The Host Unknown Podcast - Episode 225: The finding a job episode
Episode Date: July 10, 202527th June 2007: Live Free or Die Hard was released. Cop John McClane partners with hacker Matt Farrell to stop cyberterrorists trying to take down the US's infrastructure. Traceroute (1337!) is used t...o find the ringleader's location, then McClane kills him by shooting HIS OWN shoulder.https://x.com/todayininfosec/status/1938731279937057144 1st July 2003: California's data breach notification law went into effect. California became the first US state to require disclosure of breaches of personal information.https://x.com/todayininfosec/status/1940220561080332760 Meta calls €200M EU fine over pay-or-consent ad model 'unlawful' Meet Soham Parekh, the engineer burning through tech by working at three to four startups simultaneously https://x.com/nickvangilder/status/1940110830085054891 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
That was actually quite a good thinker that you sent Jeff. He's a two but it's 4th of July and he has a boat.
Yes!
Fourth of July, happy treasonous day.
I know, the colonies are probably getting really rowdy tonight.
They probably are. A few drink or two or invasion of a few countries
or two. Same thing.
You're listening to the host unknown podcast.
Hello, hello, hello. Good morning, good afternoon, good evening and welcome. Welcome one and all.
Welcome dear listeners. Welcome the two of you to the Host Unknown Podcast episode...
Oh, hang on, nearly found it.
225! We're nearly there. We are nearly there. Is this a bit like centigrade and Fahrenheit? Are we going to at some point in the far future go into sort of converge?
Absolutely not. Not unless you catch up and recount the podcast we've recorded.
Not unless you go into coma for three weeks.
We count the podcasts we've recorded. Not unless you go in a coma for three weeks.
Six.
Sick!
How many podcasts do we do a week?
Well that's what I mean.
I mean we're not even managing one a week.
Oh, damn me.
Anyway, talking about not managing
anything for a week,
how are you doing, Andy?
Why did you come to the youngest person first?
I thought we went down in age order.? Hey why'd you come to the youngest
person first? I thought we went down in age order. We kind of fell off that
ledge when it comes from you we go down to me. I thought you know I thought I'd
mix it up a little bit. Okay you just forgot the other guy's name didn't you?
What John? Let's be honest John, exactly. That's how he introduces himself to everybody apparently. It's been a long week. I am glad that it's Friday. I'm glad it's seven
o'clock. It's been a hot week, isn't it? Oh yeah, it was, wasn't it? Monday was nice. How quickly we
forget. Yeah, well it changed quick and then it's going to get even colder after the weekend, right?
Is it? Oh thank god!
Next week we're gonna see highs of 21.
Oh, that's perfect.
That's terrible. Why is it perfect?
I've got five fans in my flat alone.
Oh, so I learned something about fans this week.
The correct positioning of them.
Oh, wow, yeah.
Well, I normally put them near doorways so as I walk through they can go,
Yay! There you are Tom
We love you on your podcast
What's this about positioning of fans it was from reddit of all places
It was a guy who was born in Australia
And he kind of did a look you guys in the UK don't have a clue what you're doing with fans
People stick it in a room,
they put it on max, you know like rotate and just stand in front of it, but he's actually saying the
correct position, you've got to put it on ideally a cool surface where there is one, if there is one
like stonework or something or in the corner of a room. Ideally where there's not hot air being
sucked in from behind it and he said the rotating part is pointless you just keep it
static and aim it in the general direction of the maximum people you can hit with one burst. Now it
might be some people get a little bit on the left some people get a little bit on the right but the
whole thing is it stays static and it blasts out and he made some very compelling arguments for it.
I put bowls of ice cubes in front of mine
No there's that as well
So I actually went one better
I did a TikTok purchase
What, bought an aircon?
No, a shark fan
A shark fan?
Yeah, one of the silent ones with Mr.
Mr. Who?
Exactly, so it sprays mist into the air But it's so fine it never actually touches the surface.
God pity the fool who stands in front of that.
My dog. My dog loves it.
So it's such a fine mist you don't actually get wet?
Is it actually mist or is it just pretending to be mist?
Is it just like a little bit of tissue paper they've got on the front?
You can actually see it come out but it never actually hits the floor.
