The Host Unknown Podcast - Episode 221: The Was Jav On the BBC? Episode
Episode Date: May 27, 2025Irish privacy watchdog OKs Meta to train AI on EU folks' postsJudge allows Delta's lawsuit against CrowdStrike to proceed with millions in damages on the linehttps://x.com/fesshole/status/1925815219...655233765?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbgAnd of course... can't NOT mention: https://www.bbc.co.uk/iplayer/episode/m002d2lh/inside-the-high-street-cyberattacks Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
There's the judge was like no, there's no defamation. You do people uncomfortable lots of complaints have been filed against you
That's not defamation. It's stating fact
Exactly, but enough about Tom
Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us and welcome. Welcome one and all to episode...
221!
We are actually missing an episode, we were talking about this earlier weren't we?
Just one? The one I haven't edited yet, which will become known as the episode that hasn't
been edited yet. Our new editor, editor in chief, Mr Malik, has politely declined from
editing it. Well no, because that was already assigned to you.
That was in your whatever, Jira queue or whatever it is
that, you know, Monday.com.
That's in your work log, Tom.
Yeah, yeah, exactly.
I'm not picking up your sloppy seconds after.
I don't know what you've done to the original files now
and you've probably already started editing it
and everything.
No, no, it's all just ready there.
It's all ready.
Guaranteed, it's still in raw format. It's not even been downloaded from the server yet. Absolutely, no, it's all just ready there. It's all ready. Guaranteed it's still in raw format,
it's not even been downloaded from the server yet. Absolutely, absolutely. It's just waiting for
you Jav. I mean if you don't want to take your job seriously. No, I take it seriously from the day I
took the job on. I mean I'm not responsible clearing up other people's messes. Well if you
were responsible for that you got well over 210 to be responsible for in fairness. Andy's saying earlier that he reckons
he's edited 15. What? Utter rot. Absolutely. You haven't even been here for 10 of them.
Bring the receipts. I mean Andy pays subscription for like his
Editing software that he never uses and you know what? He told me the other day
He goes like I'll pay on the monthly because when I took it out
I didn't want to commit to a year to something I wouldn't pay and this is what?
Three years ago. Yes
For the last two and a half years
To be fair ds script does look pretty good.
It's got some good features in it. And I've got some big plans for it.
Exactly, I like to know what the art of possible is. It's a bit like buying books
isn't it? I've got a massive stack of books I haven't read. It's the promise.
It's the what could be that is awaiting you.
That's the thing.
As soon as you start using it, it's just over, right?
Lots of my books have actually travelled
to different places in the world with me.
Just in case the in-flight entertainment doesn't work
and then my iPad doesn't work as backup.
I like to have a backup to the backup, which is a book.
Yeah, exactly.
After your Kindle.
Exactly. So it loves travelling. It's got a nice little own pouch in the...
It's looking very dog-eared as if it's been well read. Exactly. And talking of
dog-eared, Jav, how are you doing this week? I'm doing good. The week's gone by
quite quickly and then I only realized yesterday it's a bank holiday next week Monday. I know! And guess which mug booked a flight to go to
Holland on Monday. Holland? I'm sorry what? Yeah. What's Holland? The young
listeners will not know what Holland is. It's still Holland, come on. I don't know, we're
different generations Tom. I've only ever known it was in come on. I don't know, we're different generations, Tom.
I've only ever known it was in the Netherlands.
I can tell by the hair, mate, and the glasses,
that we're different generations.
Of course we are.
And talking of hair and glasses, Jav,
what's happening with your... Why are you growing it back?
You look old again.
I don't look old again, no.
You're not as saddy like you were
when you were bald with the grey beard.
Yeah, you've got a bit of a Father Christmas thing going on.
Yeah, now you just look like you were bald in.
It's alright, I have to try out all the different looks I have.
I'm not going to just pick the first look that I find that I like, kind of, and just stick to it.
This is like the TK Maxoff looks.
You have to go through and sort through like 500 different items before you find the one that you actually like
Yeah, and fits yeah, which is a problem really well we like the last one
Yeah, actually I did my half my kids and my wife and my parents did not like it
So I was bullied into But you have a veto.
Oh, you clearly...
Your body, your choice.
Clearly you're not Asian and this is the difference between like, you know...
You still do what your parents say.
