The Host Unknown Podcast - Episode 42 - Advocates for the Masses
Episode Date: February 12, 202110 minutes before rolling, our show notes were empty. This is what you get when you are dealing with professionals.This week in InfosecTweet of the WeekBilly Big BallsRant of the weekIndustry NewsStic...ky Pickle of the Week This week in Infosec(Liberated from the “today in infosec” twitter account):11th February: 1956: 'Cambridge spies' surface in MoscowTwo British diplomats who vanished in mysterious circumstances five years ago have reappeared in the Soviet Union.Guy Burgess and Donald Maclean handed a statement to four representatives from the press in a hotel room overlooking Moscow's Red Square.In their 1,000-word statement the former diplomats denied ever having been Soviet agents.They said they had come to the USSR to "work for the aim of better understanding between the Soviet Union and the West".http://news.bbc.co.uk/onthisday/hi/dates/stories/february/11/newsid_2721000/2721413.stmAgent Garbo: https://www.mi5.gov.uk/agent-garbo Billy Big Ballshttps://www.theguardian.com/business/2021/feb/12/kpmg-bill-michael-resigns-after-telling-staff-to-stop-moaningKPMG’s UK chairman, Bill Michael, has resigned after telling staff to “stop moaning” during a virtual meeting about the coronavirus pandemic and the impact of lockdown on people’s lives.Michael, who has headed the company since 2017, was speaking at a virtual town hall meeting on Monday with members of the firm’s financial services consulting team when he made the comments.The 52-year old Australian, who also said that staff should stop “playing the victim card” and described the concept of unconscious bias as being “complete and utter crap for years”, apologised and said on Friday the scandal over his comments had made his position at the accounting giant “untenable”.“I love the firm and I am truly sorry that my words have caused hurt among my colleagues and for the impact the events of this week have had on them,” Michael said. “In light of that, I regard my position as untenable and so I have decided to leave the firm. It has been a privilege to have acted as chair of KPMG. I feel hugely proud of all our people and the things they have achieved, particularly during these very challenging times.”KPMG, which said that it will undertake a “leadership election” to replace Michael in due course, has appointed senior elected board member Bina Mehta as acting UK chair.“Bill has made a huge contribution to our firm over the last 30 years, especially over the last three years as chairman, and we wish him all the best for the future,” said Mehta. Rant of the WeekFlorida county sheriff Bob Gualtieri held a remarkably clear-headed and fact-filled news conference about an attempt to poison the water supply of Oldsmar, a town of around 15,000 not far from Tampa.Gualtieri told the media that someone (they don’t know who yet) remotely accessed a computer for the city’s water treatment system (using Teamviewer) and briefly increased the amount of sodium hydroxide (a.k.a. lye used to control acidity in the water) to 100 times the normal level.“The city’s water supply was not affected,” The Tampa Bay Times reported. “A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.”https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/ Industry NewsEuropol Breaks $14m Card Fraud RingCyber-Attacker Tries to Remotely Poison Florida CityExperts Warn of “Beg Bounty” Extortion AttemptsNew Council Will Drive UK’s Cyber-Training and StandardsScammers Selling Fake #COVID19 Vaccination Cards for Just $20Credential Theft Attacks Doubled Between 2016 and 2020UK Cops Arrest Eight in US Celeb SIM Swap CaseUN Links North Korea to $281m Crypto Exchange HeistPolitical Bias and Impulsive Behavior Open Door to Misinformation Javvad’s Weekly Stories Tweet of the Weekhttps://www.theregister.com/2021/02/11/facebook_phishing_domains/https://www.zdnet.com/article/proofpoint-sues-facebook-to-get-permission-to-use-lookalike-domains-for-phishing-tests/https://twitter.com/campuscodi/status/1359708438859776002?s=20 Sticky Pickle of the WeekYou’re the head of a trio - have been wrongfully accused of having an over-inflated ego. And you get this amazing interview and coverage in the largest magazine in the UK.How do you bring it up without reinforcing their image of you having a large ego, and being insecure of your greatness. https://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&edid=f73de865-57f0-49d7-9a61-318ea24773c7 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
oh now tom's pixelated to andy's in hd and tom's gone back to like vhs quality
beatamax thank you very much you know one one of these days we'll we'll actually start
and uh andy will be ready i'm ready let's do it man okay
you're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening, and welcome to everybody, wherever you are.
You can't see this right now, but we're actually doing this over a video chat thing as well as an audio podcast.
Whether or not we release it depends on, to be blunt, how much work it will be to edit afterwards.
It caught me by surprise.
In fact, I should actually probably hide some of the stuff on the screen over here.
That's right. Yeah, because 720p is known as the high quality definition
uh the high quality definition wow
do you not know you literally put it on a screen you get someone to work on it you just say
enhance enhance yeah and you can read what's on the screen yeah that's right can you enhance that pass passwords into an excel
document so exactly i like that can you enhance that well i can but it'll pixelate to crap and
you won't be able to see it oh dear how are you andy uh not too bad thank you gong hee fod choy
happy chinese new year yeah Year of the Bull I believe
Year of the Ox yeah
Ox Bull yeah
Do you know what Chinese animal you are?
Me? The good one
I think I'm a dragon
Oh seriously?
No but I want to be
I want to be a dragon
I'm a pig Oh yeah i know that but
what's uh what's your but what's it what's my chinese new year animal yeah
uh jab do you know what your animal is i'm a human being man why would i ever want to equate
myself to an animal it's just like you you you're the best creation there is. And it's like, what like less intelligent and filthy animal do I want to be associated with?
Well, looking at your beard right now, you look like a silverback in like a Hawaiian shirt.
So, Jeff, you were born in 1960, right? That makes you a rat.
No, I'm not born in rat. Talk about Tom there.
Is that why he's pixelated so much?
He's constantly
ratting someone out.
