The Host Unknown Podcast - Episode 72 - Better Late Than Never
Episode Date: September 10, 2021This Week in InfoSec (11:14)With content liberated from the “today in infosec” twitter account5th September 1983: The term "hacker" was used by Newsweek, mainstream media's earliest known use of t...he term in the pejorative sense.The magazine's cover photo of 17-year-old 414s (hacker group) member Neal Patrick was captioned '414 "Hacker" Neal Patrick.'.‘Hacker’ is used by mainstream media, September 5, 1983the414s.comhttps://twitter.com/todayininfosec/status/1302239152046563328https://en.wikipedia.org/wiki/Phreaking_box 9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project).Who is the OWASP® Foundation?https://twitter.com/todayininfosec/status/1303830903987359744 Tweet of the Week (21:26)https://twitter.com/RSnake/status/1435989191414976512?s=20 Tweet of the Week (26:41) https://twitter.com/hanbandit/status/1436008564020088833 Industry News (31:55)FTC Bans Stalkerware App in Industry FirstTexan Accused of Cyber-Stalking and Murder Dies in JailID Theft Couple on the RunICO Requests International Support to Tackle Cookie Pop-UpsCybersecurity Student Scams Senior Out of $55KStress and Burnout Affecting Majority of Cybersecurity ProfessionalsData Breach Lawsuit Against Sonic Will ProceedBerners-Lee Joins ProtonMail Following Privacy DebacleSecurity Now a "Thankless Task" For 80% of IT Teams Tweet of the Week (40:01)https://twitter.com/hondanhon/status/1436027395115393024 The Box © Charlie Langford Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Nobody's going to know.
They're going to know.
How would they know?
They're going to know.
Nobody's going to know.
They're going to know.
You're listening to the Host Unknown Podcast.
Hello, hello, hello.
Good morning, good afternoon, good evening from wherever you are joining us
and welcome to episode 72 of the Host Unknown podcast, titled this time,
Better Late Than Never, because, well, you know, it's a bit late.
Should we actually explain that not only...
I'm dealing with like a couple of old people on this show already, right?
You guys are both.
So Jav sort of messaged me, what was it, on Thursday.
No, so you posted a tweet, right?
And Jav's like, so this is how we find out, right?
Yeah.
You posted a tweet about the show not happening on time.
Jav said, you know, took a screenshot.
So this is how we find out it's not going to happen. Meanwhile, we
had all had this conversation a week ago.
Yes, exactly, that I remember.
I thought Jav was winding you
up. So Jav's like, do you want to
record it today instead? This was like yesterday.
I thought Jav was winding me up.
Yeah, no, he was actually being
serious.
So I was
playing along. So I was going going yeah sure let's let's record
and then like i messaged him separately and uh i was like dude we're recording tomorrow at four
o'clock and he's like what he had this conversation last week and i'm watching this between the two
of you and you're like oh so they're gonna do it without me then yeah i mean okay not a problem let's work you know
oh yeah andy thanks for snitching me and then jav said he's gonna donate some money to
alzheimer's society twice it's only fair yeah it's only fair. But he said it twice. Yeah.
So, yeah, that was the last 24 hours, folks.
Yeah, so we are taking applications for a show organiser, producer,
someone that can arrange all the things, keep our calendars in orders and make sure we turn up with the right stories.
And can herd lizards.
Yes.
Yeah, yeah. It's a very well unpaid job, is all I can say.
No, it's not unpaid.
We'll pay you in exposure.
No, no, the court said you can't do that anymore, Jav.
No, he can't expose himself.
Oh, yeah, yeah, that's right, yeah.
Oh, okay, okay, yeah wording oh okay yeah anyway gentlemen how
are we jav how's your week been it's been great i'm i'm uh trying not to rub my eyes because i
my my uh prescription got updated at the opticians and i said and they always ask every year that oh
would you like to try contact lenses and this year I thought okay why not let's try contact lenses and went in today had them you know popped them in the optician she took a good look
like you know shone the light into my eyes and said oh they're sitting really well and you said
thank you I'm very pleased with them myself I know I was really I was really impressed like
quite proud of yourself that's the first time a lady's looked into my eyes for so long
and not fallen in love with me.
So it's amazing.
You said, where's the vomit in my lap?
That's what normally happens.
A true professional, that's all I can say.
Thank you, NHS.
So you've got contact lenses now?
Yeah.
