outside the Republic of North Korea because Kim Jong-un needs a bit of money, doesn't
he?
He needs a bit of money.
And apart from cryptocurrency scams, he he is apparently he's got his people
infiltrating organizations outside of north korea in order to steal secrets and plant malware so the
fbi and south korean agencies are warning people to be on the lookout for suspicious behavior
which might identify that that online worker that you now have is actually a secret
north korean spy so i thought it might be fun to take a look at what the indicators are that you
could be a north korean plant all right so maybe you have you okay oh let's hear yours, Tom. Yeah, yeah. Do they use Windows ME?
Red Star.
Was it Red Star or something?
Word Star.
Do they steal food from the kitchen in the office?
Well, I think these are mostly online jobs.
I don't think that they've made their way out of it. Anyway, so here are some of your clues,
as put together by the authorities,
to warn you of North Korean workers on your payroll.
Is your worker repeatedly requesting prepayment?
Which, frankly, I ask for.
Yeah, that's what I understand, Graham.
I understand you ask for money up front.
Yes, I do.
It's a lot easier to get the money before you do the work rather than after.
But anyway, followed by, and this rings a bell with me as well,
anger or aggression when the request is denied.
I'm not doing a fucking podcast unless you pay me up front.
Tom, did we hire a North Korean agent this week?
Those words are still ringing in my ears from this morning.
Is your worker threatening to release proprietary source code
or maybe a link to a Google document
if additional payments are not made,
I will release the show notes to the world.
They'll see how shit they were.
They see how shit they are every week.
They're cut and pasted into the show notes.
Is your worker using a freight forwarding address?
So when you are, they don't want their company,
the company laptop sent to their address. They want it sent to this sort forwarding address. So when you are... They don't want the company laptop sent to their address.
They want it sent to this sort of proxy address.
Or are they changing their address frequently?
Are they evading in-person meetings
or requests for drug tests?
How do you do a remote drug test?
Well, no, I think this is an in-person one.
Yeah, they ask you to come into the office.
I was going to say, they don't you know send
in a gallon of wee every month it might explain where jav is this week i don't know possibly
he was due his random drug test yeah um also do you have multiple online profiles for the
same identity but with different photographs andy or. Andy's image changes all the time.
Andy has a lot of online profiles.
Does he?
He has an awful lot, most of which, including his current profile,
he doesn't have the password for.
In case you ever wonder why he used Twitter on this machine,
it's because it's the only one that logs in automatically.
And unfortunately, it's been so long he hasn't had that.
He's still running Windows ME on it.
Anyway, I think
my Billy Big Balls this week, they do
go to these North Korean stooges
because actually, I'm
kind of impressed with them. They've got this
entrepreneurial spirit. They've got this get up and
go. If only the rest of the world were
to be this imaginative,
putting the effort in to dupe other
people, you know, to earn this money. This is the kind of attitude. If we're going to reach the sunny
uplands post-Brexit, this is what Britain needs to be doing. This is how we're going to make trade
deals with the rest of the world. Send people out to Europe is by posing as French
people maybe, having a baguette
under our arm, a string of onions
around our neck, riding bicycles
this is the way we're going to get jobs
and stay in the country for more than 90 days
so
anyway, North Korea, well done to you
and maybe the rest of us look out for those
north korean plants trying to get jobs inside our companies very good graham thank you
nice
you're listening to the award-winning host unknown podcast
officially more entertaining than smashing security
i'm sorry graham i i just did a but i i don't know this is random you're saying this is random
i see totally i mean statistically the chances of this happening are so low.
So low. And talking of struggling here, talking of statistics and something else, it's time for.
In fact, what time is it? It's that time of the show, wasn't it?
It really was. It's that dreadful time of the show where you do a painful link
and we head over on news sources over at the InfoSec PA Newswire
who have been very busy bringing us the latest and greatest security news
from around the globe.
Industry News.
Okta breached via stolen credential.
Industry news.
Generative AI can save fishers two days of work.