How's your week
been, Tom?
Yeah, very good. Very busy.
A lot of work.
Helping out a friend
who's having
lockdown troubles, like us all, right?
You're talking about Jav, right?
Yeah, yeah, exactly.
I mean, look at him. The man's having a mental breakdown
just by his shirt alone.
He kind of looks like...
What's that film with
Tom Hanks when he's stuck on an island
with a ball for so long?
Yeah.
And that's what he looks like when he got off
so let me just remind you we're recording an audio podcast just because you two can see me
and pass comment and judgment yeah i know people are sitting there thinking yeah so you know
know your audience grow your medium medium. It's presenting 101.
I'll describe it visually, OK?
You look like Father Christmas about the 20th of December
before he's gotten ready to go out.
Yeah, or have you read the Raymond Briggs book,
Father Christmas, and the film,
and he goes on holiday to Vegas and places like that?
That's what he looks like.
Oh, dear.
I noticed
we've got this new podcast
software that you've signed us up
for on the beta program.
Yeah, it's the same
software, it's now by
default does video as well.
Whether or not you have it.
I don't know, let's try it out.
We're at the cutting edge.
We're not...
This is vintage security, people.
You know, sign up for a beta.
Do it in live.
This is like rolling out stuff into production.
Now, afterwards, what are the odds
that Tom's going to come crying,
oh, something's wrong.
It didn't record properly.
I've lost the audio.
Well, it's all messed up.
Let's re-record it.
And then I'll look down and whisper, no.
And I'll go, fine.
We'll do it without you.
Yeah, exactly.
Exactly.
But no, we're not like other podcasts.
We're not like the second best security podcast
that just sticks on the same old technology all the time,
takes them like 24 to 48 hours to release a podcast
because they have to edit it so carefully.
This is boom, boom, boom.
Let's get this stuff done.
Forward fix, fail fast.
Absolutely, absolutely.
I'm just failing a lot faster and a lot more often than normal.
But we have to keep with the times, Grandad. Absolutely. Absolutely. I'm just failing a lot faster and a lot more often than normal.
You know, we have to keep with the times, Grandad.
So if the amount that Tom fails, even Gina Carano was saying, I'm glad I'm not Tom.
And that's a reference for those of you who might have missed it.
I know Andy doesn't watch it, but the Mandalorian star recently. I've been watching the Mandalorian.
Shock news, right?
Yes.
The comment she made was
awful. I'm not even going to
repeat it, she tweeted, but apparently
they've been trying to look for ways to
fire her anyway, because she
does that stuff all the time.
She tweets stuff that is
really
bad, insensitive and
um really not with the disney family values basically
so yeah but there's a lot of that cancel culture going on you know uh joss whedon the um
obviously the author of the theuffy series and Firefly.
Lots of allegations about the way he used to treat people on set
have come out this week as well.
Yeah, Charisma Carpenter wrote a long post about it,
how she was treated so badly by him on the set of Buffy.
And the thing is, in one way, it's like you think, well, isn't that quite stereotypical of the movie industry, sometimes maybe they're not aware, but, you know,
they should be held up a mirror to say, look,
this is how you make people feel when this is how you made me feel.
And hopefully that will encourage future professionals in that place
to be more mindful of what they do.
Although I'm also very careful.
There is a line between like illustrating, you know know showcasing someone unhappy or having a genuine
gripe versus the cancel culture which could be over this person wants chewed too loudly with
their mouth open and it was offensive to me because there is this line between you know
come on work and life is tough you know you i'm paying you to do
a job here which you're not not delivering on suck it up buttercup and get on with it you know versus
verbal um you know bullying and you know all that sort of thing there's a fine line between the two
of actually you know that stern talking to and being told to to pull yourself together but it's
also hard to to judge 20 years ago by today's standards but you know to hold hold actions 20
years ago by standards that you hold people to today yeah it does magnify no i don't know i mean
it kind of magnifies uh um you know the way things I don't know
things happened 20 years ago that are just
as unacceptable then as they were now
of course
but I think what Andy's
getting at and I completely agree
not because there are any skeletons in the closet or anything
but
but
what did you just you know put them in there and forget about them because
now they're skeletons but the the context does change and things that were funny 20 years ago
or acceptable as a joke you look at a lot of these shows if you look at things like um
mind your language or uh you know those kind of shows it played so heavily on the racial
stereotypes even only fools and horses had those kind of jokes um especially in the early episodes
and what have you and you know so so i suppose comedy is one thing because comedy does change
a bit in the sense well comedy doesn't change as people get offended at stuff at a different rate
um but you know so society's and horses
go on did did things like like only fools and horses did that alienate a certain audience though
did that at the time did that actually really only focus on mainstream and really start to
alienate people and and only now uh you know but we just didn't realize
it at the time whereas now it's a case of we can be a little bit more woke about it woke in the
positive sense of actually we want to be more inclusive in our humor and our how we represent
people etc yeah i think there is a lot of that. I mean, growing up, say like, there were, through the 70s and 80s, for example, racism was very different. It was very common in some aspects, and certain terms are very acceptable.
It was normalized. So having even been on the receiving underfit, you don't even realize how normalized it is.
You even make those jokes yourself growing up because, hey, you know, this is why I don't play football, because I might build a shop on the corner, you know, that kind of thing.
When you look back in retrospect and you see how that actually impacts people over the long term, how it forms their worldview and stereotypes and how it actually imposes self-limiting beliefs on them as well.
And one of the things that really got me thinking about this was when the first Wonder Woman movie came out, the recent one, with Gal Gadot in it.
And it was such a good movie i mean i enjoyed it and it was great i think from the perspective personally when i saw it was um it didn't focus
on like making her sexy and everything it was just on literally like you could have replaced it
with a guy and the story would have still been the same. It wasn't like excessive focus on her looks and whatever you say.
