The Host Unknown Podcast - Unlucky Number Thirteen For Some
Episode Date: July 3, 2020Unlucky for some? Yes we were, as Jav turned up anyway.Kickstarting the economy and taking advantage of good samaritans.Jav talks about bug bounty profit in three easy steps.Thom receives some very, v...ery, very bad news.Thom talks about how our industry is becoming nicer to us normal people. https://www.linkedin.com/feed/update/urn:li:activity:6679522900304814080/Award winning industry news from our InfoSec Stig.Andy makes it all serious again with privacy & DuckDuckGo.This weeks sponsors could have been Tesla and British Airways.Jav drops the ball on The Little People. You had one job,  Jav. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Well, what was his last message?
This was like 10 minutes ago.
I'm on my way, waiting for you to sort out the twerk issues.
I think he's trying to say tech issues.
That's right.
Yeah, we should just kick off without him.
Yeah, I think we should.
Okay.
You're listening to the Host Unknown Podcast.
The Host Unknown Podcast.
Hello, good morning, good afternoon, good evening, wherever you are.
Welcome to The Host Unknown Podcast.
And welcome, gentlemen.
Well, when I say gentlemen, gentlemen, man.
Andy, how are you, sir?
I'm not doing too bad, thank you It's been another productive week
I think the belief that, you know, with lockdown rules easing
Everything, you know, sort of returns to some form of normality
Has been well and truly dismissed
With Leicester re-entering the lockdown
Or having, you know, what shall we say
Additional restrictions imposed on
them um and where we are is is the new normal um so indeed you know indeed the the phrase that
we've all said what we hate yes normal but actually it is it's just some weird crap it's it's um it's
bizarre because we keep talking about you know oh we'll have to do this when the lockdown ends and blah, blah, blah.
But I don't think it's going to end.
I think it's just going to sort of vaguely fizzle out.
And before we know it, six months later,
we still haven't met up with our friends because we're so used to just,
you know, chatting to them on Zoom.
Yeah.
And it is, as you say, it's that phrase that we all hate.
But it's almost like that phrase back in April or, you know, March, April,
unprecedented times.
The new normal.
Oh, he's here.
Oh, hello, good morning, Gerard.
Glad you could join us.
We actually got bored waiting for you 25 minutes late.
I only woke up 10 minutes ago. I did get concerned
when you responded to that message at three in the morning and I thought well if Jav's late
are the best of times. So Mr Malik how are you sir? Trying to pretend that I'm fully functioning
and awake that's how I am.
So we should expect the same level of wit and charisma from you as you normally do.
Absolutely.
So I'll be at your level today.
Oh.
So, Mr. Langford.
Well, sorry.
I know you were probably going to say something funny there.
Should I let you continue or should I just?
Oh, well, I think the moment's gone.
I was just going to say, you know, my energy levels are down because i've been a bit busy this week and i was actually gonna segue into that you know you've had quite a busy week uh you have i have i've i've i signed
a lease on a new flat and i'm moving out uh i had to hire a van to buy a whole bunch of new
furniture and stuff like that so i'm um if anybody needs advice on ikea of new furniture and stuff like that. So if anybody needs advice on IKEA flat pack furniture
and how to construct it, just tweet me, email me, give me a call.
I know everything.
In fact, I think the tips of my fingers have turned
into little hexagonal bolt drivers.
It feels, and I'm dreaming, know about the uh the little cartoon man pointing
at something with a exclamation mark over his head you know oh man it's crazy but uh uh yeah
it's slowly coming together um getting uh uh as is my um my bank balance rather it's going down
and my credit card balance is going up as we the buying stuff yeah so i'm thinking this is um obviously well it's the equivalent of an independent contractor being furloughed
uh during these unprecedented times in this new normal um and you know you used to be the
the group see so for a global uh you know 12 billion euro annual turnover powerhouse um and yet where everyone else is kind of saving
money you seem to be out spending it uh expanding your property empire and uh purchasing new
furniture it's called kickstarting the economy isn't it right okay you're doing your bit yeah
yeah i am doing my bit i'm i'm you know those the, the IKEA workers are not going to be without this one.
In fact, the guy at the checkout, I went with my son.
We had, in the end, we had six pallet worths of stuff.
And he said, you've spent more than anyone since we reopened the week before last
this is not good um but you know when you chuck in any complimentary meatballs or anything like
that you'd think you'd think wouldn't you but uh yeah when you're presented with a completely
empty uh flat it's uh you you to fill it with some stuff, right?
