The Host Unknown Podcast - Episode 92 - Just The Two Of Us
Episode Date: February 11, 2022This Week in InfoSec (04:44)February 5th 2009 Come on Kaspersky, if you think you’re hard enough..February 5th 2009 The Sophos snowball fightFebruary 9th 2009 Hacked road sign warns of British invas...ion Rant of the Week (16:01)Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights.Hackers hold Hula Hoops hostage in cyber-raid on Britain's KP Snacks | Reuters Billy Big Balls of the Week (22:48)A woman accused of laundering billions of dollars in stolen cryptocurrency alongside her husband may end up becoming better known for her excruciating music career as a self-styled “raunchy rapper” called Razzlekhan.‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan | Cryptocurrencies | The Guardian Industry News (29:50)DDoS Attacks Hit All-time HighCalifornian College Attacked with RansomwareSANS Institute Launches Nationwide Scholarship ProgramICO Hit by 2650% Rise in Email AttacksAlmost $1.3bn Paid to Ransomware Actors Since 2020CISOs Reveal Biggest Challenges for Security Teams Tweet of the Week (38:58)https://twitter.com/d0rkph0enix/status/1491914588811501568 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Let me just arrange everything in one thing.
And you know what? I think I really don't mind us just having more of a chat today.
Yeah, absolutely. Absolutely. Who needs Andy anyway, right?
Who needs Andy? Exactly.
You're listening to the Host Unknown Podcast.
I'm the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host of the host very seriously, a slightly slimmed down version of the host of the podcast today.
We are Son Andy.
This is not slightly slimmed down.
This is more like we went in, had a gastric band put in,
and went on one of those two-week juice retreats,
and we have significantly slimmed down.
We've just got the loose skin hanging out everywhere this week.
We've had liposuction at the same time. Indeed. Yeah. Yeah. And made some bars of soap out of him.
Available in all good retailers. Yes. So we are Son Andy. So he's got far too much work on. I
haven't got enough work on. So, you know, the universe is in balance, which is absolutely fine. Jav, how are you?
I'm very good. I'm really happy. I had a busy week, but I'm winding down and I'm now clocking
off for two weeks after this. I know. He better be back next week. Otherwise, I'm screwed.
Well, yeah, you might be a solo podcast. Yeah, that's right. Then we'll see what the ratings do.
Yeah, well, we definitely need him for the show notes, if nothing else.
I mean, Andy, we waited and waited and waited,
and those show notes did not appear.
What the hell, man?
You had one job.
One job.
I don't know.
You just can't get the staff these days, can you?
No.
Speaking of can't getting the staff, how's your week been?
Yeah, it's been okay.
It's been okay.
Things are ticking over nicely.
We'll see how next week pans out.
Although next week I'm quite busy, actually.
I'm going to the UK premiere of a film you might be familiar with, Jav.
In fact, I believe you star in it.
Ooh.
Yeah.
Uh-huh.
At first I thought you were talking about The Batman,
but no, you're talking about The Inside Man.
The Inside Man.
Yes.
Absolutely, absolutely.
So I'm seeing the UK premiere of that up in London
with Mr Jim Shields,
friends of the show.
And I've got a concert to go to as well, which has been delayed a few times.
Something else.
Oh, and I'm going to the theatre next Friday as well with my mum.
Wow, look at you.
What are you going to see in the theatre?
Only Fools and Horses.
Ah. I know. They'll make a musical out of anything these days you know i'm glad my daughter
doesn't listen to this my eldest daughter because um i promised her a long time ago that i'll take
her to see frozen in the theater and i just haven't got around to it yet it's probably finished now
no no it's still there oh that's okay it's not like the mousetrap then
or it could be like the mousetrap knowing uh knowing the longevity of frozen in in my household
yeah yeah no it could be no so um so no hopefully when it warms up a bit i'll take it to see frozen
is there a joke in that no okay okay oh dear so what have we got coming up for you today well obviously apart
from a very short unstructured and uh uh maybe slightly more conversational show we've got uh
this week in infosec with stories from a good friend of the show, or at least he
is sometimes. Oftentimes we just
take the mickey out of him too much.
