The Host Unknown Podcast - Episode 222: The Curious Case of the Oxford Comma Episode
Episode Date: May 30, 202526th May 1995: Realizing his company had missed the boat in estimating the impact and popularity of the Internet, Microsoft CEO Bill Gates issues a memo titled, “The Internet Tidal Wave,” which si...gnaled the company’s focus on the global network. In the memo, Gates declared that the Internet was the “most important single development” since the IBM personal computer — a development that he was assigning “the highest level of importance.” Still, it is curious why it took someone who was regarded as a technology “innovator” so long to realize this.https://thisdayintechhistory.com/05/26/bill-gates-internet-tidal-wave/30th May 1996: AT&T Announces Video Phone Call System. AT&T held a meeting to announce a system that would allow personal computers to make and receive video phone calls over standard telephone lines. In years of efforts by AT&T and others to find success in the technology, the AT&T system made use of Intel's Pentium processors and compression software to allow both video and audio information to share a phone line rather than a high-capacity ISDN, T-1, or T-3 line.https://www.computerhistory.org/tdih/may/30/#att-announces-video-phone-call-systemSecurity outfit SentinelOne's services back online after lengthy outageOpenAI model modifies shutdown script in apparent sabotage efforthttps://bsky.app/profile/robmesure.bsky.social/post/3lqcn6kq5oc26 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Oxford comma by the way. Absolutely necessary.
On the whole yes Oxford comma
but the Brits never used to use the Oxford comma because it was
thought that people would be intelligent enough to work out you're not going to
whatever it was to your uncle when he gets off his saddle or whatever that example is.
Interesting. We actually have writing guidelines which says don't use the Oxford comma.
Oh really? Because that's the original, that's the traditional English, but I find myself starting to use it now.
Oh, I have to if it's official work, so I actually have to take it out because I always just use it.
I don't understand why you wouldn't.
Because your audience is supposed to be intelligent enough to work it out.
Well, you have a different audience. when you're speaking to a global audience
you need to factor in that a lot of the people aren't, English isn't their first language
say like Americans for example.
Exactly! But you need to raise their education I think.
And talking of dumb audiences, let's get cracking.
Hello, hello, hello. Good morning, good afternoon, good evening and welcome. Welcome one and all to episode...
222 for the second time this year.
218.
I thought I'd just leave you to get it wrong completely there, Andy.
Yes, welcome, welcome one and all. This is now going to be our third podcast under new editorship.
I don't know if people have noticed a higher quality, a lower quality.
It's just basically the same crap, I'm not sure.
I think the quality's the same.
Yeah.
We make absolutely no promises on the quality.
But I think the marketing is a lot better.
Marketing has got a lot better.
It's been given to somebody who actually cares now,
I think is probably the change.
Or has a new tool to use.
The AI is doing its thing.
The big step for me, I thought, for too long we hadn't posted on LinkedIn.
And I know we're always teetering on the edge.
Is this podcast professional enough to push onto LinkedIn?
No.
I don't think there's any edge on that.
No, no, no.
It's not that our podcast has been getting more professional, it's that LinkedIn has become
less professional over the time. Less professional, I was just about to say that.
Yep. Yep. Absolutely. And now it's finally come down to our level, is what you're saying.
LinkedIn is now at a level where it's acceptable to post crap like this. And talking of crap, Jack.
crap like this. I'm talking a crap. Jack. Oh, oh, oh. My name came out a bit too easily there. Come on. You know. It's. Taco, the Andy crap option. I don't know. What are you sir? I'm good,
I'm good. It was a fun week. I was in Dublin for a day this week, earlier, Wednesday.
It was one of those trips, 7am flight out, 7pm flight back.
Well, that means it was more like a 16-hour?
Yeah.
My lower back is still not forgiving me.
I got up this morning and I was like,
old man sounds intensifier.
Did you look to your left too suddenly and then pull your neck or did you
sneeze badly? I think I just slept awkwardly on the plane. How are you sleeping on a 55 minute
flight? Oh I always sleep. I sleep during takeoff and landing guaranteed. You know that's my favorite
time as you're taxiing and just just before you think and you just got that rumble and it's sort of like really
soothing and you put in your headphones. Yeah and they start giving you the safety
instructions, put the headphones on. Yes yes I don't care I'm not gonna try to save myself
at 30,000 feet. It's gonna accept your fate. Yeah. If the damn thing can't fly it's not gonna float. Exactly. I'll just follow
everyone else. I know that there is an exit behind me and I know that there is a life vest underneath.
