The Host Unknown Podcast - Episode 54 - A Life Half Lived
Episode Date: May 7, 2021This Week in InfoSecLiberated from the “today in infosec” Twitter account4th May 1990: Robert Tappan Morris was sentenced to 3 years probation, fined $10,000, and ordered to perform 400 hours of c...ommunity service. Why? For releasing the Morris worm in 1988, then becoming the first person convicted under the then-new Computer Fraud and Abuse Act (CFAA).https://en.wikipedia.org/wiki/Morris_wormhttps://twitter.com/todayininfosec/status/12573523703354654724th May 2000: The ILOVEYOU worm spread worldwide, infecting an estimated 10% of the Internet-connected computers.Its author was never prosecuted because the Philippines didn’t have any relevant laws. He was recently tracked down and interviewed about the worm:https://www.bbc.com/news/amp/technology-52458765https://twitter.com/todayininfosec/status/1257833516454211584 A little Billy Bonus...https://www.linkedin.com/feed/update/urn:li:activity:6794950191586836480/A Little Cheap Plug:https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Rant of the WeekTwitter introduced a tip jar - except, when you use paypal to send the tip, it sends your registered address too! Noice. It’s not really an issue with twitter - more of a feature of PayPal cos that's how it sends receipts for goods and services. This threat exists with all users of PayPal. Not just tip jar. But this isn’t really a rant about privacy or tipjar… let’s talk about Whitney Merrill’s tweet…. https://twitter.com/wbm312/status/1390444554587832324?s=20 Billy Big Balls of the WeekDashcam footage showed the moment a gang of armed robbers in South Africa attempted a cash-in-transit heist by chasing and firing shots into a bulletproof security vehicle.Members of a private security company were transporting money in a truck in the northern city of Pretoria on April 22 when they were attacked.In the three-minute video, a security officer is seen driving with a colleague. Both men are wearing bulletproof vests.https://twitter.com/Abramjee/status/1388194148210167810https://www.insider.com/watch-video-shows-armored-cars-crew-in-daring-escape-under-fire-2021-5 Industry NewsBritish Prime Minister’s Cell Phone Number ExposedFake Vaccine Domain SeizedShoppers Choose Guest Checkouts Over Security FearsMisconfigs and Unpatched Bugs Top Cloud Native Security IncidentsCyber-Attack on Belgian ParliamentResearcher Claims Peloton APIs Exposed All Users DataHomecoming Queen Hacker to be Tried as an AdultCaptureRx Data Breach Impacts Healthcare ProvidersFinancial Firms Report Puzzling 30% Drop in Breaches as Incidents Rise Tweet of the Weekhttps://edition.cnn.com/2021/05/05/entertainment/tiger-king-carole-baskin-crypto-coin/index.htmlhttps://twitter.com/carole_baskin/status/1389662255747325955https://twitter.com/krypt3ia/status/1389948564411932676 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So are you guys familiar with that show, Whose Line Is It Anyway?
Yeah.
Yeah, yeah, yeah.
They're giving topics, right?
Yeah, Greg Proops.
I think Clive Wilson hosts it in the UK.
Yeah, that's the one.
So basically the guys are given subjects,
and they have to create a skit from that.
Yeah.
And I don't know if you noticed.
It's like an off-the-cuff thing, isn't it?
Exactly, yeah.
And this is exactly what the Smashing Security podcast has become.
It's like they take our show notes and create an episode from that.
Hey, we were first with non-fungible tokens, right?
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us and welcome to episode 54 of the Host Unknown Podcast, which, let's face it, is a life half- um yes episode 54 blimey or 57 whichever anyway
andy how are you uh not too bad can't complain um i know there's a bit of a panic earlier this
week when tiktok went down but uh it was brief lived it was only for an hour entire nations got
more sleep than normal yeah i know i uh did send about 600 messages during that
hour yeah as i was finding things to do is it up is it up is it up is it up oh dear yeah um and uh
jav how about you i'm good i'm good i'm really happy i've got a new desk actually it's uh one
of those stand it stand up desks.
So I'm still waiting for it to tell me a joke.
But other than that, it is.
But I'll tell you one thing, though, this this morning.
I don't know if you saw this. The Logan Paul and Floyd Mayweather had a press conference.
And, you know, I hate the Paul brothers, but you've got to hand it to them.
Logan Paul, what he did is he, during the press conference,
he took Mayweather's hat off him.
And he goes, I got your hat, I got your hat, I got your hat.
And then he was like running.
And there was a big kerfuffle around it.
Within a couple of hours, he had merch on his store with i got your hat he even had a
tattoo on his leg done saying i got your hat with a with a with a little p-cap on it which
that was the first time i've seen um i've actually rooted for mayweather like in anything because
i just think logan paul is such a twat Like, you know, he was right in front of him and he was actually getting choked, going, I got your hat, I got your hat.
Like he's won something. But no, not a fan.
