The Host Unknown Podcast - Episode 227: The Coup
Episode Date: September 1, 2025The notes go here. I really can't go and look for them right now. This week in InfoSec is a sticky pickleRant of the Week will have you guessing at who it could possibly be, again…Billy Big Balls... is why british men need to take their passport to the bathroom these daysIndustry News is the latest and greatest security news stories from around the worldAndTweet of the Week is well... Thom got it wrong. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Have we closed on the contract negotiations?
Contracts actually signed.
Lawyers are happy with it?
Lawyers happy.
NDA is not going to be a problem.
Really?
Oh man, this is going to be such a coup.
This is brilliant.
I'm so glad we all have legal degrees.
You're listening to the host unknown podcast.
Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us,
and welcome, welcome one and all to episodes, uh, drum roll. Hang on. There is a drum roll here
somewhere. I've lost my cursor. There.
223 of the host unknown podcast and have we got a show for you? Oh my goodness.
Why don't you explain what's happening?
So the hottest free agent in town has left after 428, you know, fairly-ish, you know, good-ish episodes.
But she has decided to step up to the number one show in town.
The host unknown podcast, ladies and gentlemen, we give you none other
Carole
Terrio
Welcome aboard
Welcome aboard
I'm finally in the big leagues
This is of quite the honour
What did you spend your signing on bonus on?
I was so fluttered
You should see my brand new camper van
Well I'm very happy to be
here. Thanks for having me on the show. Oh God, no. Thank you for joining. And thank you for saving us.
Yeah. Thank you for, yeah. From each other. Do you know, you know, I may not be here every week though,
right? I may, I may not be here every week. So you're going to take a role like Jav pretty much. Yeah.
Yeah. Yeah. Yeah. I'm thinking 0.000001% of the time I'll be here. So. But the advantage is now
that technically we now pass the Bechdel test when it comes to podcast.
casting. We're racially diverse and we have women. We have women. Well, isn't that nice
for you guys, eh? Wow. Way to make our new colleague feel so welcome by saying, you're our
token diversity. Yeah, the old white guy says we're now DEI compliant. Yeah, excellent.
Do you guys have an HR department available? Yeah, that's me. Oh, no, no, I think I thought
I'm Coral's offering to be the head of H.R. now.
I mean...
What have I done?
Anyway, Coral, how has your week been,
apart from, you know, enjoying your newfound freedom?
Well, actually, I've been pretty ill.
I think, you know, when you do something quite stressful,
I don't know if this happens to you guys.
And then you finally get a break,
and somehow your whole body says,
okay, we've held it together this long.
Now let's just crumple.
So you'll hear it in my voice.
I've got a quite...
I'm still recovering from a head.
called. So I've done
quite not very much
but I've heard that working the grain
is looking good.
Yeah, that's
yeah, very stressful guys to work. I mean I can't
comment on that.
No.
The NDA, right, yeah.
I wouldn't know.
With non-disparagement clause in his
his
oh dear.
And talking about
disappointing times in their first week off
Jav, how are you?
You know what? Just like Carole said
like, you know, when you work in stressful conditions
and then you take time off, you end up getting ill.
So I didn't take time off.
I mean, I took...
And you didn't get ill because you're not working in a stressful position?
No, no.
I just like keep the stress consistent.
Like, so I took the whole family.
I took all the kids on holiday.
Oh, yes.
Yes, so...
Where'd you go?
We went Turkey.
We went to Bodrum.
Cool.
They didn't do a very good job on your teeth, though, mate.
No, no, not on my hair.
No.
It's really disappointing.
3,000 euros down the drain, wasn't it?
Yeah, yeah.
You thought you'd just turn up in Turkey and come back with great hair and teeth, right?
I know, I know, right?
And liposuction.
But here we are.
So we hadn't told the kids we're going to Turkey.
And it's one of, like, especially my oldest stories,
is a favourite place in the whole world because we always go all-inclusive
and the weather's nice and you just leave them in the swimming pool and what have you.
Whether she likes it or not
Yeah, whether she likes it
No, she's actually
You put her in a life vest
And leave a float around on her back
And she's singing songs and everything
And sometimes she drifts really far away
And like so we send the little one
Say go pull your sister back
Go fetch your sister
And he goes near to her
And she starts like trying to splash him
And like, get away from me
I'm living my best life
And then the Coast Guard have to turn up
Yeah, I know
I know, yeah
But I was figuring
like how long was it before she turns up in Kent like you know and then I can tell her that's
how I make your mother but yeah but yeah no it was uh it was it was good times it was good times um yeah it was
we didn't tell the kids that we were going there we I said oh let's pack some bags and we'll
go to blackpool for a week and I said there's a beach over there and like we can like so that's
why we packed. Talk about setting expectations low. I know, I know, right? And then I was like,
oh, you know what, it's a really long drive. Why don't we see if we can get an internal flight over
there? To Blackford. Yeah, so we turn up at Stansted and then I leave them kind of behind
and I go check in and everything. And then we was like, we're getting Turkey. And they just would
not believe me for the longest time. No, we're not. No, we're not. So when did the trust
you start with your children.
