The Host Unknown Podcast - Judas Priest! It's The Triple Crown!
Episode Date: September 17, 2021This Week in InfoSec (04:09)With content liberated from the “today in infosec” twitter account16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice preside...ntial candidate Sarah Palin, then posted her emails to 4chan.2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.Student convicted of hacking Sarah Palin e-mail accountSarah Palin email hackhttps://twitter.com/todayininfosec/status/13063605979158650979th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online.Then again, these travel locks never were particularly secure.Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photoshttps://twitter.com/todayininfosec/status/1303847394556219392 Tweet of the Week (13:06)https://twitter.com/yolkfolk_com/status/1438580784294735875 Sticky Pickle of the Week (18:16)Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like. It doesn’t have to be security-related necessarily.Better not be!Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.That is a Sticky PickleIt's time to delete that hunter2 password from your Microsoft account, says IT giantFrom this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services.That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.)That is a Sticky PickleRansomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anywayA couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator.In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data.That is a Sticky Pickle Industry News (31:16)Poland Extradites Alleged Botnet Operator to USUK Man Gets Five Years for Online Abuse CampaignWhatsApp to Roll Out Encrypted BackupsUS Locks Up Key Player in Nigerian Romance ScamApple Releases Urgent Patch Following Discovery of Pegasus SpywareMassachusetts AG Launches Probe into T-Mobile Data BreachMicrosoft Patches OMIGOD, MSHTML and PrintNightmare BugsAmericans Fined After Hacking for Foreign GovernmentHousehold Names Hit with £500K Fine for Spamming Consumers Tweet of the Week (38:05)https://twitter.com/snipeyhead/status/1437935968460304384?s=20 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Some people do the three peaks challenges where they climb three of the highest peaks in the UK within 24 hours.
Tom, you've made a significant achievement yourself this week, haven't you?
Yeah, absolutely. Do you know what? It's a lot harder. It's a lot tougher.
The training, the things you have to put yourself through, the conditioning, the bull crap you have to put up with all the way through.
But yeah, I have achieved the triple crown.
Which is what?
Well, this is my third podcast of the week.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to episode 73 of The Host Unknown Podcast.
Gentlemen, welcome one and all, Javad. How are you, sir?
I'm very good, very good.
I don't know why we have you here as a host, because clearly you're just like the floater.
You go to any podcast during the week.
I go to the opening of an envelope, let's face it.
Yes, that's right.
So, you know, I don't know why we even have you on this podcast anymore.
Well, I don't even know why I'm bothering.
I mean, I've done two podcasts this week already.
Two, well, the number three and the number two
in First Sec podcast of the year this week already.
I mean, why am I bothering with this one?
I will say, Jav, I have to say that Operation Trojan Horse
has been a success.
So what the unwitting people over
smashing security don't realize is that by using the industry news jingle from this show they have
now violated copyright uh obviously they use royalty free music we use heavily copyrighted music and at 5 29 tonight a takedown notice will be issued to
their isp for uh hosting uh you know copyright material so just in time for the weekend so
hopefully that'll bring them down for the weekend but uh yeah excellent work tom in getting that
over there yeah absolutely and when they take down all 243 episodes of their podcast hopefully
one or two of their listeners will come to us and um you know that's um that sound you hear
gentlemen is not uh the world record of a deck chair being folded it's uh graham cluley hitting
the deck and saying i give up please don't sue me so we we do have a proposal though if um
if um give us your sponsors no one gets hurt well there's that i i was thinking more like
we we bring smashing security under the host unknown umbrella of companies and it's a wholly
owned subsidiary yeah absolutely i think that's fair i think that's
fair that should work it's coming home boys so so i'm guessing neither of you both or rather both
of you are quite happy never being invited onto smashing security again oh as if we have ever
been invited you're the only one that gets there every other week or it feels like and he was invited you paid to go
on to it so how are you nothing to add okay cool what have we got coming up for you today
this week in infosec is another story about leaked photos but not the type you just thought of
you filthy little beggars have you ever found yourself stuck in a pickle or knee deep in a dilemma?
