The Host Unknown Podcast - Episode 222 - The Disappearing Episodes Episode
Episode Date: March 3, 2025This week in InfoSec (11:22)With content liberated from the “today in infosec” twitter account and further afield27th February 2002: Timothy Allen Lloyd was sentenced to 41 months in prison for ...activating a logic bomb at Omega Engineering, 20 days after being fired as a network administrator.https://x.com/todayininfosec/status/1895255588881474024 18th February 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets. The incident was a...well...Whopper! https://x.com/todayininfosec/status/1891999132866183322 Rant of the Week (17:34)Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.The military man even Google searched for "can hacking be treason," and "US military personnel defecting to Russia," according to prosecutors who argue he poses a serious flight risk and should be detained.Cameron John Wagenius, 21, was arrested in Texas in December, and last week told a federal court judge he intends to plead guilty to unlawfully posting and transferring confidential phone records. Prosecutors have also linked Wagenius to two other men accused of stealing data from more than 150 Snowflake cloud accounts in April 2024, and then demanding payment to keep a lid on that info.After admitting his crimes in court, and showing a willingness to enter a guilty plea, "Wagenius should be detained as both a danger to the community — given his ability to access sensitive datasets — and a serious risk of flight," Uncle Sam's attorneys argued."While engaged in these criminal activities, Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service," the documents allege. Billy Big Balls of the Week (24:32)100-plus spies fired after NSA internal chat board used for kinky sex talkMore than 100 US spies have been fired, and their security clearance revoked, after an internal NSA messaging system was used by staff to chat about their sex lives.After the NSA – the National Security Agency, that is, not the other meaning – confirmed on state media it was "aware of posts that appear to show inappropriate discussions" by intelligence community employees and that "investigations to address this misuse of government systems are ongoing," Trump's Director of National Intelligence Tulsi Gabbard announced more than 100 people had since been terminated.The messaging app in question is the NSA's Intelink, a secure intranet service used by various American military and intelligence teams to share information, including top secret and classified threat intel.Federal workers said to have been involved in the NSFW Intelink chatter included personnel at the NSA, the Defense Intelligence Agency, and US Naval Intelligence."There are over 100 people from across the intelligence community that contributed to and participated in … what is really just an egregious violation of trust," Gabbard told Fox News commentator Jesse Watters Tuesday. "What to speak of, like basic rules and standards around professionalism." Industry News (32:54)Chinese-Backed Silver Fox Plants Backdoors in Healthcare NetworksRansomware Gang Publishes Stolen Genea IVF Patient DataHaveIBeenPwned Adds 244 Million Passwords Stolen By InfostealersSignal May Exit Sweden If Government Imposes Encryption BackdoorDISA Global Solutions Confirms Data Breach Affecting 3.3M PeopleFBI Confirms North Korea’s Lazarus Group as Bybit Crypto HackersOpenSSF Publishes Security Framework for Open Source SoftwareSoftware Vulnerabilities Take Almost Nine Months to PatchDragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen Tweet of the Week (42:59)https://x.com/roytait/status/1895224942565970354 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Episode 222, we started this year with a bang. I'm telling you, we started this year with
a bang.
It's going so fast.
Absolutely.
We are so many episodes in, I actually thought we weren't going to start too well this year,
but we did well.
No, I think it's been flying and for once I've actually been enjoying chatting to you
too, so you know.
Yeah, I know. Quick question, Jeff.
That social media manager that you hired for us,
where did you get him from?
So I can't, it wasn't five, it wasn't people per hour.
Was it an AI one, or was it Indian?
No, it was some bespoke service out of Thailand.
I think they law people there with offers of jobs
and then they lock them up in a compound.
And if they're no good at romance scams they put them on social media campaigns.
So I'm just checking the website and it says our last episode that was published was only
211.
What?
What?
We've been talking all this, we've been putting out quality content, I
mean probably our best yet. Like the award-winning stuff? The award-winning
stuff, like since before New Year's Day. Do you think you can get hold of your
guy Jav and just sort of see what's going on. Hold on a second.
I don't know, he works for this place called Smashing, Smashing Content or something, Smashing Media.
You're listening to the Host Unknown Podcast.
Hello, hello, hello.
Good morning, good afternoon, good evening from wherever you are joining us and welcome to episode...
Two hundred and sixteen!
Two hundred and twenty six.
I'm ahead of you again. It's two hundred and twenty two isn't it?