Yes, absolutely, 100%.
Mum, don't listen to him.
For fear of the slipper
Or the sandal
You know it's not even the slipper now, it's just the look
It's just
Or the lathi, isn't it the lathi?
The lathi is the stick right?
Chapelle
Chapelle is, well that's a brand name Chapelle
You know Bhata is a brand name
And Chapelle as well
I don't know, maybe in India.
Chapal is just called slipper, but the Lati, you mean?
The Lati.
Lati is a stick.
Lati.
Yeah.
Yeah.
Yeah, it's what you see those police always
holding in those countries.
Yes, yeah, yeah, yeah.
It's like a very long truncheon.
Yes, yes.
It's got a lot more whip to it. Yeah. It's a part stick, part whip, all lardy.
And talking of stiff rods Andy what are you doing? How are you this week? I'm on fire with these.
I'm liking these. Well I know you're just latching, waiting for that that saying to come so you can
just quickly move on.
I want to say it's been a quiet week, but I honestly don't know if it has.
It's been such a whirlwind of a week.
Just going, and that's a good thing when you're busy all the time, right?
You can just jump from work to work and you know that it's still good.
Do you know what I'm seeing a lot of, and it's going to be really boring for everyone,
is I do a lot of contract reviews
particularly for information security terms and I notice there's a big trend big companies sort of trying to insert clauses in contract saying that
We cannot use AI in the organization, which is it's a non-starter
Do you know it is so embedded? It's embedded in everything. It's in all of your anti-virus security products. Just if you use Office, Co-Pilot is built into it. It's just, yeah, it's seen a lot of these things,
so having to push back. But obviously a lot of these contracts are written by legal teams,
procurement teams, don't really understand how these things are just ubiquitous across
the entire organization. So. This is why I think there needs to be more collaboration between InfoSec teams and their
counterparts like in legal or what have you, so that they can actually educate or inform
them as to what these terms actually mean in reality.
Because that's the problem.
If no one tells them, they're just going to carry on writing these because that's what
someone's been told.
But you know, with more collaboration and knowledge sharing
I can't get away from the image though of that meeting where the lawyers there
in a suit and tie and a piece of paper and write you know legal pattern writing
down and the infosec guys they're flinging poo at him it's just the
meeting of minds is going to be quite challenging I think.
But talking of things at Throw Poo, Tom, how's your week?
Yes! I line it up and you knock it down. There you go.
Very good, very good. But it's in Stockholm this week.
Sunny and rainy Stockholm. Really beautiful weather for two days and then just chucked it down for two days. But yeah, that's very good. I had a couple of
events. I did, you know, speaking at them obviously and on the Wednesday I had to
do two decks, two presentations that I only found out about them on Thursday.
I'd not written them, they're other people's decks, one of which was the CEO's deck and it's like, great, now this audience is like little CEO, you know. And
I'd only seen it presented once. So that was quite an interesting tap dance to say the
least.
But that's what a professional can do though, right?
I think I got away with it.
With a good presentation you can just pick up and run with it.
Yeah, but they weren't that great. I mean it's full of marketing sides you know.
But nonetheless it was exactly it was fine. I didn't fall over and show my knickers so
you came out at least not then anyway. Good to see you're back on the speaking circuit. What is
your kind of like go-to topics these days or what's your where are your thoughts leading people my thoughts leading people?
Do you know what well we did I did one recently and which is a bit of a theme which is about building the perfect
So security organization from the ground up spoiler alert you can't
You know we're doing
threat intelligence is a big one for us at the moment and actually the challenges of it and
Basically drinking from the fire hose and all that sort of stuff
Spoiler alert. We've got a product for that
So yeah, it's it's that sort of thing, you know, so very much focused around
The the pointy end of the of the security stick. So I'm moving a little bit away from the airy-fairy, see-saw stuff, but still framing it as business challenges rather
than see-saw challenges and broader things. So yeah, it's a good plethora to learn.
And Jeff, you were actually quite humble. You didn't mention that you were on the
BBC on one of their documentaries this week. Well, he doesn't like to talk about it.
He doesn't like to talk about himself. He doesn't like to talk about himself.
He doesn't like to talk about himself.
It was a natural documentary, wasn't it?
It was.
It wasn't even like a little sound bite in a news article.
Did your PR people get you that?