Not a fan. I just begrudgingly give kudos to the marketing genius.
It has to have been pre-planned, right? Because to have your merchandise up that quickly, you know, surely, surely it has to be pre-planned right because to have your merchandise up that quickly
you know surely surely it has to be pre-planned it felt like it but you know but nonetheless
obviously yeah very good very good maybe we should have um something uh some host unknown podcast
stuff done like that you know like can you You know, like, can you hear me?
Is this on?
Can you hear that?
Are the jingles working?
We know it's tacky to have merchandise based on your podcast.
It is.
You know, even a sticker is tacky, right?
So what you need to do is you have to have merchandise made up
that says Smashing Security, and then underneath,
I heard it on Host Unknown first unknown first oh that would be brilliant
that would be brilliant oh then right well i think i might just get onto the moo store and
get some stickers made up so what have we got coming up for you today so So this week in InfoSec takes us back to a time
when a young man from Southeast Asia
was just looking for free internet access
and then accidentally shut down
the UK parliamentary email system.
Rant of the Week is what it can.
Absolutely.
Rant of the Week is just the tip, I promise.
Billy Big Balls is the textbook definition
of someone who has ice in their veins.
Industry news brings us the latest and greatest news from around the globe.
Tweets of the week bring back one of the stars of the original lockdown, Parol Baskin.
Oh, God, I know this story. On this show, short people jokes are not offensive, whereas we've clearly established they're considered the height of comedy.
And that is all we have to say on the topic of little people this week.
So, Andy, let's go straight over to you, shall we, for...
This week in infosec
so it almost sounds like uh you're in a different location tom we can come back to that at the end
of the show um so this is the part of the show where we take a stroll down InfoSec memory lane to remember why the industry is like it is and to remind ourselves how everything new is old and everything old is new.
So the first thing I will mention is that although we liberate content from the Today in InfoSec Twitter account, upon checking some of the details of these stories, they're often out by a few days.
So, you know, when the actual event originally occurred so whenever i say date uh unless i've double checked it it's
always got a margin of error for about a week um so i just thought i'd mention that and so the
first should we should we rename it to this week or maybe last week or maybe next week in infraset
yeah why not and uh keep that background music as
well i like that yeah well i'll get the jingle redone yeah so uh this first story is about a guy
i will always seize the opportunity to mention um it is from a mere 31 years ago from the 4th of May 1990 Robert Tappan Morris was sentenced to three years probation
fined ten thousand dollars and ordered to perform 400 hours of community service
and his crime was for releasing the Morris worm in 1988 two years earlier and then becoming the first person convicted under the new Computer Fraud and Abuse Act, the CFAA.
And so just as a reminder, the Morris worm, as it became known, was released in November 1988 from the computer lab at MIT,
where Bobby Boy is a student. And all my life, I believe that that Morris worm was created to highlight security flaws on internet
connected systems um because that's what i read and you know as a purveyor of urban legends i
continue to push that story uh however and i think we did cover this back in november but there was
an update at the time that was missed uh so a clarification was made um by paul graham this
was about you know seven months ago the the sort of 30 year anniversary, 32 year anniversary.
And then Wikipedia was updated following that revelation.
So if you don't know Paul Graham, he and Robert Morris started ViyaWeb, which they claim to be the first software as a service company.
It was acquired by Yahoo in 1998, later became the Yahoo store.
He writes essays, which is still very popular to this day, like 50 million views a year.
But in 2005, he and three others, one of those three was Robert Morris again,
they started Y Combinator, you know, the startup incubator, which has since funded the likes of Airbnb, Dropbox, Stripe, Reddit, loads of companies that they've been responsible for funding.
But anyway, what Robert Morris was originally famous for, not just having a famous father who was a cryptographer, but he exploited holes in the Unix sendmail program buffer overflow in the network service
and he basically created this worm and he didn't intend for it to be actively destructive instead
it was just to you know highlight the weaknesses in all these systems um but what happened was as
it spread it became more and more damaging you know spread much faster than you originally planned
so it was programmed to check whether each computer was
already infected but because he was thinking ahead he thought that some sysadmins might actually
counter this by you know just putting instruction saying yes we're already infected so what he did
was right in the worm regardless of whether it's infected just copy itself 14 of the time just in
case it's a false positive um 14 of the time
yes but then obviously you know the way it spread and it didn't sort of check whether it uh you know
infected a host previously it just ended up infecting hosts multiple times uh you know even
and each additional infection would slow the machine down you know to the point just became
unusable um obviously these days we would just categorize that
as a denial of service attack or some form of dog attack.
But back then, this was, you know, known as a fork bomb.
Or, you know, so in the film Hackers, they refer to it as a rabbit.
But this man, big piece of history.
Like I said, we did speak about him in November.
I thought it was worth mentioning again, you know,
with the corrected intention of that worm.