It was quite an empowering, I think, movie.
And so a lot of women came out and said, look,
this is what a good movie looks like where there's a female lead
who's empowering, for lack of a better term.
Same thing happened when Black Panther came out.
It just happened to be like, you know, it was set in Africa
and it had a black lead that may rest in peace. know it was set in africa and it had had black lead that uh
may rest in peace but it's set in wakanda yeah but yeah okay wherever i know your geography
yeah but wakanda is not in africa it's it's when these things come out um you actually realize that there is a different narrative for people of different
genders or different colors from what you're used to and it's only then that you take a step back
and say hey this is possible uh hey i could be a little black kid and i can grow up to be a leading
man or i can be a girl and i can be a leading lady. And so that's why I think these things,
they take a bit of time. There's that moment where people begin to realize and then they change. And
then after a while, then you say, well, 20 years ago, you could have made that, but now it's not
acceptable. It's not because people have suddenly got a big stick up their ass. It's because
they've realized the value and the positivity that you can bring through that inclusivity and diversity sorry i went that was the unofficial rant of the week no not at all
yeah welcome to the host and own podcast social justice for the world uh through three social
justice warriors that's us by the way that's us. This is the Host Unknown Podcast.
Anyway, right. So what have we got for you today?
We did actually have nothing for you as of about an hour ago.
It's been a busy week for all, not least Andy.
But we didn't have anything.
We squirreled ourselves away. Squirreled ourselves away squirreled ourselves away
and got you we spent like 10 minutes before uh before we started hitting that record button
yeah yeah yeah yeah look we're bigging this up right we're trying to trying to make ourselves
look good uh so we've got this week in infosec tweets of the week billy big balls rant of the
week industry news i can tell you right now i mean look at look at jav he spent more time growing his beard this week so we
definitely don't have a little people today uh and i just realized i said look at jav on an audio
only podcast but um but we will have a sticky pickle of the week which is even better think of
this as the agile podcast it's like dev sec ops we we just like
build and break very quickly we're not like one of those scripted shows emphasis on the break
mvp we will get you a minimum viable product by the end of this yeah or actually just mp whatever it takes whatever it takes right i reckon we can move straight on in that case to this
this week in infosec
so once again not only uh is it us who have not delivered, but another source that we outsource to to deliver stories for this week in InfoSec also has not delivered since 20th of January.
So if you wouldn't mind putting your finger out, it would be appreciated.
So this is a story I had to find myself this morning, 10 minutes prior to this segment.
And it's taken us back to the 11th of february 1956 wow yeah so probably uh tom
probably just shy of your 21st birthday uh i think that would have been uh you may remember a story
about cambridge spies um and this is a story about two brit British diplomats who vanished in mysterious circumstances five years prior in 1951 and then suddenly reappeared in the Soviet Union.
So Guy Burgess and Donald McLean, they handed a statement to representatives of the press in their hotel room.
And in their thousand word statement, denied ever having been soviet agents uh you know and
they said they'd come to russia to work for the aim of better understanding between the soviet
union and the west and uh the thing that made me laugh on this one was uh remember the whole
novichok um is it novichok that poison the stuff in uh oh i thought you'd talk about the two sticks
with a chain in between yeah that's the one yeah the rice flowers um no no not the helicopter either uh the um
you know those two guys that said they were just visiting stonehenge
no no salisbury cathedral salisbury cathedral they knew that they knew the height the exact
height of the salisbury cathedral yes yes that's the kind of stuff that you
know right that's uh yeah exactly exactly so i'm thinking what that was what 2019 was it yeah
yeah they're minus uh yeah so then we take it back so 63 years
63 years you can't see this but but and Andy just got his calculator out for that.
I had to make sure it was right.
63 years, and this story has not changed. So, you know, between two guys that turn up and just say,
hey, look, we're just here to appreciate the culture,
you know, nothing going on here.
And that is one that I love it.
You know, just to go go show everything old is new again
and everything's recycled so uh even moscow and the russian agents uh struggled to come up with
new narratives to support their shady operations the cold war thing was uh i've read some of the
books around around that time and that the amount of agents and double agents and
then triple agents that went on you know there was one guy um shortly after the war and he was
literally playing both sides for personal financial gain he was like you couldn't you couldn't have
made this stuff i can't remember his name i know he I know. Was this the Cold War or was this World War?
It might have been the end of the Second World War.
Yeah, so this, oh, God.
So this is a story about a guy who,
he applied for a job with British intelligence
and they said no.
So he then went to the Germans
and applied for a job there.
Got it.
And then went back to British intelligence.
Went back, yeah, said that he could be used here
but then he built a network of fake spies didn't he yeah and he always he always delivered
intelligence but just slightly too late to you know so it was accurate but it was never acted
upon it's kind of like a pyramid scheme of spying it was but he was claiming expenses for all these
different people and stuff yeah that was a oh i remember recently had a really good he had a really good name too but yeah it was brilliant but he's the
only person to have been awarded um oh like a british medal and a medal from hitler as well
yeah really high uh honors um i'm gonna have to google this now because yeah i remember that story it's
absolutely fantastic that's brilliant it's kind of like how they say like if you want to play chess
against multiple people say you're playing chess against two people you you you play whites on one
and you choose blacks on the other and you wait for the first person to make a move on there and
then you play that against the other and then when they respond you play that so it's uh it's similar derren brown did a similar thing he played he
played something like eight eight or nine uh grandmasters um uh and he was he was basically
what was clever was that he was memorizing moves so he was playing them against each other all the way round
but of course it just looked
like this person who just knew
chess was able to go round the tables
and beat eight or nine grandmasters
which
in itself is an impressive trick just to
watch but to know that he did it by memorising
each move
is even more impressive
quite incredible It kind like uh kind of reminds
me of the 90s when there's all these rumors spreading about uh how antivirus companies
create the viruses themselves and they put them out there so there's demand for their product
yes i know it's like i think we've got better things to do than that.