They didn't.
No.
No.
Joe Tidy, who's the BBC cyber correspondent,
he reached out directly.
Because I've done some work with him.
Did they say, we've got a blonde lady, we've got like a white
man we need a diverse. Yeah, we need to balance this out. We need a balanced talking head.
We need a brown person of ambivalent gender. Tick four boxes in one and just be done with it. Sounds like a perfect weekend.
Yeah.
But no, it was very good. I actually did listen to it.
I've not seen it yet. I haven't had a chance. So I'm looking forward to it.
Just download it for your flight. And so if you get through your book, then you can maybe read it.
Yeah, I mean, I've already got a backup to my backup to my backup.
So probably, you know, it's just a waste of megabytes.
It was a it was an interesting experience because I went in like
a couple of Mondays ago to the BBC studios and they they just sat me down.
It was just me and I didn't know who else was there or whatever.
They just said that this is the topic they're talking about and their producer.
She just sat down and asked me a whole bunch of questions.
So I was really surprised when I saw the final output. It was really interesting how they
wove that with other people's interviews and everything into a really cool narrative
and story that I felt was, they didn't sensationalize the issue and they made it
accessible to the masses, which I think is a very, very good trait.
It is. At any point did you look at yourself
and go oh why did I say that? Yes I did. I did several. There's a couple of questions where I
just like I looked up for yourselves like I just don't know. Oh that's fine just say you don't know.
We won't use it then. You know there's a very nice like. Oh no but I mean in the final piece
or did they just did they do you really?
Well, and you looked like they didn't really well the only thing I
Kept on looking and if from my daughter she was saying she was like looking at it's like why are you smiling every time?
You're talking and I don't know
I was gonna say maybe Andy's rubbing off on you. again it's not the weekend yet. No, but I'm like oh they lost millions and millions and I've just got this little stupid
Joker grin on my face.
And talking of stupid grins, let's see what we've got coming up for you.
That wasn't a good one, was it?
This week in Infosec is the opening of Modern Windows. Rant of the Week asks Ireland if
everything is okay. Billy Big Balls may make a certain company's shareholders wince. Industry
News is the latest and greatest security news story from around the world. And Tweet of the Week
around the world and Tweet of the Week is best served cold.
So let's move on, shall we, to our favorite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content from all over the place these days everywhere apart from Twitter because of login issues.
However, our first story takes us back a mere 22 years when Windows 3.0 was a major milestone for Microsoft. It was the
first version of Windows to gain widespread popularity thanks to its improved graphical
user interface, better memory management and enhanced performance. It introduced all these
very good features that you know and love today like the program manager, the file manager and it just made a more advanced multitasking
environment altogether making it more appealing to businesses and home users and it really
helped establish Windows as the dominant operating system for PCs.
And there's actually a great image in the show notes, I'm hoping these images make it to the show notes of what that program manager used to look like
very simple little icons you used to just click into them you could access your
drives for the file manager go into your accessories and open notepad and paint
brush which still exists today those notepad plus these days I think I can't
remember I'd have to look it up. And maybe it's called paint. The control panel but you know everyone and they did a really good job of
sort of carrying these features through all the upgrades and anyone that installed this back in
the day you know if it wasn't pre-load you remember the sort of 20 disks that you had to install in
order to install Windows you know onto your 100M hard drive. I thought Windows was seven.
Windows you know onto your 100-meg hard drive. I thought Windows was seven. It may have been. DOS was three. Okay, it was before my time Tom. What am I talking about? I don't know. Windows is new to me.
I've never I never knew it was this old. Office was something like 24. I'm 28 years old. What do you like?
I was six years old when this came out. With a tough paper out behind out. Yeah, exactly. This is great though.
And you know what, recently I've been getting lots of these
like repeat videos on TikTok,
because I searched for one,
of like all the old windows parties,
like with like Steve Balmer,
and jumping around and everything and whatever.
Turn it up.
It's fascinating to see how much hype there was.
I mean, you remember these stuff coming out
and everyone's talking about it and you start using it for the first time. Some friends came around and
their kids were like talking about the new GTA game, the trailers are out and it's coming
out next year. GTA 6? Yeah. Like 20 years later, yeah. And I was like, do you remember
the first GTA? Like no, we weren't born when the first GTA was up. But this kind of reminds
me of that, it's that nostalgic where all the promises there,
the graphics just hadn't caught up yet.