But it's one of those silent fans. I was very surprised it's a silent fan.
I tell you what ceiling fans they're the way to go. We've got like ceiling fans in nearly every room
and they are brilliant and also they're reversible so
you can wear them in the summer and the winter yes exactly you joke that's what
they're for that is it pulls up the air to make the room warm and it also then
pushes down the air when you reverse it well as I sit in a room with a ceiling fan
above me yeah yeah exactly well
hopefully switched off for the sake of the recording right absolutely of course
he's not not not some kind of so you reach in for the switch not some kind of
amateur who makes background noises with his keyboard or something and talking of
which Jav how are you this week yeah Yeah, very good, very good. So on Tuesday it was sweltering.
Oh, it was the hottest day of the week, wasn't it?
I had an event to go to at like 5.30, 6 o'clock.
It was near St Paul's.
What, in the morning?
In the evening.
Oh right, okay.
You know, I was actually there around that time.
Really?
I literally work a five-minute walk from St Paul's.
No way. Since when? Since like... About 12 months ago? Yeah. Okay, we should meet up for lunch
one day. Yeah. We should meet up for lunch last Tuesday. Absolutely. No, no. Don't meet
up with Tom. There's always strings attached to his. Are you just gonna say to Andy you're gonna meet up with him, you know, you're gonna see him next Tuesday?
Maybe, maybe. But it was Sweatering Day, but there was an event there in one of the
restaurant type things. It was a stand-up sort of thing. They had canapes and everything and it was so hot in there.
But totally worth it because Joe Tidy
was there BBC cyber correspondent he was I got a copy of his book he signed it for me did you get
it for free I did yeah well I had to pay for mine well because No Before was sponsoring the event and
the books were paid for by No Before I see. I see. And then he'd done a talk which was
really interesting. It was based on a lot of the stuff from his book about some of
these teen hackers and then there was a little panel discussion which I was on
as well and so we had a bit of bants there and stuff. You and Joe.
Hopefully. I'm hoping now I'm gonna get a bigger slot on the... You and JT.
...on his next BBC documentary so we'll see
how that goes. Do you know what? I still haven't seen that documentary with you in it. Send the link, we
need to stick it in the show notes. Okay I'll send you the link. Yeah, yeah. To save him from putting
it in the show notes when he publishes it. Yeah exactly, exactly. I'm amazed he hasn't done it already
in fact put it in as a footer on every single one.
That's a great idea. I'll be on it.
That's what I would have done, in fairness.
I mean, the BBC, you don't get much higher office than that.
I love looking at your faces when I mention the BBC.
Talking of fans of BBC, Tom, how's your BBC?
Bands of BBC?
Fans of BBC.
You've been looking at my search history again?
Yes, absolutely.
Yeah, just hot. Just generally hot. I mean, even now, I think it's too hot.
Although it's 26 degrees in where I am at the moment but ah it's just so hot I do not operate in heat at
all so my brain just slows down sorry have you tried losing weight that
calls you down is that right is that why you've got a jumper on now Jav?
you should spend more time in other countries Tom you'd appreciate the monjavro
you'd appreciate the cool temperatures we experience here in the UK
yeah but British heat hits different I've seen the TikToks and the
reels and stuff British heat hits different
you've seen the TikToks on the reels right? yes
or something like that I don't know they all merge into one British, he hits different. You've seen the TikToks on the wheels, right? Yes.
Or something like that. I don't know.
They all merge into one.
But yeah, he hits different. It really does.
It really does.
I just...
Yeah, anyway, so it's been too hot.
But, you know, been walking around.
I was up in... Where was I?
Oh, reading on... yesterday?
Yesterday. Wednesday.
I can't even work out what day it is at the moment.
See, that's what I mean. My brain just stops working.
I'm not very good at reading.
Did you also go into Reading this week also for an in-person meeting
that turned out to be a Zoom call?
No, thankfully. No, not this time.
Thankfully, the boss was actually there.
Makes a change. I know. No, he's always there. He's actually there. Makes a change?
I know, no he's always there, he's always there, honest.
He might be listening anyway.
Talking of the boss, shall we see what we've got coming up
for you this week?
Don't look so confused Andy.
Well you just never refer to me as the boss.
You've just done.