Billy Big Balls brings us the
Bitcoin of the future
and the fact that they've been stolen
and make even better music videos
than Host Unknown, apparently.
Industry News brings
us the latest and greatest news stories
from around the globe.
And Tweet of the Week gives you a little hint of what you can do with your passwords.
Okay, so moving swiftly on, we'll go on to the favourite part of the show, the part of the show that we like to call...
This Week in InfoSec.
Now, is it you or me doing this, Jav?
Because, you know, we're all over the place on this.
We are, we are. OK.
We've got absolutely no structure to this show whatsoever.
We never have structure.
It's always fixed in post.
Yes.
This is true.
It's all good.
So I'll start off with our first story.
And because Andy normally does this and he's not around,
we had to go to our friend of the show, Graham Cluley, at grahamcluley.com.
And he's got a long, long archive of stories.
So I went back to the year 2009.
I was going to say, this isn't even the oldest set of stories, is it?
No, no, no, this isn't.
But this was interesting.
So this goes back to february the
5th 2009 a mere click click click 13 years ago wow and the story is come on kaspersky if you think
you're hard enough and to to put this in context at the time, Graham worked for Sophos.
He was their chief editor, I suppose, or writer at Naked Security.
And he spent many a year there.
On the 5th of February 2009, enough snow fell in the UK for everybody to make 251,800 snowballs each.
I wonder if he made that up or if he actually calculated that.
That's fascinating.
Apparently, it's a calculation by Carol Vorderman.
Ooh, it must be true then. I'm not disagreeing with her no um so um sofas offices are in oxford um and uh you know it covered the whole area at night. So they then issued a challenge to a rival security firm, Kaspersky, whose offices
weren't too far from theirs, to a snowball fight. Excellent. Who won? Come on, who won?
Who won? Well, you have to wait for part two of the blog, which came out later that evening.
You have to wait for part two of the blog, which came out later that evening.
And Graham goes on to say that Sophos challenged Kaspersky, but they showed up about 90 minutes late.
Is that Moscow time then? Was that the time difference or something? I have no idea. Maybe the comrades took a bit of time to make their way over.
took a bit of time to make their way over.
But he did say at least one of their web developers did manage to hit them in the back with a snowball
as they were walking away.
This story has all the hallmarks of a bait and switch.
Like we are, we're building up to the clash of the titans here.
You know, we've got Sophos in the blue corner,
Kaspersky in the obviously red corner.
We've got, you know, and then enough snow to make hundreds
of thousands of snowballs each and nothing happens.
One snowball was thrown.
You know, one of the reasons I do like this story is that it's such good-natured banter between two rival security firms.
And they target the same customer base and very similar products in the same market space.
But I think there's a lot that we can learn from it.
market space. But I think there's a lot that we can learn from it. Nowadays, you sometimes see people, they're not as gracious or as loving towards their competitors in the market,
should I say. And at the end of the day, obviously, everyone wants to make money. But
ultimately, everyone just wants to try and make security a bit easier, try to reduce the risk for organizations.
And maybe people are doing it in different ways. They don't agree with each other.
But, you know, I think we can all agree that everyone's trying to do most people are trying to do a good job.
Well, well, exactly. And, you know, and I don't have personal experience of this.
I don't have personal experience of this, I hasten to say, but it does seem that a lot of marketing, and not just in this endpoint protection market, but across all of InfoSec, is focused on competitor bashing, not customer supporting.
And I think, you know, what this and there are many companies out there that do focus on the customer and do focus on, you know, where the MD is constantly saying,
oh, well, if you'd had our product and not their product,
you wouldn't have been attacked.
You wouldn't have become vulnerable to something, et cetera.
And it just seems it's very, it's just very, well,
egotistical and cynical, I think.