So back then, the Internet was partitioned for several days whilst regional networks were disconnected from the backbone and, you know, patched to prevent recontamination. DARPA to fund the establishment of the CERT at Carnegie Mellon University which gave experts
a central point for coordinating responses to network emergencies so a big piece in history
you know this guy Robert Morris has done so much for what we see in the industry today and you know
if you don't know his name look him up because so much is about because of him so the second story i have is only from 21 years ago and this is from 4th of may 2000
and it was a time and i remember distinctly you know this week looking down on all those
male administrators who were in a world of pain while I'll sit and comfortably in front of my ultra secure and painfully user unfriendly Lotus Notes client.
The I love you worm spread worldwide, infecting an estimated 10 percent of Internet connected computers.
And it was never prosecuted because the philippines didn't have any relevant
laws so oh that's right yes but he was actually uh tracked down um in oh i think it was 2000
um by a guy you may have heard of called uh jeff white um author of The Lazarus Heist and various other crime.com.
So, yeah, so he tracked down this guy, a Filipino guy called Onel de Guzman,
who's now 45 years old as of now.
So he unleashed the love bug worm to steal passwords so he could access the Internet without pain.
And he never actually intended for it to go
global um with that one so yeah he says he does regret the damages code cause i didn't expect it
would get to the us and europe i was surprised and i regret not being able to holiday there now
so yeah let's say the love bug pandemic as they call it did begin on the 4th of may 2000
and victims received an email attachment entitled love letter for you and it contained code that
would overwrite files steal passwords and then automatically send copies of itself to all the
contacts in the outlook address book and so within 24 hours it was
causing major problems across the globe and they state reportedly infecting 45 million machines
it overwhelmed yeah overwhelmed organizations email systems and some it managers disconnected
parts of their infrastructure to prevent the reinfection
so much like uh you know the those dealing with the morris worm 22 years earlier uh you know the
solution was still just to disconnect and uh you know try and start again it's still still to get
the fire axe and to go through the you know chop through the fiber connecting you to the outside
yeah why not just put the axe through it yeah so i mean you know with all these things the estimates of damage ran into the billions of
pounds um you know as they do but uh yeah in the uk parliament which had to shut down its email
network for um several hours to protect itself and reports that the pentagon was also reportedly
affected um which is strange because you know this worm actually used similar
tactics to the melissa bug that was released in the previous year uh so it does highlight you know
sort of how fragile these huge systems connected to the internet world yeah yeah and it also
underscores why internet the internet should be available to all yeah and i guess that's one of the other
things is you know back in 2000 um probably not you know maybe some of the younger generation
don't realize you had to pay via dial-up to access the internet via yeah wi-fi was around
but it was very early days and certainly not in the public so you had to have somewhere to plug into as well um but but yeah i remember getting a 400 pound
bill because i left my um isdn lines running accidentally you had isdn lines at home uh
no it wasn't isdn it was the it was the home isdn the uh what was it called it was a bt product
wasn't it um 264k lines how bonded yeah and so i bonded them and then had my exchange server because
of course why wouldn't i have an exchange server at home uh checking um you know and it was supposed
to dial up twice a day and it basically dialed up something like every 20 minutes
and stayed online for 10 minutes you know cheers yeah, just getting re-marked. And so literally the bill came in.
It took a few months to pay off.
Yeah.
That's quality.
So just to add to the I love you story,
Geoff White actually does a really good account
of it in his book as well, like Crime.com.
Yeah.
If you haven't read
are you are you on some kind of commission job because that's the second or maybe third time you
promoted that book you know and i it's been a long time since i picked up a security issue related
book that really that was so well written and i really enjoyed it and i actually learned a lot
from it fair enough i do not i did mean to buy it last week when you when I really enjoyed it and I actually learned a lot from it.
Fair enough. I did mean to buy it last week when you last mentioned it and I forgot. So if we ever get to the end of this episode, then I'll do it then.
I'll post my Amazon affiliate link in the show notes.
Yeah, sure. Why not? I mean, if you can earn a penny off it, then why the hell not?
We got bills to pay after all. Excellent you andy thank you for this week's
this week in infosec so i'm just going to add a honorable mention here because i know this is one
jab you sent around earlier in the week and it's not strictly infosec um But it was a mention for Michael Dell, who this week, 37 years ago,
founded Dell Technologies. And I'm not disputing the version of events which he posted himself on
LinkedIn. But, you know, as I have started checking the veracity of these stories,
official records show that Dell was actually founded the 1st of February 1984, not in May 1984.
Even his LinkedIn shows that he has been at Dell for 37 years and four months rather than 37 years.
But nonetheless...
From the time he sold his first PC or something like that, rather than when the company was founded or something.
Well, potentially, it's just in his own words.
He says 37 years ago today in 1984, Dell Technologies was founded.
But, you know, like I say, we're not really,
we don't really get hung up on facts on this show, right?
No.
Never let the truth get in the way of a good story.
Exactly.