Although I could probably have filled it with, you know,
piles of cash.
It would probably have been cheaper.
Well, it's funny.
A lot of places are not taking cash at the moment.
No, no, you're right.
I've been using the Nextdoor app,
which was introduced to me by a friend of the show, Leanne Galloway.
And on it, there's like a big story which is blown up.
And there's actually quite a few comments on it, people experiencing the same,
where an older gentleman went to pay for his petrol in the petrol station.
And they said, sorry, we don't take cash.
We don't accept cash anymore and this guy
didn't have any credit cards or you know debit cards or anything uh and a very kind stranger
uh paid for his fuel for him um so here's the thing you know an older gentleman you totally
get it you know might not be you know might not exactly have an apple Watch, etc. But your pension and all of your allowances
are all paid directly into an account.
Yeah.
And often you actually have, you know,
that said card, that account will have a card.
So I'm not sure.
Listen to this government shill.
I reckon, no, no, no, no, no, no.
I'm being very cynic.
I think I'm going to rebrand myself as the infosec cynic.
Sounds good. Sounds good.
You're not being done before.
You up for a legal fight?
What he's doing...
I am, but I know the person who would be putting the legal fight up is not.
You're talking about Graham Cooley?
Yeah, that's right. Friend of the show.
He folds like a deck of cards.
You're talking about Graham Cleary?
Yeah, that's right.
Friend of the show.
He folds like a deck of cards.
But I reckon what that chap's doing is he's going round shops and looking like a confused old man.
He's only spending like 20 quid, so it's not going to be much.
In a given day, he's probably getting through a couple hundred quids worth
of provisions and petrol and all that
sort of thing so well played that man he should be our see that that's where you missed the trick
at ikea didn't you yeah it's right oh is it cash is it not cash i've only got cash so it's uh i
know you're saying that you know cynically uh you know about that, and there's an actual story where a friend's son,
who's an older kid, who has special needs,
which he goes out.
But he is an independent adult as well,
in terms of he goes out and about know doesn't need full-time care
but he has his parents referred to as a party trick where he goes to um sort of amusement parks
or fairgrounds and things like that and then tells a police officer that he's lost um you know he
needs help um but then while they're waiting and sort of calling around he'll sort of say
oh i'm so hungry like while he's standing in front of a waiting and sort of calling around, he'll sort of say, oh, I'm so hungry,
like while he's standing in front of a burger stand sort of thing.
Apparently this is something that he'll do quite often when he goes out,
when there's a fairground in town or something.
He's quite renowned for it now,
that he'll always pretend to be lost and play on the sympathy of others.
But yeah, you might be right.
Maybe this old guy is pulling a scam.
You know, that reminds me of something.
This is like going back a while.
This is before Oyster Cards were out.
But a friend, his cousin, he was in a wheelchair.
And he was independent.
He could move just like he couldn't walk.
But he'd go on the train or the tube and when you get to the gates uh he'd go around to the to obviously the
big one with the staff one and he said could you open it he says where your card and he had a
backpack hanging on the back of his thing and in the front zip he said it's in the front zip and
there was a hole in the bottom of that pocket.
So the guy would go to say, oh, there's nothing in there,
and he would, like, act all distraught.
Oh, my God, I can't believe it.
Someone's stolen my travel card.
And they'd be like, oh, that's all right, and they'd open the gate, and he'd get through.
What, and he'd have to do it again at the other end?
It's a plausible story uh it's a plausible story
no he so where he lived he got on a overground train where there wasn't any barriers and he
got off at a tube station i think it was something like that they must catch him sooner or later
because there was that guy who um commuted in from i don't know yeah zone six or outside or whatever but because there were
never any checks and he knew that there weren't ever any checks until zone two he'd just buy a
ticket from like zone two but the um he was actually caught because the staff noticed a pattern
yeah of him coming through so i can't remember how they but it was basically
observations from staff
that caught him, and he was fined something like
60 grand because he'd been doing it for 10 years.
Yeah, they've got some very clever forward
detection
forward detection
work that they do in the
underground. There's a great program
like a Channel 5
program about this,
like Fair Dodgers or something like that you'll probably
find five on demand um but similar sort of thing you know that they recognize patterns where people
come in um you know swipe in swipe out certain locations but only have a particular type of card
but um yeah i mean the data's there it's uh you know whether you got time to go through it
see it's it's all down to machine learning and AI.