Industry news.
AI to create demand for digital trust professionals ISACA survey finds.
Industry news.
AWS security not a priority for a third of SMBs.
Industry News. Humans need to rethink trust in
the wake of generative AI. Industry News. UK Parliament opens inquiry into cyber resilience.
Industry News. CISA releases cyber security toolkit for healthcare. Industry news. Europol. Police must
start planning for post-quantum future.
Industry news.
UK IT pros express
concerns about C-Suite's
generative AI ambitions.
Industry news.
And that was this week's
Industry News. Huge if true.
I think someone went to an AI conference this week.
Yeah, a lot of AI.
Also, I didn't know fishes worked.
How much time can a fish save?
I mean, all they do is swim around in circles.
Do you know what was interesting is that
when the police are planning
their strategy for the year or like their long-term targets um planning for a post-quantum future
would not be in my top 10 if i was doing that sort of strategic plan for the police you know i think
like obviously building public trust is down there like like, you know, not raping civilians is probably higher.
Arresting fewer black people for no reason.
Yeah, exactly.
Yeah, this is one of those out there thinking.
Yeah, yeah, not taking money from criminals.
I was impressed to hear that the UK Parliament
is opening an inquiry into cyber resilience.
I don't know if either of you saw the column written in the Daily Mail by Nadine Dorries this week,
where she explained how Google works.
Do you know what? I bet that's insightful and technically in-depth.
It was extraordinary.
She was suggesting that google had a special lever
that they had a knob which they turned which would decide how left wing the results would be or how
right wing and they changed it for her when she went to visit them to complain about this and then
they said well let's google your name right now and it didn't come up with abusive content and she said well they knew i was going to be there so they turned down the knob
it was unbelievable if you could put a link in the show notes that would be awesome
okay she nadine doris is the one who sits down at a desk every day when she was in parliament and shouts out, what's my password?
That's the one. Yeah. Yeah. Yeah.
Brilliant. That's when she was part of parliament, obviously.
She threatened to resign immediately and then stuck around for another three months.
Yeah. Do you know what is really lucky?
Do you know what is really lucky, and I can't believe the timing of this,
is that with all these stories about AI,
ISACA, a well-known certification company,
has realized that there's a demand for digital trust professionals.
Oh, funnily enough.
It's amazing how this is, you know, not far off the heels of, you know,
they're pushing their cloud-trusted professional certification and all of that it's just amazing the timing just didn't couldn't have
aligned better for them wow that you know i'm a member of isaka i've got a couple of their
certifications but they're not the most dynamic of organizations i have to say do you know what
compared to isc squared i actually think i
get more value for my isaka because at least they've got a library that you can take content
from that people like it's a bit slow but you know if you need to put up something as opposed to isc
squared's payment link that you can pay them money yeah exactly obviously's also you pay isaac every year anyway yeah but yeah lots of ai stuff
what do we do oh humans need to rethink trust in the wake again yeah it's another ai story and
and and rethink trust we we've had to rethink trust ever since Trump and Johnson got into power.
Yeah.
It's quite political.
This show,
isn't it?
Do you get,
do you get a lot of right wing listeners who given you five stars out of
five,
five on smashing security.
We only,
we only get,
we only get bad reviews from the Trump supporters.
They really hate us.
Well, good.
I think that's a badge of honour.
Yeah, but we send out our links on Truth Social every week.
So you've got to play to the audience.
Oh, yeah, we love the, you know, Tango Poundland president.
What else you got?
Time for one more.
Let's see.
Oh, let's see.
Anything else?
AWS security not a priority?
Maybe because it's really confusing?
To be fair, for small, yeah, so for small, medium businesses,
not a priority for a third of it.
I mean, I've looked at a lot of smaller companies,
and that's why they go to the cloud,
because then they don't think they have to manage half of it.
And it's quite easy to set up sites and not realise you have to make sure
your buckets aren't open and enable MFA, enable MFA, stuff like that.