It was that top-down view.
And I remember looking at the cover and I'm like,
what is this?
This just looks basic.
And then you play it and it's just so addictive.
But that's the thing about all the graphics
are actually predominantly grayscale,
with the exception of the Paintbrush app,
which has got sort of the 4 RGB colours into it that they could get on the screen.
But things like Terminal. Do you remember? We had Terminal before we had Modems, right?
Yes.
And it's like, oh, I wonder what this is going to do.
Do you remember the launch of Windows 95?
Yes. Oh my god, was good times. I was an
alpha and beta tester for 95 and it was I remember just watch it these people are crazy they could
have just downloaded it two months ago and they're storming the shops you know to get their copies.
Oh dear yeah great times. Alas our second story takes us back a mere 36 years to the
22nd of May 1989 when a visionary FBI director William Sessions said,
viruses are easy to create and propagate, require little expertise
and may be nearly impossible to prevent or detect.
And he stated that 36 years ago and very little has changed.
I was 18 then.
18!
I wasn't born in 1989.
I don't believe you, but I was 18.
Wow.
And Eddie was so accurate. Although, thankfully, that was the
origin story of a young John McAfee who saw that and said, I'm gonna put an end to this and created
the best antivirus product that the world's ever seen. No, Dr. Solomon and his trusty sidekick,
Graham Cluley. Oh yes, yes, yes, But you know, the Americans always take the credit for everything.
The Hollywood movies always focus on the Yanks.
Yeah, yeah.
I'm still bristling about that submarine movie.
Which one?
Oh, U-571.
U-571.
Yeah.
But it had Bon Jovi in it.
He was like, you know, listing out for the splashes.
Was John Bon Jovi was in it?
Yeah.
This is the one where they confuse the American submarine
that captures the Enigma device with the British submarine
that captures the Enigma device.
I'm going to look it up now,
but you two carry on talking between yourselves.
OK, because it's important to know if long-haired rocker
John Bon Jovi was in that movie.
Was complicit in this lie.
Yeah, absolutely.
Because otherwise you know I'm burning all my vinyl. Living in a prayer is coming off your Spotify playlist.
Absolutely. Come on you know me better than that. Okay off your rack. Yes, John Bon Jovi was in it.
iTunes thank you. He was in it. Yeah he was I knew I recognize him anyway he's like you know
my favorite of all time. Ha ha, damn mate.
Very big in Pakistan when you were growing up, right? Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha If you work hard, research stories with diligence, and deliver well-edited, award-winning studio-quality content for high-paying sponsors,
then you too can be usurped by three idiots who know how to think on their feet.
You're listening to the award-winning host unknown podcast.
I don't know who they're talking, who he's talking about because it was, it's not us.
Thinking on our feet.
Speak for yourself.
Right, uh, let's move on.
Rent of the week. It's time to motherf***ing rage. So the headline alone is enough to make
my blood boil here. Irish privacy watchdog, OK's meta to train AI on the EU folks posts.
So, well, for a start one, I think this is the equivalent
of the ICO, right?
The Irish ICO, yeah.
So the Irish Data Protection Commission
has cleared the way for Meta,
excuse me while I'm a little bit sick in my mouth,
to begin slurping up the data of European citizens for training AI next week.
Ongoing legal challenge is notwithstanding. So here's the thing. So the EU is generally,
for better or for worse, is generally a bastion of consumer protection here and actually protecting consumers rights to access and protect their data.
And yet this European privacy watchdog has said it's OK for Meta to basically use public posts,
which are still, you know, named and still belong to individuals, but to use those public posts to train its AI.
With Metta basically saying that, oh, well, we've given people the ability to opt out,
which again seems to be a complete sort of opposite of what the EU's guidelines is, which says people have to opt in to certain activities.
So that notwithstanding.
But the DPC said in a statement that Meta had made a number of improvements to its proposal to harvest
any statement that says harvest you've got to be worried about, right?