Well, I'm trying them out for a week and I'll see how I get on.
So when we're all out together in the after after times
and somebody whips out a camera,
you're not going to sort of suddenly take your glasses off
and then be blind for the next 20 minutes
as you pretend that you don't need to wear glasses?
I only need to...
Your eyes are just going to light up, right?
They're just going to go like red in every photo.
Yeah.
No, because he's got blue contact lenses.
He's now blue-eyed.
I've got the cat's eye one, the Pima.
Do you know what I really wanted?
When I was younger, I really wanted like vanity contacts.
Yes.
You know, like the acid face one with the big smile.
Yeah.
But yeah, I just can't wear contacts at all.
Why not?
I don't like anything going near my eyes.
I literally have the optician hold my head against that machine
when they blast air into your face
my reactions i can dodge that every single time even if they count down and like fake when they're
going to do it i can dodge it every single time it takes me about an hour to get my eyes checked
it must be like the equivalent of a vet trying to check a cat.
I just don't like anyone touching my eyes.
There's Andy up on the top of the cupboard in the surgery,
sort of squealing at people.
But you know what?
I'm not scared of it.
It's just a natural reaction.
Something's going towards your eye.
Why would you sit there and let it touch you?
Because it's for your good health. health yeah my eyes aren't buying it yeah
so what have you been up to andy apart from uh uh avoiding jets of air into your eyeballs
well do you know what as uh jav's been talking uh about you know, his old age problems. So obviously you've both got memory loss.
Jav's got, you know, dodgy eyesight.
I was actually, you know, believe it or not, right,
there's this app called TikTok that I occasionally frequent.
And there's a company like Barber's down in New Romney in Kent,
and they have this thing called a new hair system,
or Neu Hair System, N-E-U.
And it is non-surgical hair.
It's toupees, isn't it?
Well, it's not toupees, but this is like, well, yeah,
I guess it is to toupees what, like, you know,
the smartphone is to a car phone.
I guess, you know, like back in the day you had a certain thing.
Now you've got this whole, like, new computer and stuff.
But it's still a sort of… It's a hairpiece, yeah hairpiece yeah all right right but it is it's good it looks good
i mean i sent you guys a video they are stunning i have to say some and some of the before and
after pictures and i'm sure it's like the equivalent of a slim fast before and after
picture where the the before is the person looking sad and slopey
shouldered and with bad lighting and the after is with them side on and big smile and you know
sucking their gut in and stuff but they're the difference is stunning to say the least yeah so
all i'm saying is that next time uh we meet in person you know just don't question it if i've
got a big coupon affair how much are they andy uh not that i've looked into it but they're 600 quid for the initial
and then it's uh 65 quid every four weeks to uh reapply it okay and is it glued on like is it
like a permanent it is glued on yeah and you can go swimming in it you can shower in it and it's
real hair as well so you know in the sun it will actually...
So I saw one, not that I looked into it,
but I did see if I had to get a piece replaced
because it actually bleached in the sun.
He put product in it.
Because it is real hair, you can style it in different ways and stuff,
but it actually started to bleach in the sun
and it now looks kind of unnatural.
So you have to get a new one do they do chest wigs uh they probably can't yeah because that's what i thought when you said when you next see me don't question it
oh i've got no issues with hair all over my uh over the rest of my body
yeah what about ear pieces and you know nostril pieces yeah we're all over the rest of my body. Yeah, what about ear pieces and, you know, nostril pieces?
Yeah.
We're all of an age, right?
I do try and blend in with you guys.
This is heading downhill quickly.
Yeah, so, Tom, save us.
How was your week?
Well, I was counting the grey hairs in my nostrils the other day.
Lies, you can't grow hair above your shoulders
um no so i've been in amsterdam all week i actually traveled out of the country on an
airplane and everything and it was great it was really good i had a really nice time out there i
spoke in front of a live audience it was like like the best best ever vr
you've ever seen um you know going on a stage with people actually in front of you it was incredible
uh so that was really good fun um they handled it really well you had to have had a a pcr test
in the previous two days and both inoculations before they would even let you into the venue
uh stuff like that so you know it wasn't just uh well it's not like north america let me in the previous two days and both inoculations before they would even let you into the venue,
stuff like that. So, you know, it wasn't just a, well, it's not like North America,
let me put it that way. You know, and everybody was, you know, very careful and lots of elbow and fist bumps and all that sort of thing. But it was, it was, it was fantastic. It was so good to
get back in the saddle. Well, not only that, just to get back on stage and i actually felt nervous which i hadn't felt for a long time before you know talks
i actually felt nervous again and it was it was actually quite a good feeling i enjoyed it
wow oh that's uh that's high praise considering like just two hours ago you were like cursing
and sending us pictures of like being stuck at the airport.
