The Host Unknown Podcast - Episode 87 - Merry New Year
Episode Date: January 7, 2022This Week in InfoSec (6:20)With content liberated from the “today in infosec” twitter account1st January 1997: The Cult of the Dead Cow admitted it was responsible for the Good Times virus hoax of... 1994.Good times virushttps://twitter.com/todayininfosec/status/1212558619205607426[Covered this story last month so will axe it]2nd January 1975: Gates and Allen Name "Micro-Soft". Microsoft founders Bill Gates and Paul Allen write a letter to MITS, the Albuquerque, New Mexico, company that manufactured the Altair computer, offering a version of BASIC for MITS's "Altair 8800" computer. The contract for BASIC reflected the first time Gates and Allen referred to themselves as the company Microsoft, spelled in the document as "Micro-Soft."Gates and Allen name Micro-SoftMicrosoft v. MikeRoweSoft3rd January 1977: Apple Computer, Inc. is IncorporatedApple Computer, Inc. is incorporated by Steven Jobs and Stephen Wozniak. Its IPO, which took place three years later, was the largest one since the Ford Motor Company went public in 1956. The stock rose almost 32% that day giving the company a market valuation of $1.778 billion. Seven years later, on January 24, 1984, the company revealed the Macintosh personal computer in a publicity campaign that compared IBM with Big Brother and Apple as the savior of the masses.Apple becomes first company to hit $3 trillion market value, then slips Rant of the Week (17:22)Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to deleteBack in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. https://twitter.com/jwz/status/1478022085737803776?s=20 Billy Big Balls (25:18)A set of balls to bring us back Former CEO of Theranos Elizabeth Holmes convicted on 4 countsUS clothing supplier Pro Wrestling Tees hit by data breachA quick story that is near and dear to mine and Andy’s heart - which Thom will have absolutely no idea about. But Pro wrestling Tee’s - which sells t-shirts designed by professional wrestlers, has discovered that some customers’ credit card numbers have been compromised in a data breach. a small portion of our customers’ credit card numbers had been compromised,” reads a breach notification letter signed by Pro Wrestling Tees owner Ryan Barkan“We immediately conducted a thorough investigation of our system and concluded that a malicious virus was the source of the breach.”A cybersecurity firm has since helped to remove the malware.Barkan added that they had found “no evidence that current individual personal information has been compromised”, or evidence “of any current misuse of your information” – despite admitting that the payment details were accessed.You may be thinking that this isn’t a big deal. But what kind of Jabroni thinks it’s a good idea to attack a wrestling store. It’s almost like they’re looking for a smack down. I get it, they may have thought - oooh what a rush, but whatcha gonna do? Whatcha gonna do when the feds come looking for you brother? Criminals can rest in peace - and that’s the bottom line, cos the host unknown podcast said so. [That was this weeks BILLY BIG BALLS] Jav: Industry News (39:53)Microsoft Fixes New Year's Day Exchange Server BugUK Defence Academy Attack Forced IT RebuildInvestigation Launched into App “Selling” WomenFTC: Patch Log4j Now or Risk Major FinesUK's Information Commissioner Starts New Role Amid Major ChangesMorgan Stanley Agrees to Data Breach SettlementCredential Stuffers Compromised 1.1 Million AccountsCrypto Firm Pulls the Rug from Under Investors with $10m ScamMan Pleads Guilty to $50m Investment Fraud Scheme Tweet of the Week (43:15)https://twitter.com/avrovulcanxh607/status/1445102818348699746Ceefax replica goes TITSUP* as folk pine for simpler timesBut creator runs server from home – we can forgive himA young man who would have been around 10 when the plug was pulled on Ceefax has recreated the BBC's teletext information service online, replete with a digital remote control to punch in the number of your choice.NMS Ceefax The joke that Jav didn't understand: Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So I've been hearing a lot over the holidays about NFTs because Twitter's been going crazy about them.
And I still can't work out how they actually work.
Right. So imagine like you've got a spouse and your spouse is getting drilled by everyone, but you can't do anything about it.
Ah, you have the marriage certificate.
That's the NFT.
You're listening to the Host Unknown Podcast.
Hello, hello, hello.
Good morning, good afternoon, good evening,
and Merry New Year from wherever you are joining us.
Welcome to the Host Unknown podcast, episode 87-ish.
Hey, 21.
Exactly. Gentlemen, how are we? Jav, how are you, sir?