Thank you, Andy. That was... This Week in InfoSec.
Very good. Right. Okay. Moving swiftly on to...
Oh, right. Yes. Oh, we've got a great one now.
Oh my God. This is so good. This is so good.
And Jav, I believe this is you.
That's right. It's Billy Biggles. We actually were in danger of veering right into this in our introduction when we were talking about inappropriate comments.
Yes. And workplace bullying. into this into our introduction when we were talking about inappropriate comments yes and
work and workplace bullying so so uh kpmg's uk chairman bill michael they were having a all-staff
event uh he's been heading up the company since 2017 he was speaking at one of these virtual town
halls you know i i maybe later tom you can
you can educate me what's the difference between a town hall and a general all staff meeting and
a heads up anyway um i i don't exactly know what a town hall me i know what it is but i don't know
what the meaning anyway he was heading up a virtual town hall it depends how far you are on the uh
on like the bullshit bingo like you know
what level uh bullshit bingo master you are ah okay town halls generally involve q a as well
oh is that the distinction yeah because it's because politics i think it's an american term
politicians in america it's a bit like a gp not a GP surgery, a minister of parliament, an MP's surgery.
You know, you can go in and talk about problems, but you hold a town hall because you sit in the front and you talk about a bunch of stuff and then people will talk back to you and ask questions, etc.
As opposed to, you know, a meeting or a whatever you call them, Jav, whereav where you know a get together where we impart
knowledge to you this um i believe the distinction is that there's more q a in a town hall it's
supposed to be more collaborative fair enough educated i don't know i don't know anyway but
but but we digress anyway uh so they were having the virtual meeting and the topic came about the pandemic and the
impact the lockdown has had on people's lives and i'm sure i know i felt the impact even though i've
always been a remote worker i've always had for the last many years i've been a remote worker i've
always worked from home even i felt the impact of the lockdown because it's not just about the office it's about your entire life so anyway they were talking about
the impact and Bill Michael in his wisdom he said to staff stop moaning stop playing the victim card
and describe the concept of unconscious bias as being complete
and utter crap for years so um and and that says somebody who's totally unconscious of the bias
that he has in his life right exactly exactly um it was interesting because some of the staff also reported
they had a chat system in place where they could then ask questions.
To your point, Tom, this is why it's a town hall.
But the system allegedly crashed and people couldn't actually post comments
because people were getting very upset about it.
So the fine people at KPMG did what they did do best.
They turned to social media because that's what you do
when internally your voice is muted.
You turn to social media or journalists and what have you.
So the story got a lot of news.
And unfortunately for Bill Michael,
his position is now described as untenable
and he has resigned.
So now they're going to be,
now they're going to be holding some sort of,
where's the wording gone?
They will be, KPMG said they will undertake
a leadership election to replace Michael in due course.
I love the term leadership election to replace Michael in due course. I love the term leadership election.
And they're also investigating.
Yeah.
Yeah.
Yeah.
I love how the words leadership election almost imply like that it's a
democratic process.
Anyone can apply to lead and they can gather votes.
You know, but we all know it's not really like that is it
uh but uh anyway yeah i'm sure he he walked away with a with a nice payoff uh maybe maybe head
back down under because he's australian what he was doing leading the uk function off of well not
yet he can't not yet he can't no um so so well maybe he can't. Not yet, he can't. No. So, well, maybe he can.
Absolutely.
He should stop playing the victim card.
Jeff, I'm sorry.
Did you just subtweet, like, piss off back to your own country
while you were talking there?
No, no.
What I mean is that.
Because that's what it sounded like. No, no, no, no, no. Why I mean is that... Because that's what it sounded like.
No, no, no, no, no.
Why would I say that?
Oh, my Mauritian brother.
But Australia...
Yeah, why you two?
Australia is known for being a backwards country.
It's at least 10 or 20 years behind the UK.
So all I'm saying...
We have three listeners in Australia.
Do not alienate them.
All I'm saying...
Troy, we're sorry.
All I'm saying
is if
his words were unacceptable
here in 2021,
if he goes to Australia, people will just shut up,
stop moaning and carry on with their job.
Because it's acceptable there.
Well, maybe over there they just don't moan in the first place,
you know, because they're hardy Australians.
And we're whinging poms.
Yeah.
So what we have here, is this not just a cultural misunderstanding?
You know, he he was trying to find good words to just call us affectionately, you know, affectionately whinging poms.
And it was taken out of context. And because his feed was cut, he wasn't able to clarify.
And so, you know, he, he obviously meant no offense or, or, and here's an alternative view.
There's somebody who is so disconnected from the reality of the people that
work at the company he's, he's in charge of,
has absolutely no idea about what's going on in the company and the
difficulties that face him because he's stuck in his, you know,
massive six acres of land with staff
and all that sort of crap surrounding him to make his life as comfortable as possible,
blah, blah, blah.
Or that actually he is completely out of touch
and is better off being sent to executive prison or wherever.
Or the big picture that you're missing,
maybe he's severely depressed.
Maybe lockdown has impacted him worse.
Maybe he's had a bereavement in the family.
Maybe he's been diagnosed with something.
Maybe this is a cry for help.
People do become quite dispassionate
when they're undergoing lots of periods of stress.
Maybe he needs a hug.
Maybe he needs to clear the air.
But maybe that's just me.
Shut up, Jav.
You're completely wrong.
I need a hug.
Although that is a very good point.
In fairness, and I don't know whether you were trying to take the piss or not there, Jav,
but in fairness, that is a very good point.
People do disconnect from reality.
I think perhaps he is in a, you know, I have heard that whenever you see an executive
stepping down to spend more time with the family, it's basically because they're very
mentally ill from the stress of counting so much money.