I don't know. I think it's when we all got 23
and me test done. I think that's...
Talking to dodgy genetics, Andy. How about you?
Not doing too bad, thank you.
I actually took a quick break to Greece
just to... Did you?
Kill some time, yeah. I flew out there last week.
Yeah, previous Friday.
Things are going well at host unknown.
I haven't got to me yet
Don't worry
This is how we
Well actually you know the account
So I had to get my count
sorted right for my company
Which I absolutely not touched
And I forgot
And it was like literally the last day
And I emailed my count and I was like
Look dude
I'm flying to Greece
Yeah
Guess who
Guess who? Guess what time of the year it is?
My account
Well to be fair
He sent me an email at the start of the month
But I said that my accounts are due
Like tomorrow
Being honest
I'm not going to get them done
how big a fine do you think it's going to be
because it's not the first time I filed late
and also am I going to get charged per day
so should I be prioritising this for when I get back
or can we stretch this out to next weekend
and he said look you know
it said I can base the accounts on last year's numbers
if that's going to help you get this over the line
I said okay Stevie Wonder Order
yeah I can do that
and he was like hello is it me you're looking for
and he said ultimately
These are the accounts.
And also, aren't you mixing your metaphors there?
Stevie Wonder accounts and Lionel Richie?
Yes, absolutely.
Man, that went off the rails.
It really did.
But, yeah, he was cool with it.
So I got the accounts in on time.
Filed just before midnight.
I got the confirmation.
So I enjoyed myself in Greece,
knowing full well that I wasn't coming back to a daily fine.
A lengthy prison term.
I mean, yeah, they don't really prison people for that.
it's only
they're just taking the money
yeah
true
true true
but talking to people
that should be in prison
yes
very good
yes
I'm trying to think
what I've done this week
not a lot
actually
I mean apart
you didn't fly out anyway
no no
and apart from
caroling carol
as it were
that's not much else
has happened
I mean as you two know
or in fact all three of you know
I'm buying a house, so that's taken up
a lot of my time.
Very exciting.
Sunny Gloucester.
So that's going to be fun.
Going to be fun.
It's going to have all the rooms of need,
and it's got a cellar that I can convert.
So, yeah, somewhere
friendly to put in the...
What are you going to do there?
What are you going to do in the cellar?
I'm going to do all sorts of unspeakable things.
No question.
Like storing surfboards and stuff like that.
But, you know, but...
So that's been the main priority for me, really, recently.
Oh, and I helped my daughter move into a new place on Saturday.
So that was good.
That was really nice.
So when you moved to Glosset, have you found a Dr. Foster?
That's the question.
And is it going to rain a lot?
Yeah, that's what I need to know.
Do you know what?
I am not going to settle until I do find said,
Foster. Just for you, Jav, just for you.
And talking of our really bad segways, let's see what we've got coming up for you this week.
This week in Infosec is, of course, a sticky pickle.
Rant to the week, we'll have you guessing at who it could possibly be again.
Billy Big Balls is why British men need to take their passports to the bathrooms these days.
Interesting news is the latest and greatest security news stories from around the world.
and tweets of the week is Coroll's cracking Capybara Chronicle.
So let's...
No idea.
What do you think we do?
So let's move on to our favourite part of the show.
It's the part of the show that we like to call.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
That's right, it is this week in Infosec
with content liberated from this day,
an Infosec Twitter account and further afield.
I think you would have liked the jingle for that one as well.
If ever it was proven that you read from a script, Andy, it was that.
Well, I think you've played the jingles the wrong way around.
So we go into this week in Infosec and then we go into it.
Oh, do we?
If it's ever proven that someone's not capable of following instructions.
It's not on the script.
It doesn't say.
I just thought it was that simple because it says this week in Infosec.
Yeah, but then the thing, the funny thing is, it's corrupt.
Okay, okay.
Now you're just embarrassing us with trying to corral.
I just want to say, guys, I want to say that I want to thank you all
for putting so much work into preparing for the show for me
because I feel looked after.
I feel like everything's under control.
Valued.
Valued.
Yeah, yeah, absolutely.
And just for you, Andy, and Carole.
This week in Infosec.
See, something a bit more familiar.
There we go.
And this week we're going further...
Last in the past.
Well, ironically, this whole segment is about the past.
So this week, we are going further afield into the depths of a podcast called Smash Insecurity.
Listeners may be familiar with it.