To harvest the public-facing posts of European users of its various social media platforms for teaching
its neural networks. Those changes appear to have satisfied concerns the DPC expressed
early last year when Meta first revealed its AI data collection intentions, which ultimately
led to the Facebook parent suspending its plans following numerous complaints. Numerous
complaints I say from privacy advocates. They resumed the plans to
train EIAI in the EU earlier this year with the aforementioned opt-out option
following a decision from the European Data Protection Board issued at the
request of the Irish DPC to get clarity on the privacy requirements. But they have said that having just reviewed the proposals,
following feedback from the supervising authorities,
the DPC have made a number of recommendations to Meta,
adding that many of its requests have been implemented,
not all of them, but many.
So I'm wondering, you know, which ones have been left out here. So Perth DPC meta has uploaded its
transparency notices, made its objection form easier to use, basically they've
moved it up from the, you know, finding it in the filing cabinet on the, in the
second lower ground floor of their offices in San Francisco up to the
ground floor probably, available for longer and accessible in its mobile apps,
lengthened its notice period, made it more clear
how users can hide their public posts,
by still opt out, not opt in,
and updated its data protection measures
and updated general data protection
regulation documentation.
This, I just, I'm shocked by this,
that the EU is supposed to be, like I said,
at the front line of protecting people's data
from being used like this, and monetized,
and all that sort of thing,
and yet they seem to have allowed them,
and still, apparently, in contravention
of fundamental elements of EU data protection.
So you're saying it's not the EU, this is specifically the Irish data
protection Commissioner? Yes it is but they are
part of the EU. They are but everyone's got their own regulator and how they
enforce that within their country is still up to them.
You're absolutely right, but unfortunately the EU, sorry the DPC here are saying it's about EU citizens, right?
Yes, yes, so well, but how they apply and this is where I think that I actually think this is a
fallout getting political of the whole Trump administration because Ireland don't want to rock the
you know tech boat of the fact that Metra and all of these companies are
based in Ireland. It accounts for 13% of their GDP, 15% of the
country's workforce and 40% of corporate revenue is from...
What, Metra or America?
American tech companies comes
from all of this is yeah and then on top of that you've got the pharmaceuticals
the US you know originated pharmaceuticals that are based in Ireland
Ireland's just very dependent on US companies and it's not it's not make
it's not a justification but they've got a lot of pressure and you
know we know we've got a very volatile president in the as the leader of the
free world and if he demands you know exactly yeah so it's yeah but also I
mean meta obviously one of his backers right and they're just they're just like
let's do what we want yeah trust us bro
because you weren't here Tom the week that me and Andy covered the stories
only like three weeks ago when it's the same DPC that find TikTok 530 million
euros for user data that they self-reported that happened years ago before they even put
in place their safeguards. The hypocrisy or the double standards if not the
hypocrisy is just shocking. I'm surprised you're not pushing back
Mojave or do you think that you would just look like a shady criminal if
you did? No, no more shady than the DPC. You're wondering when some of
that gravy is going to spill onto your plate right? Exactly, exactly. You know for the right amount
of sponsorship money we can support or... Oh yeah, I mean if Metta wants to sponsor us for the next few years
we'll take your money bro. No problems at all. We're not going to stop talking shit about you, but you know, just saying.
At least, you know, you'll get your name mentioned.
We'll put you in one of the tags permanently. How's that?
Yeah.
Just think of the reach around.
Okay, let's move on, shall we? Rant of the week.
30% nostalgic. 30% ranty.
30% ballsy.
And 30% terrible at maths.
You're listening to the award winning,
Post Unknown Podcast.
Right, Jav, your turn.
Big Balls are the beat.
So this week's Billy Big Balls comes courtesy
of our favorite security vendor, CrowdStrike.
Those of you who weren't familiar with CrowdStrike
before July last year,
their names were all over the headlines last year because of a massive disruption when a whole bunch
of Windows PCs suffered the blue screen of death.
Never have I felt smugger as a Mac user. Yes. Unfortunately, airports, train stations,
critical infrastructure, you know,
nearly everyone else.
Never have I felt more smug as a Mac user
who works from home.
Yes, yes.
It was quite a colossal.
Snafu.
Yeah.
Blue screen.
There was a lot of like windows pointing fingers trying to clarify
to everyone this isn't a Windows problem, this is a CrowdStrike problem and what have
you at the time but you know eventually I think the the buck landed squarely with CrowdStrike.
And you'd think that if you were responsible for one of the biggest outages in modern history,
you'd be very careful, a bit apologetic or a bit like...