Yay, New Year, same old me, I'm afraid.
you sir yeah new year same old me i'm afraid you mean you're not starting a crash diet and going to be meditating every day and uh whatever else it is you do well if i was i wouldn't be
telling you to let's put it that way i can't think why what happened to your biggest loser challenge obviously you both ended the
year as big losers if either of you lost weight i'll tell you when i next step on the scales i
don't know i i sort of like lost it then regained it and some more then i lost it again because i love losing it so much so so yeah it's so you
ain't a quitter i ain't a quitter my mom i didn't raise no quitter no that's why i continue to add
and gain so so jeff did you did you have a good break it was good yeah it's it's always nice just
to relax reset um you know covid was a blessing because like you know people inviting you
or wanting to come around oh no it's a bit you know the omnicron is spreading a bit we're just
isolating a bit all right kids netflix it is i was gonna say that's that's no way to talk to your
wife though is it no she's been in isolation in the loft room for the last three months she has
no idea what's going on and andy how are you sir how was how was your break that was good it was actually just good
to get away i um i tracked my heart rate over the christmas period and my resting heart rate
dropped by like five beats per minute well uh whilst i was off from work. And literally the day before, like the night before work,
it shot back up again.
So you got back down into double digits
and then it's back up into triple digits.
Exactly, yeah.
It's not healthy.
It seems like work may add some stress to your life.
Yeah, you might want to take a lesson from that
somewhere along the line.
Yes, more recreational drugs.
Yeah.
Well, the ketamine that you were talking about in the last episode, you mean.
Exactly, yeah.
It's the only way to get through the weeks.
Well, yeah, and for all you horse drug dealers that contacted us,
it's fine and he's got his own supplier.
Indeed.
So how was your break? Yeah, good it was good a lot of driving around went all over the place uh london oxford reading that army
cron rutland uh yeah but interesting enough with mostly there's just the same people if you see
what i mean you're just in different different places so yeah it didn't didn't go out and about much as it were um so yeah it was nice very quiet
i'm still off now go back on um monday the 10th so uh yeah so my heart rate is definitely still
in double digits so sunday night could be a different matter entirely so yes but it was it
was nice it was nice and relaxing um lots of good telly
lots of good films went to the cinema well three or four times actually um saw the new matrix which
was really good i really enjoyed that so that was worthwhile and also encanto which is definitely
worth watching it's a the new disney pixar thing uh so it sounds like a spell from
harry potter yeah yeah not far off not far off i see jav last but he admitted that he hasn't
actually seen harry potter so yeah or and also doesn't speak french which i just think is well
ridiculous yeah so why would i want to speak the language of Surrender Monkeys, number one. Cheese-eating Surrender Monkeys to you.
Yes, cheese-eating Surrender Monkeys.
And number two, I am
at least familiar with the
concept of Harry Potter and the spells
and everything. I thought you were going to say
the concept of the French.
So I do get
the joke when you say this sounds like a spell
from Harry Potter because it's like a spell
from any other program. Any other what pro any other sort of witches and wizards uh go to school program
exactly i love genie or whatever i don't know the 50s called mate i thought i'd give you a reference Well, yeah, yeah. What's his face? I Love Jeannie with J.R., isn't it?
Larry Hagman.
Larry Hagman, yeah.
Oh, that was a good show, that.
I like that.
Oh, dear.
So, yeah, very good.
Welcome back, everybody.
It's New Year 2022.
We'll see what it brings.
But what I can tell you is what we've got coming up today.
So this week in InfoSec takes us back to the cult of Microsoft or something like that.
Rant of the week shows that you will always be working for the man.
Billy Big Balls is a story about a wannabe Steve Jobs and stolen T-shirts.
Maybe two stories in that one, not sure.
Industry News brings us the latest and greatest security news stories from around the world.
And Tweets of the Week tells of the OG internet, at least if you're from the UK.
So let's go on to our favourite part of the show, the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane
with content originally liberated from the today in infosec
twitter account uh but it has been slim pickings this week so i've had to go further afield uh so
originally i was going to talk about colt the dead cow admitting responsibility for the good
times virus 25 years ago on new year's day uh but then it sounded familiar and i did go back and
check and we covered it in episode 82 uh so I am going to take us back 27 years.
Hang on a minute. How did we cover it in 82 when it was on the 1st of January?
Well, so we covered it because the first known circulation of the virus was 1994.
And then sort of two and a half years later or just over two years later.
Was when they admitted it.
When they admitted it, yeah.
So that's, I got confused with that as well.
I mean, technically it's a different story.
Yeah, but you know, it just, I could have, you're right, I could have just rehashed, listened to it and just rehashed what I said before.
What we could have done is, you know, is I could have just cut in five minutes from a month ago.
Nobody would have noticed.
No, no. Just cut have noticed. No, no.
Just cut that edit.
Yeah, exactly.
But alas, I've gone in a different direction,
so I'm keeping it fresh.
I'm not getting lazy on the first show back, all right?
So we are going back 27 years to the 2nd of January, 1975,
when a couple of young guys going by the names of Bill Gates and Paul Allen wrote to the manufacturers of the Altair computer and offered a version of BASIC for the Altair 8800.
And the contract that they wrote referred to themselves as the company Microsoft, but it's originally spelled micro hyphen soft.