Well it should be two hundred and twenty six but we're missing ten.
Geez. Of the Host Unknown podcast.
Welcome, welcome one and all.
It's, yes, here we are, just 10 plus weeks into the year.
We've already been, well, wowing you and dazzling you
with the fluff and frippery of the Infosec world.
Hope you've been enjoying it so far.
Jav, how are you?
I'm very good.
I'm a new man.
I'm changed.
I last week-
You're half a man, more like.
Well, last week I just got back
from a mini pilgrimage to Mecca.
And that was all very nice.
Is that Mecca bingo hall near you?
Oh dear. No, not that one. and uh that was very nice. It's like Maccabingo Hall near you.
Oh dear. Um no not that one but it was actually really nice. I completely disconnected. I I put my emails to not synchronize. I took off slack and everything. You broke our streak.
I broke our streak on TikTok and what it was a sacrifice sacrifice that needed to be done.
Did you go on the pilgrimage to beg forgiveness?
Yeah, you better have.
I had a lot to beg forgiveness for and TikTok was not going to help.
Did you beg forgiveness for what Andy's going to do to you now?
No Andy, I came back and Andy had sent me a TikTok where one guy had set fire to his
friend's house after he let his 300 or so streak expire.
That's oddly specific. And I've now put up extra cameras around my house.
Oh man. Hilarious. Are you back home now? I am back home, yes. I am back home. I was
back and then I had an event to go to in
Ireland yesterday which was good fun. There and back in a day? No I went the
night before I went I took the late night flight up there. You do about there and
back in a day as if it's like four like yeah you got it like five minutes more than an overnight bag yeah exactly.
It's just an excuse for a decent hotel for a night or two, as far as I'm concerned.
I mean, that's what Iriscon is about, right?
The night before, the night of.
A good night's sleep.
Yeah.
Yeah, exactly.
You know, you don't just go there for the work, you go there for the play.
I know, I know.
My family is just really fed up of me travelling.
At the moment, every time I go, I get more and more crap from...
Yeah, but...
Cos I'm not there to do the school run and...
But by that logic, that would mean you would want to stay away more,
cos all you do is come back to crap.
What I want and what I do are two different things,
but it's for the greater good. It's all good.
Anyway, talking of giving you lots of crap Andy how are you Joe you could have gone with something nice
like talking of the greater good but no you chose violence only because I know
what's coming I actually saw you yesterday Tom we had a good catch up we
called a Host Unknown board
meeting, all of the members of Host Unknown attended apart from Mr Cluley who sent his
apologies.
It's been a busy week, it's been a busy couple of weeks.
I went to my own Mecca, I went to Mauritius to catch a bit of sun. Back to the motherland. Nothing like going for a nice swim in the morning before work,
eating lots of good food. It's a big bath. The Indian Ocean's a lovely big bath.
Is it the Indian Ocean? I mean I believe bodies of water are being renamed Willy Milly at the moment.
Is it now the Pakistani Ocean?
It's the Gulf of
America's, sorry, the Chagos American Islands,
the water of the Chagos American Islands now.
Yeah, I could hear the sound of eagles
I could hear the sound of eagles courting above me and the smell of oil and freedom coming through the skies.
Welcome to freedom motherfuckers!
There's just been too much content.
Every day is another day.
I literally logged in, literally tried to find a tweet of the week and the first thing I see is something from Elon Musk saying he's hiring air traffic controllers.
If you're retired, then please consider coming back.
Is there something wrong with the ones we've already got? Well the ones they sacked right? So this is the like I actually thought it was a joke and I'm like am I so out of
touch with Twitter that I now no longer know what is a fake tweet anymore? But this is
like his genuine account. It's like I'm going I just I don't know what's going on. It's
taking off. Did you see in Canada there's that plane that
landed really hard and tipped over a few weeks ago yeah yeah ended up on this
thing and have you seen the oh because of the wing that came off no I don't
know whether the wing came off but it landed the right wing fell off all right
all right but that particular airline,
and I can't remember the airline.
United, wasn't it?
No, but it was subject to it.
Delta, yeah, it's one of Delta's subsidiaries, sorry, yeah.
Yeah, it was a subsidiary airline.
And they had to tweet out from before,
I don't know how long before,
saying that we're proud to fly an all-female crew,
like all the pilots, the co-pilots,
the staff are all female.
And so the amount of memes that came out after that
was like that tweet followed by a picture
of a plane upside down.