It's our favourite part of the show, Sticky Pickle of the World.
week is the part of the show where we grab a gloriously botched security caper we really
shouldn't admire, dangle a couple of cryptic clues and let the original presenter guess what's
bobbing about in the brine. Is this when I play the jingle? At the end of this is when
you play the jingle. So it could be a leaky S3 bucket, a hard-coded password, a zero-day nobody
patch, whatever is deliciously messy. And yes, it absolutely must be security-related.
it better be
come on jav
get with the script
I'll fix it in post
it'll sound like we said it at the same time
see I put the lines at the end and I
it's not in the script
properly
so this is why
professional podcast do the
editing like okay
it makes sense now
okay
so the way this is good at work
good luck to them
Good luck
The way
is to get a work
I am going to read
a one-liner
from a day
in history
Corol
and you are going to tell us
what the story
was about
And this is your story
Corolla
I believe
Yes
These were your stories
So if I said
We're going to go back
A mere seven days
Or eight days
And if I said
Sorry a mere how many
Eight days
Calculator sound
Yeah okay
So
Our first story takes us back a mere eight days.
To the 30th of July, 2025, when women-only red flag app leaked 70,000 selfies and DMs.
Would you know what that story was about?
Someone's typing.
Someone's looking at up.
No, I honestly, blank at the moment.
Give me a few more clues.
Come on.
Okay, so it's, well, someone's spilt.
tea. Yeah. Oh. I have no idea.
Guys, I told you. I did tell you. This segment's going to tank, isn't it?
So this is the safety app called tea, which dumped the user's private photos. We've got nine more of these.
What? Are you kidding me? I mean, you literally posted this a week ago.
I did it. I think you'll
find it wasn't my story. It was Graham's story. Yeah, I'll admit it. But you were very
interactive in it. Um, we are different people. Yeah. But you were
there, Carol. You were physically there.
What's on me? I'm on your side, though. I'm on your side. If you ask me
anything these two have talked about in any of the episodes, I would not be
able to tell you. Right. Honestly. Yeah. I do stand by that. I think
that's probably true for you both to, Andy and Tom, honestly.
Oh, yeah.
Oh, yeah, but I just Google faster.
But we're on this, we're on this side of the table, not your side.
Okay, we'll try one more.
We will go back, Amir.
Oh, 12 months and one week to the 25th of July, 2024,
when Crowellstrike blue screens the planet while the FBI ran its own encrypted phone network.
We can hear you typing, Carol.
No, I'm just texting someone going
What the fuck am I doing right now?
Yeah, her lawyer.
This is not good.
This is not good.
So you want me to guess the headline?
Or guess the story?
I mean, this one actually gives away the story.
Look, I don't understand.
You guys don't know that I'm not actually that interested in tech, right?
Or security.
You did a very good job of hiding.
I don't know how to underline that.
For nearly 500 episodes.
Yeah.
It's quite ironic.
I've done very well.
It's quite ironic that our due diligence has been quite poor on this.
Yes.
Wow.
You could have given me a heads up.
I'm quite good when, you know.
Well, funny enough, Tom actually wanted to.
And I was like, no, no, no.
That, like, Coro will have this.
Like, she's, let's test her medal.
Let's test her medal seven days after she's left the show.
Let's just see what she's really made of.
Turns out Jello.
I said Carole won't have a clue and she will just stop halfway through.
And Andy said, no, no, she's always prepared.
Yeah, she's always prepared. She gets it.
She knows her stuff.
How would I be prepared?
Guys, guys, guys.
I go back in time.
I have to look at everything that's happened the last 50 years just to be on it.
Okay.
This is going great.
I love this.
Did we hire the wrong host?
The wrong Carolta.
And by hire, what exactly do you mean by that?
This is a 12-month contract.
You are aware of that.
I'm sure there's a 72-hour cooling-off period.
Let's look into it, guys.
Distant spine.
Distant spine.
Well, I guess I think that wraps up this week's.
ever found yourself stuck in a fickle
knee deep in a dilemma
like and subscribe to the host unknown podcast
while you figure out your sticky pickle
that's it
that's all the sticky pickle ones we've got now
we're done there's no more
nothing special
nothing special from here on in
trust me I've listened to the rest of the show
right let's move on shall we to this week's
Listen up
Rent of the week
It's sad to motherfuck rage
All right
Rant of the week this week
You'll never guess
Who it involves
Never guess who it involves
Who's my
Favorite tech company
My favorite favorite tech company
And I'm ranting about it
And it's yes
It's meta
So a California jury
Has unanimously
That's written in bold
so it must be true.
Unanimously found that Meta, Facebook's mothership,
has violated the state's invasion of privacy act
by hoovering up data from the flow period tracking app
and turned it into advertising gold.
Now, just...
Disgusting.
If you cut it...
Sorry.