And AI.
And this is why the government wants us to stop using cash
and only use cards.
And this is why they want us to download these COVID tracking apps.
And it's all in the 5Gs.
You heard it here first, folks.
Anyway, talking of frauds jav um i believe let's move on to tweet of the week shall
we because i believe uh you've got a you've got a doozy for us sir i do indeed tweet of the week
so i know um both i'm not speaking to both of you who aren't experienced bug bounty hunters,
but for...
As opposed to you.
Yeah, as opposed to me.
Who sent me his pineapple express
because he couldn't make it work.
It didn't taste like pineapple.
And it wasn't pineapple express,
it's just called A Pineapple.
That's a movie you're confusing it with. Oh, that's why it wouldn't Pineapple Extras. It's just called A Pineapple. That's a movie you're confusing it with.
Oh, that's why it wouldn't play.
Anyway, someone sent a tweet, which I can, well, it was just a comedy. It was just a joke.
And their joke was how to get a P1XXS in 10 seconds.
So, Tom, that means how to get a priority one,
like the highest level of cross-site scripting on a website.
I know.
I know this part of it.
Okay, cool.
Cool.
So they say find a site, open port 80, and visit via Chrome.
Hit Control, Shift, and J j and that brings up the console
in the console type alert bracket hacked and enter and that little pop up a little pop you
know a little pop-up box saying uh hacked and it goes boom p1 cross-site scripting easy as that
P1, cross-site scripting, easy as that.
Give me my money.
Give me my money.
And it was funny.
You know, you just look at it, inside joke, ha-ha.
And then there's a guy called BitQuark who works at Tesla,
and he says, someone just reported this to us on Tesla.com.
Oh, my God. If you don't buy a ticket you can't win the lottery yeah that's right that's right
but um but you know i think that that's one of the things so this actually kicked off a bit of
a debate amongst people as it does like you know i think even the wind blowing in a
in the wrong direction kicks off a debate.
Everyone's got an opinion.
Yeah.
But, you know, some people are like, well, this is just stupid.
And this is why we should restrict who gets to submit, you know, on bug bounties.
And others are like, well, it's the job of the bug bounty platform to filter these out
uh this is exactly what it's for it's for young people to to practice and try and you know even
if they have no experience um they can have a pop at that stuff so it was an interesting debate
um i don't know which which side of the fence do you gentsens, sit on? Me, personally? I sit on the side of the fence.
It was a joke, and just accept it for what it is.
I don't think it should have gone that deep.
But this is just my general feelings of social media.
I mean, I didn't get the technical aspects of it,
but I knew it was a joke.
This reminds me of the time we went and saw steve lord presentation tom steve no no that wasn't steve lord it was he was making the heisenberg
reference at one point oh that one is that security oh you? Oh, you're thinking of the other one. You're thinking of punking Punk Buster.
No, no, no.
I'm thinking of the one where the guy was doing stuff to hard disks.
And this is at 44Con.
And so basically whenever any forensic tool was run on a hard disk,
it would print out the lyrics to We're Never Going to Give You Up.
It basically hit roll.
But the guy was doing this live on screen
and tapty tapty tap tapty tap tap hit return and something happened and everybody burst into
applause and i was like what did he do i have no idea all i can see is that he pressed a button
and the lyrics for you know never going to give you up came up. What's impressive about that? You know, that's print 10 print,
never going to give you up,
whatever.
So I just didn't get it at all.
Had it been in Cobol,
you'd have been all over that,
right?
Or stone.
Yeah.
Oh,
very good.
We like that one.
Thank you,
sir.
Tweet of the week so i'm gonna bring it down a level i'm afraid right now i received some very bad news last
night oh dear um to say i was well almost beside myself with grief.
And I was just very, very upset.
So the email came from British Airways.
And it informed me that I have now been downgraded to silver.
Oh.
Let's take a moment here, folks.
Wow.
Sorry. F. F for for respect i'm just uh
wait are you did they not extend your status because of the current pandemic
no what they did was which i guess was quite clever of them because actually they probably, they probably didn't get out of pocket at all was they,
they reduced the,
the number of,
um,
points you need to obtain points required to maintain status.
Um,
so basically they were saying you don't need as many,
you don't have to fly as much to maintain your status.