Yeah, yeah.
But conversely, a lot of it is not done automatically
or you're not prompted to.
Well, it is now. It is now.
Oh, we covered that a little while ago, didn't we, about it?
There's certain things being done by default.
They are getting better.
Yeah.
Anyway, that was this week's...
Industry News.
You're listening to the award-winning
Host Unknown podcast.
Oh, my goodness.
Officially more entertaining than smashing security.
In your face! We should get on the guinness book of records i'm most times the same jingle has been played in a row randomly unbelievable unbelievable
right talking about taking us home randomly andy why don't you take us home with this week's Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week
is from industry rock
star Graham
Clully. Is that his
name? Is that how you pronounce it? Something like that.
George Clooney.
George Clooney. Often mistake.
Info sex George Clooney. And, InfoSex George Clooney
and he retweeted
I say he, it should be they, I don't know
the guy personally
so they
I've got ginormous
gonads apparently, if that helps
I've heard he's very demanding
on podcasts, he always wants to start on time
and stuff like that. What's that thing called
a rider that we received from that person that was like yeah uh so from malware hunter team uh and
they posted is this 2023 or what and it's a screenshot from the bureau of meteorology website
um and so malware hunter team went there and they received the message, the Bureau of Meteorology
website does not currently support
connections via HTTPS
you will shortly be redirected
to HTTP
and then bomb.gov.au
so it's an official government
website that's been
highlighted here
of Australia and Graham
has quote tweeted it
with the best dad joke
of the week
you would think meteorologists would be experts
in the cloud
and that's why
that's why Clue is an
industry expert
that's why he gets paid the big bucks
yeah
and that's why Host Unknown won the award for most entertaining podcast.
Yeah.
Beating Smashing Security.
Last year.
Brilliant.
Brilliant.
Very good.
Do you know what?
I love a tweet of the week that is a retweet of a tweet.
No, a retweet of a retweet of a
tweet i like how we've come back to https that starts the show and at the end of the show
we had show notes to refer to right sometimes the listeners don't pick up on these things
graham so i'm glad that you highlight that there's always a but there's always a story
i don't think you get dad jokes like this from Jabad, do you? No, you don't.
No, we get sort of granddad racist jokes from Jabad.
No, me.
Goodness sake.
No, you are the joke, Tom.
Oh, sorry, sorry.
He is the granddad racist.
I am the granddad racist.
Yes.
Oh, sorry, the racist granddad, whatever.
Oh, dear.
Excellent. Thank you very much very much Graham for this week's
Tweet of the week
Well, I think we're going to press this
one more time, it can't happen again
It can't, let's get a proper jingle
You're listening to the award
winning Host Unknown podcast
Officially more
entertaining than Smashing Security.
That's got to be a record, hasn't it, Andy?
I mean, we've done it.
Yeah, that's like Monte Carlo type stuff.
I'm going to go and buy a lottery ticket now.
I hate you.
I hate you.
Jav?
Jav?
I hate you.
I didn't think we had Jav on today.
Oh, dear.
Anyway, thank you so much, Graham.
Thank you for your time today.
It's been greatly appreciated.
Your insight, knowledge, and, well, just general thoughtfulness in response
just highlights how crap J jav was actually i'm
not sure why we weren't you know i can't disagree i can't disagree no no it's hard hard not to so
yes um graham thank you very much and andy thank you sir stay secure my friend stay secure
you've been listening to the host unknown podcast if you enjoyed what
you heard comment and subscribe if you hated it please leave your best insults on our reddit
channel worst episode ever r slash smashing security
oh it's not a random button. It's number not... Oh, I see.
Can't read your own writing.
No, no.
Well, you live and learn.
I mean, what are the chances of it being today as well?
I wonder how you damaged your eyesight so badly, Tom, over the years.
Oh, it's obsessive...
But, you know, outside of that...
What does this button do
you're listening to the award-winning
host unknown podcast
officially more entertaining
than smashing security
it's just childish now