Don't worry, we have a feature here that is here to help. Industry News brings us the latest and
greatest security news stories from around the world. And Twitter of the Week ensures our food
is up to federal standards and thanks us for the memory. But just 48k of it, mind you.
And thanks us for the memory.
But just 48k of it, mind you.
Andy, let us move straight on.
This week in InfoSec.
Actually, before you start,
do you know what I really like about that jingle the most?
What's that? The royalty freeness of it. Yes was about to say now that is a jingle yeah that is you know that's one that you absolutely put out there and just you know create derivatives of
yeah you can't write a takedown notice on that jingle no no we know we know when to cross the
line so it's that part of the show where we take a stroll
down infosec memory lane with content liberated from the today in infosec twitter account
publicly available information our first story takes us back a mere 13 years when we thought
that the funniest thing that could happen to us politics was that sarah palin could become vice president. Alas, on the 16th of September 2008,
a 20-year-old David Kernel compromised the Yahoo email account
of US vice presidential candidate Sarah Palin
and then posted her emails to 4chan because, of course.
I don't think a sentence has ever said so much about the characters in the story.
A VP candidate with a Yahoo account and the protagonist of the story being a frequenter of 4chan.
This is a story of David Cornell, a.k.a. Rubico.
It went on to 4chan's message board in the early hours of September 16, 2008, claiming that he had read Sarah Palin's emails,
her personal emails,
because he was looking for something
that would derail her campaign,
is what his motivation was.
But after reading through her emails,
he basically said there's nothing there,
nothing incriminating,
it's all personal stuff and some clerical stuff
from when she was governor.
And this guy was the son of a democratic tennessee
state representative um but he was ultimately caught because of his own opsec failings uh
basically leaving incriminating evidence in the screenshots he posted to 4chan uh including his
own yahoo email address um but i guess the question on this one do you recall how he got into her email account
no was it was the password the name of her dog not for you well not far yeah so he basically
looked at her own wikipedia page um to get her personal data like date of birth schools that
she attended and these were the proof of identity questions that yahoo
needed yes oh my god it was like everything that was there uh you know you just read it and just
i mean this guy didn't sound like the sharpest uh sharpest tool in the shed um you know if we're
honest but uh yeah those security questions are awful i mean such a bad idea they are they're terrible i know let's ask security
questions about publicly accessible information on you yeah what school did you go to yeah what
school did you go to what's your mother's maiden name name of your first pet i mean geez come on
yeah so it um yeah but it's funny times but al alas, I mean, like I say,
would Sarah Palin becoming VP had been a bad thing,
knowing what we now know.
Well, it may have sped things up.
It may have sped things up, yeah.
But maybe we could have put guardrails in place, right?
You know, maybe things could have changed earlier.
Our second story is as if it were yesterday,
as it only takes us back six years to the 9th of September, 9th of September 2015, when the security of 300 million travel locks was compromised after 3D printing files were posted online.
Yes.
Yeah, you remember this right yeah so this is the story of um the tsa
learning a a basic lesson of physical security in the age of 3d printing uh basically you know
if you've got sensitive keys uh you know which happen to be master keys it can open the locks of
you know millions of locks that you've told told Americans they have to use when they travel.
I guess just don't post those pictures online.
And this is because the Washington Post unwittingly published, you know, with the cooperation of the TSA,
a photo of the master keys that they use in an article about the secret life of baggage in the hands of the TSA.
Now, that article was ultimately taken down later, but not before the image had been downloaded.
The internet never forgets.
The internet never forgets.
And yeah, there was a GitHub release of printable master keys.
So people were able to download those CAD files and print their own keys on a 3D printer.
Now, this was obviously a sensationalist story at the time.
But, you know, we know that if you take a step back,
you don't really use travel locks to secure anything overly important.
No.
I mean, they'll break in anyway, right?
Yeah.
The TSA is probably one of the most overfunded
and misguided security organisations globally.
What is it?