Microsoft, but it's originally spelled micro hyphen soft.
And so if you're looking for that InfoSec link, obviously, over the years, there's many reasons why Microsoft have been associated with InfoSec.
But I am going to bring up one of my favorite stories, which did occur in January.
So it was a very close, tenuous link. And this was the case of Microsoftrosoft versus mike row soft as in in 2003 mike row was a 17 year old canadian
student and web designer who registered the domain name mike row and then added soft at the end as a
phonetic pun and what he did not expect was a letter from microsoft's legal team who saw the domain name
as a trademark infringement because it's resemblance to their trademarked corporate name
so they demanded that he give up the domain and so after he received this legal letter on the
14th of january 2004 mike rowe replied asked to be compensated for giving up the domain.
So Microsoft then shot that.
They said, look, we'll pay you out-of-pocket expenses, which is $10.
This is the cost of the domain registration.
So then Mike Rowe, he went back and he said, no, give me $10,000 because you're Microsoft
and I find your $10 offer derisory.
So in response, Microsoft sent a tiny offer.
They sent back a 25 page cease and desist letter accusing him of setting up the site deliberately in order to force him into a large financial settlement, a.k.a. cyber squatting.
And so Mike Rowe, obviously a obviously 17 year old student kind of panicking
just yeah what can he do he went to the press like you know created publicity for the whole
case and you know sort of garnered support in this sort of david versus goliath type scenario
so yeah scenarios yeah yeah he received donations of over $6,000 in addition to free legal advice from people.
But it didn't go very far, that case.
So they actually settled a couple of weeks later.
They came to an out-of-court settlement with Microsoft taking control of the domain.
And in return, they agreed to pay for all of the expenses that he had incurred.
And in return, they agreed to pay for all of the expenses that he had incurred. They also set up a new site and redirected traffic to microforums.com.
And that's micro for R-O-W-E.
And in addition to that, they gave him a subscription to the Microsoft Developer Network.
And all expenses paid trip for him and his family to the microsoft research tech fest
in redmond washington uh they also paid for certification for him and gave him an xbox
with a selection of games um and it wasn't that oh it's fantastic that's very cool if they'd opened
with that you probably would have said yes well this is a thing right so microsoft actually you
know in hindsight they admitted they may have been too aggressive in their defense of the microsoft
trademark um actually that's but it's rare that you hear people say that especially legal teams
right so i think that's fair play that's fair yeah they they have certainly chilled over the years
but then various other legal experts have sort of implied that microsoft had just little choice
really to pursue
it because once it come to light that this domain existed they would have risked weakening their own
trademark yeah had they knowingly ignored it they would have lost the right to future trademark
infringement yeah yeah um whereas you know on the flip side other people's uh opinions is that had
the proceedings continued uh mike rowe would have had a strong argument
for keeping the domain because that was his real name and he wasn't claiming to be affiliated with
them um so yeah a bit of intellectual property cyber squatting yeah so so basically he got six
grand in donations free legal advice and probably about four grand's worth of free stuff,
which comes to roughly 10 grand.
Yeah, but I'll also add that he did donate the money that he received.
He donated a lot of it to a children's hospital as a result of a poll,
which he held at the time in terms of what he should do with the money.
The poll being, should I keep the money or donate it?
Donate it!
Should I go to Vegas for the weekend and try to travel the money?
He made a generous donation to the Micro Children's Hospital Trust Foundation.
I like that. I really like that story.
Because it also brings back memories of the Microsoft Developer Network
and getting a big pack of DVDs every month.
Yeah, great.
Yeah, I used to take those.
I've still got some of them.
And then keep the wallets for my own personal DVDs.
Yeah, but I've still got some of them.
That's the best part of it.
Wow, brilliant.
Yeah, good times.
Well done, Andy, on the whole micro Rowe and Mike Rowe's op.
You've done a good job there.
I think that lowered blood pressure you had over the holidays really came to good use.
It reminds me a bit of, it's in the Ghostbusters movie,
the one with all the lady cars and they had Chris Hemsworth in it.
And he goes, can I bring my cat into um the
office and she goes uh it goes oh i'm allergic to cats he goes no it's a dog his name's mike
hat wait it's like michael hat you know
i've never heard of that ghostbusters film being referred to as the one with the lady cast.
Well, I didn't know how else to.
I completely blanked on everyone's names.
I might watch that again this afternoon.
That's a good time.
I did enjoy it.
I don't know why it got such a bad rep.
No, I don't know, actually.
I think it was really good.
Because it's a remake of a classic.
Well, yeah, but Kate McKinnon in it is brilliant.
Oh, she is awesome.
She is absolutely awesome.
I think she was the highlight in the sense that she was always
just in the background but doing some really weird,
dippy shit and it just really brought a lot of life to it.
Anyway, anyway.