But it was just good's just uh good to
point out you know this guy you know he survived nero which competed with the likes of ibm compact
packard bell gateway um you know the a lot but i always remember michael dell um due to a fake
news story that was published uh published at the time by a company called satire wire
and they used to do sort of fake press releases and story this was like you know really early that was published at the time by a company called Satire Wire.
And they used to do sort of fake press releases and stories.
This was really early days, like 2000.
And people still believed a lot of this stuff because it looked official.
I sent one round the company, and our CEO actually raised it at a conference about something that was happening, not realizing it was a joke.
conference about something that was happening not realizing it was a joke um and this was about bill gates was trying to paint in uh ones and zeros
and he raised it as a thing about how why you can't have these copyright laws to protect all
the like it was just so embarrassingly funny uh but they did a story about uh all the sort of the
rich people larry you know lawrence larry uh ellison
of oracle thing yeah um bill gates and michael dell was also on that list as people that never
got college degrees um at that stage you know they left education early and have regularly making a
top top i but i but i you're absolutely right but i read something the other day, you know, and it said something like all these people, you know, are all dropouts.
Yes.
They dropped out of college, not 10th grade, you know, basic reading.
Do you know what I mean?
So, yes, they're dropouts, but they dropped out at a certain level.
Yeah.
So. If you want to see a whole other bunch of dropouts, but they dropped out at a certain level. Yeah. So you want to see a whole other bunch of dropouts,
just go to your local job center and see the people queuing up outside.
Or listen to this podcast.
So I've got a little, it's almost a cheap plug as well,
but a little thing to follow up on that, which is a real, you know,
happy fucking birthday for you
uh for dell here so that there is a new cve being released um and it's basically saying hundreds of
millions of dell computers are at risk due to multiple bios driver privilege escalation flaws. So apparently Dell computers from the last 12 years
have a certain vulnerability that may be exploited
to locally escalate to kernel mode privileges.
And that is for all of you nerds out there,
CVE 2021-21551.
And the link is to Sentinelinel labs my lovely employer that really was a cheap blow
that was a cheap blow especially because you were saying all these words which
i have no idea what they meant no i have no idea but you know it's about dell it's their birthday
why not give them the gift of 12 12 years worth of your computers are now
vulnerable you know i thought it was quite funny anyway anyway let's move on because time's
occurring let's move on uh jab i think it's you for this week's listen up rent of the week okay so twitter has introduced a tip jar as if between all the patreons and other virtual tip
jars and pan handling we needed another one pay me for my tweets people um so there is that which i
i could semi-rant about but i won't i mean okay let me just delve into that
a little bit yeah stop stop being digital beggars people that's all i'm going to say about that
if you go online it looks like the the no i'm not going to go there okay uh now are you are
you not going to go there because host unknown has a pay us some money tab
on their page no because i was going to say something that i know you two would find
well you tom being your woke self wolf will be so outraged about that people that are listening who
would let that slide would just be going oh no i need to be outraged too and then i'll have pictures okay so um okay so twitter's introduced the tip jar except when you use paypal
to send the tip the way that paypal works is it also sends your registered address too
so the way it works like i see tweets by tom langford i said oh he's he's a good tweeter
he works very hard for his tweets every day i should send him like you know two pound fifty
so he can buy himself a fancy coffee and i work very hard for my retweets anyway that's yeah yeah
and i i send them the money and it also gives you my address uh which is registered with uh paypal
because that's how it works with um you know services and goods that you put purchase so
it's a bit of a privacy fail you could say um yeah you know it doesn't happen when you pay
a friend because that's a direct friend-to-friend or through email thing.
But when you do it this way, it's filed under a service or a good.
I think the important thing to realize, it's not a Twitter issue.
Twitter's implemented it, but it's a PayPal feature, I suppose.
And when it was designed, I it didn't really um take into account
that people would be using it for for this kind of thing they would always assume that oh people
are buying off ebay and they want an address so they can post the the item to and to prevent
the fraud of like where someone buys and gets it all that kind of stuff now um
that's that's a bit of a privacy fail and things happen. So I'm not really ranting about that.
Oh, what is he really ranting about then?
So Whitney Merrill on Twitter, if you follow her,
it's WBM312 is her Twitter handle.
And you say, I've got a weird one.
And she's really good.
She's like a lawyer and advocate and all sorts of things
that I don't really understand.
But I follow her because she's got some good insights.
And she's the one that first raised this issue.
On my timeline, she's the first person I saw who raised the issue.
And she said, okay, it's a privacy fail.
And she went into the details of why it's not a Twitter issue.
It's a PayPal issue and blah, blah, blah.
And obviously other people started jumping on this and they started testing it out by sending each other tips and then posting their screenshots.
The same. Yes, it is. It's a huge failure. Shame on you, Twitter.
You know, jumping on the bandwagon and all that, all the things.