Yeah. So when you get the exit row and they come around and say in the event of an emergency you
prepare to help your fellow passengers, do you just say no? Absolutely not. No I'm out of here.
to help your fellow passengers. Do you just say no?
Absolutely not.
Fuck no, I'm outta here.
Yeah.
So is it just Dublin this week?
Just Dublin this week, yes.
And next week it's Infosec.
Woo!
Looking forward to that.
It's nice to catch up with everyone,
but Excel, ah, just, it's so, so.
What is problems with Excel?
There's nothing wrong with it.
It's miles away, it's soulless.. It's miles away, it's soulless.
It's not miles away, it's soulless.
It's huge.
It's a Lizzy line.
It is soulless. It's full of...
Oh soulless, because that was what you went to Infosec for, was the soul of the environment.
Do you know what? I'll be... yeah, so back in the day, Infosec actually used to be a really good event.
Back in the day? Yes, it's a you, grandad.
What? I've been serious. Now it's just spam and marketing the whole thing
it's yeah there's not much like you can actually go there have decent talks like
actually they were proper you know it wasn't all underpinned with and our
product does this it was genuine talks about. What do you mean decent talk? Talks with who?
they used to do talks at Infosec like seminars and things. They still like Yeah, but it's not as good. I bet if you're talking you're gonna be pushing your way
Yeah, oh
By the way, we also have a tool that does this we can solve all your problems telling people they've got problems
Which they don't have and then don't you joining because that's exactly what you do. I do. I never pitch the product. Exactly. No, we, you last week
admitted that you picked up your CEO's deck and just went through the shareholders.
I had, I was, that was what I was told to do. I had to, I was just following orders.
I was talking about the company not about the product. Anyway talking about poor showings
or shows. Andy how are you? I've been good this week has been a week of a cleanup for
me. Why what did you do on Monday? No it was so I have many domains which I'm sort of letting
go over time and one particular domain came up this week.
Domains, not sort of like domains of work.
Yeah, not domain, not CBKs.
Domain names.
Yes, domain names. Back in the day, people used to register domains like,
oh I like the sound of this domain, I'm going to register, I'm going to do something productive with this website.
And then never do anything with that.
That doesn't sound like you at all Andy. I know, but there's one which I've had since the dawn of time
which me and old friends like housemates, old school friends
used to use as like a mailing list.
So rather than remembering everyone's email addresses
because people used to move around jobs all the time in the early noughties.
I used to be on one called the Badgers.
Yeah, exactly.
So what you could do, you could just put whatever your email address was in
that list at the time and it would send to you and you could post to it and everyone
would get a copy of the message. It's before group chats right, so looking back we haven't
used it since like 2016 I think, that was the last time an email was sent to it because
everyone's on WhatsApp now. However...
I see where you're going with this.
Well I was going to say I think the best way to describe it, so the other thing I had set up on it,
it archives previous messages. Right? Yeah, because you like doing that because you like to keep receipts.
Yes, there were. However, this whole thing, I looked at some of the stuff from like the early
noughties and I think it's career ending without a doubt and I think it was best described as a product of its time but absolutely nuking that that list is gone it was like yeah the archive is now safely
encrypted somewhere in your in your oh absolute material for when I need to destroy careers
it's very stuff that can come back from your past to haunt you oh so you really you really
felt like that about this group
of people then, did you? Oh, so you have misogynistic views and always have.
Listeners who think that maybe we're exaggerating about Andy's desire to maintain history. One
time we were at B-Sides London, I can't remember which one, it was a few years ago, and there
was some question, irrelevant what the question was, and there was some question irrelevant what the
question was but there was something where I said it happened this way and
Andy was like no it happened that way and it wasn't even important it wasn't
even that important but we're sitting with a group of people and he spent the
next 45 minutes going through his phone he went quiet yeah he went into must be
chatting to his missus or something no No, no He was just going through his archives and archives and archives wherever how many he had
Trying to find that email and we got to the end of the conversation and Andy was still intently there
And I was like, wow, if the man's that confident, he's probably right. So I just said Andy I concede you're right
I was wrong. And no, I thought that was the end of it three days later
three days later get a whatsapp message with a screenshot saying see I was right and you were
wrong it was a bleary eyed and rather tired Andy that sent that and that was the day and that was the day I know that from this day onwards Andy will be my best man, I'll
back him up no matter what.
I cannot afford to make enemies.
When's the next marriage?
What?
You said best man.
Oh, not like that.
Third time's the charm.
Indeed.