And I was like, I logged on and I saw that
and I thought, this is what the world's coming for.
No one's telling me has anyone died or survived or anything.
They're just like making jokes about the right wing coming off and about women
flying the plane and I thought yeah I'm not built for this website anymore.
This sums up Twitter at the moment and most of the USA.
And talking of depression Mr Lang, how are you doing sir?
That sounds about right. A depressed midlife crisis.
I think you're stretching the term midlife there Tom.
Very. We're in the last innings here folks.
Second life. I'm like that dude on Prometheus who's looking for the elixir of life.
Second midlife. Jeez man, when you were at school they didn't call it history, they just got you to talk about what you were doing.
Oh no, hang on, we've got something for that haven't we?
Bit rusty, hasn't it?
There we go.
Yeah, very good, very good. New job is going well. I've been traveling Prague and Cologne
so far, Dublin very soon, Stockholm, Paris, Brussels, Leeds.
Oh wow, you get all the glamorous places and I saw your boss was in Australia the other
day, I saw on LinkedIn.
I know, he gets the good shit, I get the other day I saw on LinkedIn. I know, I know he gets the good shit I get the
other stuff. Ranked has privilege. Exactly but yes at the at the shareholders meeting yesterday
the board meeting yesterday Andy and I had a good catch up we're at the Tice London event which was
good fun to say the least. Long day though, I didn't get home till 10 o'clock.
Oh god that is late these days, did you get a hot cup of camomile from Costa on the way back?
No, no because I got in my car to come back, you know in the back seat of the car. Got back to
the Duchess of Ladywell's towers as it were. It's much closer than your place.
Exactly a little bit. I had a nice cup of tea and went to bed.
But yes it's been a fun week to say the least. Shall we see, talking about fun weeks or weeks of
fun, shall we see what we've got coming up for you today?
This week in Inversec uses a phrase
for the oldies in the room, logic bomb.
Rant of the week warns of what not to search
after committing a crime.
Billy Big Balls is a reminder that chats
on company networks are not private.
Industry News is the latest and greatest good
to news stories from around the world. And Tweet of the news is the latest and greatest security news story from around the world
and tweet of the week is the reason, the very reason why you are hearing our dulcet tones today.
So without further ado should we move on to our favorite part of the show it's the part of show Cool. This week in InfoSec.
It is that time of the show where we take a trip down InfoSec memory lane with content
liberated from the Today in InfoSec Twitter account and further afield. And today our first story takes us
back a mere 23 years when Timothy Allen Lloyd was sentenced to 41 months in prison for activating
a logic bomb and a meager engineering. 20 days after being fired isn't great timing on that one I think the reflexes
are sharp as ever
yeah no one's gonna notice don't worry fix it in post right?
They normally phase out. They normally fast forward this.
This is like Drax shouting, look out Mantis,
just after you've been hit and knocked out.
Exactly, yeah.
Anyway.
Anyway, yeah, so this guy, Tim Allenloy, is a meager engineering network admin until
he was fired in 1996.
But before leaving, obviously he planted a logic bomb that triggered 20 days
later and it raised basically lots of software cost the firm millions
according to the case. So investigators linked the sabotage to Lloyd who was
actually convicted four years later in 2000 but it wasn't until 2002 when he
was actually sentenced to 41 months in prison. There's one of those cases that sort of underline
the threat posed by insiders and, you know,
the importance of security measures.
But what I liked about this when I saw it
was actually seeing the word logic bomb.
It's not something that you see these days.
I don't remember back in the old days,
all security books sort of,
they had like the glossary and stuff
and you'd see things in there like Trojan horse, macro virus like all of these types of things you just don't get these
things could explain to us all the things that Graham knows about yeah yeah
it's a shame we don't have that that kind of cool stuff when I saw logic bomb all I
could think of was almost like a Hollywood movie so you know like the
standard trope where, you know,
the criminal's away and then he presses a button
and then it zooms in onto like the scene
and the people walking by and children playing
and a balloon, holding a balloon, and then a boom,
a big explosion goes off and the balloon floats off
by itself and all that sort of thing.
But with a logic bomb, nothing happens at all.
And then it zooms into a server room
and a little light goes, pink, and that's it.
And this is how you explain your job to your kids, isn't it?
Yes.
That's exactly it.
And if I don't do my job right,
you could let go of your balloon.