Have you seen her in Rocketman as well?
She's like really good in that as well.
Was she in Rocketman?
Was it Rocketman?
No, not Rocketman.
No, I'm not Rocketman.
I'm thinking of the other one, the one about the Beatles
with that Indian guy in it, the one that...
Yesterday.
Oh, no, I haven't.
Is she...
Oh, is that a good film because i don't like
beatles music that's a problem i don't really like beatles music but it was you know like that
we went through that period where everyone's doing a musical movie uh but so there was like
rocket man there was bohemian rhapsody and this one it's it's it's a fictional story so it's not
really yeah about beatles but it was, I enjoyed it.
It was,
it was good.
It was well done.
And welcome to the host unknown podcast,
your latest news on cinema and film releases.
I liked it mainly because the main character's name was Jack Malik.
So representation matters.
Well,
yeah,
absolutely.
Do you mind if we just call you Jack from now on jav it'll be a lot
easier uh anyway uh do you have another story for us andy i did but you know what for the sake of
time i will uh just quickly whiz that 45 years this week 3rd of january 1977 apple computer
inc was incorporated by steve jobs and Steve Wozniak.
And at its IPO, which took place three years later,
it was one of the largest since Ford Motor Company went public in 1956.
Their stock rose 32% that day, giving them a market valuation of $1.7 billion.
In 1980?
In 1980, yeah. 7 billion dollars in 1980 in 1980 yeah and so obviously now just this week apple became the
first company to hit three trillion dollar market value it wasn't that long ago they hit two trillion
or one trillion was it no they're definitely going up fast yeah so in the span of 45 years
the two steves took a company well one one steve now maybe um but yeah 45 years
from uh yeah incorporation to three trillion dollars that's incredible what have you achieved
in 45 years eh well thanks for that uh thank you very much andy. This week in InfoServe.
You're listening to the award-winning Host Unknown podcast,
the show which Smashing Security sets their out-of-office to.
All right, let's move swiftly on then to this week's Rant of the Week.
Listen up! R rant of the week. Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
And this one, as tradition foretells, falls to me.
So last year, Norton 360, which is a traditional legacy antivirus product.
You say legacy, spoken like a true evangelist for an endpoint detection response.
It's certainly not next gen, is it?
No, no.
Does it use machine learning?
Does it have AI?
No, exactly.
Do I have shares in it? Yeah. Does it have AI? No, exactly. Exactly. Do I have shares in it?
No.
Oh, dear.
We digress.
I owe these people nothing, I tell you.
Nothing.
So they do antivirus.
You will not find it on any machine.
You pretty much buy from Curry's or PC World or whatever they're called in the US.
I don't know, Best Buy or whatever.
Often bundled in.
It used to be Symantec, didn't it?
Was it Symantec?
Didn't Symantec and Norton, weren't they together?
And then didn't they split?
I think they were at some point, yeah.
Yeah, I got confused.
I got confused i got confused anyway last year at some point part of their uh product line norton lifelock
um which is kind of like a big umbrella term for you know you get all of our stuff in there
uh it was offering ethereum mining as part of its, interestingly, antivirus suite.
Now, just to put this in context, many of you may remember years ago,
you could do chromosome folding or SETI at home,
which was the search for extraterrestrial life,
where when your computer went into standby mode,
it would utilize the CPU cycles to process packets of data.
And you would contribute to the search for extraterrestrial life
or you will fold chromosomes, whatever that means,
for medical research, whatever.
And it was really good and it was gamified somewhat.
You could see who was doing the most in your office or in your country,
your town, et cetera. And you could try and build it. And I remember as an old IT manager,
installing it on a bunch of machines and building a company account for SETI at home.
And so overnight, our electricity bill went up, but we still didn't find any alien life.
But nonetheless, the principle here is the same.
So when your computer has got Norton LifeLock installed, in the background, it will start
to mine Ethereum, which basically means doing complex algorithmic calculations in order
to create Ethereum coins, whatever they're called.
This was installed in the background
without you knowing it, and you would have to opt out of it, as I recall. But what it was doing was
actually commoditizing the ability to mine currency and allow you to become a part of the cryptocurrency trend.
The problem was that when it came, well, there's two problems.
One, it was difficult to uninstall for a variety of reasons
that I don't particularly understand.
But secondly, Norton would take 15% of whatever you mined
plus any other fees.
So they're like skimming, they're installing this product
without you necessarily knowing.
Your computer's hammering away 24 hours a day,
which ultimately is going to reduce the lifespan of your computer anyway, right?
For a product that is going to net you 0.0001 of Ethereum,
because let's face it, your laptop or your desktop computer
is not built for cryptocurrency mining.
And even if you did make any money, you're going to lose 15% of it,
which for Norton is probably quite a lot of money
when you think about the millions of people that have got this thing installed.
Now, this happened last June.