Well, yeah.
The lounge is closed.
My upgrade.
That's outrageous.
The lounge is closed.
I mean, you've got to walk like 25 minutes to find it.
They don't put signs anywhere or any app.
The lounge is closed until further notice.
Like, what?
What the hell?
It's bad enough being silver, let alone having to, you know, not have a lounge.
It was awful.
It was awful, I tell you.
Which one was it?
Yes.
Yeah.
Been a good week.
Been a good week.
And I'm back out in Amsterdam, well, in Holland, Utrecht,
November 4th and 5th, I think it is.
Excellent.
Yeah.
Yes.
As long as my PCR test doesn't come back positive,
which I'll do in the next couple of days.
So what have we got coming up for you today?
Well, this week in InfoSec goes back to when men were men,
women were women, and hackers were...
Well, I don't know, really.
Rant of the week is all about innovative solutions for modern problems that really shouldn't exist.
Billy Big Balls tells you all about your most valuable assets.
I call it my moneymaker, the one I sit on.
Industry News brings us the latest and greatest security news stories from around the world.
And Tweet of the Week isy's worst nightmare come true so let's move straight on shall we to
this week in infosec memory lane to reminisce about
yesteryear with content liberated from the today in infosec twitter account
so the first story we have today and i've slipped it into the show notes with links so you guys can read along the taking us back to the 5th of september 1983 uh so 38 years ago which is before i was born
the term hacker was used by newsweek mainstream media's earliest known use of the term in a pejorative sense uh so the magazine's cover
photo of 17 year old 414's member neil patrick was captioned 414 hacker neil patrick is that
neil patrick harris the actor not quite no not doogie Howser. This is another young-looking guy.
Yeah.
Yeah, there's only so much to do there.
But, yeah, Patrick and the 414s were described as, what's the headline?
Young, male, intelligent, highly motivated and energetic.
A perfect fit for the newly defined term hacker.
And then Newsweek's cover headline was computer capers,
with Patrick identified in the photo, captioned as a hacker. term hacker and then newsweek's cover headline was computer capers uh with patrick identified
in the photo um captioned as a hacker so yeah that word that we throw about um has actually
sort of only hit mainstream 38 years a hacker before was somebody who actually sort of took
things apart and fixed them and put them back together again. And do you know what's funny? Yeah, the article that I've linked to actually has, you know,
sort of comment to name it.
And there are a couple of people in there moaning about that term being used
and sort of given a different meaning.
You know, the guys that did use it, it's like, come on, guys,
it's like 38 years, like get on with it.
It's not changing back.
Yeah. Put it into a hacker-shaped
balloon and let it go yeah take your sandals off take your socks off so can you read out the
description that of of him that that they did again was it young what uh they said young male
intelligent highly motivated and energetic.
Okay, so probably the last one doesn't apply anymore.
I don't think any of them really apply anymore.
Well, no, certainly not.
Yeah, but with the energetic one,
if you think about the amount of Clubmate that people drink.
Well, yeah, that stuff's dangerous.
I gave that out free at 44Con one year yeah i didn't know what
the hell i was drinking but i knew that night wow yeah oh wow so that's really i just find it odd
that a term that we just take for granted so much as is actually just so recent. And the way that language evolves and changes and grows
is fascinating to me.
Yeah, it's a good one.
But Hacker survived, but Freaker and Cracker didn't.
No.
Well, it's now just kind of all generic, isn't it?
Yeah, that's right.
It's not really defined.
Remember, what was it?
The phone losers of America. I guess't it? Yeah, that's right. Remember, what was it, the phone losers of America?
You know, I guess freaking's not really a big thing anymore.
No, but those were freaking.
That was freaking, wasn't it?
Yeah.
Yeah, that was all telephone, sort of blue box, red box, whatever.
That's why is it, yeah.
I mean, can you whistle at 2,600 hertz?
I don't know.
What is a blue box and a red box, Jav, you know, for our listeners?