They miss something like 90% of all tested scans.
They've got some pretty bad stats, yeah.
Yeah, they are awful.
They're supposed to be more of a preventative.
You're supposed to see them.
A deterrent.
Yeah, a deterrent. It's one of the few things i agree with bruce schneier on total and utter security theater yeah yeah
you know it's an utter waste of time and then it's then they have the thing of the number of
tsa agents that have been caught stealing computers and iPads. Just the complaints they have to deal
with as well. Wasn't there a TSA agent
who
that, like, find my iPad was traced back
to her house? Yes.
More than one.
Multiple. Several times it's happened.
Yeah. The integrity
of that whole agency is dreadful.
I think they've done more damage for
airline security than good, to be honest with you. of that whole agency is dreadful and i think they've done more damage for you know um airline
security than than good to be honestly yeah you know not not that i have skin in the game on this
but but oh awful once once i had a really good security agent tsa agent because he had to look
through my bag and he was really chatty really nice really easy going and so while i
then he saw you're traveling with jav right yeah that's right but no no so then i went and i i i
found someone who looked like a supervisor and i said are you a supervisor here i said yeah
he said yes so oh can i um i just want to you know uh praise uh one of your agents i think you know
i'll give you some feedback he He was really, really good.
He said, oh, which one?
So I pointed him out and he said, yo, Dave, come over here.
And as he walked over, this guy literally said, oh, man,
what have I done now?
I said, no, nothing.
You were really good.
Look at relief on his face.
That sums it up right yeah yeah praise
is something you don't expect very very often no but actually on the topic of keys just just
winding back a bit there was actually a story and i was trying to look for it i couldn't find it but
where new york firefighter keys were were being sold online as well around four years ago and those give you access
to nearly every sort of like building in new york and lifts as well and elevators lifts the elevators
the the rooftop access um fire exits everything so um and those were being sold on ebay just
willy-nilly the thing is these things cannot be that hard to reverse engineer, right?
No, don't.
Surely not.
It's just the key.
Yeah.
Anyone can make a key.
Yeah.
I think the only thing is that people are – unlike, you know,
sort of computer vulnerability where you can sit halfway across the world
and just tap a few keys and be in this, you have to actually physically go somewhere and avoid CCTV and everything.
So it's, you know, I think that's the only saving grace here, really.
Not through any good security.
And that's barely one in of itself, right?
Yeah.
You know, ever since Mr. Barry Alaclava invented his new headgear.
Yeah. Oh,ar. Yeah.
Excellent.
Thank you.
Thank you, Andy, for that.
That was...
This Week in InfoSoul.
So I think we shall be moving straight on
to something that normally goes at the end of the show,
but let's just do it early.
Tweet of the week.
And we always play that one twice.
Tweet of the week.
So this week's tweet of the week, we've got,
well, it's a slightly sad story, if I'm honest.
Well, slightly sad, but also I think we should be celebrating this. But this week,
the legendary Sir Clive Sinclair died. For those that don't know, Sir Clive Sinclair
founded the Sinclair Company. He produced such classic computers as the ZX80, the ZX81 and the ZX Spectrum, all of which were a massive
part of my childhood, possibly even your two as well, since computers definitely didn't
evolve as quickly as they do these days.
And he sold and marketed the first commercially available electronic pocket calculator.
He then went on and he created a little, what was it called?
The Sinclair C5.
C5, that's right, which I desperately wanted.
I really wanted one as a kid, which is basically a little three-wheeler,
electric three-wheeler, it was ahead of its day,
which you sat down in, almost like a reclinable bicycle type thing.
You steered with a set of bike handles that were actually beneath your thighs.
And it was open.
In case of rain, it came with like a clip on rain hood.
Genius.
And he marketed it as the future of travel.
And I think in fairness to him, he was slightly ahead of his time
and slightly mismarketed because the public were the wrong people
to market this to.
It should have been marketed to airports or oil refineries,
anywhere with vast swathes of land where people need to get from A to B.
Nonetheless, I mean, that was his failure.