If you're accused of violating something called
the Invasion of Privacy Act,
that puts you on the bad side.
the history right at the start, right? I mean, that in itself seems pretty awful. Anyway, so
around 70 million people trust Flow every month. So it kind of tells you the sheer scale
of the problem here and shows how much of this data is suddenly up for sale. So Flow had already
stated in its privacy policy when you sign up to it that none of the reproductive heat
reproductive health details would ever leave the app. The US Federal Trade Commission, the FTC,
even Slapflow in 2021 and ordered the company to purge what it had already leaked. Yet between
2016 and 2019, Meta's tracking code inside the app had basically vacuumed up cycle data,
fertility windows, everything to sharpen up.
it's ad-targeting. Now, here's the bit that you won't see from any of the sort of glossy PR
statements. Google Analytics Outfoot Flurry and Flow itself all cut checks and settled before
trial. So they realized that they've done fucked up here and just paid the money of the
fine. Leaving Meta to fight solo. So the court is
exhibits showed that the so-called custom app events sent to Mehta's SDK could spell out when a user's period started,
or even which week of pregnancy she was in. In other words, the data was labelled, gift-wrapped and shoved straight into Zuckerberg's ad machine.
California lets a jury award up to five grand per breach. And so with millions of people involved here, that's billions, to say the least.
A statutory flamethrower big enough to leave scorch marks on Meta's quarterly profits.
Maybe.
I mean, they make obscene amounts of money.
So the deal here, so one, obviously, Meta feel they have a chance of winning
in a case where they are stealing data that they're not allowed to take,
that they've not stated they're going to take
that is effectively health protection information
or protected health information, I should say,
from millions of people
and then feels that they've got a chance of winning
in a class action suit
and effectively it's just the cost to do in business.
Health data is not a shopping list.
It's medical grade information
exposes pregnancies, miscarriages,
IVF treatments, et cetera.
What is it about Zuckerberg
that means he just can't respect
these kinds of boundaries?
Do you know, can I say something?
Yeah, of course.
Yeah, no, no, I read recently
the book Careless People by Sarah Wynne Williams
and she used to be a former director
of public policy at Facebook
and she's written this kind of scathing,
this is what the internal workings.
And after reading that,
this doesn't surprise me at all.
Like, I don't think it should surprise anyone.
It's all about the money.
It's all about the data.
And I think there's no ethics
and legislation's way behind.
But it's really scary read and recommended.
Somebody, there was a meeting in Meta that said,
shall we do this or shall we not?
And they said yes.
Meta's response, this is the thing that really gets me.
Meta's response was complete, you know, corporate word salad.
We disagree with the verdict.
Privacy matters to us.
We'll explore all legal options.
We'll explore all legal options to what?
To make sure that we don't have to worry about privacy?
I don't get this.
I don't get this.
So it is just shocking.
Absolutely shocking.
I would, you know, one, don't have anything to do in meta as, as, as,
little as you can.
I know it's very difficult not to.
And two, just always check any permissions you give an app in there.
But I just...
It is a weird statement, though, isn't it?
What they've said, that they've got to do this.
And I wonder if it's the political climate that is giving them the...
Because this sounds something that they wouldn't have said three years ago, you know?
That's true.
I mean, it's...
Companies like Meta have been emboldened in the last six months to do...
really dodgy shit.
Really dodgy shit.
Yep.
You know, even when you've got people like Tim Apple from Apple,
cozying up to Trump,
that's when you know that the political climate in the US has changed dramatically.
Because I, you know, whatever you think about Apple,
I really cannot believe that Tim is a fan of Trump.
He's purely cozying up to maintain the health of his company,
moving forward. So it's for money, you're saying.
Yeah, it's for money. How is that different from what Meta's doing then?
It's not morally and ethically deplorable.
Of course it is. Cozing up to Trump is morally and ethically deplorable.
Well, actually, yeah, you're right. Oh dear God, have I got to sell all my Apple stuff now?
Yes, you do. If you've got any more.
What am I going to? I can't, this isn't the year of Linux. That was last year.
No, um, Huawei.
That's what we're all switching to.
Is that what all the cool kids are having?
Yeah, it's a while away or the highway.
Dear God.
Anyway, no, I'll say something serious and then I'll really get to dismantling your argument.
Oh, really?
Yes, yes, yes.
So, so with the political...
Are you serious because they've got all of your data
because you track when you get hungry and like you have your mood to tweens and...
When he jabs.
Yes.
So this is the real thing.
reason why when Trump came in and there was all the anti-abortion sort of laws being passed that
a lot of people said like get rid of all of these kinds of faps because we don't trust it and
the government or people could get in there to with the whole row v wade over turning yeah exactly
exactly to dismantle your argument a bit the future is now old man the reason that you're getting
so frustrated and your phone or your watch keeps beeping at you that your blood pressure's high
is because you're living in this antiquated world where you believe that privacy is still a thing.
I think we should just lean into it.
Now, if you're going to target ads at someone, why don't you make sure that you're selling the right products to the right people?
So if it's like products related to periods or pregnancies, make sure you target them to its effective use of your advertising budget if you're an advertiser.
but also
imagine all the cool visualization
and graphics and data
you can get out of something like this.