I think going up full Billy Big Balls is not what I would have on my bingo card,
but here we are because CrowdStrike is confident that the worst-case scenario of its pending lawsuit with
Delta will result in it paying the airline a sum in the single digit
millions. Which let's face it is a square root of bugger all. Exactly. For Crowdstrike.
Yeah yeah not for us. No. So yeah if you want to sponsor us for the single digit millions.
Crowd strike or Delta, we don't care, or both of you. Exactly. And that's according to his
outside counsel Michael Karlinski of law firm Quinn Emmanuel who told the register that he believes
Delta's claims will be capped in the single digit millions or otherwise be deemed meritless.
capped in the single digit millions or otherwise be deemed meritless. How can it be meritless when the whole
world ground to a halt? Delta was ground to a halt.
And these comments came after Judge Kelly Lee
L.Elleby gave the go-ahead for the airline to sue the cyber
security company last week. And Delta's claim alleging international misrepresentation
and fraud by omission were cut from the case,
but its remaining claims, including
negligence and computer trespass,
can move forward, the judge said.
Weird.
And look at CrowdStrike's share price now.
It's massive.
It's still massive. It's gone up significantly.
It's even higher now than it was prior to the incident, right?
This is why publicity is good, isn't it?
No such thing as bad publicity.
I was asked in an interview at the time, if you had to the time, you know, what if you had to say to the press
something about the CrowdStrike thing, what would you say?
And I'd say, well, it was an inevitability.
If not them, it would be someone else, you know, it's not,
I don't believe this was, you know,
a massive piece of incompetence or a unique, you know,
one offer or whatever.
As soon as you get reliance on a,
or massively over reliant on a single
vendor in this kind of space etc. Or single two vendors i.e. CrowdStrike and Windows,
these sorts of things are going to happen. So it's, I'm not saying they're blameless
but I certainly don't blame them per se and it was recovered fairly well. I think they
did a pretty good job communicating and all that sort of thing. nonetheless for that and then to say ah it's
just going to be a couple of million. So I mean Delta's claiming their costs were 500 million
dollars for the delays, the fines, the compensation they had to pay out as a result of this. But also
But also shouldn't the airlines have backup systems?
Be that manual or?
Well, if you think what CrowdStrike did, you know, it's
you're not going to have a set of everything. So would you have a separate machine?
But so say you've got like a Windows environment with CrowdStrike.
Are you saying that you need like a Mac environment with carbon black
next to it as a backup?
I wouldn't say carbon black, but you know.
I'm just spitballing old vendors.
I could just imagine somebody pulling an old laptop off and blowing the dust off it and
then plugging it in.
But then you double your costs and then you've got the patching of it right?
But isn't that what business continuity is? You have entire environments or
and you have redundancy. But then you have to consider likelihood right? And so what was the
likelihood of CrowdStrike bricking every device? Well before that was zero and now it's one.
Yeah right I mean it's highlighted a massive weakness. And then everyone else
can look at their environment and say oh could that happen to us? Yeah, you learn from it
right? Yeah, but you know I bet we haven't. I bet we've not actually made that many changes
as a result of this. Again, as you rightly say, risk and likelihood. Likehood, exceptional
risk and what's the cost? Yeah, exactly. It's a good documentary to see and it was on a few days before the one BBC documentary I was on it, but it's on iPlayer.
Sorry, which, a few days before the one what? A few days before the BBC documentary I was on.
Wait, you were on a BBC documentary? Yeah, I know, I know. Wow. It was a documentary.
I'm very humble of you to mention it again. There was a documentary released by a good friend, Jeff White, friend of the show. Oh yeah. Okay. Just a couple of years ago,
our podcast beat the Lazarus podcast. Oh we did, didn't we? Yes we did, that's why he's a good
friend of the show. He's not a friend of me. But he done a good documentary, again it's a 30 minute
one on iPlayer, I recommend people go watch it.
It's about the Redcon and Cleveland Council when they got hit by ransomware back in 2020
and how everything ground to a halt and the head of the council, she was like an older
lady and she was like she remembers the day when everything was done on pen and paper
so she tried to re-implement that kind of process but no one knew how it worked.
You know the kids these days, they don't know how to write their own name, let alone
anything else.