You're right. You're right. right and and you know I think it's
also something worth considering we talk about echo chambers a lot and when you're on your own
particular echo chamber whether it be twitter or linkedin or any other platform of choice
who exactly are you speaking to in that thing and who who are you convincing i mean i've i've yet this reminds me
of something it's it's it's sort of like a joke someone said that um you know how white van men
they they like to like you know um shout obscenities at ladies walking down the street
yeah so like they'll honk their horns they're always love uh something like that and and you
know you you've yet to meet someone who says like how did you
meet oh well i was walking down the street and i heard this horn and the guy lent out the window
there's a half eaten greg's on the dashboard and a rolled up paper of the sun saying oi oi love and
i just knew at that moment he's the one for me yeah yeah it's i remember seeing some of that
on a film it's like the guy in the passenger seat was like,
what is your end game here?
What do you expect will happen?
That she'll come rushing after you?
That she'll start waving and asking you to come back
so she can carry on your scintillating conversation?
What precisely are you trying to achieve?
Exactly, exactly.
So it's really something to think about if you go online
and you start saying our product is better than that shit product and that shit product and that
shit product you know i i'm genuinely curious to understand does anyone have any experience
where you've gone out and you've bashed a competitor and all of a sudden that's converted
into even one sale someone says that, because you bashed that competitor,
I knew you were the one for me.
Yeah, that's right.
Because I believe you when you say that your product is much better
than theirs because of the way you said it.
I have another story.
I have another story.
I have a story from the same February 9th, 2009.
Hacked road sign warns of British invasion, no less.
So, yeah, this is a story that first there were warnings or road signs that said,
zombies on the road ahead.
And another hacked road sign is spreading news
that the British are invading America.
Oh, my God, the British are coming.
According to media reports, an electronic road sign being used
by construction workers in Lubbock, northern Texas was hacked on Friday to display the message.
Oh my God,
the British are coming.
They are watching you.
A little bit of a copycat attack,
apparently,
according to Graham,
inspired by the high amount of media coverage that was received by another
road sign in Austin,
Texas,
which read caution zombies aheadion! Zombies ahead!
And Nazi zombies, run!
So, they said that these may seem like harmless fun, and I don't want to sound like a cool joy, but you can imagine how messing
around with road signs could actually lead to a dangerous
accident. This is Graham Cluley, the
Green Cross Codeman, pretty much, of February 2009.
So, yeah, it's quite an interesting one how such a small
and minor, this is a mobile unit.
This is, you know, it's a trailer that's towed behind a van
and put in a van that's probably just said,
what do I love, to somebody they passed on the road.
But it's put up while they do some sort of temporary road work.
So hacking that, it's either a complete inside job
or there's some really bizarre online or internet connections
with these kind of devices that allows them to do this
sort of thing but uh they certainly need to take better care of them both i wouldn't be surprised
if it just in the middle of the night someone just walks up to it pulls off the panel on the
back types in what they want and then closes it up again i think you may be onto something there
jeff i think you may be onto something but yeah I like this one especially
in America it's it's uh oh my god the British are coming now yeah they are watching you that's
that's definitely worth uh um it's definitely what would be really ingenious if the road sign was
hacked very close to a guns and ammo shop so people would be driving along see
their sign quick left or right whichever way they come off the the road over there well or which
side the shop is on yeah um and um start give me some muskets and and bullets because the english
are coming back the british are coming i'll have one of your finest muskets, please.
Dear yeoman
of the store.
It was good enough for my great-granddaddy
to get rid of the British. It was good enough for me.
Yep, absolutely.
No, very good. And thank you,
Graeme, for your stories
as always.
So, yes, that was this week's
This Week in InfoSafety as always. So, yes, that was this week's...
This week in InfoSick.
You're listening to the host unknown podcast,
Bubblegum for the brain.
And let's move straight on to...
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
It's a false to me.
This is from a little bit
last week, end of last week.
But bottom line,
and this is
not good, and I love
this headline from Reuters,
of all people, because there's nothing us Brits like more than a bit of alliteration when it comes to newspaper headlines.
But hackers hold hula hoops hostage in cyber raid on Britain's KP snacks.
Right in if you think you could come up with more H's in there.
write in if you think you could come up with more H's in there but yes, hackers are hitting Britain where it hurts
by targeting some of our favourite savoury snacks
like hula hoops, capybara, butterkissed popcorn
surely not, that's not very British is it
but knickknacks, knickknacks
anybody who's not very British, is it? But knickknacks, knickknacks. If, you know, anybody who's not in Britain,
who's never had knickknacks,
please look out for them in your favourite English aisle
in your supermarket.