You know what?
With a red's colour palette.
Yeah, porn hub is the best example.
It's always blue on telly, come on.
Yeah, yeah.
Yes, it is.
Pornhub sometimes comes up with some of the best graphics.
Do you see the ones where they're showing internet usage
during the Hawaiian fake missile thing?
Here's how many people are using it.
it suddenly dropped down to just two people in the whole country
and then it suddenly like shot back up.
You know, they produce all this crap and it's amazing.
There were some two dedicated people that were going out with a combat jack.
Not the easiest wank I had, but you know.
And then you get the comfort wank afterwards.
Yeah, exactly, exactly.
So it was that, when you say like lean into it.
Yeah, go ahead.
I was going to know, when you say lean into it,
it's actually Scott McNeely, the former summer.
Microsystem CEO in
1999 who
said privacy is dead, get
over it.
A true visionary.
Well, I'm just thinking
you're saying let's data mine
everybody and because
privacy is dead, they can't even choose
whether or not they want that information shared.
And also they have been guaranteed
privacy. So maybe what you're saying
is anyone who says that is moot.
So all the VPN, all the security
companies that tout privacy or
actually useless, is what you're saying?
Suckers.
Yeah.
So it's lucky we live in the EU JAV and we have protections.
Yeah.
In your ivory tower here.
Yes, exactly.
Yes, hum, exactly.
As someone once said, I don't think privacy is dead.
We took it around the back and killed it.
And there's a difference.
We slotted it in the back of the head.
Yeah.
All right.
We Mozambique.
Rant of the week.
Mozambique is two to the body, one to their head, if I recall correctly.
Yes, that's right.
Yes, okay.
Uh, right.
You're listening to the double award-winning, host unknown podcast.
And talking of laughable diatribes, it's time for this week's.
This week's Billy Big Bulls, I love this story, but I'm not sure who's on, who's the bigger balls.
Who's got the bigger balls in this one?
Is it the UK government or is it the British public?
But maybe they make a pair.
But as most people are probably aware, the government switched on its shiny new Online Safety Act on the 25th of July.
that was the one that was all wrapped in with,
won't you just think of the kids?
We're protecting the kids.
Don't somebody think of the children.
Exactly.
So before you want to go on,
before mentioned,
U-Porn, or Porn Hub,
or whatever the website was,
that, I don't know, I get away.
Acting like he's got no idea what it is.
Help me out, Andy.
Help me out, Andy.
It's not like his second most visited site on his,
Just look in your browser, Jeff. Look at your history.
I saw you got off mute, and I thought you were going to help me out there, not like, bury me.
I'm here to kick you, not help.
So, but it also applies to social media and a whole bunch of other websites where you need to do a verification check.
And it goes to dodgy third party website, mainly hosted outside of the EU.
There's no real checks and balances or whatever.
You have to do a live image scan, you know, photo for yourself.
And then it looks at your photo, I say, hmm, yeah, you look about over 18, that's all right.
So you have to put your clothes back on to take that and then take them off again.
Yeah, exactly.
So, you know, you need to jump through all these hoops.
And we know, I mean, you know, as many, if you might be aware or not, be aware, in 1999, CEO's son of Microsystem said that privacy is dead.
get over it so did he really back in the 90s yeah yeah what a visionary wow who would at the
god yeah god that's that's well done you for looking that up who knew that that was so so so long ago
nothing good can come from this law and we're just waiting for this data to get leaked to get
mined to get resold and i am livid about it all i cannot believe that people will want to take my
data on my face and sell it on and say like look at this person this is his face and these are
the website he likes to visit i love the morals of a man exactly i love the morals of a man who can
just argue both sides of the story with a straight face yeah i'm i'm i'm i'm i'm pitching for
for the latest like chief of staff job for like president so i need to demonstrate
that you can hold, yeah, both hands up with both strikes.
Excellent.
Excellent.
Yeah.
So that was a government showing their hand.
And then within minutes of the law going live,
Proton VPN registrations from the UK rocketed by about 1,400%.
Yes.
And by the end of the weekend, it hit 1,800%.
and just kept on climbing.
Even every YouTuber's favourite, NordVPN,
bragged about a tidy 1,000% sales jump
and five different VPN apps
muscled into Apple's top 10 free downloads.
If you ever doubted that necessity is the mother of invention,
then look at the app charts and weep with joy.
Necessity for what, though?
The necessity of privacy.
I mean, honestly, it's everyone's God-given right to have privacy.
We don't deserve to be a big tech.
Do you know, there is an irony in this, isn't there,
that the VPN companies are making a bit of media hay
out of the fact that people have moved towards them
when they're supposed to be protecting these users
and protecting their locations, you know?
Although, in fairness, they're not.
saying that, you know, Mr. Malick of 23 Acacia Avenue, North London, has recently purchased Nord
VPN for exclusively go into certain sites. In fairness.