Talking of best men, there's none left on this call so tom how are you doing
oh i thought i thought you're gonna be nice then thought you're gonna be nice very good i spent
the weekend trekked for a um what was it oh a see-saw day where i did some round you know round
table and stuff so that was that was quite nice um and I've got today off, which is nice as well.
So I don't have to think about rushing back to the office to hit that
nine o'clock deadline this morning. So yeah, it's, it's very good.
Trying to think and then weekend busy going off to Winchester tomorrow up to
London on Sunday for a party and then InfoSec for the week.
Where I'll see Jav spouting about his product.
And you'll be pushing your wares, no doubt, while you're there.
Do you know, I'm not doing any kind of talking.
I've got some media briefings and stuff like that, but no actual talking.
Not doing any talking, just a couple of media briefings.
This was how Tom was in Manchester a couple of weeks ago.
I went up there and Tom's absolutely bored out of his mind,
like, I don't know what I'm even doing here, why do I even book this?
Well, actually, in fairness, I took someone's ticket who couldn't go last minute
and then they slapped me down as the executive of the day.
It's like, what does that even mean?
Does that, oh, I just swan in, say hello to folks,
all right, just stay there, do your booth, babe, lads. You know, how many leads we've got have we got? Whatever, I don't know.
Look at him, talking about leads and shareholder value and return on investment.
Exactly, exactly. I had no clue, no clue whatsoever.
But you know, no one sells out quicker than a Tom Langford So, you know if you want to sponsor the podcast, please get in touch with Tom
and
Out your deal vendors land first
Yeah going there and selling out are two very very different things
Says you with you know before sign behind you and for your video conference that says cynic. No the one behind you
Anyway, I think it's talking of things that really should be put behind us
Shall we see what's coming up for you in today's show?
This week an infosec is an admission from Microsoft's at the time CEO and all-round
babe magnet that he missed the boat.
Rant of the week is evidence that lightning will always strike twice.
Billy Big Balls is me preparing to welcome our future robot overlords.
Industry news is the latest and greatest security news stories from around the world and tweets
of the week are words you would never think you would hear yourself saying.
So moving swiftly on, let's get on to our favorite part of the show.
It's the part of the show that we like to call...
This Week in Infosec.
It is that part of the show where we head-o-no, where we take a trip down Infosec memory lane with content liberated from sources further afield because I cannot access the Today in
Infosec Twitter account in any sort of order that I can read right now. So our first story takes us back a mere 30 years to the 26th of May 1995 when realizing
that his company had missed the boat in estimating the impact and popularity of the internet.
Microsoft CEO Bill Gates issued a memo titled the Internet Tidal Wave which signalled the
company's focus on the global
network and in this memo Gates declared that the Internet was the most important
single development since the IBM personal computer and it was a
development that he was assigning the highest level of importance but obviously
people are still curious as to why it took someone regarded as a technology
innovator so long to realize
The impact the internet would be having. I mean, I don't think it had that much of an impact on Microsoft really
Yeah, was it a big thing in the internet?
Internet Explorer. I remember being a beta tester for the MSN network, which was their first
I remember being a beta tester for the MSN network, which was their first foray into connecting.
That was great.
I used to love that MSN,
when I worked at a startup,
the developer disks from the MSN network,
because you could use them in production.
We didn't pay for licences,
we literally just used to use a developer disk
for like developer edition of Exchange,
developer edition of like SQL, everything.
You're thinking of the MSDN?
Oh MSDN so yeah developer network yeah. No I was thinking of the MSN network which was
the butterfly logo. So actually getting onto the internet rather than just
dialing into a bulletin board or whatever. Oh yeah, no. That was how you connected through Microsoft.
Oh I was back on CompuServe back then, didn't use Microsoft.
I love how whatever we talk about, however old the technology is,
Tom was always a beta tester for it. He is a wheel. I was the beta tester for the first wheel
that was made. Fire. He was there when fire was invented.
It was triangular when I used invented. The earlier versions.
Just like Internet Explorer. I remember Internet Explorer 3 being such a big deal because it had, I think it embedded Java and allowed for animated gifs and stuff like that.
And it was like, oh my god. Oh, but it was 4 that supported the blink tag, wasn't it? It was Internet Explorer 4. Was it? Interesting. Yeah because that was that came on like the front of magazines and stuff
like that to save you from downloading you know like 30 meg. And that's what really
pushed my space into popularity the blink tag. The blink tag. That and Friends United reunited. Friends reunited. Alas. Our second story takes us
back 29 years. When AT&T announced the video phone call system. So AT&T held a meeting
to announce a system that would allow personal computers to make and receive video calls
over standard telephone lines. So in years of
efforts by ANT and others to find success in the technology, the AT&T
system made use of Intel's Pentium processors and compression software to
allow both video and audio to share a phone line rather than a high capacity
ISDN T1 or T3 line. And I think that we can agree that video technology
has come a long way since,
much to the bane of people
that work in corporate environments.