There was a little sort of blip on it, but this has blown up in the last week,
even down to the point where even Brian Krebs is now talking about it.
So the rant here is, Norton, what the fuck are you thinking?
What is this?
Like, you can't install this automatically.
like you can't install this automatically it's it's as it's as bad as installing firefox and having adobe installed in the background without you realizing it and stuff like that this is just
really bad business and who thought that 15 skimmed off the top is is going to be it's going
to make you know make you look good in the headlines.
It's quite incredible.
I don't know whether they cared about how they looked,
but that is definitely a good revenue generation scheme.
They're like, how many people installed this?
Well, precisely.
It's good revenue generation, but it's like you're literally
just using people to generate money for you,
quite literally generate money for you.
Not let's sell them a good product,
but let's package a product into a computer that they bought
that they don't know how to uninstall.
They don't know that this product is in there.
We'll create cryptocurrency that we skim 15% off
and shorten the life of somebody's machine.
I find that an incredible bundle of facts
think of it from an accounting perspective you're struggling to get new customers you're struggling
to keep renewals selling your customers data might not be paying the bills enough let's
let's rape their resources and yeah modern solutions modern problems my god so incredible you know related
to this and um there was a tweet by mozilla on 31st of december yes where they said dabble in
dogecoin holding some bitcoin and ethereum we're using bitpay to now accept donations in cryptocurrency.
And the rant was from at JWZ or JWZ.
Hi, I'm not sure that whoever runs this account has any idea who I am,
but I founded Mozilla and I'm here to say, fuck you and fuck this.
Everyone involved in the project should be witheringly ashamed of this decision to partner with, and I love the next quote,
planet incinerating bonsai grifters. It's true. It's true. it um bitcoin used the same amount of electricity as argentina did
last year brilliant wow
which is just incredible so yeah norton please you should be ashamed of yourself
this is virus and antivirus yeah well yeah Well, yeah, exactly. Exactly.
I mean, the cognitive dissonance and irony bouncing around in your head,
that clanging sound you're hearing, jeez, incredible.
Absolutely incredible. So, anyway, yes, that was this week's Rant of the Week.
So anyway, yes, that was this week's... Rant of the Week.
This is the Host Unknown Podcast.
Home of Billy Big Ball Energy.
Well, that was a very well-timed jingle
because it's now also time for...
Billy Big Balls of the Week.
Tom, next week, can you measure your heart rate before and after you start
do you know what yeah that's and i'll put it in the show notes yeah
okay so andy spoke earlier about um the 45th anniversary of Apple Incorporated and the two Steves and Steve Jobs
being the the most famous you know of the lot and he he inspired a whole generation
and many have emulated him or tried to follow his approaches and and you know he was a big
big influencer there's no doubt in the tech scene, in how companies do their keynotes, they launch their products, they design their products, and even how tech entrepreneurs dress.
Yes, the famous turtleneck. who was very impressed or influenced, should we say, by Steve Jobs was Elizabeth Holmes,
who you might have seen. If you look her up, you'll see her. She's wearing the turtleneck
in many occasions. And she dropped out of Stanford University. I think this is following in someone's footsteps a bit too closely. In 2003, Anchi founded the blood testing startup Theranos.
Theranos.
Theranos.
Theranos, yeah.
The-anos.
Theranos.
Theranos.
Not the anus.
Theranos.
The.
Their anus, yeah.
In 2003.
And this hit the scene like a wrecking ball because its promise was uh just with a few drops of blood you could do a whole barrage of tests and find out
you know medical conditions diagnosis whatever you so do you have an iron deficiency is your
kidney not working or have you an excess of Haribo's in your digestive
tract. How many kidneys do you have Jav? Which has caused massive amounts of bloating.
So in this early years Theranos raised more than 700 million from investors, including, amongst them were
billionaires such as Rupert Murdoch or Larry Ellison, who valued the company at 9 billion.
Forbes named Elizabeth Holmes as the world's youngest self-made woman billionaire worth 4.5 billion in 2014 when she
was just 30 years old I think she also made a top 30 under 30 list that year alongside
I think it's that guy that bought the drugs and then hyped up the prices like fire. Oh, God, that scumbag.
Yeah, yeah.
So Forbes has a great list of, you know, their spidey sense tingles when they see someone.
When they see someone ready to rape the earth.
Yeah, exactly.
So, but in 2015, things started to unravel a bit. The Wall Street Journal revealed that Theranos was using other companies' machines to do their testing because their own machines were doing it.
It completely fell apart in 2016 when new information came to light.
And there was a whole slew of investigations from federal agencies.
slew of investigations from federal agencies. Forbes revised their net worth rating and said Holmes was now worth zero dollars. Anyway, she got taken to court and, you know, there was
several charges against her for wire fraud, fraud, you know, money laundering.
I don't know. The list went on and on.
A bunch of stuff.