Well, you know, that's the other issue, though. It's like not all VPNs are managed in the
same ethical way, right? Right? And people that are running out to grab some may find their
data does get spilled because, well, for many, many reasons, right?
But in fairness, they're probably only online for two, maybe three minutes at a time.
They've got a good VPN then.
Exactly.
Actually, I think I was trying to work it out and I say like free VPNs that, I mean,
VPNs, they're all a bit sort of suspect in terms of like what they're going to do.
But if you look at the paid ones, it's probably cheaper to get a Ryanair flight on the weekend.
go into Europe somewhere where you can browse to your heart's content and then fly back again.
It gives a dirty weekend a whole new meaning.
Exactly.
A travel agent's going to be selling, you know, sort of weekend cheeky wank deals or something.
Yes.
The weekender.
The weekend.
Complete with the sci-allis.
Incredible.
But just to, off-com, our nice toothless regulator, they didn't want to get less.
left out of the shenanigans.
So they stood there, wagging their finger,
very much like a dinner lady, warning platforms.
It's illegal to encourage VPN use.
What?
Why is it illegal to encourage VPN use?
I have no idea.
They're just trying to make themselves.
Maybe that's a real Billy Big Balls in the whole story.
Yeah.
No, no.
It's interesting because they're kind of in a difficult place here.
They've got to say something.
and they probably didn't predict this, which is kind of odd.
Why wouldn't you have thought about this?
Yeah.
And yeah, so they're kind of stuck with, yeah.
VPN use is not inherently illegal.
Not in this country anyway.
I mean, it's not like we're in Libya.
No, but...
No, I think encouraging people to bypass controls is...
Right.
It's not the use of VPN so much.
Exactly.
It's more about the fact that they're trying to...
see content that somehow is now deemed inappropriate, you know, by through age verification.
But what did they say?
From the AI generated notes, of course.
You think I read the stories, Tom.
Come on.
Yeah, but you just read it, so you might know where it is in the actual big chunk of text here.
There's a link to the story.
On the BBC story, it says,
Offcom says platforms required to introduce highly effective methods to check user age must not host, share,
or permit content that encourages use.
of VPNs to get around HX.
Ah, so what they're not saying is
use of VPNs is illegal.
What they're saying is a company that hosts
said content shouldn't say
click here to verify your age
or use a VPN if you want to bypass it.
Yeah. Right.
That's so different.
Okay, thank you for the very conflicting views
on that particular topic, Jav.
That was this week's.
Billy Big Balls of the week
If you work hard
Research Stories with diligence
and deliver well-edited award-winning
studio quality content
for high-paying sponsors
Then you too
Can be used served by three idiots
Who know how to think on their feet
You're listening to the award-winning host unknown podcast
All right Andy
I, well, I know it was time we had a new presenter on the show, but according to you, what time is it?
It's that time of the show where we head over to our new sources over at the Infosec, PA Newswire, who have been very busy, bringing us the latest and greatest security news from around the globe.
Industry News
Cybersecurity teams hit by lowest budget growth in five years.
Industry News
Chinese mission campaigns
compromise up to 150 million
US payment cards
Industry News
Chanel and Pandora
breached as Salesforce campaign
continues
Industry News
NCSC
NCSC updates cyber assessment
framework to build UK
CNI resilience
Industry news
Ransomware actors expand tactics
beyond encryption
and exfiltration
Industry News
US authorities extradite Nigerian man accused of hacking and fraud
Industry News
Clinical data stolen in cyber attack on kidney dialysis provider Davita
Industry News
Experts alarmed by UK government's
Companies House ID checks
Industry News
Google among victims in ongoing
Salesforce data theft campaign
Main. Industry news.
New Microsoft exchange vulnerability puts hybrid cloud environments at risk.
Industry news.
Weakest telecom data breach exposed to 6.4 million customer records.
Industry news.
And that was this week's painful.
Industry news.
It's huge of truth.
Huge of true.
It's amazing.
Just the introduction.
of one extra person
completely throws that
completely throws that
oh it does
so there's one sewer
which stands out to me
is the US authorities
extradite Nigerian man
this is very much
going against what the US
are currently doing
where they're kind of
deporting people
yeah
now they're bringing them in
now yeah
this is I don't think
this is Trump approved
this one
no no
but he's a very bad man
we've got to bring him in
they're just going to bring him in
so they can send him
to, you know...
So they can send him out again.
Yeah, to another
South American country.
Absolutely bizarre.
Cybersecurity teams hit by lowest budget growth
in five years.
What?
Really?
I just...
The thing is like,
how long is the gravy train
going to go on for anyway?
CISOs have had budgets for years.
They've not done a very good job with it.
And actually, I was reading a report by Gartner,
They implied that CIOs and the board have lost a lot of confidence in CISOs,
and they're taking a lot of the high-level security responsibility themselves.