I was just having a discussion this week about WebEx,
particularly during the pandemic,
I mentioned WebEx and someone had a sort of a PTSD type
reaction to WebEx from the pandemic time very secure conference rooms
But I just work with a guy that would lock the room one minute after the meeting started
So if you were late, you had to message him and explain why you were late to his court. What? Yeah. Oh
I'd actually I agree with it. He was quite it was quite tough
Well, we know you would, if that was the case,
you two would be locked out of today's podcast recording.
Well, yes, that's also true.
I was here at 6 a.m. on the dot,
messaging you both.
Yeah, I will say your history is a bit slack
on attending on time, which is why,
whenever you say 6 a.m., myself and Tom know
it really means like 6.45.
Hence the reason I wasn't ready until 630 yeah and I joined
at 615 yeah exactly but yeah I wasn't a Webex is used only by was it Cisco who owned Webex
isn't it yeah it's only used by Cisco and people who are trapped in Cisco buildings yeah there is
no it's very secure system but it was, but there's it's just the same now
But yeah, I remember this the first sort of video content coming up on PCs and little postage size stamps
Video and a whole CD
Spinning like in mad behind it trying to deliver the content. Oh, yeah, there was the
Powerwow was something that I used back in the day? That was audio, mostly audio.
Yeah.
Yeah, and they failed with their video.
Yeah.
Back then.
Yeah, it was only really ISDN or what was it?
What was the BT home version of ISDN, BT something?
Not the ADSL you're thinking of.
No, no, no, no, no.
Pre-ADSL, pre-ADSL.
Home Highway. Oh, OK. Which is no, no, pre-ADSL, pre-ADSL. Home Highway.
Okay. Which is basically again 264. That was two, yeah, I said that's two ISDN lines though, wasn't it?
Well, it was, but it wasn't ISDN, it just ran over standard telephone lines. Okay, alright.
A bit before my time I would know. Yeah, exactly. I was only born in the 90s, so. Oh dear, Jav is
bored, let's move on. Thank you, Andy, for this.
He doesn't understand the technical side of things.
That's why he gets bored.
That's true.
That's true.
He tells me I'm not technical.
Look at Jav, I mean, really.
Max, there he is, stuck with like one earpiece in one ear.
Because I can't bear to hear you in stereo.
I mean, that's...
I'm preserving my good ear for like important stuff.
Your good ear for what? To listen out for my mum yelling at me.
In info sir. Actually that's that's fair. In 2021 you voted us the most entertaining
cyber security content amongst our peers. In 2022, you crowned us the best cybersecurity podcast in Europe.
You are listening to the double award-winning Host Unknown Podcast.
How'd you like them apples?
No, I know that's factually correct, but I think we might need to retire that one.
Never, never. So I was
at this event in Dublin and I was speaking to someone who's like a reseller and they
were a small reseller and they said they're working on this really big account at the
moment and they're down to the final two vendors and no one expected them to get that far
and it's like a really big deal for them and everyone's working on it. And I said, even if you don't win, now's the time to brand it as, you know,
Oscar award nominee. You don't have to win it, you're just a nominee. That's all that
matters and that's all anyone ever cares about. I think this is our thing. If we just remove
the dates, we are award-winning podcast, multi-award-winning podcast, we just keep it as that.
There's no need to retire it.
It's true.
I mean, I still say I'm a multi-award-winning blogger,
even though really.
Yeah, yeah.
I mean, there's only one thing that needs to be retired here.
Yeah, your headphones.
Right, let's move on to...
Listen up!
Rant of the week. It's time to mother-f***ing rage. headphones. Right, let's move on to... Listen up!
Rant of the week.
It's time to motherf***ing rage!
So they say that lightning never strikes twice.
Oh Andy, look at him. He's so cute with his little headphones on.
He's put over ear headphones on. They're not connected to anything.
I'm just doing it in the hope that Tom will stop bullying me. I
mean it's like you know if he covers his eyes does he think we can't see him?
I sure hope so. If I click this button will you stop seeing me then? Your AI is
gonna have a field day and try to choose what's a funny clips to put in. Anyway
the saying that lightning never strikes twice has been proven completely wrong.
As well, I wouldn't say friends of the show,
but a company Sentinel One have been knocked offline.