Ha ha ha ha ha. This Week in InfoSec gives the war
cry Yippee-ki-yay mother Hubbard. Rant of the week proves that if it isn't
enthusiastic consent it isn't legal. Bully Big Bulls has made all three of us here
felt just a little bit seen. Industry News is the latest and greatest
security news stories from
around the world and tweet of the week is some real world advice on how to get into the industry.
So let's move on to our favourite part of the show shall we? It's the part show that we like to call.
like to call? This week in Infosec
It is that part of the show where we take a trip down Infosec memory lane with content
liberated from the Today in Infosec Twitter account and our first story takes us back a mere...
Where the hell is it? I hate this media board.
Alright. There we go. 22 years to the 1st of July 2003 when California's data breach notification law went into effect, California became the first
US state to require disclosure of breaches of personal information. And so California's SB 1386
came into force, as I just said, making it the first US state that required organizations to
tell residents when their personal data was breached. The rule's simple. If you do business in California
and you lose someone's name, plus a sensitive identifier,
I think, you know, Social Security or driver's license,
you must notify them without delay.
And back then, executives did fear
sort of endless panic letters,
but the law did set a transparency baseline and so big
breaches like choice point in 2005 proved that disclosure would not end
commerce it just forced slightly better security so that ripple effect did make
a positive change by 2018 every state DC in the territories had breach notification statutes all modeled on california's
template and so do you know what we can say is that timely notice is the floor not the ceiling
absolutely and california's always been doing this isn't it they've always
they've always since 2003 well no but they've always been the first often to put in consumer protection and things like that.
I know like the employment protection laws in California are much much stronger than
the rest of the US. It's almost like they're the Europe of America.
Well you know and it's interesting this was in, the year that Arnie first became governor of California.
Like an Austrian guy?
Yeah.
Like a European?
Exactly.
Taking some culture to er...
Who as a Republican was actually extremely progressive.
And actually believed in talking to people and trying to find common ground and getting stuff done weird concept for politics weird they'll never catch on no it won't
alas our second story takes us back a mere 18 years to the 27th of June 2007
when live free or die hard was released So our favorite cop John McClane
partnered with hacker Matt Farrell to stop cyber terrorists trying to take down the US's infrastructure
and Trace Route is used to find the ring leader's location at which point McClane kills him by
shooting through his own shoulder. So obviously this is the release date of the film.
He, like I say, he teams up with Matt Farrell to stop this nationwide fire sale attack on critical infrastructure.
The complete hacker toolkit is on screen, you know, very cinematic.
And as I said, at one point the characters run this really dramatic traceroute 1337. Very leaked command.
It hops like flick paste in like green text and then press though.
Like they find the villain's exact hideout.
Obviously real traceroute shows network paths and latency.
And often just times out.
Pin on a warehouse either, yeah.
Certainly in Baltimore. But after the movie,
you know, obviously plenty of execs went to their instant response teams and just said,
you know, can't we just trace them? But I say that the climax is even less orthodox,
you know, when he's cornered. He does fire a pistol through his own shoulder, shoots around
continually, you know, the attacker standing behind him. Ballistics experts did later confirm that
outside of Hollywood physics you'd probably be dealing with at least a shattered bone
and a wild ricochet long before you neutralized anyone standing behind you. So just don't
take that. So why am I mentioning this sort of popcorn action film in Infosec? Because
it shaped public perception. In 2007 we hadn't yet seen Stuxnet or Not
Petra and the idea of coordinated attacks on traffic lights, markets and power grids
was still very speculative. So I would suggest that the movie planted that scenario and an
unrealistic quick fix into mainstream conversation. And we still spend time trying to untangle
these expectations today.
And yet there was a film called, I think it was called the Colossus Project from the 70s.
It was around about the time as the Andromeda strain and all that sort of stuff. And it
talked about an AI taking over the US defense capabilities and then communicating with the
Russian version and deciding that actually we're just going to destroy everything because
that's the best way to to achieve things. Colossus the Forbign project that's right that's what it's called. And today we have Musk and Putin.
Yes exactly who are obviously communicating with each other something something something.