They're amazing.
So the company behind these brands, KP Snacks,
has said that they've been hit by a cyber attack,
which could hit supplies.
This is not good.
I'm guessing this is because it's just going to slow down
the pain of supplies and all that sort of thing.
It became aware last Friday, so literally as we were recording,
that it was a victim of a ransomware attack,
where hackers gained access to the network
and held data hostage.
I'm sure they said in here somewhere that they take security seriously,
said the British firm, known for its crisps or potato chips,
brands that also include McCoy's, Tyrrell's and Pombear's.
If you've never had a Pombear, go find some.
Our internal IT teams continue to work with third-party experts
to assess the situation.
This is terrible.
Hackers, what on earth are you doing?
In fact, you're causing yourself problems, really,
because what are you going to snack on was you're hacking people right if you
can't get these snacks you're not going to be able to sit there you know with your with your you know
double wrist supports and your uh your ergonomic gaming chair and and darkness and your big bowl
of kp nuts uh and stuff so yeah this is not a great one at all it's not it's not it's and you know this is
something that really highlights how dependent we are on technology nowadays that you know because
i think they said that they're probably going to be slow or or recovering until the end of march
what yeah just go hit a hospital or something.
Oh, man.
But, you know, it's like...
We'll take that out of post, don't worry.
Yeah.
Really, dog?
I don't know where that came from.
Oh, dear.
But, yeah, go hit something else.
Just not stuff like this.
Go hit a bank.
Yeah, hedge fund hedge funds yes
yeah boris johnson oh yeah no they're uh but you know it's it's one of those things it's like
you see how interdependent everyone else sells on each other as well and like you know if 10
years ago someone said oh i'm gonna hack into kp snacks you'd laugh
so what's that gonna do yeah what are you gonna get a secret recipe to salted peanuts exactly
we get the peanuts and we get the salt and we mix it together that's right ingredients salt peanuts
produce in a factory that may that nuts. Yes, may contain nuts.
Yeah.
Allergens highlighted in bold.
But yeah, no, I think it definitely is rant-worthy.
It's like they have no morals now at all, but it's...
Yeah, I know you're criminals and everything, but blimey, you know, draw a line.
It makes sense.
I mean, if you think about it, these sorts of companies,
they're not heavily regulated like banks,
so they won't have the same level of security.
They're not critical infrastructure,
even though I think there's a strong case for saying they should be,
but officially they're not critical.
So you're not going to attract the attention of Interpol or the FBI
or, you know, MI5 because, you know, you had. they're not critical so you're not going to attract the attention of interpol or the fbi or
you know mi5 because you know you you had so it's it's a really good and it's a big company with
massive amount of money so they can afford to pay you yeah so it's it's a good target in that regard
it's you're not going to get bad reputation like like if you attack a hospital, for example,
and, you know, potentially endanger people's lives.
In fact, they could argue the opposite.
We're doing you a favour.
Without snacks, you're going to get healthier.
Healthier.
Like we need that at these times.
I know, I know.
Who needs health?
I don't want to live until I'm 90.
Are you seeing what's going on out there?
What do you mean?
You turn 90 next year,'t it exactly uh yeah but it's like because in december the spa shops spa wholesalers
uh for the americans it's a bit like a 7-eleven i guess yeah you know kind of kind of um sort of
cheaper end of the market and on many shop corners they were also hit uh
forcing the temporary closure of hundreds of stores in fact i believe we we covered it uh
at the time yes yes we did and it's like you know go hit a waitrose you know it's yeah exactly
exactly you're gonna make a bit more money out of them well i mean there are i mean a lot of
these spas are connected to petrol
stations as well so it's not like you know i suppose there's common point of sale oh oh that
was something we didn't actually talk about at the time that's a good point yeah but but again i
think overall like kb snacks it's a good target. A lot of money going through it.
Not heavily regulated.
You won't attract as much heat.
Yeah.
Yeah, absolutely.
Unless you get the spicy knickknacks.
Rant of the week.
This is the Host Unknown podcast.