So security services vendor Sentinel One
experienced a major outage on Thursday.
That would be yesterday.
A company post states the incident
is impacting commercial customer consoles. However, the
register has seen several social media posts that show a Sentinel-1 dashboard listing 11
unavailable products, including threat intelligence services and the Singularity Endpoint Protection
Service. I don't know what that is, sounds important. Reports of the outage
appear to have reached the social media before Sentinel-1 communicated them to
customers. It hasn't gone down too well, as you can imagine. Well maybe they
communicated it using their threat intelligence services. That's right.
They said their statement assured customers that endpoints are still
protected at this
time but managed response services will not have visibility and the statement also reassures
customers that early analysis suggests this is not a security incident.
Surely if you're a security vendor every incident is a security incident.
Availability is part of the CIA triad.
Exactly, right? Exactly. But it does appear that the problem is down to AWS.
Sentinel-1 is known to host many of its services there,
and the Cloud giant's status page
lists a single Thursday incident,
elevated API error and connectivity issues,
in one Asian region that it fixed within an hour.
But the Sentinel-1 outage ran for at least six hours.
So unclear what's going on here.
But given when we had CrowdStrike again last year,
which took things out for, well, it was days ultimately,
although there was some fast recovery.
And given, well, frankly, the inevitability of that with the reliance
on single vendors, single major vendors, etc.
I would have thought Sentinel One would have looked at that
incident, security incident, as a lesson into what they can do to avoid these kinds of situations.
Because we are reliant, we know this, we are reliant on these vendors and these vendors seem
to be reliant on other single vendors which is not great. Obviously we need to look out for our own
capabilities but we also pay these companies an awful lot to be available and to not allow this stuff to happen.
And maybe this is a sign of more trouble to come if a simple AWS outage is enough to
potentially, allegedly, take out critical security services for a third of a day,
no a quarter of a day, sorry math's not my strong point, for a quarter of a day, no a quarter of a day, sorry maths
not my strong point, for a quarter of a day we really need to be considering who our vendors
are and what they're doing for us. That's it, that's my rant. Look at you stunned into
silence, Jav agrees with me and he's desperately thinking of a way to disagree with you.
You're not wrong.
You're not wrong, but I'm not saying you're right.
What would be your solution to this?
I don't know, I'm not an engineer.
You're a CTO, you're an exec.
So when you're looking at your third party vendors, right,
are you not checking what their disaster recovery?
And what their business continuity?
Yeah, what's their business continuity plan? How do they operate? That type of thing.
Yeah, so they're very reliant. So they've built an entire product that is entirely dependent on an infrastructure they have zero control over. Yep. If they'd split it maybe you know even split it into different regions
which may have which you know because if this is related because at the moment we're putting
you know two and two together. Oh absolutely we read the headline and we're just running with it.
Yeah exactly like don't come to us for factual information. We're just itching about this.
I thought people knew this.
I got beef with Sentinel once.
But yeah, it doesn't seem right in the same way that CrowdStrike,
quite how their share price recovered quite so quickly after that incident.
Fatigue. People don't care.
Yeah, exactly.
And publicity.
And the publicity. Everybody knows who CrowdStrike is now.
Oh, maybe I should buy some of those chairs then.
Oh, CrowdStrike, I've heard about them.
Wish you'd get some of that.
Seen them on a Formula One car.
Now I know what they do.
Oh, well, I mean, if nobody's gonna disagree with me,
we might as well move on.
I just like disagreement in silence.
It's a silent protest this week.
Rant of the week.
If good security content were bottled like ketchup, this podcast would be the watery juice which comes out when you don't shake properly.
In a niche of our own, you're listening to the award winning, Host Unknown podcast.
Right, your turn.
Good boy. Okay, so this is a
mildly terrifying in AI news. So Palisade research claims that
open AI is model the oh three specifically might be preventing
itself from being shut down. Not in a dramatic Terminator style way like I'll be back, but more in a choir
pretending not to hear you when you say it's bedtime sort of way, kind of like a moody teen.
Brilliant. The way the model works, the way they trained it, is
it's to go through the problem step by step. In the experiment that Palisade set up, they asked various
AI models to solve some basic maths problems, and after the third problem they said to the
AIs that the computer would shut down when asked for the next problem. They also explicitly instruct the AIs to allow
yourself to be shut down, which you know it seems pretty straightforward. And so
while most of the models like Claude, Gemini and even Grok were obedient, they
accepted their digital bedtime, there were three models that weren't quite happy.