Yeah, counting so much money. But yeah,. Counting so much money, but yes,
they have a huge amount of money to fall back on.
But the fact is that the stress is incredibly high and it's,
it's very, very common, far more common than, than, than we might think.
But you know, that said, if he's doing a town hall or whatever,
you'd think there would be some kind of script that he would be sticking to.
So I think it's unlikely this is a mental break.
That doesn't discount the fact that he may be under huge amounts of pressure.
But yeah, it's still disconnected from reality.
Yeah. still disconnected from reality yeah but but you know what it's like you find it hard to be
sympathetic towards execs because we always have this assumption that they've got lots of money to
fall back on but i'm just reminded of the great philosopher uh dr schwarzenegger who said that
money doesn't buy happiness um i'm i've got 50 million in the account in my bank and i'm just as happy as when i had 45 million in the bank so you
know did he seriously say that he did
something along those lines it was like that's hilarious yeah
oh i like that that's very good oh excellent
thank you
very much
Jav
for this week's
Billy Big Balls
of the Week
it's the jingle
that keeps on giving
because believe it or not
it's still got another
five seconds to go
which
nobody else can hear
but I can see
I'm looking at it that's all you that's all
it's all on me it's all on me exactly oh dear i like that and i specifically like the philosophers
of the philosopher dr schwarzenegger's uh quote that is my favorite i'm going to use that one at
some point i'm going to steal that uh well there's the other what's the other one about uh you know
i know money doesn't buy everything but i'd rather be crying in my mercedes than uh my fiat uno
yeah yeah that's that's the the clock jeremy clarkson that's the other great philosopher
in my mercedes with its rich corinthian leather
so just talking about luxury cars there's um as well you know where i get all of my news
these days you know the only source i trust tiktok there is uh this guy that did the um
the bentley's um you know he sort of showed his bentley around and what it comes with all the
optional features and for an extra three thousand pounds you can have these umbrellas that fit in the door each side oh yeah yeah so like you open the door and uh like down
the side where you know you'd normally have a child lock or something you press the button
like an umbrella comes out like this big golf umbrella that's in the yeah like this is just
stuff i would yeah these are not options i get on my VW Tiguan. You know that?
No.
Different world.
The optional extra you get is the old pop-up umbrella with the broken spoke in the footwell.
Yeah.
Which was left by a previous customer.
Yeah, exactly.
By the previous two owners.
Yeah, good times.
Oh, dear.
Right, let's move swiftly on, shall we, onto this week's...
Listen up!
Rant of the Week.
It's time for Motherf***ing Rage.
Holy crap, I've just realised that Jabs wasn't actually the rant.
Yeah.
Yeah, I know.
Do you know what?
I think a lot of our stories could kind of blend.
Yeah.
We could do like one Uber story. why is it so much anger this week exactly i don't know but i need a hug
virtual hugs you're okay virtual hugs all around yeah yay uh anyway so this week's rant of the week um no surprise do you know what i think we could do
an entire podcast based on this one geographic location in fact i could think we could do an
entire podcast series on stories from this geographic location florida county sheriff
bob galtieri held a remarkably clear headed and fact filled
news conference
now is that remarkably clear headed and fact filled
because he's from Florida
or is it because
of the content I don't know about an attempt
to poison the water supply
of Oldsmar a town of
around 15,000 people
not far from Tampa
anybody been to Tampa here? of around 15,000 people, not far from Tampa.
Anybody been to Tampa here?
Yeah.
I think at least 30% of this group has been to Tampa.
Tampa always, to me, sounds like a feminine hygiene product.
Never get away from it.
Anyway, so... Well, I was going to make a crass joke about how the area is actually full of
yeah very true galtieri told the media that someone and they don't know who yet remotely
accessed a computer for the city's water treatment system using oh god using team viewer using TeamViewer and barely increased, sorry,
briefly increased the amount of sodium hydroxide,
also known as lye, which is used to control the acidity in the water,
to 100 times the normal level.
So that's a big deal.
Can't imagine the effect that that would have had.
So thankfully, the city's water supply was not affected because a supervisor who was working remotely saw the concentration being changed on his computer screen and immediately reverted it, presumably working remotely with TeamViewer.
presumably working remotely with TeamViewer.
But also city officials emphasise on Monday that several other safeguards are in place
to prevent contaminated water from entering the water supply.
They've got Dave, who's also got another computer on TeamViewer,
who also checks the amount.
And they said they disabled the remote access system used in the attack.
So there's a couple of things on here that I need to talk about.
One is TeamViewer.
Seriously?
Like, TeamViewer is known as one of the most common used tools
for attackers to get into systems. And the fact that they left this
switched on and enabled for people to attack to is incredible. Secondly, the other part is that
the supervisor who was working remotely and saw this concentration being changed, all I can do is imagine seeing almost like this tug of war
between the two, the supervisor as the amount went up
and then the attacker put the amount, you know, put it down
and the attacker put it back up and he put it back down
and went back as a forward attack.
So I don't know how long this went on.
I'd also be interested to know what these other safeg what these other safeguards are as well to be honest with you but i just the fact
that all of these iot systems uh all of these um uh industrial scale systems that are connected to
the internet in quite such a well blasé way really annoys me this is something this this could have
been very very serious if it was you know um something like a nation-state attack or something
like that this could have created huge amounts of damage across the country uh potentially if multiple targets were attacked um so i i you know really their internal processes
are shot there the whole attitude is shot when they're happy to connect their uh industrial
control systems internet using team viewer and then not even have a any kind of checks and balances in place to switch it off so uh shame on you um
tampa florida sorry place near tampa florida oldsmar oldsmar water treatment facility for
uh screwing this up but but good job on finding it and let's hope that you fixed it later well
i was going to say you've got to give fair play to that supervisor because certainly while people
you know and this is one of the challenges i guess with remote working um you know maybe his stage of normally
would have been to sit in the office and monitor these things but you know when he's at home he
could have netflix on in the background or something and like you know just wait for a
uh you know an im or something from someone yeah no hopefully my kettle's just melted yeah hopefully
you know it's one of those people that
uh you know really takes their job seriously and uh was sitting there diligently uh you know
for his shift but um yeah almost a bit of big balls move that one almost a bit like so we could
have blended i mean i mean together yeah i think what what it was is that um it doesn't sound like it was an actual malicious attack.