2600 hertz i don't know what what is a blue box and a red box jav you know for our listeners tap tap tap tap tap tap tap tap oh bing's not working
i'm sorry we're lucky we're not sponsored by microsoft isn't it
devices they use to like make uh to break in to make free phone calls from public phone boxes
Yeah, I'll buy you time on that one
So what's the difference between a red one and a blue one?
I've no idea
Let me
Let me look it up for you
Let me look it up
Yeah, go on
Or are you going to look it up while Andy does the next story?
Yeah, i'll move
swiftly on you know what i'll put the link into the show notes it's there's a wikipedia page and
it's got all the different blue black red green clear box violet box i tell you what our listeners
they definitely don't listen to us for our expertise and technical knowledge do they
they listen to our podcast oh they've dropped a link to Wikipedia.
That's great. I could never
have found that by myself.
Oh, dear.
The blue box actually emits the
2600 tone.
The red box
emits the coin denomination tone.
Are you reading the article too?
Yes, absolutely.
I'm going to deliver some content here.
It actually does the tone pair.
The red one does the tone pair, the 1700 and the 2200.
Different frequencies.
To signal the coins dropping into a payphone.
Ah.
Yeah, we don't have that.
Like in the UK, when it used to be 10p a call,
you could literally punch the payphone next to the keypad
and the 10p would drop out when the call connected.
So as long as you timed it right, you could just get your 10p back out.
So what I know, there was the standard payphones
and there was these other payphones that had an extended button.
With the cards.
Yeah, with the cards i think
yeah but in those ones if you put four pound fifty so four one pound coins followed by a 50
pence coin and you made a call and before it got below 10 pence at any point if you hit the button
that said next call on it and then press star star, all your money would come out again.
And you could repeat it.
Where were you when I needed that for a phone box before mobile phones?
This is the difference between the US hackers and the British hackers.
They come up with blowing different frequencies,
whereas you just need to punch in a couple of keys into the phone to get your money back.
Exactly.
Or just punch the phone.
Yes.
I guess I'm more of a fan of the brute force.
Brute force and ignorance.
Yeah.
Anyway, moving swiftly on to 20 years ago, believe it or not, on the 9th of September 2001, Mark Kerfrey
started OWASP, otherwise known as the Open Web Application Security Project. So obviously
OWASP is a non-profit foundation that works to improve the security of software through
community-led open source software projects
hundreds of local chapters worldwide with tens of thousands of members and pretty much reference in
every penetration test cyber penetration test report um that's out there um so yeah brought
a lot to the world i was about to say oh my god i thought it was much older than 10 years yeah and then realize it's not it's 20
yeah uh because 2001 was 10 years ago as far as i'm concerned on that one yeah exactly um but yeah
the the the top 10 the os top 10 is one that's always referenced isn't it and uh yeah even i
know sequel injection and cross-site scripting has been in that top 10 for something like 10 years consecutively.
Yeah.
So all of this stuff is a huge impact on the security industry as a whole.
But yeah, relatively new.
Yeah, I mean, I remember looking at that top 10 and looking at SQL you know, SQL injection and the cross-site scripting and thinking,
why is it in there still after 10 years?
Why have we not, and by we, I mean, you know, programmers,
why have they not fixed it?
What's the problem here?
Have you seen the developers on Fiverr?
Yeah.
But, you know, it's like saying to a car manufacturer,
you know, for the last 10 years, your airbags in this particular model
have never gone off when they've crashed.
And they go, yeah, yeah, yeah, we know, we know.
It's in the background.
Why is it happening this year as well as last year,
as well as the year before and the year before?
I don't get it.
I really don't get it. And I'm obviously ignorant in the ways of coding but
surely surely we can deal with that yeah they'll just say well we're prioritizing delivery over
yeah we'll fix it we'll fix it there's prioritization of delivery over over security and then actually if you look at actual uh coding courses or books
or whatever security is like almost an afterthought it's the very last chapter it's something to to
consider um you know at the end so and people just want to get stuff done and get them working
and they say you don't you don't crash often. So only a few people will notice it.
True.
Yeah.
Yeah.
Those few people who notice it only notice it once.
Yeah.
Yeah.
Yeah.
Oh,
very good.
Very good.
Thank you.
As always,
Andy for
this week in InfoSoul.
In the category of most entertaining content,
the winners are
Post Unknown.
It's also strange for us
because we voted for Lazarus Heist 2.
Brilliant, brilliant.