And so Whitney, normally she doesn't ever go on a rant or anything.
and so whitney uh and normally she she doesn't ever go on a rant or anything but she goes me an expert in the field advocates for changes with folk who can make the changes happen
makes actionable suggestions for improvements very good i wish more people would follow that
process then she goes on to say someone else screams and just points out failures for the
clicks takes all the credit um i spend so much time and thought
on sharing knowledge here what's the point no one seems to care i always thought the point was to
share important knowledge and advocate for change but the reward system here virtually doesn't
necessarily line up with that it rewards sensationalism not nuance and uh i i feel a pain i feel a pain to to be honest and i'm ranting on
both sides of the of the of the story here on both sides of the fence on one hand i do agree the the
you know the system is kind of broken like credit is not given where credit is due and uh you know people do follow the clicks and sensationalism
that that's absolutely a given uh on the other hand i'm going to run in against this point now
it's if if you're a a thought leader in any in any field yeah it doesn't have to be security but
we work in security so let's take security for for an example. And say I've spotted something and I say, oh, this is an issue.
My intention should be that the more people that know about this
and hear about it and are able to fix it, the better.
If I'm more concerned with getting the credit for it or people being super experts on on all
the nuance and detail of it then i feel i'm being disingenuous about it uh and you can't stop people
having opinions on things so so you know it's you know it's like when people watch sports and every
people who've never played the sport but they watch the sport and they're passionate about it.
They would always say,
Oh,
the ref should have done this,
that the coach should have done this or that,
or,
or the player should have done that.
You know,
that that's just part of being part of that,
that ecosystem.
You might not be the fighter in the cage,
but you know,
it doesn't stop you from yelling,
kick him in the head or,
you know,
reverse the choke hold or whatever.
The armchair experts.
Yeah,
exactly.
And, and so, you know, I think it's a good thing. I, I, I genuinely think like, you know, reverse the chokehold or whatever. The armchair experts. Yeah, exactly. And so, you know, I think it's a good thing.
I genuinely think, like, you know, plagiarism is a bad thing.
Passing something off as your own work and, you know,
trying to take all the credit for it, that's definitely bad.
That's definitely toxic.
But if someone has taken work that you've put out there
and they're just amplifying it or
they're they're putting their own and adding their two pence onto it and and sharing it wider
i think that's that's a good thing i mean you know the industry already struggles with getting a voice
heard beyond our echo chamber yeah so the more people we can actually invite into that process
and and allow them to to amplify it beyond those hardcore
um sort of like you know insiders you could say uh the better is for everyone so uh i think that
that's that's kind of my rant of the week i think let's you know if it's something that's with your
job and you're making money from fine but if you're putting out good content, people do see who you are
and they will give you the respect and recognition,
even though it might not feel like it at the moment
because someone else is getting more tweets.
Yeah.
Yeah, I think, you know, Whitney's obviously,
you know, very, very talented and an expert in her field
and obviously gets shit done and all that sort of stuff.
But I think she's picking the wrong fight fight on twitter if you see what i mean you know if if
you're raising this on twitter and then wondering why you're not getting the the credit for
something i think that is entirely the wrong place to be uh to be worried about um i think she's
right to be annoyed don't get me wrong know, because when other people are taking the credit
and just, you know, just for shouting and pointing
and stamping their feet, that's really, you know,
really annoying and upsetting, et cetera.
You know, especially when they're getting all the clicks
and they're getting all the followers
and getting all the credit as a result.
But yeah, if you're going to, you know,
discuss this sort of stuff and raise it on
twitter you it's such a public forum that of course it's going to get hijacked and history is littered
with other people taking the credit for work right always yeah you know tesla and um what's his face
edison um you got steve jobs and um you know the rest of the world um no and well yeah the rest
of the world yeah but uh specifically uh park the palo alto research center of xerox and their
their uh initial you know windows thing that was where that where they got that from and then
windows you know gates and jobs right you know and that's but everybody's and and many many more examples and and host unknown
smashing security and host unknown is probably uh you know that's the biggest scandal obviously
well i mean yes absolutely but you know we we don't harp on about it we don't we don't you know
they don't live rent free in our heads at all. We barely mention them on this podcast because we just let let it happen.
And, you know, we're very pleased with their success.
And can can we get a percentage, please?
But, you know, overall, I think it's yeah, she's in the wrong place to be complaining.
Right. Notwithstanding, everything she said is absolutely right.
Yeah, exactly. i remember like years ago
besides i think it was the second or third one uh friend of the show aaron finn and phoenix
he uh he gave a talk about um oh what was the i just slipped my mind now ids uh not ids it was the the the routers the that have the unplug and play uh oh yeah unp mp
yeah yeah yeah yeah that there was a vulnerability in it and he and he and he went on it was a really
good talk it was a technical talk but he gave it there and then a few months later um hd more he
was at rapid seven at the time and uh they they done their own independent research
and they found upnp flaws in a whole bunch of routers that were in in america and south america
and everything they wrote a big white paper and being a big corporate they obviously had a press
release they had everything and what have you yeah and then there's lots of people that really
annoyed oh you know um phoenix done this first and he should get the credit and what have you and they were like well you know this was something we found ourselves as well so uh
but but also it's like i'm like you should be happy it's it's an issue you were talking about
and now bigger change is happening let's all be happy that things are getting fixed there's
plenty of things that need fixing if if people are bringing, you know, highlighting it,
then let's not worry too much about who gets it done.