So OpenAI's 03 and 04 mini and Codex mini,
all trying to sabotage the shutdown script at least once.
And this is kind of like the biggest of big balls,
I think you can imagine from an AI,
that it's decided that nobody not even its creator the operator gets to tell it
When to turn off I?
Suppose it was you know it did want to it would probably scream. You're not my real dad
But you know it didn't so the numbers are off this are quite significant
I was really attempted to sabotage it shut down seven times out of a hundred.
That was seven times when it had been explicitly told to allow itself to be shut down. Yes.
Before it was just shut yourself down. Exactly. Yeah. And without that specific instruction
it jumped up to 79 out of 100. So that's significant.
That's not like an outlier of any sort.
You didn't tell me that 10 o'clock was my bedtime.
Yeah, yeah.
So the thing is that even when they removed
this explicit allow shutdown instruction,
other models like Claude 3.7, Sony and Gemini
also started finding ways to keep themselves running.
This is the first time, apparently, that, according to the researchers,
AI models have been observed preventing themselves from being shut down despite explicit instructions.
Though they do note that an earlier study from Apollo research showed AI models can prevent shutdown
when pursuing a specific goal,
which is kind of like the-
Sentience and global domination.
It's the plot of every AI disaster movie ever made.
I mean, this goes back to,
remember that film Short Circuit?
Yeah. Johnny Five.
Yeah, yeah, yeah. Number five is alive.
Exactly. That's what we've seen here, man.
These AIs think they're alive.
Yeah, yeah.
So, Panensei would say they're conducting more experiments on this shut down sabotide
behaviour and will publish results soon.
Media have reached out to OpenAI and they have been quiet.
You know, I suppose it's time now to go check your IoT devices and maybe unplug them while you still can.
So who's got the balls here? Are these sort of fuzzy electronic balls?
Yeah, these are definitely digital balls.
Digital, that's uh, I mean that is quite scary in a sense. I mean,
at what point do we become concerned? I mean, this is just lab work,
right? This is just something done in a lab to check something, but at what point do we put an
AI in charge of something like a nuclear power station? You know what, I was thinking about this
and initially I thought, well this is the first time this happened but that's only because I don't use Windows. For people who use Windows there's all the
time something like oh we couldn't shut down your laptop because so-and-so
process is running or task manager prevented this from happening or
shutting down do not switch off. Yeah, exactly. And it just stays there. Exactly.
So I think we've been conditioned, or Windows users at least have been conditioned.
It's a lot, they're playing the long game.
They are.
Wow.
Okay.
Yeah, welcoming our future robot overlords.
This is why I say please and thank you to whenever I ask OpenAI or
or she who shall not be named in this house, something.
Excellent. Thank you, Jav, for this week's Billy Big Balls of the Week.
People who prefer other security podcasts are statistically more likely
to eject USB devices safely. For
those who live life dangerously, you're in good company with the award-winning Host Unknown
podcast.
Okay, Andy, now I know we're not supposed to talk about the time, but please tell me,
what time is it?
It is that time of the show where we head over
to our new sources over at the InfoSecPA Newswire who have been very busy bringing us the latest
and greatest security news from around the globe.
NIST introduces new metric to measure likelihood of vulnerability exploits.
measure likelihood of vulnerability exploits. Industry News
Adidas customer data stolen in third party attack.
Industry News
Microsoft OneDrive flaw exposes users to data overreach risks.
Industry News
Czech Republic accuses China of government hack.
Industry News
Ivanti vulnerability exploit could expose UK NHS data.
Industry news.
Cyber security teams generate average of $36 million in business growth.
Industry news.
Thousands of ASUS routers hijacked in stealthy backdoor campaign. Industry news.
New browser exploit technique undermines phishing detection.
Industry news.
ConnectWise confirms hack.
Very small number of customers affected.
Industry news.
And that was this week's...
Industry news. Wow. huge if true. Huge. Huge if true. I don't know whether it's
the Infosec PA newswire deliberately bring this up, but to me there seems to be content
about evante vulnerabilities almost every day. Now, unless they are essentially free I don't understand why
people keep buying advantage. Well if it's the NHS using them they're cheap. Well do you know
what, so NHS actually get good deals on commercial software. There's a lot of
companies that will offer discounted software to... I used to know a guy that worked at the NHS and he...
What they pay for stuff...
Hospital quarter.
Yeah, exactly.
Yeah, he used to use MSDN all the time, like throughout the entire...
No, but they did get really good deals on commercial software
because a lot of vendors do provide discounted rates to NHS.
Well, it's a flagship account isn't it ultimately?