The couch potato of InfoSec Broadcasting.
And we're going to move straight on to this week's...
So, two people arrested for alleged conspiracy to launder 4.5 billion in stolen cryptocurrency.
And, you know, it's a husband and wife team.
Heather Morgan and Ilya Lichtenstein were arrested.
And this is like,
the theft of these Bitcoins go back to 2016.
The Justice Department calls it
the biggest financial seizure ever.
I saw a really funny picture
on Twitter.
Someone had like,
you know when these police units,
they do these massive drug raids and they all stand around a table posing and there's like stacks of like cocaine and cash and guns and guns.
It was that picture is doctored where they're all standing around.
They're just a USB stick on the table.
So.
So anyway.
They they were doing this.
But what's really interesting, and I think we're sort of diverting
a bit away from the cyber stuff, but it's very relevant to Host Unknown.
So Morgan, the wife, has gone viral because,
not because of the money laundering,
but she is a YouTube rapper who goes by the name of Razzle Khan.
Razzle Khan.
Come on, come on, Dizzy Jaff.
Yeah, I know.
That's a ridiculous name.
On her website landing page, the description reads,
the infamous crocodile off Wall Street strikes again.
More fearless, more shameless than ever before.
She's taking on everyone from big software companies to healthcare to finance bros.
She wrote, Razul Khan is like Genghis Khan, but with more pizzazz.
I'm laughing because I did actually watch the video.
Oh, man.
So there's vlog-style videos in addition to rap music videos.
In one, she showed off her eyeball haul of prosthetic eyes,
which she says she planned to use for crafts in a...
And, like, anyway...
What do I collect stamps?
Oh, no, I collect, you know, TikTok video. I collect stamps.
Oh, no, I collect, you know, model trains.
I collect eyeballs.
So she's gone viral on that regard.
It's interesting.
She's on TikTok.
She's on YouTube.
Some of her songs are on Spotify.
You know, at this rate, she might be able to pay all her legal fees just from all the money she's going to make from the views and stuff.
Well, especially when she beats us again at this year's Pony Awards.
Exactly, exactly.
That's the thing.
Which, let's face it, is an inevitability.
Thanos and Host Unknown losing the Pony Awards are an inevitability.
Yes, that is absolutely right. But I think it's such a is it deserves a Billy Big Ball move,
not just because of the amount of cryptocurrency that they're laundering, but the fact that,
you know, criminals normally try to keep a low profile and what have you. But no,
here's someone that's an active social celebrity or you know wants to be an influencer and what have you
and uh on the other hand she's she's laundering money and i have to say i'm i'm you know as you
know i'm you know i'm not into uh much of the music that these rap chappies seem to be producing at the moment. But even I could tell this was not a good song or video.
This was, it was awful.
Maybe if Andy was here, he could tell us whether the lyrics scanned or not.
True, true.
I mean, yeah, you're asking the amateur of the group at the end of the day, really.
So, yeah, maybe he can tell us next week when you're not here.
When I'm not here, yes.
Yeah.
So did they steal it and then subsequently launder it?
Or are they laundering someone else's stolen crypto?
So according to court documents,
So according to court documents, they are alleged to have conspired to launder the proceeds of 119,754 Bitcoins that were stolen from Bitfinex after a hacker breached the systems and initiated
more than 2,000 unauthorized transactions. So it's unclear whether they were also involved in hacking it
and then laundering it or whether someone else hacked it
and then they were like, hey, for shizzle my nizzle,
we can launder that drizzle.
Which, having seen the video, wouldn't surprise me.
That's what I said.
It makes me feel like they're just the patsies here,
that they've been, well, I wouldn't surprise me that's what i said it makes me feel like they're they're just the patsies here that they they've been well i wouldn't say set up but you know hey you keep a large chunk of this dough you keep making those uh pony award winning um you know music videos
that you want and we'll we'll give you a whole bunch of cash to do so uh but if the shit hits
the fan you're you're taking the fall and I think that's exactly what's happened
because they don't look very professional, do they?
No, no, no.
It's like going to Rodney and Del Boy for chandelier fitting services.
Or to get them to run a vulnerability assessment of your network.