And it's validating your work as well.
It's validating the importance of your work.
Yeah, absolutely.
Do you want to drive change or do you want clout?
Yeah, yeah, precisely.
If you had to choose one or the other, what's your priority? Yeah. I mean, me personally, I'm after the clout yeah yeah precisely if you had to choose one or the other what was your priority yeah i mean me
personally i'm after the clout every time anyway thank you jab for this week's rant of the week
all right let's move on to this week's
to this week's Billy Big Balls of the Week.
And this week's Billy Big Balls of the Week
is, and you may well have seen this because it did
go over it, dash cam footage showed the moment a gang of armed robbers in
South Africa attempted a cash-in-transit
heist by chasing and firing shots into a bulletproof security vehicle.
And I was watching it, and it was like watching a Hollywood heist movie, I have to say.
Members of a private security company were transporting money in a truck in the northern
city of Pretoria, April 22nd, when they were attacked.
And it's a three-minute video.
And, you know, trust me, it's a cliffhanger ending.
If you, you know, that you do not get closure, I can tell you this.
But a security officer is seen driving with his colleague.
And both men were wearing bulletproof vests, obviously. But the thing that really got me was it and sometimes with
camera angles it's hard to tell right and and um you know wide angle cameras and all that sort of
thing this van looked tiny absolutely tiny like one of those little um isuzu things i don't even
know what they're called but those tiny things. Because these two guys are sitting really close together.
And then, you know, the driver says to his mate, basically, get the gun out.
And he pulls out the biggest, like, rifle he can find.
He can't do anything with it.
You know, he can't even, obviously, he can't fire through the doors because the bulletproof glass.
But he can't move it either because, you know, the barrel's stuck
in the footwell and he can't even put the stock into his shoulder or anything like that because
it's so tiny. So all I can imagine is this little like 700cc little tiny thing revving away. And of
course, weighed down by all this bulletproof glass, which I'm glad is there because you see
the shots hit and the glass spider.
And these guys are just, you know, they're obviously tense,
but they're pretty damn cool at the same time, just driving.
And at one point they seem to crash and you think, oh, my God,
I'm just waiting for people to, you know, come up along the side.
But, oh, my God, these guys, I swear to God,
they would need a separate van for their balls i have to say
that's why the cabin's so small because the back seats have been reserved for for this guy
exactly but you know but you know from what i understand this is this is not rare at all in
pretoria and south africa generally This is a fairly common thing.
And, you know, what someone said is, the comment I read was that,
you know, really we have to just get rid of cash, you know.
And, in fact, this is an interesting point when it comes to, you know,
cashless society and, you know, card-based and all that sort of thing.
But the fact that large amounts of cash are being driven around in a country where there is a lot of um you know social injustice and disparity of
earnings and all that sort of thing of course this stuff is going to uh become very very um
uh sought after um so so it'd be interesting i think to see how this pans out over the next you know one three
five years to see if there is a push for like some kind of you know cashless society in response to
we simply can't afford to drive large volumes of cash around or or rather small volumes that fit
into the back of this tiny little camper van thing that we're driving you know so but yeah i strongly
recommend you watch the video it's fascinating and scary and you want to know what happens i'm
hoping they're going to release you know a uh two guys in a little mini security van part two
so there is actually in the uh it's been dropped into the show notes there's a an insider.com article and they've got the aftermath of what the van looked like from the outside and it's a toyota
pickup but you see like you know there was just no hesitation in attempting to kill these guys
you know you can see exactly where the bullets hit and um yeah fair play to these guys i thought that guy was just so calm throughout the whole
thing yeah and driving like an absolute legend as well yeah um i mean i'm surprised the thing
didn't tip over on occasion oh no yeah no i was seeing the pictures yeah you're right it is one
of those tighter pickups which top gear proven is ind indestructible it's a bulletproof glass i think that was just the factory glass that was in the car
there's been a whole spate of memes and one of them my favorite ones was like it's like the
liam neeson one like you know i'll find you i'll hunt you and and he calls up and it's the the
driver on the other end and then liam neeson's going my apologies i've told the wrong number
saying something in afrikaans wasn't he yeah
yeah very good what we didn't see of course was the um was the mechanic who was keeping
the engine running on the front top top gear style under the bonnet
oh dear
so yeah, that was
that was a great one
and that was this week's
Billy Big Balls
of the Week
Speaking of cashless societies, you brought it up um surely this is still like hiring two rambos
is still cheaper than trying to secure your own cryptocurrency exchange and all the cyber stuff
that you have going on hiring two rambos like the guys they're transporting the cash actually oh i see yeah yeah
yeah absolutely well yeah it depends how much value you place on human life right
you know and how how much insurance you have but i assume these aren't the only two drivers in all of South Africa. No, but they're the two that you want.