And it really goes into details, the challenges with like when your system goes down, it's
not just one system goes down, it's like 500 systems that are connected to it.
People's bins couldn't get collected, people's like couldn't get paid their support money,
like welfare checks were, no one knew whether they're taking place
or not, safeguarding measures, all this kind of stuff was all there.
And I think it's a really good look behind.
I think it's really easy for an armchair CISO like Tom to sit there and hand wave and
say why don't you have backups in place.
How dare you?
I'm an armchair CTO now, thank you.
Sorry, I apologise, I stand corrected.
I retract my statement to the good, honourable gentleman, the armchair CTO now, thank you. Sorry, I apologise, I stand corrected.
I retract my statement to the honorable gentleman,
the armchair CTO.
Objection.
Sustained.
Oh, no.
To be fair, I don't think that, I mean,
Tom does have battle scars.
He has been in the field for a long time.
More than you have, Jav.
Just saying.
When he was in the field they had muskets.
That's all I can say.
Yeah, and I bet you bloody young whippersnapper don't even know how to use a musket.
Can't even spell it.
No.
Can't even spell it.
Alright, let's move on. Thank you, Jav4. statistically more likely to eject USB devices safely. For those who live life dangerously, you're in good company with the award-winning
Host Unknown podcast.
All right, Andy, I know we're very short of it
and you've got a deadline, so what time have you got, Andy?
It's that time of the show where we head over
to our news sources over at the InfoSec PA Newswire
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News
Legal Aid Agency admits major breach of applicant data.
Industry News Uncensored AI tool raises cyber security alarms.
NCSE for helps firms securely dispose of old IT assets.
M&S braces for 300 million cyber attack costs.
Two fifths of Americans want to ban biometric use In the stream news
Sensitive personal data stolen in West Lothian ransomware attack
In the stream news
Coinbase breach affected almost 70,000 customers
In the stream news
Keterine health cyber attack disrupts services
In the stream news News. Keterine health cyber attack disrupts services. Industry News. AI generated TikTok videos used to distribute
InfoStealer malware. Industry News. And that was this week's
Industry News. Huge if true. Huge, huge. Well I was was gonna say are two-fifths of Americans really that dumb
Don't answer that question
I don't know what they want to go back to pin code on
Do you remember back in the day like one lot you knock here is like star three
It was only luck to prevent but dials that's the the only reason they had the thing. Yeah, yeah, that was the butt dial protection, yeah.
Yeah.
Go on, so what's the actual story behind it, Andy?
You know, give some, give some.
I'm looking, yeah, Americans, they have grave concerns,
grave concerns about providing biometric information online.
They argue the technology should be banned.
Not, not, you know, enforced, regulated, or anything like that, be banned. Not, you know, enforced, regulated or anything like that.
Just banned.
Fuck it, don't like it.
Just banned.
Yeah.
Give us our guns and we don't want to be identified.
Yeah.
My second factor of authentication is my AK-47.
Smith and Weston.
Yeah.
Yeah.
My two factors. So one thing I think we need to
just recognise before we throw all of our American cousins under the bus at
the same time. No, not all of them, just two-fifths of them. Just two-fifths of them. Is that
there's been an increase in surveillance and mass deportations even off legal
residents off the states, so that might have an impact in people's attitude
in giving away more information to government entities.
Since when did you become the voice of reason, Jev?
I've always been the voice of reason.
I mean, that's a shockingly fair assessment.
It is, but it's not like they're using this data to validate
whether or not someone's a citizen or not.
They're just looking at names and saying, on. That sounds a bit Mexican. Yeah, yeah, it's like they're saying like they,
the methodology they're using, like they're asked to provide a biometric identify to verify their
identity online, but 63% had serious concerns doing so. 91% done so always, and done so anyway.
Two thirds agreed that biometrics can reduce it,
but a sizable minority thinks that technology
should be banned.
The latter cohort was dominated by younger respondents.
Did it say younger Brown respondents or?
No.
Everybody respond?
I mean, that will be an interesting breakdown actually also pointed out that a large number of don't knows came from female
Respondents which again if you look at how some states treat
feet like say things like abortion laws or women's
Health and everything maybe maybe there's just like and it just it's less about identity and more about an overall drop
in trust of what the government's going to do with my business.
That's very true.
That's very true.
God!
Yeah, I don't like this.
Reasonable.