Okay, well, let's get straight straight on shall we to this week's
tweet of the week uh we always play that one twice tweet of the week
and yes this is mine and uh this is well it's it's my story it's not my tweet the tweet is by
good friend of the show arsenic robert hansen and he's and now i realize
this is the worst thing to choose for a podcast because you now put a visual uh a visual uh story
into the podcast so yeah so using the yeah using the power of mime jav yes explain it to us it's like a massive pie chart okay and the background is
it's like the universe that's a big pie that's a big pie yeah and there are there's a very thin
slice in it so assets assets you are scanning that's a very thin that's a thin wedge okay
okay then there's one that's
about four times bigger than that. Still very small in the whole grand scheme of things. Okay.
Maybe 2% and then like 8%. Yeah. 2% and 8%. Assets you know you should scan, but aren't.
Okay. And the rest of it, the 90% of it, which is all depicting like a Milky Way galaxy or something is assets that you
don't know about see I would have said that's one percent and four percent okay that's one percent
four percent and 96% is 95% 95% I've got no issues with adding forwards it's when I need to subtract that I have to go you're like Zoolander you can't turn right
so it is a good one
assets you don't know about
yeah
and I think that's a really good tweet
of the week
didn't you guys have this argument when the NCSE said Yeah, and I think that's a really good tweet of the week.
Didn't you guys have this argument when the NCSE said,
understand where all your assets are the other day?
A couple of weeks ago, and you were like, oh, what stupid advice.
Well, they're all within that 95%. Exactly.
This just highlights what Tom and I were saying.
It does, actually.
It actually supports what we're saying
yeah yeah it's it's not easy when you've got a well a uh a a described with words pie chart
which kind of doesn't work but uh that has a picture of the universe that shows you just
quite how many assets you don't know about. Exactly. And so it's not straightforward advice from the NCSE.
Know all your assets.
Well, that's great.
How do you know they're all there?
The absence of an asset doesn't mean it's non-existence.
Very philosophical.
I agree.
And if a tree falls over in a forest and there's nobody around to hear it,
does it make a sound?
We still count its listenership.
I did hear the best answer to that I heard was,
no, it does not make any noise.
Because sound is the effect of waves of air pushing against an eardrum
to then turn into electrical signals to make sound in your
head as it were so if there's nobody around to hear it it can't make a noise
because there's no eardrum for it to resonate against
hmm i think this visual the fact that we're looking at like a milky way in the show notes i think it's
turned everyone a bit philosophical it has actually i'm looking at it i'm i i'm wondering
if the big sort of the the pointy part of the uh the small pies are the kind of you are here
arrowhead it's me and it does feel like Actually, if you've ever been in an organization and
one time I was in a contract and they all said, I finished my assignment before my contract was
over. And then they said, oh, we've had some trouble updating our network diagram for a while.
Do you mind giving that a look and yeah exactly exactly and you said oh
i've just remembered i haven't quite finished my other work yeah that's up there with floorport
audit yes yes do you know you know we talked about stephen bonner the other day didn't we
uh the other week he was sorry because he had uh was it 12 months or 18 months of uh gardening leave
uh moving from one company to the other.
And he said, you know, he learned to swim.
He learned three languages.
He traveled, blah, blah, blah.
He then swam the channel for charity and all these sorts of, you know.
Singing lessons.
Amazing things.
Yeah, singing lessons, exactly.
And he said he knew he was officially bored when he started documenting his home network.
Oh, man.
Very good, Geoff. Thank you. That was excellent.
Tweet of the Week.
This is the Host Unknown podcast.
Let's move straight on, shall we, to this week's Tweet of the Week.
And we always play it twice.
Tweet of the Week.
So this week's Tweet of the Week is from Han,
and their tweet was,
Holy shit, I can't believe this is a thing.
A mouse over a watch face to keep from going
to away status in teams.
The culture of work from home productivity surveillance is sick and has to be stopped.
Not okay under normal circumstances, not okay in a pandemic, just never okay.
And it is a picture of a mouse, a bit of a classic Microsoft mouse.
I actually took the one with the little sort of red light in the bottom of it,
with the sensor sat over a traditional watch. So obviously the second hand is moving and keeping the mouse.
Yeah, absolutely.
And I think I do agree.
I do agree with her about this.
And I think that all of this surveillance stuff is terrible.
The amount of stuff and the amounts of companies that are out there
that are actually offering solutions for the working from home environment
that basically spy on you.