See, I much prefer the speed,
sort of the movie speed with Keanu Reeves in it, like,
you know, as soon as you go over 50, it's triggered, it's armed, and then as soon as
you go below 50, the bomb explodes.
And I thought that was like, you know, that's how I explained it to, how it was explained
to me back in the day.
What, your job?
Yeah.
But never getting in the back of your Uber again.
Oh, alas. Our second story.
Oh no, we had to fire the DEI officer, didn't we?
Oh, OK, that's a wicked...
As you were, Tom.
Our second story.
It's allowed. The leader of the free world said it's OK.
It takes us back a mere 12 years to Burger King's Twitter account when it was compromised.
It had its name changed to McDonald's and shared offensive tweets.
The incident was, well, a whopper.
I know, I know.
I see what you did there. Hang on.
I know, I know. I see what you did there.
Hang on.
So yeah, they-
I'm so on it.
So obviously lots of offensive tweets were posted,
lots of banter, all of it.
But this has got me thinking,
like these days, you see all these brands,
they actually interact with each other on social media.
Yeah, really, yeah.
Right now, they will actually go after each other directly.
You don't need to hack an account to do it.
Their own social admin team is doing it
against other brands.
But yeah, I guess it's cool to be mean
to other people these days.
That's not how we used to roll.
My point from the previous story is proven.
You two are just like the Blake Lively and Ryan Reynolds in the room right now. That's all I've got to say. That's the vibes I'm getting from you.
OK, you know what? I am.
I'm starting just starting.
The cracks are just showing
of me questioning my love for Ryan Reynolds.
Oh, finally. See this.
If you were on TikTok, you would have known the truth months ago, instead
of being blinded by the fake media. Honestly.
You mean I'd have found out only a week after you because you were not connected for so
long.
No, actually before I went, I was... I was caught up to everything.
Geoff didn't leave until he knew the latest. Yeah.
God will forgive me for this.
Ryan Gosling is the number one Ryan in my books now.
It's getting there.
I've just got to do some of my own research first.
Right, that was this week's...
This week in Info Search. Right that was this week's. Just a note from the leader of the free world, I thought it was worth just pointing that
out.
The host unknown podcast, orally delivering the warm and fuzzy feeling you get when you
pee yourself.
Okay, let's move on, shall we?
Very quickly to...
Listen up!
Rant of the week.
It's time to motherf***ing rage!
All right, this week's rant of the week, it does have something to do with the US Army
So the headline reads army soldiers suspected of AT&T heist
googled can hacking be treason and
Defecting to Russia
Totally normal searches like that would have yeah that wouldn't have stood out at all.
Yeah the last one defected to Russia definitely not. But this US Army soldier
who suspected of compromising an AT&T, sorry AT&T and bragging about getting his
hands on President Trump's call logs,
allegedly tried to sell that stolen information
then to a foreign intel agent.
Why would any foreigner want his Uber Eats orders?
I know, I know, right?
Or his call transcripts.
Oh, hi Vladimir, hi.
Hi, it's me, it's Donald. how are you doing? Do you still love me?
But one this tells me that maybe the US, this US Army soldier was perhaps more
left of centre than right of centre if he's bragging about getting Trump's
call logs, but it does tell you that it doesn't matter
which side of the fence you're on,
there are dumb people everywhere, everywhere.
One, why would you do this?
I mean, you know, bored could be a hobby or something.
Two, why would you then brag about it
after having done something totally illegal? It's a bit like those robbers who
stole the massive diamonds that was in the O2 arena during the 2000 millennium celebrations,
remember that? Yeah. But the police found out about it beforehand and swapped it out for a fake and
basically took them out beforehand. And the reason they did that was one of them was blagging about it in the pub about what he was going to do. So yeah the criminal
mind. Anyway so this as you said in the headline this this this military man in
adverting commas even Google searched for can hacking be
treason and US military personnel defecting to Russia according to
prosecutors who argue he poses
a serious flight risk, funnily enough.
The chap's name, Cameron John Wagenius.
Oh my God, this couldn't be more ironic if you tried.
21, so obviously still a child, effectively,
was arrested in Texas.
Oh God, it just, it all lines up. It really does.
Young man known as genius his entire life lives in Texas.