A bunch of stuff.
And the case ended this week.
So January 3rd, 2022, she was found guilty on four out of the 11 charges of fraud um that's not that's not a bad
yeah she was found guilty on four charges she was acquitted on four charges and the jury failed to
reach a verdict on three counts okay so one four lost four drew one that's uh was it failed to reach a verdict
on the fraudulent use of a turtleneck yeah yeah um and now she could face up to 80 years in jail
now 20 years reach of the four accounts as well as a fine of 250 000 plus restitution for each of the four accounts, as well as a fine of $250,000
plus restitution for each count.
But it's unlikely, according to legal experts,
that she'll receive the maximum sentence.
So maybe she'll only get...
20 years.
40 years.
Whatever, 20 years.
Yeah, well, I could see it being a lot less than that.
Yeah, maybe it's like good behaviour, like ankle tracker.
The American system doesn't allow sentences to be served concurrently either, does it?
They add up.
No, does it not?
No, no.
One of the differences between the UK and the US laws is in the UK,
if you get four 20-year sentences, they'll be served concurrently,
whereas in the US, that means you get 80 years.
Right.
Okay.
I didn't realize that.
Obviously, things can be mitigated and taken down and all that sort of thing.
But that's how they do it.
That's the general thing.
I'd be surprised if she got more than a couple of years, if I'm honest.
Yeah.
Just the demographic that she is and knowing the american system for putting away you know rich white women yeah yeah it's just not
gonna yeah it's just not gonna i mean even trump couldn't get hillary locked up i don't think
anyone can get any exactly that well-known stable genius with a j. Yeah. But I think it's, you know, you have to admire the balls on this woman,
like for everything she'd done with fake technology that didn't work.
Well, here's the thing.
I mean, if we just, she obviously modelled herself somewhat on Steve Jobs,
and I think it was quite an open sort of statement, as it were.
But, you know, Apple is a company, obviously a successful company, a $3 trillion company that produces
products, whether you like them or not, it's got nothing to do with it. The products work,
they do the job that they're intended to do, give or take. And they produce a lot of them
because people buy them. The problem she had wasn't the fact that she was hyping it per se
because that's how business works.
The problem was that the technology wasn't ready
and she was saying it was, I think is the big thing.
Because I'm sure this technology will, in 20 years' time,
will be everywhere.
Yeah, absolutely.
And she was hyping it far too early
hence why she was having to farm this stuff out to other other companies that were actually couldn't
do the things that she said that her tech could do anyway and all that sort of stuff so the chat
the you know i think the fraud here is the fact that she was saying her company can do this stuff
when it couldn't and that was the downfall.
Obviously, I mean, I'm just recounting pretty much what you said, Jeff, but I think it's just
a real shame that the product wasn't ready because she should be, or could have been,
a real example and role model and all that sort of thing that anybody can do this sort of thing anybody can
can be fake it till you make it yeah inspirational leader and and business does fake it until you
make it to a certain extent but it fakes it in a way that is actually works if you see what i mean
it's a bit like the the steve jobs first demo of the iphone he had a very specific sequence of screen presses that he could make and
if he if he if he um aberrated from that by one screen press the iphone would have crashed
because they hadn't finished programming it but he knew the product was there maybe she thought
the product is here but it just didn't mature fast enough i don't know
so you're saying that she just to just to rephrase requote what you said is that this is going now
you said that you know she she was basically done for claiming a product did something whereas it
didn't and i think that's a very important point good thing that no other industry like say
infosec would ever have such claims so true so true but you know if they if the investors have
done proper due diligence well yes yes we come up against this like if we're you know if we're
looking to buy a company and then you know we've got our very rigid due diligence process which we go through and then we are up against venture
capitalists you know and their diligence is pretty much are there any dead bodies in the cupboard yes
or no yeah you know whereas house is a lot more detailed so it's always the chicken entrails say
we should or shouldn't back this prop? It really is like that.
Yeah.
So, yeah, I mean, investors have to, you know,
they're at fault for fanning this and making it grow.
I think there is a big case to be made that the investors should have their feet
held to the fire on this.
But, of course, they won't because they're the ones that lost their money.
Oh, no, you know, we were duped, duped etc well not if you actually ask the questions i only need like one in eight
to come through you know that i can invest in eight things make sure one of them makes the
money and it covers the rest that's it yeah it's just that this was a really big one yeah so andy
you saying that people should come to you if they want proper due diligence and your services are available on andy.tv yeah anyway moving very swiftly on to another billy big balls move that um
i'm going through quickly as we decided billy big balls now come in pairs yes um unless you're
lance armstrong uh so it's former german dictators yeah very famous song with the other one being in Unless you're Lance Armstrong. Former German dictators. Yeah.
Very famous song with the other one being in the Albert Hall.
Yeah. What the fuck?