On that a friend of mine came around the other day and he's probably your age Tom because he
told me about a film from the 70s called the Demon Seed and that was about... not that type of film... no no no it was
it was about this computer billionaire sort of guy and his whole house was
automated, it had an AI running it and it got haunted effectively it basically
yeah and it took over it locked him and his wife in the house. It was a there was a Rape scene in there as well wasn't it the house raped his because it wanted to be coming
The song electric dreams comes from is that was that the soundtrack to the film? I don't know seen it
You'll have to look that up
But yeah, I remember that film as well, yeah
Well, yeah But yeah, I remember that film as well. Yeah Yes Don't these turn?
series all these theories have been around for a while like AI going rogue
Yeah, and rogue and everything. There's nothing new. There's nothing new come up anything new. Nothing new
I mean you only have to listen to this podcast for three or four weeks to realize there is nothing new
Coming out. Oh, that's us. Electric dreams was from the film Electric Dreams
There is nothing new coming out of this. Electric Dreams was from the film Electric Dreams.
Right, I was going to say.
Either that or weird science.
Now that's a film.
That's a film.
All right, thank you.
That was this week's.
This week in InfoSoul.
This is the podcast the king listens to although he won't admit it
No he won't but in honor of Traitors Day I thought we should
The one true king?
The one true king, yeah exactly. What's that from?
Game of Thrones?
Highlander? There can be only one! Love that film. That's a really
good film as well. I thought it was King of the Ring. No, not that kind of film. Jav,
come on. Andy's already to motherf***ing rage!
It's not a film.
King of the Ring is a very important wrestling event.
Oh, it's not a wrestling move then?
No, it's...
Have you never seen Randy the Macho King, like when he's wearing the...
Or Jerry the King Lawler when he won like...
Oh yes, of course. No no of course I haven't.
You are such a cultural...
Goodness sake. Talking to you it's like talking to 14 year olds when it comes to wrestling.
Anyone's like a 14 year old at your age it's like.
We just don't have that life experience.
No you haven't which is why you're just so young and naive you two.
Right, so the headline, Metta calls the 200 million EU fine over pay or consent ad model unlawful.
So as you know, friends of the show, not Metta, are at it again, frankly.
Incorrect and awful is what Metta is saying.
The EU isn't a suggestion box, it's the legal jurisdiction of over 450 million
people and their wallets live. Wherever you trade you play by their rules or you
pack up and go elsewhere. That's pretty much what we've been saying and
we've said this a lot right you got to abide by the rules and we just proved
that with California putting their own rules in and then others following suit
because frankly it's a good idea. And you know spare the, to spare the details, and thank you Andy for highlighting that while I'm looking at it because I got a bit lost in the text there,
a quick recap. Back in April, the European Commission ruled that Metta's Pay or Consent ad model,
which is basically give us 13 euros a month or let us track every single click, thumb, scroll and return,
breaches their shiny new Digital Markets Act.
And the fine was 200 million euros.
Metta's response was, well, to sue back, of course.
I mean, they're nothing if not American in that sense.
And complain that the EU is stifling valuable and innovative services.
Because apparently, effectively state-sponsored surveillance is, well, it's valuable to someone,
but not to the consumers themselves, and innovative.
If they ignore this ruling for long enough, the Commission will crank that up to daily penalties of up to 5% of Metta's global turnover. That's the financial
equivalent of a drip feed IV of boiling espresso straight into the company
wallet, although in fairness it is quite a large wallet and
espresso is known for being quite a small amount of coffee.
So the problem here is that the, you know, 200 million euros
is what, effectively what Metta have spent on free snack walls and oat milk flat whites at their head offices.
Calling it crippling is like a super your owner crying
over a parking ticket. 200 million is quite literally spare change for them. And the choice
you gave your users was never even a choice in the first place. It was pay us cash or
we're going to take your personal data. You will have no choice in this. Bottom line is Metra are going to get their pound of flesh
out of you one way or the other. When regulators finally called your bluff they shouted it was
unlawful, almost like a toddler having his toys taken away after a little tantrum. Meanwhile Brussels is sharpening up on that 5% turnover. That's
the margin that funds the next four metaversies nobody asked for. Good luck slow walking compliance
that while the meter's running. But the takeaway for us all here is that if you operate in
Europe European law applies and it follows you.