And last week told a federal court judge he intends to plead guilty,
well because he is, in April 2024 and then demanding I know I'm sorry plead guilty
to unlawfully posting and transferring confidential phone records
Prosecutors said they've also linked
Wagenius to two other men accused of stealing data from more than
150
Snowflake cloud accounts now. I can't it's a it't, it's a snowflake with a capital S,
so I'm not sure if that's a bunch of woke people or whether it's something else. I haven't quite
worked it out. I've not worked it out, no. And then demanding payment to keep a lid on that info.
After admitting his crimes in court and showing a willingness to enter a pleety gil,
After admitting his crimes in court and showing a willingness to enter a pleety gil, a pleety gil, guilty plea, Wagenius should be detained as both a danger to the
community given his ability to access access sensitive data sets, I mean really
please, and a serious risk of flight after you know searching on how to
defect to Russia. While engaged in
these criminal activities were genius conducted online searches about how to
defect to countries that do not extradite to the United States. I mean the
rant here I'd almost make him a Billy Big Balls in the sense that the guy thinks he's a
criminal fucking genius
and has got all angles covered.
Do you know what, I don't know what they put in those crayons that the US, but he's eaten
far too many of them.
Oh my god, well no, he's not even a Marine. He's not even a Marine, he's just regular
US, he couldn't even graduate to eating crayons. I think, you know, I think he's probably pushed
a few too many of them up his bum or something.
It's kind of affected his bloodstream.
He just... Dear God, the rant here is, if you are called Wogenius and you are not Wogenius,
don't do crimes, man. Don't do stupid crap like this. Incredible. Now, now jav tell me you're on the side of
wagenius here no the only thing i disagree with you tom is that even if you are a genuine wagenius
don't do this don't do crime yes yes yeah that's fair actually that's totally fair if if i was in
any way indicating that if you were
and a real were genius, I think we should replace
the word genius with the word were genius.
I think it's a very good one.
Then, if you really are, then don't do the crime.
Don't do the crime anyway.
Just go home, you know, pleasure yourself
and then you'll feel better afterwards.
And you'll have a little bit of clarity
and you won't do stuff but dig.
By pleasuring yourself Tom means go shoot some guns down the range.
Yes, yes and that is a euphemism.
Rant of the week.
In 2021 you voted us the most entertaining cyber security content amongst our peers in
2022 you crowned us the best cyber security podcast in Europe
You are listening to the double award-winning host unknown podcasts as you like them apples
Yeah, I was just listening to that as well thinking god that was calculator sounds three years ago the only the only recent
trophies we've got are the ones that I haven't given to smashing security they're
still on my shelf they're ours right yeah've i've taken the crayons out of their receptacle and i've scratched out smashing and putting the host on though
Right jav over to you
So, uh more than a hundred u.s spies, uh have been fired
um after an internal NSA messaging system was used by staff to
chat about their sex lives.
So the NSA is just like any other company then?
Yeah, with people who have sex lives.
Yeah, with sex lives and high levels of clearance.
So what's the difference between that?
Everybody has a sex life.
So anyway, the messaging app in question
is the NSA's Intel Link,
a secure intranet service used by various
American military and intelligence.
Hold on, sorry. My Google just popped up a notification, you need to update within the
hour, we will force you to update.
And I thought we weren't under communist regime.
Like this is just appalling.
Anyway, the, where was I?
It's the Intel Link, a secure internet service
used by various American military and intelligence teams
to share information, including top secret and classified
threat intel.
So federal workers who have been involved in the NSFW intel
link chatter include personnel at the NSA,
the Defense Intelligence Agency, and US Naval Intelligence.
And there are over 100 people
who contribute and participated.
What really is just an,
I don't know how to say this word,
egregious violation of trust.
Gabbard told Fox News commentator Jesse Walters.
Is this Tulsi Gabard?
I don't know.
What to speak of, like basic rules and standards around professionalism.
So I agree that it's an incorrect use of a system.
It's a secure system.
You're meant to be using it for Intel stuff, not that.
Having said that, these poor people, Madison Ashley has been compromised in the past,
Grinders has been, Tinder has been, where are they meant to go and meet other federal security cleared
agents who might share their interest in latex and dungeons? DM me afterwards, I'll let you know.
See, I actually think that you're on the right track with that in terms of it's used for
classified Intel top secret stuff.
So you know the security is good around it.
So you can be more open with you know it's a safe place to discuss things that they wouldn't want you discussing elsewhere
and you know the other people on there have just as much to lose as you do
mutually assured destruction absolutely which you know sounds seedy but it's true you want people
who are in a similar position who you're not going to who are not going to put you under pressure to do something later on that you don't want to do.