And it's a terrible state of affairs, isn't it? When actually we don't trust
our workers in the first place and we're undermining not just the security of the
environment they're working on, but the privacy of the environment they're working on. And I think
it's a bit of a self-fulfilling prophecy in if you feel you're being monitored and hassled as a result
and having your privacy invaded, you will do things like this
to just make it look like you're working rather than actually
just getting on working in the first place.
So, yeah, I think it's – I was going to say it's very timely.
I mean, we're drawing towards the end of the full-time working
from home thing, but, yeah, very timely nonetheless.
But I did see throughout the the pandemic i saw some genius ways people were avoiding um you know
their status uh on these sort of intermessaging programs so there's like the guy that tied his
mouse to a roomba um you know that just sort of went around the room dragging the mouse behind it
so you know never never went to sleep i presume it's a bluetooth mouse not one with a really long
another one who tied it to a fan like a desk fan that was uh rotating around uh so it's just
constantly moving it back and forth across the desk but um yeah no ingenious ways of doing it
but you're right i mean are people really that bothered if someone goes away?
Yeah.
Yeah, some organisations are.
And to Tom's point, there's been so many.
I mean, Microsoft came out with their home productivity suite
or their productivity suite, and they show you how long it takes.
Oh, that's right.
That's right.
Because I've only seen that in a sort of personal
capacity if you see what i mean yeah so you know i get the report and i look at it i never even
considered the fact that you know in a large organization somebody could be collating that
in the background someone who has far too much time on their hands if you ask me um yeah but i
did see a good fit so i'm a big fan of these uh insights you know that uh office
microsoft insights yeah um because it tells me when i've got stuff i haven't replied to
which is quite a lot um but yesterday i noticed for the first time i was sending something last
night and it said do you want to send this during this person you know the recipient's working hours
um it says like you know their working hours are from 8 a.m do you want to delay sending of this message yes which is really good because i
you know sometimes i don't think about when i send stuff there's never any pressure to reply right
but i thought that was a really good feature because it then checks you know that person's
uh region their working hours and so they know, you know, and I said, yeah, delay that sending.
And it sent it 8 a.m. this morning instead.
So they go to bed thinking, oh, I've got a really empty inbox come the morning.
And then morning time, 8 a.m., 200 messages.
Yeah, but it's better than going to bed at like 1 in the morning,
taking a quick look at your phone and seeing like 50 emails.
Yeah, I know, I know, I know.
morning taking a quick look at your phone and seeing like 50 emails yeah i know i know i know but yeah i just i just can imagine that you know 759 and somebody's looking at their inbox thinking
please no and then but didn't do didn't do didn't do didn't do didn't do didn't
well you know the way around that it's just change your working hours on the on the system so yeah
yeah yeah every day so that they go back an hour and an hour and an hour
until actually you don't work at all.
Yeah.
Modern problems require modern solutions.
Exactly, exactly.
So, yes, Han, thank you very much for that.
That was this week's Tweet of the Week.
That was this week's Tweet of the Week.
You're listening to the award-winning Host Unknown podcast.
Officially more entertaining than smashing security.
Eat your face!
So, Andy, what time is it?
It's that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
FTC bans stalkerware app in industry first.
Industry News.
Texan accused of cyber stalking and murder dies in jail.
Industry news.
ID theft couple on the run.
Industry news.
ICO requests international support to tackle cookie pop-ups.
Industry news.
Cyber security student scams senior out of $55,000.
Industry news.
Stress and burnout affecting majority of cybersecurity professionals.
Industry news.
Data breach lawsuit against Sonic will proceed.
Industry news.
Berners-Lee joins ProtonMail following privacy debacle.
Industry news.
Security now a thankless task
for 80% of IT teams.
Industry News.
And that was this week's
Industry News.
What has
Sonic the Hedgehog done?
Speeding, obviously.
I thought he was not paying taxes on those gold rings
joe one of the funny what was that um there's someone that did like one of these stories on
reddit like embarrassing stories and uh she said that she tripped those yeah she had a pocket full
of like change from the arcades um you know, she was playing those slot machines where they build up
and they push out coins out the front.
Oh, yeah.
And, yeah, so, like, and she was playing them.
She just got a whole load.
She had, like, a big bag of them.
She was in the arcade.
And she tripped over as she was walking back.
And these coins just went everywhere.
And apparently there was this other woman that was, like,
playing different slots who just sort of looked at her.