I don't know what's going on.
Yeah, who are you and what have you done with Jav?
I'm sorry.
Okay, NCSE helps firms securely dispose of old IT farts like Tom.
So like, when are you getting disposed of by the NCSC?
I just, all I can see is a couple of dudes from the NCSC
at a boot fair every Sunday.
Yeah.
You want laptops?
We got laptops.
Trying to see, uncensored AI tool raises cyber security alarms.
Let's have one more. AI chatbot called Venice AI I'm trying to see uncensored AI tool raises cyber security alarms
One more AI chatbot called Venice AI
Has gained popularity in underground hacking forums due to its lack of content restrictions
Oh in underground hacking forums. Yes
Color me surprised for $18 a month
Which significantly undercuts
other dark web AI tools like Worm GPT and Ford GPT.
It has, well, so the only USP about it's got no oversight. So it stores chat histories in your browsers,
not on servers.
It's privacy focused design, private and permissionless.
But yeah, it helps you create realistic scan messages
and functional ransomware.
It even generated an Android spyware app.
So basically, the guardrails are off,
essentially, on this one.
I love the naming, though.
Fraud GPT, it's like just, you know,
does what it says on the tin.
It's all about marketing, right?
You've got people who know what they're buying yeah an M&S 300 million again
color me surprised it's gonna that's I mean that's chump change almost I
wouldn't say it's chump change for M&S but really I think they've been let off
quite lightly there well so they are gonna try and claim 100 million on their
insurance right I read that they're going for the maximum payout if they can be interesting to see how that goes because was it a user error?
This there were was it a cactus. Yeah, well, no, so it wasn't just someone, you know, sort of getting socially engineered
There was also as I understand swims sim swapping for to get that factor of authentication
so technically they
did have multi-factual authentication on top of you know that others I don't know
has a nation state because as soon as you say that it turns out to be a
teenager in his mother's bedroom yeah yeah right let's move on thank you
gentlemen that was this week's... Industry News!
Andy, take us home with this week's sweet of the week We always play that one twice sweet of the week this week's tweet of the week comes from a
Default go-to when we couldn't find anything interesting at best
And this person has said no matter how many times I unsubscribed
I kept getting spam emails from a scammy product marketing company
I found the owner of their parent company by a company's house
Found his personal email address and signed him up to the most grotesque pornography mailing list
Do not endorse that but sometimes you know you do have to make a point about
Not being able to unsubscribe. Be careful that you know
in public life that basically you are publicly listed as part of the part of the deal right?
Yeah either that or his accountant's getting a whole bunch of unwanted stuff.
Some poor sys admin in a sort of trusted who is thing,
I don't know, or maybe not so poor.
Can I just say, normally, you know, this is my fess,
given this fess, I contribute very little to the show notes,
I might occasionally come up with the odd story.
Three items this week I did, I'm just saying, three items.
You see what happens when you free me up from the burden of editing.
But you're not editing now. You're not editing when we're preparing the...
Mental. The mental and emotional burden of editing.
You just wait. In a few years, Jav will be like a broken man.
Well, more broken than he is now.
Well, yeah, true. I don't even know how we're
going to measure this. Yeah, can we go negative? No. I think that the
measuring system is all broken because it's a bit like share prices. No
matter how badly things mess up, the share price still stays strong. Yeah, that's
right. So for all intents and purposes, are good yeah all right that was this week's
the week gentlemen thank you very much we have barreled into the end of the
show all my yeah just in time as well for Andy which is good I mean I've got a
day off I don't know about you two but I could sit here talking all week but well rest of the week so Jav thank you very
much for your wisdom charm charisma and everything else you bring including
that receding hairline and that well reasoned arguments I put forward and not
mentioning that I was in a BBC documentary.
That's true and the humility. Thank you for your humility. Andy, thank you.
Stay secure my friends. Stay secure. podcast if you enjoyed what you heard comment and subscribe if you hated it
please leave your best insults on our reddit channel
r-slash smashing security don't mention the documentary job was on I think I
think I mentioned it once but I think I got away with it it's just randomly
liking posts that mention the documentary so it keeps going into
people's feeds.
He's spacing it out through the day. I saw him making a list of everyone that referenced it.
No, to be fair, it was a good one.
Not like we wouldn't do anything exactly the same.