Exactly. And would you not rather your top secret agents keeping their dirty laundry
within internal systems? But it also does raise the second question, how secure is this system
really if someone had been somewhere? Yeah, who leaked it.
Yeah, someone had been somewhere and was someone was like oh look at this there was a
sleeper agent yeah but uh but yeah it's true i mean you kind of understand why it happened
it absolutely shouldn't have happened because this is not what the workplace systems are for
This is not what the workplace
systems are for
But everyone blows off steam somewhere though, don't they?
Being another
place Internally that they could have created their own environments
Well, so the way right so just looking at this right? So the way they did it. It's like
So this whole NSA interlink. It's like the secure internet
But it does say they only took over sort of to well they hijacked two channels
so LBTQA and I see pride
TWG oh
So these are the two
Dei channels this well, so it says it it's like that they were dei channels, so these were actual spaces to discuss this.
Well, so it says it, it's like they were DEI channels.
So I think this could be more fallout from Trump's dislike
of the phrase DEI.
Do you know, I thought this whole channel thing,
this whole communication was formally sharing of internal state secrets and stuff like that.
I didn't realise it was like a slack that allowed you to have discrete groups for various interests within the business.
In that case, they're being targeted.
I'm speculating based on the channel names.
Yeah, absolutely. But if this is the case, it sounds like they'll be targeted. I'm speculating based on the channel names. Yeah, absolutely.
But if this is the case, it sounds
like they're being targeted.
Unfortunately, you can't be targeted for DEI
anymore in the US because the president's
signed an executive order.
It's why planes are falling out the sky, god damn it.
So I'm with Andy.
I think this is a fallout exercise.
I think they needed an excuse to get rid of some people who weren't towing the line or
who weren't going to be...
Yeah, they weren't towing the line, they were towing something else.
Yeah.
Whatever.
That is the truth.
If they were toying Jeff in accounts.
Never stink someone's kink. You know, it's got to be true.
Absolutely. We don't judge.
But if what you say is true there, Andy, I'm appalled by this.
Seriously, I'm appalled by this.
I'm just speculating from the names.
No, absolutely. I just want to put it out there. I do not I'm just speculating from the names. No, absolutely.
I just want to put it out there, I do not have copies of these logs from the NSA.
Don't come for me, bro.
And I have not searched for how to defect from the UK to Cuba.
Yeah.
Just by chance, does anyone know if Pakistan has extradition treaties with UK or US?
I think it does actually.
It does, yeah, I know it does.
Seriously, I think it does.
Yeah, yeah.
But we've got a word from a spokesman, a DEI spokesman,
the person who's kind of like in charge
of all of these policies in the US.
In Springfield, they're eating the dogs.
So it's a very balanced response as you can see.
Very balanced.
Or as you can hear.
Anyway, Jav, thank you for that.
It's actually quite depressing, that one, I have to say.
But thank you very much, Jav, for this week's...
Billy Big Balls of the week.
People who prefer other security podcasts
are statistically more likely to eject USB devices safely.
For those who live life dangerously,
you're in good company with the award-winning
Host Unknown podcast.
Good Company with the award-winning Host Unknown podcast.
Right, Andy, I know it's I know you're busy. I know you've got things to do.
It's you know, it's a tough old week at work.
But I'm pretty sure we have some time, don't we?
And if so, what is the time?
It is that time of the show where we head over to our news sources over at the InfoSecPA
Newswire who have been very busy bringing us the latest and greatest security news from
around the globe.
Industry News
Chinese-backed silver fox plants back doors in healthcare networks.
Industry News
Ransomware Gang publishes stolen Janiya IVF patient data.
Industry News
Have I Been Pawned adds 244 million passwords stolen by infostealers.
Industry News 44 million passwords stolen by infostealers industry news
Signal may exit Sweden if government imposes encryption backdoor industry news
Deserve global solutions confirms data breach affecting 3.3 million people
industry news
FBI confirms North Korea's Lazarus group as Bybit Crypto Hacker
That was my story.
Industry news Open SSF publishes security framework for open source software
Industry news Software vulnerabilities take almost nine months to patch. Smooth guys.
Industry news.
Dragon Force ransomware hit Saudi firms.
Six terabytes of data stolen.
Industry news.
And that was this week's
Industry news.
Huge if true. No one noticed.
Huge.
If you hadn't said anything, nobody would have noticed.