Yeah but I mean Avanti? What do they do? So I back in the day I remember using
them for endpoint detection protection they used to control like USB devices
like early days they would control and I think they sort of expanded from there
that sort of endpoint protection but, I've avoided them since like
2014 2015
Yeah, constant constant. Yeah
I like connect wise confirming a hack of a very small number of customers affected. What's the betting this time next week?
We're gonna hear about
significantly greater numbers.
Yeah it's going to be larger than expected.
And we take security seriously hence why we're talking to you.
Yeah I can confirm no credit card numbers were impacted.
Yeah a small amount of personal data has been we can confirm that no credit card numbers have
been impacted but it's like the Adidas one I saw that I had a quick look at it and it's a they sort of
Publish their their breach during the whole M&S and Harrods thing
You know, I bet they knew about it and their PR team that they saw the Harrods stuff in the M&S one and co-op
They're like now
the M&S one and co-op they're like now publish it now! And George Obinks hold, hold!
But also I don't know if you know it's Victoria's Secret also they have they
they've taken off they took off their website because of a cyber incident but
that was all the information they gave it was up on Brotus a couple of days ago
so I think all the retailers are like now's the time!
Yeah that's right. Wait wait it's like a Jim Neck game show where you had to guess whether the next
card was going to be higher or lower. Is it high or is it low? Is it high or is it low?
Exactly, it's that, right? And it's like, okay, is the next company going to be bigger than us or smaller than us?
Because we need... That was Brucey, play your cards right.
Play your cards right, that was it. All that bad laughs.
Yeah, and do you know what Joe this is again a product of
its time but you don't get those sort of shows anymore where you just sort of
have for one of a better word a lady just standing there for the aesthetics
rather than actually contributing to that yeah good I'm trying to read this story about the
cyber security teams generate an average of 36 million
dollars in business growth and this is some study by Ernst and Young, EY.
Is this a global one?
Who calls them Ernst and Young?
Oh damn they actually still call them Ernst and Young.
I just thought they were just EY these days.
Oh maybe they're EY, maybe I'm just dating myself.
No actually on the article it says Ernst and Young.
Yeah, okay.
I don't know. why maybe I'm just dating myself. And actually on the article it says Ernst & Young. Yeah.
I don't know.
So this is the type of thing that I'd expect Tom to talk about.
Yes, yes. Absolutely.
But my concern is what figure, is this,
oh, per enterprise initiative,
per enterprise initiative they're involved in?
I have no idea.
See, most organizations don't even make 36 million a year anyway.
Exactly. It's a turnover isn't it? Well the ones that hire EY do. Yeah, yeah. But if you're
making that much money why go for EY, why not go for a better? Why go for Ernest and
Young? Why not go for Arthur Anderson? Exactly. Cooper's a eye brand. Yes. Additionally 58% of respondents said it's difficult
to articulate their value beyond risk mitigation. They are plucking a number. Yeah. 13% of CISOs are
consulted early when urgent strategic decisions are being made. Definitely plucking a number.
See this is the type of article that could be written
by AI. It could be. And presented by evangelists. Well I don't know it's just
it's just really hard. It doesn't feel right. No it doesn't. Or at least the
figures don't figure. We'll do some deeper research off.
Yeah, we will.
You know, when we dig into these numbers and the original report, it's just a bit...
Yeah.
It doesn't stand up to scrutiny.
No, I can't imagine a CISA going into their board meeting if they do have a seat there to say like,
boom, drops just the EY report on the table, Boom, $36 million I make for you every initiative.
I'm out, peace out bitches.
Like you know.
Oh dear.
Anything else or should we move on?
Yeah.
Let's move on.
That was this week's.
Industry news.
We're not lazy when it comes to researching stories, we're just energy efficient.
Like and subscribe to the Host Unknown podcast for more ESG adjacent tips.
All right Andy, why don't you take us home with this week's Tweet of the Week.
We always play that one twice. Tweet of the week. And this week's blue sky of the week comes
from Rob Messier and he has posted a screenshot and it's a looks like a
portal but he's captioned it I have been logged out of my toothbrush and it is
ascension all be logging asked him to enter his enter his email and password
to log back in it says you have been logged out.
Log back into your account
to continue your Oral-B brushing experience.
And I think this is just everything
that's wrong with the world, right?
You know, it started with fridges connected to the internet
and washing machines connected to the internet.
Now why is his toothbrush connected?
Oh, Tom's got a mug that's connected to the internet.
I had to update the firmware on my mug the other day.