She leant back and she was like hey yo sonic you good
i feel that only certain generations would understand that gag
brilliant but yeah no sonic is a um well sonic i actually looked this one up before, but Sonic Corp is a franchisee food chain.
Oh, really?
Yeah.
I thought it might have been Sonic Wall or something like that.
Yeah.
Yeah, no, it was.
I'm sure.
I swear I read it as a food chain.
Now I can't find it in the story.
But they're big, apparently.
So maybe one of our sonic driving
uh yeah so there's 3600 locations across 45 us states um and it turns out that all of these
you know more than 700 of these have got like permanent vpn um permanently connected with the
same credentials and stuff um that people use across all the stores.
America's fast food chain Sonic, there we go.
I've never heard of them, never heard of them.
No, me neither.
I just love this other story about the ICO requesting international support to tackle cookie pop-ups.
Aren't these the people that implemented the cookie pop-ups
to begin with yeah do you know what that's very true i complete oh god i haven't read that one i
don't miss that entirely but it's like you know when stuff gets out of hand though right yeah
well you know when stuff gets out of hand when the ico get involved
yeah but yeah i mean this is that i've seen some good variations of you know when stuff gets out of hand when the ICO get involved. Yeah.
But, yeah, I mean, this is that.
I've seen some good variations of it, you know,
where people just sort of say, you know, whatever.
You know, instead of I agree, it just says, like, whatever.
Yeah. Yeah.
But it is annoying because if you don't accept them,
every time you go back to that site, it comes back.
And, you know, every time you go back a that site it comes back and you know it's every time you go back a page
it comes back and when it doesn't load properly on mobiles as well that really bothers me oh yeah
you can't get to the x to close it or you know because there's some other crap that comes up
no no if someone done a comparison of like websites from the 80s or 90s versus now
and and it's just regressed back to that same
thing you've got pop-ups and auto-playing videos and sound and everything that and visitor counters
yes yes and under construction icons web paint yeah yeah we're just missing the blink icon yeah that's right Netscape now Netscape
yes
oh dear
and just
the last one
made me laugh
like security
now a
thankless
task
when was
it ever
a thankful
time
when was
anyone ever
oh security
hello everybody
we love you
people in
security
welcome to
the team
yeah
but it is
like full
circle
because it
always
like before security was a dedicated team it was always just an it job right yeah yeah yeah
but uh yeah i did see the other one that uh stress and burnout affecting majority of cyber
security professionals uh which i can totally get on board with yeah yeah been there done that and uh even had the t-shirt made up so uh yeah
thankfully it doesn't affect any other professional no in any other industry it's only specific
cyber security professionals i know it is an odd one isn't it we we talk a lot about oh and how
difficult the job is and all that sort of stuff and i've been And I've done that as well myself. Yeah. You just have to remind yourself that, Jesus, man, nobody died.
You know, it's not, you know, you're not dealing with death
and destruction and, you know, bereavement of loved ones
and all that sort of stuff.
And you're not running into burning buildings and, you know,
but nonetheless,
I guess it doesn't make it any less stressful.
It's just a different type of stress.
And as an industry, it's not being addressed.
Whereas many other industries, so healthcare and the fire service,
et cetera, there's always therapy, et cetera, on hand.
And as a culture, it's far more accepting of the fact that people
will burn out and people suffer from extreme levels of stress you know whereas here it's like
it's just not talked about yeah although we do that classic where you know free mindfulness
sessions over lunch yeah over lunch yeah so yeah and tom you did say that um you know we don't run into burning
buildings but being ciwsp we know which fire extinguisher to use on fire so if if if the
if the occasion did occur i'm sure you know we could handle it proficiently well as a cso who's
also a cisp c-i-double-s-p sorry i would say you get that at fire extinguisher and run into that
building there i mean i love how you how you how you create this this false narrative about you
still being a cso i know i know i know. I know. It's a problem of the addiction.
That's why I normally call myself a recovering CISO.
If you keep saying it, someone's going to believe it.
Yeah.
Yeah.
Trouble is I don't want to be paid like a CISO again.
Bender life.
Can't relate.
Excellent.
Thank you, gentlemen.
That was this week's Industry News.
Sketchy presenters, weak analysis of content,
and consistently average delivery.
Like and subscribe now.