So this story is near and dear to mine, and I know Andy's heart,
but Tom will have absolutely no idea what we're talking about.
Nope.
So there's a website called Pro Wrestling Tees,
which sells T-shirts designed by professional wrestlers.
And they discovered some customers' credit card numbers have been compromised in a data breach.
They conducted an investigation, concluded a malicious virus was the source of the breach.
A cybersecurity firm helped them to remove the malware.
them to remove the malware uh and they said that no evidence that the current individual personal information has been compromised or any misuse of information um so you might actually
deviated from the standard script in one they said that card data was compromised and two they said
it was a malicious virus rather than a sophisticated cyber attack yeah i know and
also did the spokesman then go on to say we know where you are we're gonna find you you're going
down no but did i get it right pretty good i i have to admit that's uh
you know and and and what's billy big ball i mean i think the billy big balls here and andy will
agree with me is like what kind of jabroni thinks it's a good idea to attack a wrestling store
it's almost like they're looking to get the smackdown and they might have thought oh what a
rush but here's my question to you hackers what you're gonna do what you're gonna do when the
feds come looking for you brother the criminals might rest in peace and that's the bottom line
because the host unknown podcast said so play the outro billy Big Balls of the Week.
Was that what you meant?
Exactly.
Yeah, I thought there was something a bit more dynamic on that one.
Who's the fella who says you can't see me?
John Cena.
John Cena.
I bet he was the hacker.
At least you're trying, right?
I am.
That's the key thing here.
I am.
I'm trying. Maybe John That's the key thing here. I am. I'm trying.
Maybe John Cena can release his own VPN.
Andy, what have you got on your left wrist?
I have my watch.
And as I look at the time, it is that time of the show
where we head over to our news sources over at the InfoSec PA Newswire who have been very busy bringing us the latest and greatest security news from around the time. It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry news.
Microsoft fixes New Year's Day exchange server bug.
Industry news.
The UK Defence Academy attack forced IT rebuild.
Investigation launch into app selling women.
FTC patch Log4j now or risk major fines.
UK's Information Commissioner starts new role amid major changes.
Industry news.
Morgan Stanley agrees to data breach settlement.
Industry news.
Credential stuffers compromised 1.1 million accounts.
Industry news.
Crypto firm pulls the rug from under investors with $10 million scam.
Industry news.
Man pleads guilty to $50 million investment fraud scheme.
Industry news.
And that was this week's...
Industry news.
Huge, if true.
Huge.
Lots of scammers and fraud and things going on.
What the theatre really gets me is this Microsoft
thing.
Mike Rowe. What happened to Mike Rowe?
Yeah, Mike Rowe, surely you knew
about the date change.
No, but this date change thing,
I think that's unforgivable,
isn't it? I'll be honest,
I don't know much about this one. I didn't... I think that's unforgivable, isn't it? I'll be honest. I don't know much about this one.
I didn't.
I think it's effectively, and I am by no means an expert as a recovering CISO,
but it's a more complicated version of the Y2K bug or the Y2K2 as it is now.
The reason being that when a certain date is reached reached it fills the i don't know but basically
it ticks over and it and it and it fails because the date range is filled as it were it can't go
because of the way that it stores the the the uh the date data but you'd think that they would know
this sort of thing you'd think that they'd be testing this sort of thing all the time i i i'd love to have um i'd love to be able to read or listen to
a more in-depth analysis on this and why it caught them you know by surprise quite so much because
really really that's what we did this back in 2000 you know anyway damn
uh i'm just reading that yeah that is an interesting one i was not aware that that
was is what the bug was yeah and this is the problem right when microsoft has uh you know
releases fixes every week you kind of think oh it's just standard yeah that's right but no um servers actually stopped working damn i was looking at this um
investigation launched into app selling women yeah and it's police in india have launched this
investigation into an app featuring images of women described as being for sale as maids
it's like an open source online auction platform oh my god yeah more than 100
women uh pictures more than 100 women were shared without their permission through the app
yeah i was looking at this so what this is this isn't a real auction it's more of a smear campaign
against oh wow because what it is it's's all of the women featured were Muslim women.
And it was basically set up by an anti-Islamic person or people who just wanted to.
So they stole their pictures, put them up there.
And the idea was to cause embarrassment and distress and humiliation to the people involved.
What?
The auction isn't real, but the website is there and it's causing that kind of distress.
Right.
So mission accomplished for the person who set it up.
Yeah.
Or people.
Pretty much, yeah.
Damn.
Some people just need to get a grip.
Jeez.
Well, I guess we can say it's just been a slow news week.
I think so.
That was this week's...
Industry News.
Well, we find ourselves crawling towards the finish line
with just this week's...
Tweet of the Week.