Yeah.
For that matter.
Probably just as much capability.
Yeah, these guys, they're the fall guys,
without a shadow of a doubt in my mind.
Yeah, yeah.
But yeah, so I think that's all I had to say on the matter.
Billy Big Balls of the Week.
This is the Host Unknown Podcast.
Home of Billy Big Ball Energy.
Well, this would be the time of the show where I'd ask Andy what the time was
in ever more complicated ways. But unfortunately, we can't because he simply doesn't have the time of the show where I'd ask Andy what the time was in ever more complicated ways.
But unfortunately, we can't because he simply doesn't have the time.
No, he doesn't.
Hasn't got the time for us, which I think is outrageous.
So, Jav, have you got the time?
Well, the sun's getting real low, big guy.
Well, the sun's getting real low, big guy.
I think it's that time where we head over to our intrepid reporters over at the InfoSec PA Newswire.
DDoS attacks hit all-time high. Industry news.
Californian college attacked with ransomware.
Industry news.
SANS Institute launches nationwide scholarship programme.
Industry news.
ICO hit by 2,650% rise in email attacks.
Industry news.
Almost 1.3 billion paid to ransomware actors since 2020.
Industry news.
VSOs reveal biggest challenges for security teams.
Industry news.
And that was this week's...
Industry News. And that was this week's... Industry News.
Wow. Huge if true. Huge if true.
1.3 billion paid to ransomware actors since 2020.
Let's assume that that's half and half.
So let's say 2020 to 2021.
That's half and half.
So let's say 2020 to 2021.
So that would be $650 million per year.
Is that right?
Yeah, something like that.
Yeah.
So that doesn't ring true.
Well, maybe, maybe. Because the first six months of 2021, $590 million was paid out, according to the U.S. Treasury's Financial Engagement Network.
Sorry, the Financial Crimes Engagement Network.
So, well, maybe, maybe.
But it's definitely gone up from that, what was it, $150 million that the FBI announced at RSA at the beginning of 2020, right?
Yeah, yeah.
But, yeah, it's really weird, isn't it?
Because it depends on the scope.
So I think the FBI were only tracking probably US.
US, yeah, absolutely.
And then it was only tracking the wallets that they knew about.
So those ones that are reported. Real figure likely to be much higher. Yeah. Yeah. Your investment could go up as well
as down. Yeah. Mostly up in the case of ransomware payments. Yeah. Yeah. I think what happens after
you've got past like a few hundred million, then the numbers really don't make any difference.
They're just going to go up and up and up.
Yeah.
The moment that they start to drop for two consecutive years
is when we should be paying attention because something's happened.
Either, you know, the problem has been addressed
a little bit more effectively,
or there's something else more profitable going on out there.
Definitely.
Which I think would be very, very interesting.
And the other one that intrigued me, DDoS attacks hit all-time high.
DDoS, really?
I mean, I guess it's an all-time high because it's such a,
what's the phrase?
It's such a commodity now.
You know, anybody can run Adidas.
It's really easy. It's not the black swan that it used to be many,
many years ago in the days of, you know, Anonymous and before.
But is that still the choice, the the attack of choice i don't know you know what i
haven't really heard of any significant ddos attacks or none none have been covered in the
news lately so i think the last biggest one was when mirai was around and you know they took down
krebs's website yeah that's right that's right uh took down his wordpress site exactly but uh but yeah it's
but as you say you know they've not been covered at all but maybe that's because you know the media
focuses on just what's um you know on what's newsworthy which is the ransomware stuff
indeed i was going to talk about the c-sales reveal biggest security challenges yeah biggest
challenges for security teams but um there's no bullet points i can read it's a it's a long form
article and it's it's based on a round table discussion so hells no but the what i will point
out though is like sands institute launches a nationwide scholarship program it's a
US nationwide program not a
UK or not an Uzbekistani
nationwide program not a
not a yeah
so whatever and it's
the SANS
HBCU Cyber
Academy
will give scholarships to HBCU
alumni and junior senior and graduate students
currently enrolled in hbcus right so it's a national scholarship program but just for their
people what's a hbcu hbcu isn't that a bank no you're thinking of the money launderers in Mexico.