So, Andy, I think it's now time for you and this week's tweet of the week and we always play that
one twice tweet of the week and this is uh one which caught my eye and made me chuckle uh it's
from a guy called Dan Hon who's at Hon Dan Hon and he just says Wf our fridge just emailed us to say we opened this door too many times in the
past month he's stuck a picture of the email which he received it's literally it says daily average
44 and he opened the freezer nine times on a daily average and then under the 44 it says like
frequent door opening to require
your unit to run more often and may prevent your unit from maintaining the set temperature
frost increased noise and low ice production may also be experienced and um it's just funny like
he's done a whole thread of it he says i don't even remember giving our fridge permission to
email me it's barely a year old and you know it's highly restricted and it's a fridge
it should only be spoken to also isn't that a bit of a like a vanity metric effectively
you know so we opened it on average of 44 times i mean you say that's high but compared to who
we have seven people in this house what about a two-person house what about a restaurant is that high or is it like do you know what i mean it's like it means nothing it there's there's no
there's there's no reference there at all oh no but it is funny i mean he did say uh i mean it
looks like you know it's got this whole performance summary but you know i'd love to have one of these
fridges i just need to know more about it um but it is it's like uh you
know it's just this whole running commentary is like okay i didn't know we're doing monthly
performance reviews with household appliances these days yeah i mean this is that yeah this
is the future that we signed up for it is brilliant it is and i guess you could hack it to uh to to
say that he'd actually opened it 150 times
in a day or something and change his behaviours.
And before you know it, he ends up starving
because he doesn't want to actually open the fridge door and be told off.
The fridge won't open.
Now, what I want to know, has the fridge also copied in his life insurance
and said, you know this fat boy who said he's losing weight?
this fat fat boy who said he's losing weight you know i blame i partially blame fridge manufacturers for not making all of the doors
clear so you can at least see what's in the fridge without opening the door well i guess
that's an efficiency thing as well um although there are fridges with screens on them that have a camera on the inside.
So you can see what's inside,
uh,
at which point,
and even I know about the Tik TOK guy who,
uh,
basically does watches somebody do something really in a complicated manner
and then sort of does it simply and then holds his hands out.
Uh,
and that's,
I can just see him opening the fridge and looking inside and then
holding his hands out so uh but yeah although it would save energy although would it because
the power of the light and the camera is that offset by not opening the fridge i mean these
are questions we need answers to you are really thinking this one through.
I take this job seriously, you know, even though it's an unpaid intern.
You wish you were an intern.
Yeah, I might get more respect.
Wow.
Oh, brilliant.
Thank you, Andy, for this week's...
Tweet of the Week.
Well, we have come racing to the end of the show.
A little bit shorter this week, I think.
Maybe we should be doing them in the evenings more often.
We're obviously used up more of our words by this point of the evening. But yes,
we hope you enjoyed it. Jav, thank you so much for your time this week.
Yeah, you're welcome. You know, I'm just waiting for, by this time, Google sends me an email saying
you've used 22,000 words for the day. So I'm just trying to keep it low.
22,000 words for the day, so I'm just trying to keep it low.
And Andy, thank you very much.
Stay secure, my friend.
Stay secure.
Stop ripping me off.
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel. Worst episode ever.
R slash Smashing Security.
I can't help but have a really strong sense of deja vu this week.
I can't quite put my finger on it.
I know what you mean, but I'm not really sure.
Yeah.
Yeah.
I don't know but you definitely loaded all the jingles into the platform this week right yeah well you heard them right yeah weird okay
hello peeps it's carol so as some of know, I am trying to make headway into art land.
And in learning a skill, you don't make cash.
In fact, you spend cash in order to better yourself at the skill.
Plus, you have to devote hours and hours every day to get better.
Thing is, I wouldn't be able to do it without you listeners of the host unknown podcast
you sponsors you patreon supporters and reviewers like duty fish who wrote this week the host
unknown podcast is undoubtedly the best light-hearted, entertaining podcast that covers cybersecurity, technology, and just about everything else.
The hosts, Tom, Javad, and Andy, are wonderfully team and have a brilliant rapport.
The content is enjoyable and interesting. Certainly one to try.
I listened to one episode recently and now I'm going through the entire back catalogue. I love it.
Keep it up guys.
Five stars from Doody Fish. So from the bottom of this little artist wannabe's heart
and on behalf of all of us at Host Unknown we thank you all for supporting the Host Unknown
podcast because you make a difference.
Stay safe and stay secure, my friends.
See you next week.