It would have been fine.
Not even you.
Not even I would have noticed.
I mean, it's not like we haven't been doing this every week this year.
I know, I know.
It's all good.
It's all good.
So. So, one story that is missing here, and we might have covered it to couple of weeks ago, but I can't remember
is
You know the signal may exit Sweden if government imposes encryption backdoor is the Apple and the UK and
They turned off their
Last week as I recall. Yeah, I was probably on my pilgrimage then,
so that's why.
Yeah, I think you were.
But yeah, it's outrageous.
What the hell is going on?
And am I gonna change anything with my Apple account?
No. Absolutely not.
No.
And this is it, this is the way it's happening.
It's like, that's how they're gonna get you.
Yeah, because it's more hassle for me to do something else to to ditch my entire apple account and move to
I don't know a drop box or something dreadful like that
All I say is don't put anything in your notes anything confidential in notes or anything confidential in iCloud and obviously all your photos are already gone
um
And definitely don't use the NSA secret chat system,
because that's not secure either.
No, no.
Now I know why Angela from accounts laughs at me.
I'm gonna talk about the story,
if I can actually kill the cookies to let me read it.
While you're doing that can I just say, Jack, it's have I been pwned.
What did I say?
Porned.
That pilgrimage did not cure that particular addiction it would seem. I apologize for my lack of enunciation skills.
Right, cookies clear Andy?
Yes they are. So Chinese-backed silver fox plants back doors in healthcare networks.
Obviously not really one that we would typically pull out because there's nothing interesting to talk about on this. But it talks about, you know, Silver Fox's multi-stage malware campaign and allegedly targets American hospitals.
I do not believe any of the negative publicity about China when it's written, like when all the
news comes from US agencies and stuff like that. And I know it gonna sound like tin foil hat and I'm gonna put my tin foil hat on
Yes, China does this type of stuff. Yes, it is
Yeah, but is it state agency China literally just has to sit back and watch the US destroy itself at the moment
They have nothing to gain by sort of
Alerting them to stuff that they're doing. Like they're not even going
after these companies for money or anything like that. It's like it may be some guys in
China I actually just don't think they're state backed anymore. It's just rogue people
in China, very intelligent people doing stuff. But the Chinese government, they have nothing
to worry about.
No, no.
This data has been published by the agencies,
well, by the agencies, by Doge.
By Musk.
Yeah, exactly.
Exactly, exactly.
So this whole thing about China,
it reminds me of that poster, what does it say?
The lion does not care about the opinions of sheep.
And that's kind of like how China's probably
looking at America right now, thinking like,
why do I even care what you guys are talking about? Yeah
And and it's funny. I was talking to to a friend the other day and he's like even he was saying I'd rather
China have access to all my data than Elon. They they seem a lot more respectful with it. Yes, that's right
That's right. Yeah
Damn me
Okay, I want to go back to this
signal my exit Sweden again.
Just only because I always thought
Sweden as part of those Nordic
countries was much
more liberal.
Home of the Pirate Bay.
Yeah. Yeah. And had a much
more liberal approach to
we respect
privacy and encryption and all that sort of thing.
So I'm kind of surprised by this. Well, they're proposing a bill. It's for discussion, so.
Yeah, but it seems, you know, it's one step further than they were before, in my opinion.
So the bill proposes they want to grant the police force ability to request message history in
retrospect for individuals suspected of crimes.
So even if that, I think it's a step better than what say like the UK government want
with carte blanche access to everyone who may or may not be convicted of a crime or
someone we can we ever look through so we can see if we can convict someone of a crime?
A crime against fashion? Yeah.
With those clothes, darling?
That's if they looked in my picture.
As Signal said, like, you know, it would undermine their entire architecture.
Yeah.
And we'd never do that. So we'd rather leave the Swedish market completely.
Architecture. Yeah, and we'd never do that. So we'd rather leave the Swedish market completely
So all 17 of their users in Sweden would be devastated
Anything else Nothing interesting. No, I just thought there's software vulnerabilities take almost nine months to patch
You can make a baby in that long like what's taking so long?
You can make a baby in that long like what's taking so long?
To patch these right the only thing I will point out about this is it is a report from Vera code
and Being a previous customer of Veracode they they highlight a lot of vulnerabilities which are very low priority and you know
not really
feel like the the cost to patch them exceeds the value of the
you know exploit that could be realized.
So they take nine months because they're really not important.