And knowing European lawmakers and Brussels especially, it will follow you very, very keenly.
Claiming otherwise just makes you sound like, well, just spoiled children and ends up making the fine bigger.
So frankly, as usual, I'm not surprised by Metta.
It's just shocking that they think they can just sue their way out of this.
And I'm looking forward to seeing what's going to happen next.
So this is not a new model.
Many companies say go ad free, pay this much and go ad free. You get it
on your mobile phone or tablet which you're playing a free game and add like Candy Crush and
add or crop in. Say oh go ad free you pay. If you're watching Amazon these days before it used to be
ad free but now there are ads but now you pay an extra few quid a month and you can get it ad free.
So how is this any different? Because it's not adverts. They're not, yeah, they're not
serving you adverts. They're taking your personal data. To serve your relevant adverts. No, no,
that would be a byproduct of what they, what they sell. Yeah, they, they, and they will sell, and they've been caught doing it time after time after time.
They will sell your data to third parties.
And if you pay them, they won't?
Yeah, that's what they're saying.
I don't believe them, in honesty.
I honestly think that even if you pay them, they might not sell some of the more obvious stuff
But I reckon they will still sell what you know some at some of well there goes a flimsy argument
I had trying to undermine your ramp
Your flimsy argument for my flimsy ran
My written by AI and me getting a bit lost because I didn't quite get around to reading it all the way
Yeah, you know, but it's true though. I mean nothing's nothing's wrong, there's nothing wrong with what I've said though.
No, well okay. I wouldn't go that far but...
Apart from your flimsy argument.
But yeah, like why would you trust the company that even tracks you when you're on incognito mode,
opting out of everything and trying to try to hide everything,
it still attracts everything about you, but now you're meant to believe when we say give us a
fiver and we will stop setting you up. And on top of this they also serve you not just adverts but
content that they want to shape. You know they were caught doing this in the Cambridge Analytica
scandal. Oh they did it through the last election as well.
They were constant, absolutely constant.
And yeah, I don't believe them at all.
I mean they said, I'll give you a phone number so we can use it just for MFA.
That's the only thing we'll use it for.
And then they sold it.
No, didn't they use this in...
The Israeli attacks metta sold the location from Whatsapp, like the different groups that
were using Whatsapp.
But they also sold your mobile phone numbers, even though they said it's only for MFA,
you only need to give us this for MFA, and they sold the data.
Zuckerberg would sell his own lizard egg donor if it meant he could make money.
They clearly make enough money to pay for any fine that comes their way.
To not give a shit. That's right.
And now we're getting to the whole oligarchs and billionaires running politics in the entire countries.
It would never happen.
Surely that could never happen.
It would never happen.
We'd never see a billionaire in the White House
influencing policy.
We'd never see that.
No.
Honestly, by comparison, and I know this is just like,
the new Superman movie's coming out,
and by all depictions, Lex Luthor seems like a far more
reasonable person than anyone. I know right? I know. Like these these you know superheroes, super criminals look quite
reasonable now. Objectively so. Yeah objectively understandable. Exactly. As
opposed to just someone who's randomly, you know spewing hatred
I can't even go any further without without getting
Sanctions anyway that was this week's
Rant of the week
This is the easy jets of security podcasts
This is the easy jet of security podcasts. Let's be honest, your cheap ass couldn't tell the difference between us and a premium security
podcast anyway.
Do you think anyone will notice we might have loaded up a few extra jingles this week?
A few of the old jingles?
A few, a few, a few extra old jingles.
The OG listeners will know.
I mean these were from 22? End of December 22?
22.
I reckon Martin will check it out.
Oh I hope so.
And Dan Raywood. And Graham of course.
Friends of the show.
Number one fan.
Friends of the show. Yeah.
Absolutely. You've got Graham at the top and then in joint second we have Dan and Martin.
Let's be fair, Graham is my co-host when you two guests aren't here.
Yeah, it's really funny. A few days ago Dave Lewis invited me on his podcast that
you were on a few weeks earlier Tom and he couldn't remember your name
either Andy.
But he actually said like I don I don't care how many listeners you have, even if you had
a million, I'd say you deserve a lot more because it's such a funny and great podcast.
And then he was like, what's next for the podcast or like how you going to grow?