That was the one failure.
His spectrum evolved from a small metal thing with rubber keyboards
or a small plastic thing with rubber keyboards
into almost what we might consider
a fully-fledged computer today.
He used the microdrives as storage, which stored vast amounts of data
compared to a cassette and was able to access it very quickly.
These tiny little, well, if you've ever come across 8-track tapes,
which is the predecessor to cassette tapes.
It's an endless loop of magnetic media.
Absolutely fascinating.
He was a complete genius.
His products are definitely instrumental in getting me involved in computing,
although I realised from a very early age that I really wasn't into coding,
more into just playing the games and enjoying the tech. Paper yeah exactly paperboy uh jet set willy uh manic miner uh my one of my favorites
nodes of yesod which uh excitingly when you first loaded it up would actually vocalize nodes of yesod uh you know from the speaker which was
at the time we're talking the early 80s was astounding that a computer could actually say
words um so yeah just i think um i think even our our friend of the show and soon-to-be-served colleague,
Graham Cluley, I think he even started to write.
Graham wrote games for the Spectrum, I believe.
In the twilight years of his career.
In the twilight, yeah.
I mean, perhaps when we see him in court, he can correct us if we go wrong.
We'll have a little chat beforehand.
Yeah, yeah, yeah.
Catch up, you know.
It's not personal. it's just business uh there's there's a couple of um document well documentaries and dramatizations of his life of the names of which i can't remember of course
which are on the iplayer and things i'm sure this week uh as a result of his uh untimely passing that they'll be resurrected.
But an utter genius, absolute visionary.
If you can imagine Sir Clive Sinclair, if he was a young man today,
I think he would be a complete powerhouse and a real maverick
in the industry.
So we are poorer for him for his loss, but absolutely the whole, uh,
our whole industry has, uh, thrived, uh, because of him. Um, so yes. Um, thank you for the, the,
the memory, uh, Sir Clive, uh, all 48 K of it, or in my case, I had to get the 16 K spectrum
because you couldn't afford the 48. You had to get it upgraded later.
Yes, and
thank you very much,
Sir Clive Sinclair.
Very well said, Tom. Very well.
So, bringing
back a classic feature
of yesteryear, I think we did
it last year, let's move
swiftly on to...
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week
is the part of the show
where everyone chooses
something they like.
It could be a funny story,
a book they've read,
a TV show, movie, record,
a podcast, website,
or an app,
whatever they may like.
It doesn't have to be security-related necessarily.
It better not be.
I tell you what, I'm getting deja vu again this week.
I know, I know.
It's just the way we deliver it.
Yeah, yeah.
I'm going to go first this week.
So Brits open doors for tech-enabled fraudsters because they don't want to seem rude.
And this is a story from The Register talking about how Brits are too polite to tell phone scammers to get stuff, take a hike or sling Europe when they impersonate so-called trusted organizations such as banks.
when they impersonate so-called trusted organisations such as banks.
And that's according to a trade association, UK Finance,
which is basically saying that the number of impersonation scam cases has more than doubled in the first half of 2021,
which just sounds like a sticky pickle to me.
Yeah, and it doesn't surprise me either.
It doesn't to me. Yeah. And it doesn't surprise me either.
Doesn't surprise me.
The sticky pickle is, you know, should I be rude to this person and tell them to F off?
Or, you know, because it's probably a scam.
But no, I can't be rude because that's just not on.
You know, this is a really, a friend of mine, he was once driving and he was in the car with his dad and he was stopped at a red light just at the bottom of a hill and a car came from
behind and it was coming really fast and the guy didn't break quickly enough and he came and rear
ended him so my friend got out and he's really angry and he got out and he sort of like you know
in his anger he punched the bonnet off the car that hit him from behind. It was the crumpled bonnet.
And he's like, well, what's the matter with you?
Can't you see?
And there's an older gentleman, like probably Tom's age driving, so quite old.
And he was like, oh, I'm really sorry.
And what have you?
And then what have you?