Oh, yes, that's right.
This is...
Now, I'm just curious now, because...
Yeah.
It does seem to be a bit of a closed scheme.
Oh, historically black colleges and universities.
Ah, OK.
I take that back then.
It seems to be quite an open thing.
Okay.
Well, it's a good start.
It's a good start.
From the headline, it sounded like it was quite a closed scheme.
Do you know what I mean?
I thought HBCU was a qualification.
So did I.
Well, there you go.
There's our ignorance shining through.
Everything you come to expect from a host unknown podcast.
Well, good.
Good for Sans.
If it's the US based, well, that's probably the country that needs that kind of inclusion more than anyone, to be perfectly honest with you.
So, OK.
Yeah, I'm slightly less cynical about that headline now.
Indeed, indeed.
It's a good one.
Well done, Sans.
The ICO hit by 2,650% rise in email attacks.
Is a subject access request or a complaint about, you know,
Elizabeth Dunning, an email attack or just an email?
I don't know.
Oh, yeah.
an email attack or just an email i don't know oh yeah this is where where things get really um a bit tricky and i'll i'll just like divert a bit because this is uh i was talking to a colleague
yesterday on our internal slack thing and i mentioned something about i want to buy a dormant
volcano so that i can yeah you know what and he said do you mean dormant or do you
mean extinct and I say I mean dormant because like you know heating costs will be less yeah you need
an energy source right yeah exactly but he goes you know what he and then he told me goes actually
there's no concise or agreed upon definition between what is a dormant volcano and what is an extinct volcano.
Yeah, because they've both not exploded in recent history.
Exactly. But one of them might have a higher chance of actually exploding in the future.
Yeah.
Within 10,000 years, apparently, according to some.
Right. Okay. So that lava that you you wanted for dramatic entrances
into your dining room may come at a higher risk i know i know but i'll keep up my search on
evillair.com the agent was telling me that the more active a volcano is it doesn't appreciate
in value all that much over the years.
So if you're looking for a good investment, go for the extinct ones because there's less like because the active ones is more.
The longer you hold on to it, the more chances that it might explode.
And you can have to get your property underpinned as well.
The insurance costs are probably higher.
Yeah.
How much is number 10 downing street going
for on evilair.com i don't know i don't know it's uh apparently it's not listed as a residential
property it's only meant to be for business meetings and for business purposes only right
very do you know what that's a that's a good categorization to have in these times. It is. It is.
Anyway, excellent.
Thank you, Jav, for this week's Industry News.
The Host Unknown Podcast.
Orally delivering the warm and fuzzy feeling you get when you pee yourself.
So we come crashing, and I say that without a hint of irony, we come crashing into this week's...
Tweet of the Week.
And I always play that one twice.
Tweet of the Week.
And I have this one this week, and this is a tweet from Lena at Dork Phoenix
and also retweeted by Snipe, a friend of the show.
And this is a good one.
This is good, secure advice on how to create a password
that is going to mess up any attempts to attack it.
So this is in the famous Skeletor theme.
Sorry, meme, not theme, before Andy jumps on in the show notes, into the comments, which
you'll see in the show notes.
So add commas to your passwords to mess with the csv file they will
be dumped into after being breached until next time nice simple down to earth i think that's
brilliant i i like that i like that also semicolons because isn't there some that do
semi-co oh spaces no that's right spaces is the. Yeah, you know, it's a weird one because, I mean, not a weird one.
I think it's good advice.
I like it.
Yeah.
The problem is websites do not make it easy for people to, like,
to know what is or isn't acceptable.
There's a long list sometimes that's given, like,
it must contain upper, lowercase, a special character, and sometimes they'll give you a row of special characters that you're allowed to
use yeah and if your password manager is set to super complex and it uses all these weird
characters then it says oh no that's a bit too complex for for me uh choose something a bit with
with less special characters yeah i i think the the user design is just so important it's not good there
needs to be like a a standard module or something like that it must allow this many characters this
type of characters etc etc because there's just yeah it's it's too painful it is it is the one i
the one of my biggest bugbears is one where you put like a hundred digit
password in because that's what's generated and it accepts it,
but it only remembers the first 20 characters.