Uh,
of course nobody can fly at all during the last three months
um so but but uh but what they did do was that they added 12 months so i've now got two years
of silver uh but nonetheless british airways um you know if you're listening if you if you're
you know a fan of the show which i'm sure you are because we're always talking about you,
please just make an exception.
Just push me back up to gold.
I might not be flying for the next nine months, but you know.
Exactly.
That is harsh.
Part of my identity.
I thought they kept everyone's status as is.
No, no.
That's harsh.
So I know my status has been extended for another year uh yeah but you'd made your points didn't you um do you know what i'm actually shy about
100 points uh which i would have got in um but they the end of march reduced the requirement
yeah so yes so for the next tier yeah so to renew it the next tier i mean bear in
mind my tier point end isn't until uh november anyway um yeah but uh yeah i'm about 100 points
shy of renewing if you check log in you you should see that it's actually 25 percent lower than it
was oh it is yeah no absolutely yeah but it's probably you know for the for the next um yeah
for the reduced number but they did send me an email saying that you know it's probably you know for the for the next um yeah for the reduced number
but they did send me an email saying that you know it's uh you know tough times rule but we
are going to extend it um yeah anyway oh dear my heart is bleeding for you guys hey this is i mean
you're used to slamming it with uh gen pop in the airports but uh well it should be bleeding for me not not not for andy andy's still
gold yeah that that's true that's true but um you know the speaking of travel so a long time ago and
i think it might have been last august or september i applied for the u. US oh yeah it's fast speedy entry or whatever yeah the speedy
entry the uh how's that working out for you and you know what it it said on the application it
would take like six to twelve weeks or something like that so I was expecting you know last year
I'd get it and no it didn't come through surprise surprise you know brown man with funny name tries to get
you know global clearance you're actually declined were you no i didn't i didn't get
control i just didn't hear anything and um last week i got the email saying oh you've been
temporarily accepted now make your way to one of your uh centers for the interview one of the u.s
airports exactly oh man and by the way this invitation is only valid for three months yeah One of the US airports you have to do in person. One of the US airports, exactly. Oh, man.
And by the way, this invitation is only valid for three months.
Yeah.
That's brilliant. I think it's valid for a year, but I'm like, yeah.
It's like, how much?
It's not going to happen.
I know the US were cancelling visas for people that actually had tickets.
So at the start of the pandemic, you know,
once the US had rejected, you know, UK of the pandemic uh you know once the u.s had rejected um you know
uk nationals or you know people from europe a lot of ba flights were still shit you know hadn't been
cancelled yet so people still had bookings and so people are then receiving emails uh you know from
border patrol or you know whoever you get that uh waiver from yeah and saying that uh you know, whoever you get that waiver from. And saying that, you know, we've now revoked your waiver
because you're attempting to travel against, you know,
US policy or whatever.
And so people are like, look, BA, what are you doing?
You've kept our flights.
You know, this is causing us problems.
Never actually followed that through to the outcome.
But yeah, certainly the US don't want people
from our side of the world at the moment.
The problem those people had was that they weren't Nigel Farage.
Yes, they don't have friends in low places.
Exactly, exactly.
Yeah, dear me.
But yeah, so Javs, it sounds like your application for whatever.
Global entry.
Global entry, Global entry.
It's probably about as useful as my
Estonian e-citizenship.
How has
that worked out for you? It's been a few weeks now.
What have you managed to do?
The box it all came in has been sitting
very nicely in my cupboard.
Excellent. And you've just not
done anything with it, no no i've been moving house and
everything you know well it really does uh give you mobility yeah it's right no i've logged in
and stuff and i've i've checked out how it works i've signed a few things but you know
um i've not looked at it at all if i'm honest on the furniture you bought from ikea couldn't
if you used your Estonian citizenship to
claim back VAT or something?
Ah, you see, it's not a citizenship.
It's
e-citizenship.
Okay.
I now feel like the old guy
who doesn't know
you can't pay this cash. No, hang on. It's e-residency
not citizenship.
So what it means is I can hold a bank account No, hang on. It's e-residency, not citizenship.
So what it means is I can hold a bank account and stuff like that in Estonia and start a business in Estonia and all that sort of thing,
but I don't have citizen rights.
What if you just married a lady from Estonia?
Wouldn't that be better?
Yeah, it's so much easier, Tom.
Well, that is plan B.