And then it was like, forget it.
And he wrote down his details on a piece of paper and gave it to him, got his details, got into his car and drove off.
And later he got a call from the police and they were like, oh, we found your details in the pocket of this man.
And they're like, yeah.
Yeah.
Basically, he had a heart attack while driving, which is probably why he crashed into the back of his car.
Oh, my God.
car um oh my god and the reason i bring this up is because for ever since then whenever there's an incident of road rage even when he's clearly in the right he's always very polite to the next
person say i'm really sorry mate after you damn well and that's that's how it should be in real
i mean i don't mean to laugh laugh at his distress or anything like that,
but really sometimes all it takes is a little thing like that
to act as a wake-up call and say, look, just calm the fuck down, right?
Exactly.
So I apply the same principle here.
I say, like, you can lose a bit of money,
but don't lose your humanity in the process.
Yeah, but, Jav, you've got lots of money.
Yeah.
I'll tell you, you cut me up, I'll put a bat through your window.
You guys are monsters.
And then take your money.
Spend it wisely, my friend.
Spend it wisely.
Wow.
Let's move on to Jav.
What have you got?
Hang on.
Hang on.
Hang on.
I've got to say, andy that was a sticky pickle
that was a sticky pickle
okay so the next sticky pickle and um i i know i should have this up as a as a saying on the wall
but never discuss in workplace, especially,
never discuss politics, religion, and passwords.
But I'm going to break the rule and talk about passwords
or authentication, should I say.
As Microsoft have now gone passwordless,
they have fully embraced it.
And so they're saying, forget your password,
just use our push MFA.
Well, it's not really MFA anymore because they've
taken away one of the factors and they're pushing a code to your phone either through the authenticator
app or an SMS or even an email because we know how secure SMS and emails are. And the two factors,
apparently, they come in through the biometrics on your phone
and the phone is something you have and the biometric is something you you are and that
gives you access to the code so you're logging on with mfa although the problem is that if you
have someone's phone the mfa is the sort of biometrics revert back to your pin if you have one yeah so yeah
so biometrics isn't always the only way to you can open it is it no you fail the biometrics it
defaults to pin it does it does and pin is a very very weak form of a password um so the sticky
pickle is like have microsoft actually improved security or made it worse
by going through this well i i think someone has to go first i was about to say that and i think
you know whether or not this is uh this is an attempt that will go wrong and will be rescinded
and will be refined again etc etc or, et cetera, or whether it will
stick to the pickle in this case, I'm not sure. But someone has to go first. And the fact that
someone like Microsoft, a large corporation that actually has a lot of skin in the game,
a lot of people are reliant upon it, we may start to see a significant adoption as a result.
Because we've been talking about going passwordless since I started security.
Yes.
And to be fair, IPv4 IP addresses are going to run out before we went
passwordless as well.
Yeah, exactly.
Although technically they have run out.
It's just we found ways around it.
Yeah. Stop people from hoarding them. Yeah, exactly. Although technically they have run out. It's just we found ways around it. Yeah.
Stop people from hoarding them.
Yeah, exactly.
I disagree with both of you, I think.
Well, obviously.
Just last year, Microsoft said that SMS codes were unsafe for authentication,
and now they've adopted SMS.
They're allowed to change their minds.
One of the only forms of authentication.
But do you remember, Jeff, the HP Compact,
like in the early 2000s, like the original tablet,
and everyone's like, you know, they had like,
what was it, Windows XP Tablet Edition, right?
And people looked, some people like, you know,
picked up and said, oh, this is going to be the future.
Then overwhelmingly everyone's like, oh, this is rubbish.
It was the Compact iPack originally. Yes, the, this is rubbish. It was the Compaq iPac originally.
Yes, the Compaq iPac.
Yeah, yeah.
Then like 50 years later,
Apple came out with the iPad
and everyone's like, revolutionary.
It's a mobile computing device
that's genuinely mobile.
And it frankly worked in fairness.
Yeah.
Well, yeah, I mean, the tablet was...