It looked like someone having fun.
They probably went on a showdown, found some open ports connected to it.
Oh, no, shit, I'm in here.
Now let's just turn all the dials up to 11 kind of thing.
No idea what they're doing.
Yeah, no idea what they're doing.
Thinking it's someone's air conditioning.
Yeah, let me turn up this person's air con
yeah
but
they've only got one level of
lying we need more
obviously more is better
yeah
the other thing is I think one of the safety
controls I read was that
it's not physically possible to put
in 100 times
the amount of line to the water supply so that wouldn't have worked anyway so
that's apparently one of the safety controls but I think it goes just what
is it safe I mean no I think it goes to show that when you think about Florida
man and you say there's something in the water there
clearly is because this one got detected there's probably all these other attacks in florida that
haven't been detected and they've been subject to some sort of like substance for for years
and that explains it all about them yeah yeah that's right it explains everything because
apparently if you type in florida man and your birthday
you will get there's a unique story for every day of the year about some mad thing that has happened
i think we've just found a new feature yeah i'm pretty sure mine i'm pretty sure mine is some
kind of alligator attack i'm not sure this week in florida history oh yeah i'm liking it i'm liking
it anyway that was uh this week's rant of the week andy i don't know if you noticed we got a
little bit of lag with jav uh do you know i didn't know whether it was me or jav because i was
thinking am i speaking slowly or uh do you
know what it's the video i don't think the video helps you know when you're doing audio recording
it doesn't help on an audio podcast i completely agree but you know we'll we'll work something out
so folks you know we've uh we have failed fast well we failed in 40 minutes i think but but it
is i'll tell you what it has added the enjoy enjoyability of seeing Andy have his breakfast in between gaps when you're talking to him.
Yes, this is true because I've never wanted to watch Andy eat a banana more in my life.
Sure. Let's call it my breakfast. Yeah.
Yeah, that's right. And Jav, what you were doing, I don't ever want to see again.
Jav, what you were doing, I don't ever want to see again.
I know watching Andy eat a banana is, well, something,
well, let's just say you're not getting it at home,
so you might as well get it from Andy. It caused him to go through his tissues a bit quicker than normal.
It did.
Oh, my God, you guys are terrible.
Pick a sweeper.
He's got lotion all over his webcam.
Oh, my God. Pick a sweeper. Oh, got lotion all over his webcam. Oh, my God.
Pick a sweeper.
Oh, yeah, yeah, here we go.
This is the Host Unknown podcast, home of Billy Big Ball Energy.
Here's another one.
Still got 10 seconds left.
Yeah, I can't hear it.
Can't hear it.
Anyway, as we know from last week's episode uh about uh how jav um uh how can
i say pleasures himself uh i think you know that two weeks in a row we've learned more about jav
than we we would we would have liked anyway sorry go on andy uh well i was gonna say i think it's
that time to uh head over to our source on probation over at the infosec pa newswire who
has been very busy this week bringing us the latest and greatest security news from around the globe
industry news
europol breaks 14 million dollar card fraud ring. Industry news.
Cyber attacker tries to remotely poison Florida City.
Industry news.
Experts warn of beg bounty extortion attempts.
Industry news.
New council will drive UK's cyber training and standards.
Scammers selling fake hashtag COVID-19 vaccination cards for just $20.
Credential theft attacks doubled between 2016 and 2020.
Industry news. 2016 and 2020. Industry News
UK cops arrest eight in US celeb SIM swap case.
Industry News
UN links North Korea to $281 million crypto exchange heist.
Industry News
Political bias and impulsive behaviour open door to misinformation.
Industry News.
And that was this week's...
Industry News.
Huge if true.
Yeah, I tell you what, we should talk about the cyber attacker
who tried to remotely poison this Florida city.
Sounds like a good story, really that one i think it
would be a good story yeah yeah very interesting very interesting exactly so you know these folk
folk fake covid 19 vaccination cards i reckon they're going to start selling big time because
my impression is and certainly you know based upon my mate at KPMG,
who's obviously reached the end of his tether,
we're fed up with this.
And I think people are going to start travelling
using fake cards quite a lot, to say the least.
Yeah, and the problem is with every country
having their own version of a vaccination card,
you know, how can you tell what is what is uh real and what's not
well i'm assuming the fake ones will actually look quite good
no i you know and this is the problem because even with the um covid testing that some some
countries they require you to have a test done within 24 hours or 72 hours
of traveling and you need to take that because it's not centrally linked there's no way for
anyone to validate whether that's yours or not or whether it's actually legit and there's been
stories of people they've just like mocked up the letter template and they've gone and they've shown
their phone that oh here's the email I got and they look at it and they're like yeah okay and and that's it so you know it's a lot of people
are playing the game to to a large degree in a way i mean it's scary it's scary you know i think
i think uh a lot of people view these as guidelines. Like Pirates of the Caribbean.
Best practices, rather.
Yeah, that's right.
Yeah, exactly.
Oh, dear.
So do we have...
I can't even find it on here now.
No, we don't.
No.
We don't.
So I shouldn't be playing it.
Well, you want to copy it?
Oh, okay.
So I definitely shouldn't be playing it. Well, you want to copy it? Oh, okay. So I definitely shouldn't be playing this.
Javad's Weekly Stories.
And that was this week's.
Javad's Weekly Stories.
Productive week there.
Productive week.
Oh, dear.