Exactly yeah and they just get fixed as a byproduct of something else that happens in
the future.
Yeah or just decommissioned.
Yeah personal opinion that is by the way.
Obviously obviously Veracode if you'd like to sponsor the host of the way. Obviously, obviously.
Veracode, if you'd like to sponsor the Hostile Empire.
Absolutely, we're here for you guys.
We can do that thing where we sort of introduce you at the end,
pretend that we're in a room with you,
and then play your interview for 30 minutes.
And then we say something at the end like,
wow, that was really interesting.
Thank you so much for coming in.
And the listener is unaware
that we were never in the room together.
Exactly, exactly.
Or that you slipped us a big thick envelope
of cash under the table.
Or that, do you know what, just for real,
I will actually say, Tom,
someone sent an email offering to sponsor us the other day,
and you replied and said,
£5,000 per episode, non-negotiable,
and we get to insult you for 45 minutes.
And then we wonder why we don't get sponsors.
Yeah, but you know what their response was?
We're looking for organic growth.
And we're not, basically said, we're not basically said we're not gonna we were not gonna pay you we
just wanted you to be on your podcast yes that's right come on one you've obviously not listened
to the podcast we're not your audience buddy no no we think you would benefit from it but you'd
benefit by about five grand and the fact that we just call you knobs all the way
Yeah, yeah, I don't know
Tell me I did wrong. No. No is the perfect response
It was worth the five grand
But you know what we do still wonder why we don't have any sponsors
Except that was this week's... security content. Ask your doctor if the host unknown podcast is right for you.
Always read the label, never double dose on episodes. Side effects may include nausea,
eye rolling and involuntary swearing in anger. Andy, take us away with this week's...
Tweet of the week. We always play that one twice.
Tweet of the week. This week's Tweet of the week is undefeated. Tweet of the what? Tweet of the Week. We always play that one twice. Tweet of the Week. This week's Tweet of the Week is undefeated.
It's not only Tweet of the Week.
This week's Tweet of the Week.
Sorry, Tweet of the Century, I was going to say.
No, you said Tweet of the Wheat.
Oh, Tweet of the Wheat.
It's undisputed.
It is the Tweet of the Century.
Like, without a doubt, the best tweet ever.
From Roy Tate, and he says,
I'm feeling blue and somewhat down
because host unknown has gone to ground.
Hope all is well with you soul founders,
Tom, Jab and Andy, three great expounders.
So please come back from your obscurity
and spare us all from smashing security.
Outstanding, outstanding. Outstanding! Outstanding!
Although I'm confused as to where he thinks we've been the last couple of months.
I know.
There must be technical issues with the downloads.
Yeah, exactly.
Roy Tate, you are now our favourite fan of the show. Martin, you need to do some extra work.
But that was superb. That was superb. I also like the little dig at the end. I think that makes all the difference.
Absolutely. We're always on board with, you know, slander and, you know.
Yeah, absolutely. Absolutely. We're not jealous at all.
No.
Who wants sponsors anyway?
Exactly. Have you seen Clooney's new car? It's lovely.
Is it? What's he got?
Tesla.
He's got the UK's first Cybertruck, I'm just saying.
I saw someone in America, someone posted a picture, they had a Tesla and on the bumper
was a sticker that said, sorry I bought it before I knew what he was like.
Yeah, those stickers are doing the rounds at the moment.
They really are.
Excellent, thank you Andy for this week's
Tweet of the Week.
Well, we have come barreling into the end of the show as usual.
We trust you have enjoyed your time with us much as you have done for the last two
months anyway. So, yes, Jav,
thank you so much for your erudite-ness enunciation in most cases and general lack
of fluff and frippery.
Well thank you, that's the nicest thing you've said to me all year.
It's the nicest thing I've said to you since last week.
And Andy, thank you sir.
Stay secure my friend.
Stay secure, my friend. Stay secure.
You've been listening to the host unknown podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel. Worst episode ever.
r slash smashing security.
I'm beginning to think that maybe we didn't put those
episodes out over the last couple of months.
We've got to get hold of this guy, Jeff.
How much did he cost us?
Don't say five grand.
Well, I thought we had five grand coming in
from sponsorship deals.
I paid it out of our Bitcoin fund.
Oh man. You might want to check your PayPal account because it's probably backbilled your current account.
Man, not from the Bitcoin. I can't believe we lost seven grand.
That's going to be a really expensive nine grand, isn't it?