It worked and it had an app store.
That was the main thing that got it doing.
Well, it did for the first couple of years.
That's where jailbreaking came in.
Yeah, yeah, yeah.
Sorry, I get lost in ancient history.
Yeah.
I was involved in the early days of jailbreaking, I'll have you know.
Ooh.
Oh, yeah. But you're talking about early days of jailbreaking, I'll have you know. Ooh. Oh, yeah.
But you're talking about the days of breaking Billy the Kid out of prison.
Yeah, well, he contacted me on his Compaq iPack with one of the sleeves
and a little sort of GSM module in there.
use a little sort of uh gsm module in there i had a a compact ipad with a pcm cia sleeve you you know and those old hairs and gray hairs in there and no hairs out there will know what a
pcm cia card is right which i put a gsm card in and a little headpiece and it was my phone i i would i would carry that around and it was
fucking heavy the battery was terrible and i loved it because i could you know it was all
through the graphical interface and a stylus and it was amazing um at the time anyway uh and and
then i resurrected my old 6310i my nokia 6310i and decided that actually
that was the future you need something with a battery life yeah with a battery life yeah and
then i moved to um uh the window well the o2 xda devices remember them yep yeah moved to those and
uh it was with after one of those when i had to reboot it again for something like the third time that day in order to make a phone call.
And I happened to see the iPhone, and it was like a revelation.
So, but yeah, wow.
This has turned into an episode of This Is Your Life,
featuring Tom and his technology friends.
Oh, my goodness.
You know, I eBayed all this stuff years ago.
I wish I'd kept it, but, you know.
Oh, dear.
Anyway, what I will say, Jav, is that was a sticky pickle.
Dude.
My story.
So ransomware crims are saying we'll burn your data
if you get a negotiator. can't be legally paid off anyway so
imagine you get ransomed all your files are locked out you've been told you've got to pay millions
and millions of pounds to unlock them the first thing you're going to do is to try and get hold
of somebody who can reduce that amount of money. And that's happened a number of times.
So Fat Face, for instance, they were ransomed for $8 million, I think it was.
And in fact, the criminals even said,
we know that you have cyber insurance to the value of $7.5 million.
Therefore, we think $8 million is reasonable. And they were able to negotiate it down to $2 million,
which I think is quite a stunning negotiation there.
But a particular gang at the moment, Grief Court, is the latest criminal crew to warn its victims with instant data destruction.
If it thinks that you have engaged a mediator, which is outrageous.
I mean, surely this is not how the modern criminal works.
Don't they know how the commercials of these things?
But this is like just the, as you say, it's the modern equivalent.
Remember in the old days, like you kidnap someone, you say no police.
Yeah.
Right?
If I see a hint of police, she's dead.
Yeah.
And that's pretty much what this is. Like this is your data. We've got it. If we see a hint of the police. Yeah. If I see a hint of police, she's dead. And that's pretty much what this is.
This is your data.
We've got it.
If we see a hint of the police...
Yeah, absolutely.
We'll send you a finger's worth of data.
Yeah.
We'll send you some bytes in the post.
But it don't work like that.
I don't know.
Well, I think what it does is it underscores the term,
the word criminal in the term cyber criminal.
Yeah.
We're going to start seeing a lot more contractors joining companies
at short notice.
Yes, exactly.
He's not a negotiator.
He's on a zero-hours contract.
Yeah.
Yeah.
But, yeah, really.
It's a sticky pickle. It is a sticky pickle what would you do what would
you do anyway anyway i'd stare them dead in the their cold eye cyber eye and say burn the data
i don't care it means nothing to me anyway absolutely call their bluff and you'd walk off
and in the background there'd be an explosion of your data.
All your data, there'd be ones and zeros everywhere.
And I wouldn't even look back.
Wouldn't even look back.
No.
Your hair would be ruffled from behind.
Your suit would be billowing around you with the pressure wave of data.
And everyone would be like, who is that guy?
But I don't know.
He doesn't work here.
Yeah.