Yeah, yes, they are.
Yes, they are.
They definitely deserve a raise, that's for sure.
Oh, dear.
Anyway.
So, Andy, I think it's that time, isn't it?
It is.
It is actually that time of the show where we head over to our news sources
over at
the infotech pa newswire who have been very busy bringing us the latest and greatest security news
from around the globe industry news
british prime minister's cell phone number exposed. Industry news.
Fake vaccine domain seized.
Industry news.
Shoppers choose guest checkouts over security fears.
Industry news.
Misconfigs and unpatched bugs top cloud native security incidents.
Industry news.
Cyber attack on Belgian Parliament. Industry news. Cyber attack on Belgian parliament.
Industry news.
Researcher claims Peloton APIs exposed all users' data.
Industry news.
Homecoming queen hacker to be tried as an adult.
Industry news.
Capture RX data breach impacts healthcare providers. Industry
News. Financial firms
report puzzling 30% drop in
breaches as incidents rise. Industry News.
And that was
this week's
Industry News.
Huge if true.
Huge if true there was um that one about uh the prime minister's cell phone
number being exposed uh did you see that was that to multiple single women all at the same time
yeah someone called uh jennifer okay no i'm kidding uh so um yeah this i don't even remember uh pop bitch
it used to be like a uh like a newsletter that would go around back in the days when
newsletters were a big thing it's all like plain text did a lot of um uh you know it's quite edgy
uh back at the time but it's actually on their website um you know someone made a joke about hope i don't butt dial the prime minister
um because it was stuck in his phone number his mobile number was in this press release
which had been sitting on the internet since 2006 um when it was mp yeah so it's it's in the public
domain yeah well it's not really an exposed it's not really exposed then, is it?
Well, no, I think that's the point.
It's actually been out there since 2006.
Jesus.
It just goes to show what a numpty, numpty.
In fact, what a group of numpties we have at the moment in power.
But this is not a political show.
Why?
Since when?
Yeah, but ragging on Trump doesn't count.
Oh, yeah.
What?
Hasn't it been quiet on Twitter and generally without Trump?
I don't know.
I left before Trump did.
No, but not just Twitter, but everywhere.
Like, before, he was on everything all the time.
Do you know what I mean?
I know that part of that was because he was the president.
I can't say that without laughing.
But, you know, since his Twitter ban and Facebook ban
and all that sort of thing, he's virtually gone into hiding.
I know he's not hiding.
He's not that sensible.
But it's just so quiet out there.
It almost feels normal-ish now.
It does.
Yeah.
It does.
Because literally every day it was a, what's he said now?
What's he done now?
You know, I find it amazing.
I find it amazing that we even got that far
yes so um yeah i wonder oh and the other thing is saying the research claims peloton apis have
exposed all user data i think that's the least of peloton's problems at the moment because
well i read i read the headline recently i didn't read the full article about Peloton's death machines.
Yeah, I was going to say there was a really funny thing I saw from Alyssa Miller, I think it was.
And she did a list like reasons I won't buy Peloton.
Number one, overpriced for underfeatured products.
Number two, the cultist
nature of their community. Number three, their treadmills eat children. And check notes. Number
four, they breach all that personal data, including presence info that they've collected.
Presence info? Yeah, so where you are, I'm guessing that oh my god yeah but yeah i mean i think
you you would think and i noticed that she was you know going for comic effect you'd think
treadmills that kill children or child at the moment that would be number one yeah so they've
actually done especially it took them a week yeah i was gonna say they've
done a voluntary vehicle of uh they have after a week after a week yeah where they initially said
we don't think there's a problem yeah yeah so so what it is i think the way it's designed like
kids and pets and whatever you can get dragged underneath and that's what yeah this unfortunate six-year-old but other than that i think there was about 70 or 75
other injuries that were replaced reported due to using this so like people had like
you know broken bones and stuff like that so it's not a very well designed thing um i think also
they there was some reports of like the the console falling off it or something and um maybe that's how all of the apis got exposed yeah yeah but there was there
was a film there was a hollywood film and i've i've been meaning to try and find it i think it
started michael keaton and he was the inventor of you know some piece of exercise machinery
um and i think it was like i think it was a dark comedy maybe it was a you know based some piece of exercise machinery. And I think it was like, I think it was a dark comedy.
Maybe it was, you know, based on a true story.
But this exercise machinery, if not used properly
or under certain circumstances, would basically trap
and chop off people's fingers.
And it was about his fall from grace, as I recall.