So, for all our Estonian fans listening to this show,
check out Tom's Tinder profile.
Send him your TikTok videos,
and maybe we can make this the love channel.
Nothing wrong with TikTok.
Nothing wrong with TikTok.
And maybe we can make this the love channel.
Nothing wrong with TikTok.
Yeah, that's what the head of the Red Army says anyway, isn't it, Andy?
The People's Republic of... The Democratic People's Republic of China.
Oh, yeah, DPRC.
Is it also...
What about Korea?
Is that the DPRK? Is that correct? It is, yeah, DPRC. Is it also... What about career? Is that the DPRK?
Is that correct?
It is, yeah.
Yeah.
Yeah.
Okay.
Right, I reckon we should move on now.
Because after that little cul-de-sac we've just entered.
Let's do this.
Billy Big Balls of the Week.
All right, this one is mine and i'm it this is actually quite a serious one i'm gonna say so uh it's from linkedin uh a friend of mine on there truly palmer uh she posted something it was actually a couple of weeks ago um but um she posted something
on there which I was involved in because I was chatting to her about it beforehand and
convincing her that it was probably a good thing to do but about sharks and toothbrushes
uh no no no it's it's even a little bit more serious than that okay incredibly I was trying
to find the link between you
and, you know, giving someone else advice.
It was...
Oh, no, this is about alcohol.
Oh, okay.
So I've known Trudy for about five years now.
Used to be good drinking buddies, et cetera.
And as many of you know,
I stopped drinking uh just over
or nearly three years ago now wow and um and she stopped drinking three years ago uh to the two um
three years and two weeks ago and she wanted to celebrate the fact and she wanted to uh post
something on linkedin but she was really worried. She was worried about the reaction she'd
get, et cetera. She's just started her own business. You Unify Limited, it's all starting
to come together, et cetera. But she posts that. I'm not going to read it all out. What I'll do is
I'll put a link in the show notes for folks. But basically, it was a celebration of the fact that she has been three years sober um and
actually it's you know best decision she ever made blah blah blah um and also you know reaching out
to anybody else who might be in a similar position um to sort of say you know chat to her it's it's
all good you know be kind smile and have happy thoughts um you know all that sort
of thing she was really concerned that she might get a bit of a negative backlash which says a lot
about the industry well exactly i think it says more about the industry it does about her actually
or more about certain elements of the industry uh she's had since had um 640 reactions and 88 comments
all well and all of the comments are not just positive but overwhelmingly positive
um very very you know just here's some of the words you know amazing um you know uh proud um well done um there's lots of amazings in here i have to say i'm looking for
incredible congratulations fantastic achievement you know all that sort of stuff and i think it's
really good i think um i think actually we're starting to see a little bit of a uh there's a
sort of shift in attitudes and not only in our industry
but probably elsewhere as well and i think possibly lockdown has had something to do with
this because you know was it i heard the other day you know please can the pubs be open before i um
you know turn into an alcoholic because everybody's at home right and what else are you going to do
um who would have known that the pubs would have been the cure to the nation's because everybody's at home, right? And what else are you going to do?
Who would have known that the pubs would have been the cure to the nation's fall into alcoholism?
I love that.
So, yeah, I just thought it was, one, it was a really,
it was a Billy Big Balls move just to put something out there
in the first place.
But also, I think the Billy Big Balls goes just to put something out there in the first place but also I think the um you know
I think the Billy Big Balls goes to you know everybody who responded or even everybody who
read it and smiled and agreed or you know felt happy for someone because frankly I think you
know we're not just talking about um you know alcoholism or mental health or anything like that
but I think uh if nothing else the last few
months has taught us that people have personal lives people have and personal lives are complicated
yeah um and actually um we can we can still get on and succeed so without wishing to be sort of
over dramatic here i just thought i wanted to celebrate uh uh trudy's accomplishments and also everybody else
who commented and supported her uh in in her statement so yeah that was my billy big balls
and a good one at that yeah good point well made yes especially the third point, right, Jeff? Yes, yes. Jeff remembers the days, what it was like.
Big balls of the week.
He remembers those days of drinking,
you know, getting blackout drunk.
I remember the days of Tom drinking
and getting blackout drunk.