And I said, well, hopefully we get some sponsors.
I said, we've never had any sponsors.
They said, no, actually we have had sponsors.
I said it was Graham.
And I think that was more like hush money just to keep his name out of our mouths. We've had sponsors. I said it was Graham and I think that was more like hush money just
to keep his name out of our mouths. We've had two. Technically three. Oh the Duchess.
The Duchess. And my aunt donated £10 as well. When was this? Oh back at the same time as
the Duchess did. I completely forgot about that. Yeah, I do recall mentioning it, but yeah.
But, I mean, my mother and Graham donated the same amount, I think.
And then my aunt donated £10.
I mean, that covered hosting fees and whatever for like six months.
Yeah.
You know?
See, sponsors, we don't forget you after a week.
We remember you years after the
fact it's not like any other podcast that you might sponsor and they charge
you extortionate amounts and then next week's like who what yeah I mean because
let's face it we don't have many names to remember regardless we had three then
and we forgot one of them we do have a list of people that you have turned down
Tom by making ridiculous demands.
Oh that's true. Do you know what? We're getting more of those. Have you been seeing these emails?
No, where are they?
They go to you don't they?
They go to the Host Unknown Joint email box.
Which is yours?
That you've all had access to.
I've never had access to that.
You have. I have sent you the details more
than once. Can you resend them please? Oh for f... Anyway, people want us to interview
people who've just written books that have nothing to do with what we talk about and
have obviously listened to our podcast and thought there's a podcast that interviews people who've just written books. Let's get Joe Tidy on.
Only if he pays. Only if he gives me the cost of his book back.
And allows us to take the piss out of him for 45 minutes. That's the other caveat we have. yes yes so Joe if you if you bring 15 quid to the table and and a cast-iron
sense of humor will be quite literally tidy right Andy based on that dreadful
dreadful what? You've got someone else to go to first. Oh yeah, I have. I have, yeah.
I forgot.
I was just hearing Jav talk so much I didn't realise.
Anyway, Jav, it's time for...
It's going so well then.
Tom was doing his regular...
Andy, so like, I've got...
I'm looking at my wrist and there's a watch on there and
So can you tell me what time it is?
So natural so good Tom so smooth
225 times trying to do it different every time rod for my own back
Are you asking for one more job to be taken away from you? Yep. Let's outsource it.
Okay the big balls of the week is given to a software engineer named Soham Parekh.
He has admitted to secretly holding multiple jobs at once across Silicon Valley startups,
earning offers of up to $200,000 before delivering minimal work. Tom, you should feel attacked.
The saga began after... What? Sorry? Yes. I'm going to clean it up in post, don't worry.
If you could pay attention.
But not mine.
I sound so much better in post now compared to you two.
I'll clean up Andy a bit because actually his arms are very distinct.
He goes, um, and then there's a nice pause before he
starts his sentence I do that just for you Jeff thank you well though I did
notice last week you actually added some duck sensors so there's some quacks to
censor out the controversial stuff that you said so it didn't go out yes I still
haven't listened to last week so I might need to listen to that.
Okay. The saga began after a viral post by Mixpanel's former CEO accusing him of scamming
YC-funded companies. The founder says that Parekh aced the interviews, faked credentials
and offered wild excuses ranging from... this is wild excuses ranging from drone strikes to visa issues
before vanishing.
At least 10 companies reportedly hired and fired him for lying and underperforming.
And there's a whole thread on X about this, about how he would ace early interviews, land the jobs and then
ghost employers when work began. This started last Wednesday when Sohail Doshi, co-founder
and former CEO of Mixpanel, issued a warning about him and we'll put the link on the show
notes but he said that there's a PSA, there's a guy named Sohail Doshi in India who works
at three or four start- startups at the same time.
He's been preying on YC companies and more. Beware.
I fired this guy in his first week and told him to stop lying and scamming people.
He hasn't stopped a year later.
Wow. No more excuses.
It works. Why would he stop?
Why would he stop? It's like Metta is going to stop once the EU
find him. Yeah. And it was the post was flooded with replies from fellow founders with similar
stories, including a few who claimed to still have Parekh on their payroll. In an interview on the
Daily Tech Show TBPN, Parekh confirmed the claims he was holding
down multiple jobs at the same time saying, I'm not proud of what I've done.