So if any of our listeners remember that film, do chime in. One, it would
be nice to hear from you. And two, I'd like to find out the name of that film. But yeah,
it sounds almost exactly like that. Anyway, anyway, Jav, you got anything you want to talk
about in this week? I've been off for a week, so no. Right. Okay. Okay. Fair enough. Right. weeks or no ah right okay okay fair enough right in that case let us move uh straight on to this
week's tweet of the week we play that one twice tweet of the week so this is a tweet from friend of the show cryptia uh and it's three simple words oh jesus fuck is what he
says and he has taken a screenshot yeah he's taken a screenshot from an article and because it's a
screenshot i was always dubious as to whether or not it was a genuine story but lo and behold it is a real thing uh and the article is headlined tiger king star carol baskin
launches cat themed crypto coin because obviously of course she does uh so if you click through
there's a cnn article it's uh it says tiger king star carol basin is purring like a bobcat rolling in catnip after launching her own cryptocurrency.
And this is just, you know, the place where she works.
Obviously, the Big Cat Rescue says it will also launch NFTs, non-fungible tokens.
Check last week's show if you want to know what that means.
And future plans include a big cat metaverse
for virtual visits with the cats uh so i think you know she's trying to underpin it with something
uh tangible but this just goes to show that anyone can create crypto coins um and my god what are we doing with this world but oh i i you know i don't know if after you know the
beginning of last year's success of tiger king and her you know the raising of her profile and
then her subsequent uh winning of the court case and taking over of of what's his name's you know
tiger zoo or big cat zoo and all that sort of thing,
whether this is just her next attempt to try and stay relevant.
But I can think of better ways than a crypto coin.
I mean, really?
You might as well set fire to your money, surely.
It depends.
If you're at the top, it's a Ponzi scheme, isn't it, right?
So the first one, you know, reaps reaps all the benefits so and i think i said
this last week as well so you know with bitcoin you mine it and it does computations and all that
sort of thing what do you do for this one do you is it the same process uh no she actually says
so she's put a tweet in as well i'll copy that tweet into the uh show notes and she says
we launched and it's funny because it's got the dollar sign and it's called cat for short but
obviously together it looks like we launched scat you know on the on the rally i uh rocketing up to
number 35 out of 117 and thinking of ways to reward those who join our pride um so yeah there's nothing
underpinning this at the moment uh you know i think this is uh someone just diverting attention
from the fact that they may or may not have um you know fed their ex-husband to tigers
yeah probably did but you know allegedly yeah allegedly you know i just want to say say that uh but yeah oh my god i
mean cryptia just sums it up perfectly right yeah it's what what is happening what is happening
i think i think on that note uh well actually on that note thank you very much for this week's
listening sorry i will get back to you we will record our own podcast and resume recording our
own podcast very soon i've been ghosting him for for a few months now and uh i've come across
people like you people who who ghost, you know.
It's just, it's not nice.
It's just not on, mate.
Anyway, so thank you very much, gentlemen.
We brought this in really quite quickly.
Well, that's mainly because of technical difficulties,
lack of interest, lack of stories,
or just we're getting more professional.
You choose.
Yeah, we brought
this in well under the hour so yeah jav are you now going to go off and record the jerek show and
your uh cryptia show using all of our material who do you think i am graham clewley no
not all the material just some of it. Yeah.
No, this week I didn't record the Gerrit show because I was off.
I only came into the office for you guys because I know without me,
he would be a hot mess. And to be fair, you did complain all the way at the beginning
that you didn't have time to record this today.
So we do appreciate it.
beginning that you didn't have time to record this today so yeah we do appreciate it literally in five minutes someone's coming to hopefully buy the treadmill that i bought for sale so okay
and it's and it's also the third week of ramadan right so yeah yeah and and you know i've got to
put a sticker on the treadmill now saying so if i'd not eaten any pets or children
just just put a sticker on it saying vegan Thanks, sir, if I had not eaten any pets or children.
Just put a sticker on it saying vegan.
Anyway, thank you, Jav, for this week.
Really appreciate it.
No worries.
You're welcome.
And Andy, thank you, sir.
What do you want to do now?
I've got work to do. I think I'm the only person out of us that actually does tangible work
that moves the
dial on things and you guys evangelize and talk about the high level stuff i'm a doer i i actually
have to make things happen yeah yeah and we're the ones that tell you to make it happen so
you crack on yeah you crack on yeah you do your uh blue sky thinking and i'll i'll be like i'll
be nodding on one side
and just doing something totally different on the other side.
Of course, of course.
Anyway, thank you very much, Andy.
Stay secure, my friends.
Stay secure.
You've been listening to the Smashing Unknown podcast
with Andy, Graham and Tom.
If you liked it, please like and subscribe. And we're out.
So, Tom, why are you at the youth hostel this week?
Oh, well, you know, I like to sleep around in in other places it's fun to stay at the ymc
anyway i think i need to put some tweaks to my mobile rig that's for sure
um but um yeah we'll maybe get it right next time yeah maybe i don't know