I remember being at a conference
and as the evening wore on,
me and Andy started to socially distance ourselves more and more from Tom. you don't know him no never seen him well you know you know
it's bad when um when i'm telling you it's time to go home like you know that's uh like in terms
of uh you know sort of longevity going out in the town uh you know i'm all up for a big night but uh i do remember that one time in sheffield somewhere where i was like dude i'm going home it's like you
know five in the morning yeah it wasn't good no the one thing i had going for me the one thing i
had going for me was i was a pretty happy drunk oh yeah of course yeah there's nothing worse than uh
yeah aggressive yeah yeah yeah i i once worked with a fella this is going back 20 years There's nothing worse than aggressive. Someone turning nasty. Yeah. Yeah.
I once worked with a fella, this is going back 20 years,
and this fella, nicest fella you could ever get to meet.
You know, such a lovely guy until he got drunk.
And he'd get all fisty.
Right.
And in the end, his office nickname was knuckles not not a particularly good one to be getting uh yeah exactly and and honestly when you did see his
knuckles they were they were fucked up right they were seriously because he he'd hit anything even
if it was a wall um so yeah the uh the company dues were interesting yeah and i think a lot of that you
know historically uh particularly infosec conferences have always encouraged drinking
um massively you know going back to defcon back in the day you know it's a big drinking culture
yeah yeah it's just kind of everyone replicates it's all well and good you know it's you know alcohol's great i bloody love the stuff yeah you know but i think it's uh provide options every
well one provide options and two not everybody can um i don't want to say be trusted but not
everybody reacts the same way yeah you know to alcohol and i think you know there's um you know when when an event is defined
by how much you know how much the bar was open or whatever um that's when it gets you know becomes
problematic you know there were events used to go to just because they had an open bar and didn't ask any questions. That's not good. That's not good. Yeah.
Good times.
Oh, dear.
Right.
So you could have just recorded this episode without me.
Sorry, bear with me a second.
Sorry, my bad, my bad.
Hello.
This is an automated call from the NHS Health Service.
Your sexually transmitted infection tests results are the following.
Chlamydia, positive.
Gonorrhea, positive.
Gentle air, positive.
Excellent.
I'm free of COVID.
That must be the first test you've passed on everything.
100%.
Ladies. everything 100 ladies well you can't catch it again then exactly can't catch that twice
i'm sorry what were you saying chad before you're so rudely interrupted i was saying this is the
episode you two could have really done without me first you're talking about status that I don't care about.
Now you're talking about alcohol, which I've never partaken in.
And now you're talking about STDs.
You say this episode.
We could literally do any episode without you, Jeff.
It's not.
We're just, it's that total, you know, diversity high.
I was wondering when it would come down to that i'm your token you you just you just sit there and look pretty jeff
oh dear so you're not being on any um tv shows this week jeff i know you're typically out
whoring around i uh i didn't get any messages this week about you being anywhere.
Not this week.
It's been a slow week in show business.
Your agent's on holiday, right?
I have been tweeting James Gunn every other day, though, saying, when's he opening up a slot for me
in the next Marvel movie he's doing?
Yeah, but doesn't James Gunn actually already play Rocket Raccoon?
Is he back james gunn i thought he yes okay no i think he's back i think there was a um
uh an actor's backlash about um making sure he was he was back on the scene for the third film right because this was to do with uh something he had done in his past wasn't it or he tweeted yeah was it a tweet he tweeted yeah he was he it was a um you know comedy
tweet i think or something like that that was deemed inappropriate right but uh i can't even
remember what it was but you know it was it wasn't that bad as far as i recall but hey i'm no judge
on that sort of thing well it wasn't that bad it was just, you've got to take into context,
like if something was said 20 years ago or something,
then, you know, it might have been related to a certain event at the time.
But we're not good at that.
Once the pitchforks come out, we don't want reason.
No.
We want a head.
Exactly.
Yeah.
Exactly.
Well, before we get too serious, we've been a couple of serious things
so far i mean we normally get serious towards the end but before we before we get too serious
should we uh uh check out our reliable sources over at the infosec pa newswire to see how busy
they've been should we do that let's do it yes Yes. All right. Industry news.
Campaigners call for computer
misuse
act revision on 30th
anniversary.
Industry news.
Businesses lack a
workable ransomware recovery
strategy.
Industry News.
Malware uses...
Malware uses portal app lure to send SMS messages and steal data.
Industry News.
Security Sirius opens nominations for 5 fifth Unsung Hero Awards.
Industry News.