That's not something I endorse either.
But no one really likes to work 140 hours a week.
I had to do it out of necessity.
I don't know what necessities he's had.
He must have gone through three divorces or something with a terrible lawyer and now he's
got to pay 50 grand a month. I have a necessity to spend more money than I could possibly earn
in one job. That's a necessity. You've got to respect the hustle though. Yeah I do.
Honestly what this guy needs to do he needs to set up a course teaching you how to ace interviews and land jobs at companies. I think this reflects more poorly on the
Silicon Valley startup environment or community than it does on him. Yeah.
Absolutely. How is he acing these interviews and getting in and then not
actually being followed up on properly.
And do they pay him for this for his time?
I mean, if he's being fired after a week,
he can't be making that much money.
And if he's only done this 10 times,
that means he's been in for like, you know...
It doesn't sound like it's a week though.
He's there at least a month, isn't he?
He's getting that one month pay.
If you're doing 200k a year...
He says at least 10 companies so let's let's
assume 12 just just go up that that's one I think there was 18 confirmed now
18 confirmed okay so that's one and a half every month and he's doing these
simultaneously no I know I know that's exactly so how can it be 18 over the
last year he's still working for eight of them. What, they're fucking idiots then.
Well, he was when the original...
Well, yeah.
If you remember our incident with North Korea,
we accidentally hired someone,
and the FBI said that when CSO and everything,
he was chatting to the FBI about all of these things,
they said, this is so common.
They said sometimes they find someone
who's a confirmed North Korean operative,
and they go to a company and say, you've hired this person, they actually work for North Korea.
And they're like, that's a real shame.
That's our best performer.
He's the hardest worker.
Or produces the most results.
Yeah.
And I think it's, again, it's to the point, it's a shame that there's so much people
complain they can't find a job
or they can't hold on to a job and what have you and then you've got some
criminals who are outperforming them who are probably doing twice the work at
least because they're doing the day job and then they're like doing the
espionage or the outsourced training data or sitting in parks feeding birds and
exchanging suitcases. That takes time right? Exactly, it takes a lot of time. So yeah, I think it definitely deserves a big up for the balls.
I'm not even going to try a flimsy kind of, you know, offence at this
because I think it's... I'm with you on this entirely.
Thank you.
Billy Big Balls of the Week.
Billy Big Balls of the Week
People who rate other security podcasts better than the Host Unknown podcast are statistically more likely to enjoy the Harry and Meghan documentaries. Read
into that what you will. All right Andy this is where I um and ah and look at my watch and try and come up with
some kind of time based pun.
So Andy, what time is it?
It is that time of the show where we head over to our news sources over at the InfoSec
PA Newswire who have been very busy bringing us the latest and greatest security news from
around the globe.
Industry News
IT worker jailed after revenge attack on employer. Industry News
USDOJ and Microsoft target North Korean IT workers.
Industry News
Scam centers expand global footprint with trafficked victims.
International criminal court hit by sophisticated and targeted attack.
Cloudflare now blocks AI web scraping by default.
Qantas reveals significant contact center data breach in the stream news
dozens of corporates caught in kelly benefits data breach in the stream news
ai models mislead users on login urls in the stream news taiwan flags chinese apps over data security violations
Industry News
And that was this week's
Industry News
Huge if true
There's a couple of juicy looking ones in there. No, what have I clicked on?
Yeah, it's not that one. That link doesn't go to the right place.
Which one were you looking at? The top one, the very first story.
IT worker jailed for revenge attack. Okay, I've got it. It does go to the right link. Oh does it? What did I click on then? Oh, something else.