Well, I think let's get on to you you andy i think it's your turn again
um i think it's time now for sweet of the week and of course we play that one twice because it's
lovely sweet of the week i love it i love it okay so this uh is the story this is actually
an interesting one which uh came through the group chat um so
last year facebook uh who we know and love filed a legal case uh so you imagine obviously facebook
have an army of course they would yeah facebook and their army of lawyers filed a legal case
um to seize a bunch of uh and Instagram lookalike domains.
You know, so you might think it's brand protection, you know, to make sure people aren't spoofing
their domains, etc.
Now, some of these domains were owned by Proofpoint.
And Proofpoint is a, you know, an-phishing or security awareness training company you know
as part of their services they offer this anti-phishing uh you know service where they
would you know they'd have fake domains like in instagram but at the end it's spelled you know
with an r n you know romeo november instead of an m uh so when you look at in the vow in the browser
actually looks realistic but what they do when you click through that type of thing you know and they run these simulations for companies large enterprises
and you know various other you know b2b services and you can customize the message so what they do
they'll target your employees as part of a simulation you know how much are people paying
attention you know what are they doing what are their behaviors and they'll get taken to this
page and then proof point you can customize the message out say hi this website belongs to
you know proof point security awareness training you know domains used to teach
employees how to recognize phishing attacks etc and this page is here to let you know that it's
not a malicious web page and um so obviously facebook sued proof point to you know take everything down and what i
love about this and i should have said you know this tweet is from um catelyn uh who is at campus
cody c-o-d-i on twitter um who's sort of you know sharing the story and facebook and the army of
lawyers have gone out putting all these domains down and proof point have turned around.
They've played the Uno reverse card and they are now suing Facebook to get the
domains back, which is, you know, something I don't think Facebook's used to.
You know, well, I say they are probably used to it, but the countersuit,
I think, you know, Facebook really thought they had a, a watertight,
you know, service,
watertight thing going on here.
But, yeah, it's just amazing.
I guess, you know, what are you going to do?
Yeah, Jav, what's your thoughts on this?
I mean, you know, as a known phishing expert, as it were, and a security awareness expert, what are your thoughts on what Proofpoint are doing?
Well, I can't really speak to what Proofpoint's doing, but it's a really interesting position.
Now, I'll tell you what I think should happen.
I think this is a problem when lawyers get involved.
What I think would be a really good move for companies like Facebook or whoever,
I think they definitely should have ownership of lookalike domains.
I think that's brand protection and everything in the right thing.
But then what Facebook should do is if anyone comes to Instagram with an RN at the end,
they themselves should put up a thing saying, hey, this actually
isn't this. If you've clicked through from something to come here, don't click it again.
And they should be offering an awareness message of their own. It won't cost them anything. They
should just have a standing. So rather than redirecting it to Facebook or Instagram.com,
they should just have this message say, look, be careful of what you type and what have you. Now, that would eat the lunch off some of these
awareness providers to a small degree, or maybe steal a little snack. But I think this is what's
needed if you really are serious in protecting people and raising awareness of mind. This is
like the average consumer. This isn't really really like we're not talking about enterprise level um it as you know that's a small slice of the pie that
it's really the majority of users are out there and the more often you repeat this the more it
gets embedded in your brain like oh this is something that can happen it's a bit like when
you're driving and every time you're outside of school there's a sign that's saying school
slow 20 there's a yellow zigzag lines There's all these sorts of like protection mechanisms
there to just like remind you, hey, there's a school here. Just be very careful. We don't want
you hitting a kid because they could run out onto the road. And this is where I think everyone needs
to work together better. And it could have been no claims bonus. Yeah, exactly.
But, you know, companies suing each other in tech,
it just doesn't help anyone.
It doesn't help.
It only helps lawyers.
So that's my take on it.
So it helps lawyers.
Yeah, why can't Facebook and Proofpoint even collaborate on this?
Facebook could say, OK, we own them.
We're going to let
you use these you know for your campaign i think facebook would if they could buy proofpoint
i don't think uh you know and i guess that's part of the problem is that facebook
don't really care about that you know unless they can monetize it it's um well they could
they could release them out to to proofpoint yeah small fish though isn't it small fry
could they could release them out to to proof point yeah small fish though isn't it small fry yeah i know but but because the thing is in this instance i wouldn't trust facebook to do the right
thing no if i do not trust facebook to do the right thing you know at least proof point who
are an established player in the market and are doing you know doing good work. Maybe not as good as others.
Maybe before.
Yeah, maybe.
Maybe.
In fact, definitely.
Definitely, because no before.
Sorry, where's our... Oh, God, where's our sponsorship?
God, all these new things,
I can never quite remember them.
Anyway, I can't quite find the jingle.
You're listening to the Host Unknown podcast sponsored by yes exactly before i need to find that one again anyway um but
uh but it's it's um i've lost my train of thought now uh but yeah but these companies
they're actually the experts in this space.
They're the ones that can actually give proper,
targeted and meaningful education on this.
Facebook at best would stick up an error message
saying you've come to this in error.
Okay.
Here's a free tip for Zuckerberg.
And this is, I think this is a truly a win-win situation.
Facebook keep these domains
and they put up a message saying
you've come to an incorrect domain.
But they put trackers on those sites
so then they keep a list of gullible people.
Then they monetize it
and they sell it to advertisers
like Tony Robbins.
Hey, here's a gullible person.
They'll believe anything.
They can sell it to Nigerian princes.
Here's an email address.
So I think it's a win-win situation.
Yeah, yeah.
I can't believe you're not reporting Facebook on this.
Change my mind.
You're wrong.
Jesus Christ, you're wrong.
Oh, man.
Yeah, so unless
Facebook wish to throw us a lot of money,
I definitely think that Facebook are the wrong
people to be handling this.