And that was this week's poorly read.
Industry News.
There were some tongue twisters in that one.
I'm wondering if the Infoosec news dig is deliberately writing headlines
to try and trip us up yeah because this week was a serious mouthful i suspect you can probably edit
jazz part but as i'm snapping the middle and only said it the once without pause i'm guessing my
mistake staying in there no i'm gonna leave j in for everybody, just so everybody knows what I have
to edit every
week. I mean, trying
to stitch together Javs,
some of Javs' quotes, it ends up
sounding like a ransom demand.
What was it? Campaigners call for
computer misuse act
revision on 30th anniversary?
I'm surprised that hasn't been revised already.
I'm sure there are calls every other year to.
Well, unless the Stig is just rehashing some old news here.
He wouldn't do that.
Or she wouldn't do that.
This is true.
They are professionals.
Or she. No, he wouldn't. This is true. They are professionals.
I reckon, why don't we try and set him or her some, a challenge?
Why don't we... To read their own headlines?
No, no, no. Let's see if we can get an alliterative, you know, headline.
That would be really good. You know, like the front cover of The Sun or The Daily Mirror.
Let's get a fully alliterative headline. So Stig, I know you're listening. Please,
let's go fully alliterative for at least one of your headlines. I dare you. A double dare you.
So I noticed that the Security Series nominations for the fifth unsung hero awards are up.
Did we not win that last year?
We did indeed.
Yes,
we did.
I was out of the country at the time,
unfortunately,
but,
uh,
um,
uh,
I believe Jav,
you were there to collect.
I was there.
Oh,
you know what?
I,
I was in the garage, uh, a couple of weeks ago and I completely forget about what? I was in the garage a couple of weeks ago,
and I completely forget about this.
I was sorting out some of my motorbike gear,
and above one of my jackets,
there was this big, big bulky thing in a bag.
And I picked it up, and there's a lot of dust inside.
And inside was the award that we won.
What?
What? It wasn't on display i know i son of a bitch i know i've been meaning to come up you know i i've
literally run out of space on my trophy shelf oh rubbish i need a bigger trophy shelf
you can get rid of some of those blogger ones because they are so out of date now.
No, they mean the most to me, the older ones.
You can't rely on your past glories, mate.
It's got to be up to date.
Yeah, well, okay.
Maybe I'll shift them a bit to the back and see if I can balance this one towards the front.
Yes, that's the one where we beat Marks and Spencers
and the City of London Police.
Especially
City of London. They have some good campaigns.
Yeah.
They've also got money.
I think maybe that's the
key thing is they're not doing it on a shoestring.
But it goes to show what you can do
on a shoestring.
Yeah. Although I think
it was for best um
awareness campaign wasn't it um and our campaign lasted what three minutes 47 seconds
sometimes that's all you need it's quality not quantity
you know a lot can happen in three minutes 42 seconds and so you know i'm married 13 years you based an entire marriage off it yeah and and
and actually we we won the award for the lost all the money uh music video yeah and there was a bit
of drama a couple of weeks ago that youtube took down the video and that's right uh a few days ago I received a phone
call from Tom Langford and I was like oh my god why is Tom calling me now because I thought maybe
he thought I was giving a presentation so he's trying to disturb me no I'd actually
pocket dialed yeah pocket dialed and he was like so excited he could barely contain the excitement in his voice
i was like what's happened and uh he was like oh no um our videos back up on youtube i was like
no i mean i know we we said we're going to get in touch with nelly but is it really up he says
can you check so so i went and checked and indeed it is back up so for all the
fans everyone that petitioned well yeah thank you we are back up yeah and you're welcome yeah
well actually going back to the unsung um heroes awards uh i i also received uh in the first one, CISO Supremo, I think it was.
In fact, I'm looking at it right now.
Talking about past victories, yeah.
Past victories, yeah, absolutely.
I'm very proud of this one because all I had to do was sponsor the event.
Although, didn't we go to an event one time that you also sponsored
and came second?
Because I think the other table paid more or something.
Yeah.
Oh, no, that was that Computer Security Awards, wasn't it?
And I didn't sponsor, whereas the winner did.
Oh, OK.
But you paid for a table, didn't you?
You paid like three grand or something for a for a table of eight or something yeah
that's right i think it was 10 oh table table of 10 yeah yeah we had a good night i looked at those
photos the other night actually they're funny especially especially the i lost faces yeah
you know for three grand we could get some professional photos done
hey it wasn't it wasn't my money. True.