And we always play that one twice tweet of the week
so this is the story from a guy called nathan dane and i will confess the tweet is not actually
from this week but i got linked to it via another article for something that did happen this week
so tweet of the week is uh this guy nathan dane has actually
created a cfax replica so for all people who grew up in the uk uh maybe tom this was in your later
years you may yes cfax was sort of like this digital service that you would get when you only
had uh well probably three channels uh three tv channels in the old days
it's long before netflix long before digital tv um and cfax was kind of like a teletext service
um you'd get via you know a red button on your tv remote cfax was from the bbc teletext was from
itv and channel 4 ah okay right i never knew the distinction i just knew
which one you need to go to the jokes on channel 4 you'd get your flights on itv you look at the
news of the sport on bbc but i do remember like as a youngster um always on a saturday afternoon
you'd always have guys standing outside tv shops looking at the cfax football results coming
in radio rentals radio rental radio with the with the cfax on screen and the results coming in at
sort of 4 45 to see what the final scores were yes um so this service basically went down uh
this week but the guy that runs it runs it from a server from home. And it is such a good replica of the original in terms of like the way it scrolls through looking for numbers,
that how slow it is and stuff like that.
And the guy who wrote this was actually only 10 years old when CFAX was switched off as a service.
But the tweet I'm referring to is when Facebook,
WhatsApp and Instagram suffered a major outage back in October last year.
He posted a tweet that said CFAX,
however,
remains unaffected. And he had the page with the,
with the news story about all the services down.
But last year it did actually go down this week itself with the website overloaded with so many people on it.
But it's just a fantastic service.
But he runs it from his own home, doesn't he?
He does.
Yeah.
Yeah.
It's just amazing.
I'm looking at it now.
It's brilliant.
It's exactly how I remember it.
Link in the show notes.
And if you were familiar with CFAX, this is a link in the show notes.
Do you know when CFAX was first released?
No, definitely before my time.
It quite literally was, 1974.
Wow.
Okay.
So you'd got finished uni at that point.
Fairly static pages.
On your third CISO role.
But yeah, fairly static pages.
It was only in the 80s that they started to become more sort of
dynamic and you could you know program because obviously remote control was up till that point
on the tv was pretty pretty much just changed channel right and then you could start to input
page numbers and you know yeah and stuff like that but but it's great for TV listings and things like that.
TV listings, what's going on in your area,
all that sort of thing.
Even down to events.
I remember looking at CFAX to see something to do
that weekend in Bristol.
Do you know what I mean?
I'm sure that we actually booked a holiday
via either CFAX or Teletext.
You know they used to do the last minute holidays? I think either CFAX or Teletext. You know they used to do
the last minute holidays? I think that would
have been on Teletext.
You'd have to wait for it to scroll
round. It'd be like £290
all expenses to Lanzarote for
seven days.
This guy also has
code on how you can run it on your own Raspberry
Pi. So I might have to it on your own Raspberry Pi.
So I might have to dig up an old Raspberry Pi and have a go on this. Oh, my God.
Looks like fun.
That's exactly what you need, isn't it?
Another project to do.
I know.
I'm in the middle of about five or six at the moment.
That's a brilliant story.
I really like that one, Andy.
Thank you very much.
That's a brilliant story.
I really like that one, Andy.
Thank you very much.
I think this week's episode, we probably should add a disclaimer at the beginning. So anyone under the age of 72 or who doesn't live in the UK, probably not a much.
You won't get many of the references.
Yeah, yeah.
Well, we'll see from the listenership numbers whether or not we of the references. Yeah. Yeah. Well, we'll, we'll see from the, uh, from the listenership numbers,
whether or not we hit the,
hit the mark or not.
We'll see,
we'll see how,
um,
how motivated people are in the new year to listen to host unknown,
whether it,
whether we became one of their new year's resolutions to either listen to us
or not to listen to us.
One or the other.
We'll see.
We will see.
Gentlemen. Thank you very much for today.
It's good to be back, actually, isn't it?
It is.
It helps get back into the swing of things.
Yeah, it does.
It brings a little sense of normality back to life.
Jav, thank you very much, sir.
I hope you have a lovely weekend.
Thank you very much.
And Andy, thank you, sir.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
r slash smashing security.
You know, I'm going down a rabbit hole online to find out more about CFAX versus Teletext, because now it's the only time I can realise what the difference is between them.
Well, I'm glad I could educate you in more than a few things.
This week has been quite bizarre.
You just taught me the difference
between CFAX and Teletext.
You explained a French phrase to me.
Yeah.
You know.
To be fair, that's pretty basic French.
Je m'appelle.
Yeah.
I have no...
Yeah.
My name is...
I'll put the joke in the show notes.
No, don't.
Because I shared that on work
and everyone thinks i'm really
funny now so if they see that i got it from you and i had to get you to explain it to me then
you know i might lose some maybe i'll post um the whatsapp chat on it then
you gotta you gotta screenshot it quick because you know he's going back to delete it yeah
yeah