So they're giving the C-SO less, taking more of the board level and the high-level,
and that's why some of the budgets are, look like they're shrinking from C-Sos
because they're given to CIOs.
Oh, interesting.
So the amount of money is probably increasing.
But, I mean, CISOs have been begging for more, you know, more than scraps in the table for ages.
And now they finally get it and they've screwed it up is what I'm hearing from there.
Apparently's not just there.
We're not saying they're screwing up.
It's just everyone wants more money, right?
Everyone's under-resourced.
It's not like every other, you know, department in the company is saying, you know, we've actually got too many people.
You know, we're good.
We don't need any more money this year.
Everyone's going through the same thing.
No, certainly.
But why is it being taken from CISOs?
It's not been taken from CESA.
It is.
I've just said.
Well, that's one study.
Yeah, cyber security teams hit by lowest budget growth.
So what they're saying,
they're not necessarily getting more money,
but it doesn't imply that they're losing money.
It's growing.
It's just not growing as fast as what it used to.
Or in the places that they want it.
It's going to the CIO's pocket, not the CISO's pocket.
Well, the problem is everyone wants money for new tools and new,
like you can't fix everything with products.
Oh, I totally agree.
I'm questioning why this is the case,
not questioning whether they should have more or less.
And also the fact that you're right,
shiny toys do not fix everything.
God, we're in danger of actually doing this properly.
Let's have a look at another story, shall I?
That we can butcher.
How about this double story of new Microsoft Exchange vulnerability
puts hybrid cloud environments at risk?
You'd think, really?
Pretty standard.
Well, it was so important that we put it in there twice.
And yet, Carole saved us, and you've just drawn attention to it,
because we didn't actually read it out twice.
Yeah, well, you know.
Just criss for the wheel.
I'm blown away by the professionalism here, guys.
I just want you guys to know that.
After 200-odd episodes, you've only just realized.
Yeah.
Yeah. No, no, I'm...
And you've even been on some of them before as well.
She's repress those memories.
I can't remember what I said. Don't ask, please.
She killed those memories with alcohol and drugs.
All right.
Anything else in there?
The experts alarmed by the UK government's company's house ID checks.
Just reading the story.
The company's house is the UK agency responsible for incorporated.
you know, companies registered limited companies in the UK.
Yeah.
And what it announced that from November 18th,
all directors, people with significant control of companies,
will by law need to verify their identities.
I don't know whether they're using the same process
as they're using for the other stuff
because then we might see a lot of directors downloading VPNs.
Yeah, I'm not going to say.
But the government claim,
that this will help to attract investment by improving transparency
and giving confidence to consumers and investors.
But I don't know.
It's such a messy thing, the whole company's house one,
because people don't want their, you know,
they use a registered address and everything
because they want to avoid getting personally harassed.
Yeah, yeah.
And what have you.
But Andy, I know you've worked for people that have actually
like a director that actually was very open.
He put his own home address and stuff when it goes,
this is how it should be.
Like, people should be able to come knock on your door
if they disagree with you.
To be fair, he ran the website,
which was once labelled as Britain's most invasive website.
Wow.
But I think the real story here inside this is,
as a guy here who said that the one login ID verification service
used by the government is a security risk
because it's failed to meet even the government
own cyber assessment framework outcomes.
So the government has selected a service
that doesn't meet the government's requirements
for a secure service.
According to this guy.
According to this guy, yeah.
Yeah, but...
Yeah.
You'd think that the government would choose a service
that was beyond any kind of questioning.
Like, this is the gold standard
or this is something so not one
that somebody can do a cursory check and go,
Do you know what? This does not meet the outcomes, and here's why. It's so obvious.
Yeah. They don't seem to have a penalty for not doing it that I can see.
Oh, that's good, Andy.
So I actually have the company that I used to register my company, because I don't register it to myself here.
They actually checked my ID. They asked for a copy of my passport.
This was a while ago. They didn't want to be caught.
hosting people that were sanctioned or pet.
Well, when I set up my company, I went through an accountants,
and they did exactly the same.
Yeah.
Anyway.
So I'm not quite sure what they're going to get, what benefit they're going to get out of this.
Well, I guess there's a large percentage of companies that are registered
without having identities checked.
People just go into the process.
Right.
And it's fraud, right?
It's fraudulent frilings they want to stop.
But it takes, like, you.
Talking about 12 months before you catch those people.
Jaff, how did you register yours when you did yours?
Clearly not well enough because HMRC were able to track me down.
It's a sore topic for Jack.
He doesn't like it.
Oh well.
Given that's a sore topic, let's stop there and move on, shall we?
That was this week's...
Industry News.
Sorry, I was just getting...
getting my passport out there.
If good security content were bottled like ketchup,
this podcast would be the watery juice,
which comes out when you don't shake properly.
In a niche of our own,
you're listening to the award-winning,
host unknown podcast.