IT worker sentenced to several months behind bars after launching a cyber attack against
his former employer that resulted in losses of £200,000, which is £274,000 freedom dollars. So what's there? So he's 31 years old. He admitted one charge
of committing unauthorized acts with intent to impair the operation of hindering access
to a computer. And he was sentenced to seven months and 14 days in custody. That's not
that long, 17 months, 14 days in custody custody so he physically accessed the premises and corporate computer systems in order to change logins and MFA which enabled
him to disrupt business operations of customers in UK Germany and Bahrain so
he still had access after he still had physical access to the bill well he
still had probably could log in and change oh yeah he did so he talked to
their IT system to which he still had his could log in and change. Oh yeah he did so he targeted their IT system to which he still had his privileged access. Yeah for goodness
sake. I love how the line says aside from the 200,000 in lost business it caused
the incident had a reputational impact on the firm. The whole catch-all of
every of every risk assessment a reputational impact which can't be
really quantified in any real way but it's it's always a good one just to throw in there
to show that it's it's you gotta think of the reputation yeah you gotta want
somebody think of the children what else have we got? Sophisticated and targeted attack? Almost certainly teenagers.
Yeah and vulnerability exploitation that should have been patched nine years ago.
Seriously have you read it and is that what it's saying?
No I've not. I clicked into another one.
Where you seen the significant...
Are you in the same show notes that we are Andy?
Clearly I can see your cursor moving around. I was looking at the USDOJ and
Microsoft target North Korean IT workers. It's like a reverse of a headline from
you know a couple of months ago where North Korean IT workers were targeting Microsoft and USTHC.
It's...
Yeah.
Yeah, just wrapping it.
Slow week, I think.
Nothing overly...
They need to make the story more understandable from the headline alone. That's where we excel.
If it involves going in, then put the whole summary, the TLDR, in the first three lines.
Yeah. If it involves actually reading it, it's a big lift.
Indeed. Okay, well, I have to find us. How do we get out of this?
Oh, I know. Here we go.
That was this week's.
Industry News.
Are you not entertained?
What?
The judges were.
You're listening to Europe's most entertaining content.
Bro, what are you talking about, man?
The Host Unknown podcast.
Feels like there should be something else at the end of that.
Hmm.
Anyway.
Er...
I can have it in post if you want.
OK, whatever that might be.
Because you've got plenty of time for this, right?
I do.
Okay, good.
Oh god.
Andy's been fired.
Andy, why not take us home with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week comes from Nick van Gilder who says,
At this point, maybe North Korea should just start
selling boot camps for how to break into cyber security they seem to have really figured that
shit out. I mean we've been building up to this or podcast almost haven't we? In fairness I mean
yeah they keep getting jobs. Disproportionately so by the looks of it as well. That's right.
They know what they're doing. Yeah.
Clearly know what they're doing.
Maybe there is like a graduate degree course in North Korea
in interview technique.
But also there has to be some technical knowledge as well,
based technical knowledge to demonstrate.
But the fact is that a large number of them
are even getting through
the interview, right? They're getting through that. I mean, how many North Korean hackers are
actually applying for these roles? They can't be that many, but you have to also think about, like,
they steal normally US identities or something that
they're masquerading as so it's someone that has probably been taught in or
learned English to be fluent in it over a number of years so this is like
something that's been done overnight they've learned all the language the
skills they maybe they've got someone in their earpiece that got a whole team
around them.
He's asked this question quick, type it into the LLM, like feed him an answer.
Like one of those commentators or something, but it is a sad state of affairs really.
Yeah. Thanks Nick for bringing that down at the end of the show.
I do actually recommend looking at the rest of his tweets. They're quite funny
He's gone on a whole thread
So so he's funny to us, is that what you're saying? He is very funny. He's a funny guy. He's very funny
Oh, he's got the
the
CNK SP
The certified North Korean Systems Professional.
Very good. On which note?
We've come screaming into the end of the show.
Gentlemen, thank you so much for your time this week, as usual.
Andy, no, I've got it wrong again haven't I?
Jav, thank you very much sir, wisdom, charisma, charm, even even the cool-headedness
to agree with me as we do in my rant. Yeah you're welcome. And Andy thank you sir.
Stay secure my friends. Stay secure, my friends.
Stay secure.
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults
on our Reddit channel.
Worst episode ever.
R slash smashing security.
You really can't function in the heat can you Tom?
I can't. I'm struggling. I hate it.
It's like one of those old cars with like you know overheating.
My radiator's gone.
Pouring water into the radiator constantly.
I keep leaking.
Oh my coolant's leaking out.
All my coolant's leaking out. This is why we get cheaper insurance on the podcast, we've got a classic.
Yeah exactly.
No road tax.
At least I know I've got anti-freeze in it because it comes out a different colour.