Yeah.
Yeah.
And,
but it,
but you've saved it.
So then when you go and log in again,
you've got the wrong password because it's taken in the full 100 characters
and said, no, that's not the password.
That's right.
Oh, God.
And it took me ages to work this out because it's like,
but I saved this.
He's right.
Okay, I'll do forget password, you know, forgot password
and do it again and again and again.
Oh, goodness me.
So, yes, not very good. I did read
on Twitter the other day, there's an account called Fesshole where people confess to things.
And one of them was, I'm a developer and my wife is a cybersecurity consultant,
I know the quality of the code that I create
is exactly the sort of thing that sends her into a mindless rage.
So true, so true.
But, you know, it's not just the passwords.
Like the other day I was filling out a form online
and it was to get one of these PCR kits for travelling.
Oh, God.
And the form was horrible because, say, for example,
it was like enter your email address.
I'd start putting in my email address.
I only got like the first two characters in
and there's a big red banner that comes up underneath it,
not a valid email address. And I'm'm like let me finish yeah let me finish it maybe if i tab off
it then you can say you haven't completed but i'm still typing it yeah stop stressing me out
yeah that's right that's right or things that you know you actually have to check a if you type your password in and um and then hit return it doesn't allow you to check the
box to say remember next time so you you go off and check that box it says don't forget your
password it's for goodness sake you know one or the other you know yeah exactly exactly poor design
poor ui and ux it's absolutely the other thing on there was the enter a date here.
But it's got the in grayed out.
It tells you what the format.
But as soon as you start typing, that goes away.
So you forget, like, was it asking for the letters of the month
or was it asking for the month number?
Yeah.
Do they want the full year, four digits for the year or two digits?
It was absolutely horrendous.
And I was sitting there, like, shaking my head. who qa'd this who who were the test users this
this should not have gone live but unfortunately that's just a lot of things and i think the
problem is that working in security we become blind to the security flaws that are like that
yeah yes we do because we just know what to expect oh hate it hate it anyway uh that was not
this year this week's rant that was this week's tweet of the week right we did it jav we did it
without him and without show notes he couldn't even see the cracks no No, no. I mean, that's about, you know,
you sound about as proud of doing it without Andy as like, you know,
a two-year-old when he's like, Mummy, I've done it.
Come and wash me now.
Yeah.
So, you know.
Come wipe me.
Yeah, yeah.
So I think that's the kind of level of skill it takes.
Yeah.
Yeah, exactly. Exactly. Andy, it's. Yeah, exactly.
Andy, it's all right, mate.
We got it.
Although you've got to come back next week
because Jav's not here,
so I'm not doing this bomb as well.
I could.
I could.
I think we might see some
of our ratings plummet,
no doubt.
You know, I'm going to steal a tweet
that I saw the other day.
I forwarded it to you guys.
You know, I think this applies to us right now.
It's like, my band is so indie, we don't even record together.
You have to buy three separate CDs and play them at the same time.
And I think that's what this podcast is going to turn into.
You're going to have to subscribe to three different podcasts
and then subscribe and play them all at the same time
to get the full Host Unknown experience.
Which is basically just three middle-aged men shouting.
You shout more than anyone else.
Well, this is true.
And two people just, all right, one middle-aged man shouting
and two middle-aged men rolling their eyes.
Okay, well, I'll give you that. I won't argue. I won't argue anymore.
Okay. First time for anything. Jeff, thank you very much, sir.
Looking forward to, I was going to say looking forward to next week,
but you're not going to be here next week.
So that's why I'm looking forward to it.
Have yourself a lovely couple of weeks away.
Thank you. Thank you. Stay secure.
Stay secure. Stay secure.
You've been listening to the Host Unknown podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
So you're going to tell Andy we don't need him or shall I?
Look, if we just remove him from the WhatsApp group
and change all the passwords on the Hosts Unknown account,
it's a lot easier.
Like he remembers those anyway.
No, exactly.
Just send him an email.
He'll read it in two years.
Yeah, yeah.
And then wonder why it's been a quiet couple of years.
Yeah.