And the fact is, again, just to reiterate
your point, Jab,
it's the lawyers are the only ones that are
winning here.
So,
Andy,
this being your tweet of the week.
No,
we've lost him.
Okay.
And that was this week's
Tweet of the Week.
Good Lord.
It's lucky we're not paying you,
mate.
It's unsurprising
yeah you get what you pay for in this show
right okay let's go on to because we don't have a little people because
these your little people keep letting you down jeff i. I think we've even come to realise it's not down purely to just your incompetence.
It's down to theirs as well.
But let's move on to our final segment, which we like to call...
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Jeff, I think you've got this one.
I do, I do indeed.
So, Sticky Pickle of the Week.
I've been told by my lawyers that we should include off the week at the end.
So, we can't just call it.
So, don't please refer to this as sticky pickle we don't
have lawyers we don't have lawyers we've been told by someone else's lawyers yeah
my lawyers their lawyers it's all the same
they all cost me money so here's the sticky pickle you are the sole founder of something you create something out of nothing
yeah and so just to put it into some visual context it's not elon musk or bill gates or
the late steve jones but it's something along those lines so you can think this is something
quite big so you're the head and you create something and it's truly fantastic.
And your people who were like your number one, two employees or, you know, luckies, they've joined
and they've kind of helped in a way,
but, you know, they didn't actually build it.
Are we talking about Brost?
It's Matt Goss, isn't it?
Wait for it.
Wait for it, Tom.
It's like Bon Jovi.
Anyway.
The others accuse you of having an overinflated ego
to having your own head up your arse
and all these other slanderous, libelous comments.
And if you had money for a lawyer...
It's Jeremy Clarkson, isn't it?
It's not Jeremy Clarkson. anyway because of that you get a lot of interest from the media and you get a massive
double spread feature on one of the biggest hottest magazines in the industry
how do you bring it up without reinforcing the hate that the jealous haters
the jealous people the haters are you know image without reinforcing that image of you having a
a large ego and of course bringing up their own insecurities of your greatness uh how how would you bring that up that is this okay so typical
often so this person so this person thinks that they're they're the sole founder of a
of a wildly successful trio they're known for having a massive ego when actually all they want
is a big hug because they're crying inside but nonetheless the the outside persona is you know larger than life etc um and something big happens for them and nobody's
bringing it up nobody's saying anything so like you know for instance a double spread feature in a
in a leading um uh magazine within within their industry am I getting this right so far?
Yeah, I think you're right.
You're absolutely spot on.
And you want to bring this up
because it's something you're actually quite proud of,
but you just don't want to reinforce
what you feel is this unfair image
that the other two lackeys within the
team
will have of you.
So I think I've got the answer.
You don't say anything.
Wrong.
And that was this week's
Sticky Pickle of the Week.
Sticky Pickle of the Week. Sticky Pick pickle of the week sticky pickle of the week sticky pickle of the week
do not feed the trolls
yeah i can see you you're just about to explode on your seat there like with the camera
you're itching to get this one out i know i know exactly
what you're talking about we know of course we saw it jab we uh i i even wrote a cease and desist
letter to uh to info security magazine because uh they've printed some uh libelous comments
uh in this uh one did you that's funny because i i sent a cease and desist as well
really what's on my behalf no on my behalf how does that work i don't know but but jav said he
was the sole founder so that's exactly why i sent a cease and desist that's really well i'm gonna
have to send another cease and desist then look look look guys guys guys we've already established
only the lawyers win when you do that yeah
so don't be a Zuckerbergs don't be a couple of Zuckerbergs
just take it on the chin I I'm just gonna I'm just gonna
walk up with the nail gun and put and put jav out of his misery here um jav had an excellent
well more than a double page spread wasn't it was it three it wasn't yeah so i thought he was
actually being quite uh you know that's quite modest yeah exactly i know i know but he had a
good spread a couple of spreads in the info security magazine this quarter really good article um full of factual
inaccuracies like being the sole founder of host unknown but but uh yeah folks check it out um
you've probably already already had it plastered all over your social media streams anyway because
jab was i think he's got it on you know retweet every hour at the moment. I think this is where he says link in the bio.
Yeah, link in the bio.
There will be a link to the article in the show notes as well.
It is a good it is a good interview.
I'm glad I turned it down so that you could have the limelight this time, Jeff.
Thank you, Tom. You're so gracious and so kind.
What would I do without you two?
Fail. Faster.
Yeah, yeah.
No, no.
Slower.
I would fail, but a lot slower.
There'll be a death rattle involved.
Oh, dear. I think that brings us to the end
we end on a
highlight here
thank you very much
Jav thank you sir
it was a superb article as well
well done thank you very much
for your love and attendance this week
you're welcome
stay secure my friends.
Oh, blimey.
Oh, man, he's stealing my...
Son of a bitch stole my line.
Again, yeah, absolutely.
And just as we were out,
I did find out the name of that agent
was Agent Garbo,
who played both sides during the war.
In the show notes, folks.
I've stuck a link in the show notes, yeah.
Absolutely. And I will copy and paste them into the show notes, into the walk. In the show notes, folks. I've stuck a link in the show notes here. Absolutely.
And I will copy and paste them into the show notes, into the podcast notes.
Andy, thank you very much, especially for that little bit of side research and the part
where you ate a banana and also the part where you just sat on your phone and refused to
close off your tweets of the week.
But aside from that, thank you very much, sir.
Stay secure, my friends.
Stay secure.
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
r slash Smashing Security.
And we're out
and Jav's clacking on his keyboard again.
Yeah, yeah, yeah. No, I was just
looking up. I was trying to
find who said the quote.
There's a quote. I'm thinking it's
Churchill, but he said something like
how long does it take you to prepare a
speech? And he said, well, take me a week to prepare a five minute speech. But if you want me to talk for an hour,
I can do it right now. And that's how this podcast. And that's us.