He just picked up the phone
absolutely
don't you know
that's the
negotiator
oh well
very sticky
very stickling
indeed
good stories
good stories
I like that
ever found yourself stuck in a fickle knee deep in a dilemma Indeed. Good stories. Good stories. I like that.
Ever found yourself stuck in a pickle, knee deep in a dilemma?
Like and subscribe to the Host Unknown podcast while you figure out your sticky pickle.
Andy, what time is it?
It's that time of the show where we head over to our news sources over the InfoSec PA Newswire, who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
Poland extradites alleged botnet operator to US.
Industry News.
UK man gets five years for online abuse campaign.
Industry News. WhatsApp to roll out encrypted backups.
US locks up key player in Nigerian romance scam.
Apple releases urgent patch following discovery of Pegasus spyware.
Industry News.
Massachusetts AG launches probe into T-Mobile data breach.
Industry news.
Microsoft patches Omigod, NSHTML and print nightmare bugs.
Industry news.
Americans fined after hacking for foreign government.
Industry news.
Household names hit with 500,000 fine for spamming customers. Industry news. Household names hit with 500,000 fine for
spamming customers. Industry
news. And that
was this week's
Industry news.
Ah, huge if true. Do you know,
I almost said supermarket
news.
Supermarket news at one point. Supermarket news?
That's ridiculous. What what else what what an
idea absurd so i am just uh clicking so whatsapp to roll out encrypted backups this is probably
something which we have needed for a very long time yeah i don't get this so obviously it's encrypted in transit and then on on your devices
it's not encrypted and when i say backups to that because when it goes to iCloud i've not
clicked through iCloud every night unencrypted oh i see because because obviously i've not clicked
on the story i'm just looking at the headline but uh so so your unencrypted whatsapp chat which
obviously is unencrypted so you can
read it is then backed up as part of your regular you know backup yeah but it's uh oh i see okay
yeah shocking in this day and age that the backups aren't encrypted well shocking that
facebook are actually doing something that's um you know, positively for people's privacy.
Well, I think they're getting caught out, right?
They're probably doing data analysis on the backups rather than on the devices.
Yeah, exactly.
That's it.
Exactly.
And who's this key player in Nigerian romance scam?
I was just clicking into that one myself.
Do you know what?
key player in nigerian romance scam just clicking into that do you know what if if that person's locked up there'll be you know millions and millions of men and women around the world who
will be bereft um it would generally be saying like i need some money for for legal fees yeah
that's right it'll be an actual genuine email, yeah.
So, yeah, pleaded guilty to conspiracy to commit money laundering.
36-year-old man.
He's the manager of a group of money launderers.
Wow, I wonder if that's on his LinkedIn.
That's probably how they got him, right?
That's right.
Yeah, well, as you're going through the romance scam yourself, it's like,
can I speak to your manager, please?
I'm not getting the value out of this that I expected.
I'm not feeling loved.
Yeah, I'm not feeling loved enough.
Can you escalate?
Him and his co-conspirators used fake passports and other fraudulent ID paperwork to open multiple bank accounts under various aliases.
Okay.
That sounds pretty standard.
Yeah.
Why not?
Yeah.
So many of the victims who are elderly would wire money into the bank
accounts in belief that they were helping significant others to complete a
business project or return to the United States.
Damn.
Pretty standard, that one.
And these household names that were hit for spamming consumers.
So Sports Direct were one of them.
They were being charged for spamming people with those giant mugs.
Yeah, that's right.
But they were fined £70,000.
I mean, come on.
They don't have that much money, I'll be honest, Sports Direct, aren't they?
They can barely afford to pay their staff, isn't it?
Yeah, I'm pretty sure they're on the brink of collapse at some point.
They've been on the brink of collapse since they were founded
yeah well they're pretty much a budget well i say budget brand they're a fairly cheap um you know
brand aren't they no they have quality stuff they just operate on low margins yeah i mean audi is a
is a similar business model well they're not going out of business anytime soon no that's because
they're not run by an idiot. Yes, that's the thing.