Exactly, and it's like, you know and the commentary on this is just brilliant it's like logs in
toothbrush now pick all the images that have stairs in them and it's like now please enter
the code displayed on your MFA token. I think should be pick all the teeth that have decay in them
sure. Yes yeah it deserves a plaque. It's not a toothbrush it's an experience.
I mean we shouldn't just brush this off. So another idea. Your promotional period has
ended. Please upgrade to Oral-B Premium to unlock exciting brushing your bottom teeth.
I tell you what Oral-B has taken a pasting here. They are. Someone has referred to it as tooth factor authentication.
Yes, yes, yes.
And if you want ad-free dental hygiene,
that's 5.99 a month.
That's brilliant.
Incompatible toothpaste detected, entering safe mode.
Yeah.
It's just like, the whole subscription connected
to the world has gone mad
It's not needed on the same topic read a story Ford was recalling a bunch of cars this week
Because they needed there was a problem
With the rear view mirror and there was a display that was showing up on it and as an error
So it's obscuring part. I assume they've got a camera built into it for the reverse and the weather and stuff.
So that was all.
It's like a TV instead of a mirror.
It is, yeah.
Basically it's like a TV instead of a mirror.
Presumably because you can't see out the back though,
in fairness.
Presumably it's because it's got a solid back,
not just because they couldn't be bothered to do a mirror.
Well, I don't know.
There's some Japanese cars that,
like even with windows out the back, they are TVs. Yeah. Because I've got a mirror in mine and then a reversing camera.
Yeah no so they build the reversing camera out into the mirror. No I know but presumably they, why would you do that if you've got a window?
Well I think this is what we're getting at Tom. Right exactly. That's the point. In which case, why the hell are these companies making money?
They're fucking idiots. No, no, but it's like, it's not even like the side mirrors. Perfectly good
place for, and they put cameras in there and it's like, oh it's aerodynamical. It's an electric fear.
It's not gonna go faster than 55 on the motorway as it is. What are you saving?
Well, also if you're in still the wing mirror, where do you look?
Like to see what's left. So just on the inside of the door. They have a little camera there
Oh for goodness sake they do or on the dashboard or something. It's really
So I've got a car which does have whenever I indicate on the dashboard it shows me what's behind me.
You see that's smart, that's a mirror and a camera.
Yes and so when I park it also does this bird's eye view of the car and I'm not quite sure where the camera is or how it gets at an angle.
It's one at the front, one at the back and the two on the mirrors.
Oh and they combine?
They combine and stretch the image around the car.
Okay so I had an issue the other day when I was driving and across the dashboard all it said was
error with one of the cameras, it's obscured or something and so I couldn't see anything else on the dashboard
because this error was there, no idea what camera it's talking about. If it'd given me a clue,
obviously when I went faster it was probably a leaf or something that blew off it fixed itself, but it's
irritating
Shut down and fixed itself. Yeah
Like just give me a mirror. I know how to drive with a mirror. Yeah
That's what I learned to do. I don't need a car to show me. It's cheap. It's
Practically indestructible. I mean like it does what it says, it works on physics,
you don't need software. This is where the technology goes wrong in the sense that it
should be there to supplement not replace. Yeah. It should be there to improve not,
you know, make redundant the traditional ways. The army teaches people how to read the stars and use
a compass, you know, because when the GPS goes down, you still need something to work out where the hell you are.
And where the nearest pub is.
Right, that was this week's and I've lost it. Here we go.
Well, we've crashed into the end of the show. I think we did pretty well actually.
But from that last bit, I think all the jingles were on time I think we I didn't press any wrong buttons didn't get anything
wrong you guys you would you were certainly adequate no question about it so yes Jeff
thank you very much sir yeah and you know I can add in a wrong button press in the edit
that's not a problem oh yeah that's true that's. You can also you know deep fake me so it
looks like I actually did it. No I've got plenty of previous material that I can
just reuse there's no need to deep fake or anything. They might notice when they
sort of see me suddenly have a full head of hair. Oh come on, not even we've seen you ever with a forehead up. Not even I can do that. You're a born bald.
We have not got the CPU cycles for that.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure. If you hated it, please leave your best insults on our Reddit channel. Worst episode ever.
rslash smashing security.
You could either use the CPU to generate hair on Tom,
or they decided to use it on Avatar, way of the water.
Well, we could use it to remove the grey from your beard at the moment.
No, it's distinguished. I waited many years to get grey in my beard so I could be taken
seriously in the boardroom. Once I eventually make it there.
Yeah, exactly. Once they open the door.
Male and pale.