Right, Coroll, it's the home stretch, nearly there.
Why don't you take us home?
we're this week's
tweet of the week
and we always play that one twice
tweet of the week
okay so
tweet of the week
I can't take credit for this right
I'm just presenting this tweet
but
it seems
it seems that there's a new
TikTok influencer
bragging about
lying his way into a six
figure role at Deloitte
so this guy seems to have no
degree, no certifications, or real experiences, he says. So this is a good way to get a lot of
followers, right? That sounds controversial. But apparently what he didn't mention was that he
was fired during his probationary period and was filming his luxury life in a staged model home.
Wow. Which I'm not surprised at. Like a lot of these people, influencers are basically, you know,
queuing up to do that. Well, yeah, in debt beyond beyond.
any reasonable amount to look quite high-end.
Or do a lot of filming on those staged aircrafts.
Yes.
You know, tracies and stuff like that.
And life, you know, AI is going to make that a lot easier, right?
Yeah.
Yeah.
My favourite is still where people take a selfie in front of the washing machine
and it looks like it's outside of a plain window.
You put a toilet seat in front of the washing machine glass, yeah.
I used to live with this girl
and she didn't want to go to work
I think it was Sunday right
so she didn't want to go to work
so she called in
she was leaning out the window
with a hair dryer
and she was winging it around
her head like a kind of lasso
pretending she was on the motorway
broken down and wouldn't be able to get in
and like even if you were the person
taking the call would you call them out
because it's so random
so it's very genius right
fair play
respect the hustle
but are you surprised
do you think this is probably true
some guy just can just weigh in
right do you know what really surprised me
is I thought we were doing the story about the capybara's
hence why the
yeah no that's absolutely on you Tom
even when you put that you know
that's why I was like okay it's not
but it's you always get it right
it's not the first time so
you know did I screw up
no you didn't I did
apparently I did
well or actually I think Andy just changed
the story just to
you put the story in there Tom
I didn't
you created the
I did not
I put the story in there
yeah
yeah
because when you look at both
you said
Andy was like
that's a visual one
it never works
so
and then and then I jokingly said
like well let's give Carol
the visual one to describe
and see how she falls flat on her face
but then she fell flat on her face
on her own segment
the sticky pickle and I think that's when
we felt mercy
and like gave her the easy story
to come right okay okay okay fine um so yes it is your fault corals and you should feel bad
yeah i struck out i struck out real early and you know what i i think uh you know as a trial
session goes i think we're done i think you're fired the probationary period yeah you know
you know that this story that the last line on this tweet that that is on the tweet of the week
and i think it's very relevant it's here's your reminder to stop taking advice from clout
chasing frauds without doing your research.
I think, boys, we've learned our lesson.
All right, excellent.
Thank you, Carole.
That was this week's.
Well, we've come to the end of the show.
I know at least one of us is just thrilled
that it's the end of the show.
So I will say, Jav, thank you so much for your time.
Thank you for playing both sides of the fence this time.
I really enjoy it, not just the side that was diametrically opposite to mine.
It was lovely for your charm, wisdom and just overall viewing pleasure.
You're welcome.
And you know what, I think I could do a podcast all of my own and argue with myself,
based on that.
I mean, that's pretty much
what we do all week anyway, isn't it?
So, and Carole,
thank you so much for joining us.
It has been an absolute pleasure.
Well, you know, we look forward to your...
She can't say the same.
Yeah, exactly.
I was so glad I was able to fulfill
all my requirements on the show.
Now, I want to say something.
Can I say something here?
Of course.
I wanted to say thank you because I got a lot of emails
from listeners of Smashing Security.
So thank you so much.
But I wanted to bring up one.
So I wanted to say hi to Anthony
because he said,
apart from the host, unknown podcast,
there is nothing else's fun
in the cyber security space.
So Anthony, I know you'll hear this.
So shout out to you.
I think we know which Anthony that is.
Uh-huh.
Does a surname begin with an F?
No.
Oh.
Holy crap, we got two Antony's.
Oh, my God.
Panic, don't panic.
Okay.
It's happening.
We have a new listener that we're...
Add row five to the spreadsheet.
It's not the Anthony.
Oh my God.
But we're only allowed one name from, you know, one of each name.
Don't tell your post.
Maybe he prefers to go by Tony.
Tony, there we go.
Well, Anthony F is now Tony.
If this guy says he's Anthony, he's Anthony.
He name-checked host unknown.
He is number one, Anthony.
Yeah, absolutely.
Brilliant.
And also Anthony F, if you're listening,
thank you very much also for listening, Tony.
Brilliant, thank you, Carole.
Appreciate it.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure.
Tweet of the week.
Bullocks.
You've been listening to The Host Unknown podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R-slash-smashing security.
I think you're released from your contract now, Corolla.
Yes.
My contract.
Tear it up.
Thanks. That was fun.
Looking down the list of words she can use.
F words.