Mike Ashley.
Yeah, that's him.
And then webuyanycar.com was fined 200,000.
Well, I hope that that was an estimate, and when it actually arrives, it's going to be significantly higher.
We took a look into these, and it...
Yeah, we analysed.
On the surface, we'd say 200,000, but now we've actually seen it.
It's going to be different to what we quoted.
Yeah, exactly.
And then that famous travel company, well, originally travel company,
but obviously branched out, Saga.
Saga Personal Finance.
So Saga was originally a travel company for the over 50s, wasn't it?
I wouldn't know.
You signed up to it like 20 years ago.
Well, and that's where the story that Saga stands for Sex and Games Abroad.
Interesting.
But I actually read that as Sage Personal Finance.
That's what I read. Honestly, that's exactly what I saw.
I just skimmed it. Yeah, I'm not here for the detail.
Because I know there's a Sage accounting software or something, and that's where my mind went.
Yeah.
Yeah, absolutely. Wow. Huge if true. there's a whole bunch of stuff in there
yeah very good well thank you very much that was this week's industry news
the host unknown podcast orally delivering the warm and fuzzy feeling you get when you pee yourself. Ah.
And we're going to now move on to our final piece. And because we
just love this one so much,
we're going to do it again.
Tweet of the Week. And we always play that one
twice. Tweet of the Week.
Cool. So this is mine.
And I thought we'd
give you something a bit more light-hearted
to end on.
And this is a tweet by our good friend Snipe, Snipeyhead, at Snipeyhead.
And she tweeted that there's a town named Sandwich in Massachusetts.
So there are literally police cars labeled Sandwich Police.
And there's actually a picture of him there as well.
It'd be even funnier if that was a picture taken of the car
outside a subway or something.
Yeah.
Sure, that can be photoshopped into the background.
Exactly.
I ordered a foot long and this is only, yeah,
whatever's less than a foot.
That sounds funny.
Fill in the details yourself, right?
I'm just the ideas guy.
And he's the IKEA version of it.
Gives IKEA jokes.
He gives you all the components and you have to assemble it yourself.
That's right, yeah.
But also, Snipey in this, she quoted in her tweet,
ASCAB, A-S-C-A-B.
What does that stand for?
So you know what ACAB sounds to, right?
Oh, right.
I'm guessing she's just inserted the S for sandwich.
Of course, hilarious.
Well, it is when you don't have to explain it, but, you know. Yeah, exactly.
I guess this is why you
like stuff fully delivered and spoon-fed right absolutely give me the story give me the back i'll
just deliver it i don't care i don't care excellent jeff thank you very much for that indeed good
we draw to a close.
Gentlemen, thank you so much for your time this week.
I like the fact we mixed it up a little bit.
And I'm looking forward to reading about our forthcoming court case in the news next week.
Jav, thank you very much indeed for your time.
Always as enjoyable as a visit to the dentist.
Yeah.
So you've gone to Andy's dentist now.
And Andy,
thank you very much.
Stay secure,
my friend. Stay secure. podcast if you enjoyed what you heard comment and subscribe if you hated it please leave your
best insults on our reddit channel worst episode ever r slash smashing security
this was like tom was you were really off-putting today because you couldn't find the buttons you're
in an unfamiliar environment.
You cocked up your lines.
I blame you.
I know Andy's going to come in and jump in for your defense for some reason,
taking the bullet for you today.
No, no, it's my fault.
It was my fault.
It was my fault.
No, don't say anything to little Tom.
Definitely Tom's fault today.
Well, I'm all podcasted out. What can I say i say yeah well that whose fault is that then
well all these wonderful people for inviting me on their shows except you jeff
no i didn't invite just you i invited host unknown on as a you know to take over i showed the clip
to eric yesterday and he was just like laughing so much
he was like this is even better than having me
on the show.
Very good.
Did he laugh more at the intro
rather than the content though?
Yeah, that's all he saw up until.
He's away at a conference, isn't he?
Yeah.
Yeah.