It was company money.
Oh, dear.
Right.
Oh, I know what it's time for.
I definitely know what it's time for
as he scans through the show notes.
Oh, here we go.
Yeah. you're listening to the host unknown podcast more fun than a security vendors briefing
true story yeah absolutely never minds the uh the delays think to think about the quality of the of the jingles okay oh so sponsorship have we got any sponsors
this week um i'd see british airways if they weren't making so many redundancies culling
staff and cutting costs they could have potentially been a sponsor um they they they've always had an
open invitation and i think given the amount that we've spent on them between us yeah they should have anyway concord room that's all i'm saying i just you know gold guest list for life
the concord room is lovely really nice i have to say the food is excellent and there's no you you
can sort of they've got these little cubby holes little sort of um uh bonkette seating style cubby holes so you don't even have to look and talk to anybody
great it was great and as i recall the uh the wine list was amazing but i'd stopped drinking
at that point so which is very disappointing anyway so yeah um surely that have we mentioned
anybody today who might make a good um sponsor oh tesla we talked about
tesla didn't we yeah i mean elon musk got money to burn isn't he oh my god yeah and then some
oh he's got money to burn because he uses it to power his um his rockets that's why they're so
successful he just stuffs the tanks full of cash because we're Because we're a cashless society now.
So maybe, Tesla, if you're out there... Host Unknown.
Sponsored by...
Insert me here.
Tesla.
And Elon Musk.
Okay, good stuff.
Why don't we move now rapidly onto rant of the week
which is you andy oh this sounds like uh something so i upon reading stuff this week so since last
week uh obviously there are questions about tiktok which uh, which we had differing views on.
Me, firmly a big fan of TikTok, regardless of the tracking which goes on with it.
And we have this industry that's obviously outraged, stop using TikTok now.
A few friends have said, hey, I saw this article.
What do you think about TikTok?
Should I continue to use it?
And I say, look, same arguments as I went through last week I'm not going to go through it
but it brought me across an article about recently recent changes which will be coming in this summer
and this is as of this summer when you set up a new Android phone or an Android tablet in Europe,
you will be presented with an extra step,
which is the ability to choose your default search engine.
Now, do you remember years ago,
there was an antitrust case and Microsoft had to open up Windows
to allow other browsers.
Windows used to be pre-bundled with Internet Explorer,
which primary purpose is to download another browser.
But the EU Antitrust Commission basically made Microsoft
give people a choice.
So upon installation, you choose which browser you want to download.
So a similar thing has now come in for default search engines. So when you set up your
Android devices, it's no longer default to Google. You get to choose. I think it's one of four at the
moment. But one of the companies which is looking to benefit from this is DuckDuckGo, which I believe we're all familiar with. Duck Go is branded as the privacy friendly search
engine. They say they don't track users across various mediums. And I guess this difference
between the likes of Facebook, Google, and any other site which captures your data is that they will build up your behaviors online
and they will tailor, use behavioral advertising,
what type of thing you're looking for.
And they will build a pattern about who you are,
your demographic and what you're likely to buy.
Whereas DuckDuckGo's advertising is based on,
if you search for Mercedes, for example,
it may show you some other types of cars
in a similar sort of price range.
You know, it's very high level, you know, but they make money from that and that's how they go through.
So I guess on this one, we've ducked out, go. How big do you think how big do you guys think this company is?
Have you ever thought about, you know, how large they may be?
Probably as big as Telegram.
I reckon, percentage-wise of the global search market,
about 0.32%.
That's a very specific...
That's a very specific number
because you've obviously read my show notes on that part.
I didn't realise I left that part into it.
But so they have been around since 2008.
What? As long as that?
As long as 2008.
They didn't actually use the privacy mantra until 2010.
So they were just a regular search engine prior to that.
And then in 2010 2010 they started really
pushing the fact that they wouldn't be tracking people um and they only really grew uh big or you
know they really exploded after uh mark snowden's revelations about um mark snowden uh edward
snowden sorry i used to work with a guy called mark snowden that's right uh yeah sorry edward scab mark snowden if you're listening uh edward snowden's
revelations about uh you know data use and cambridge analytica uh you know all this bad
stuff that everyone gets outraged about um but even still uh you know they still only have 0.32% of the global search market, which I'm amazed by that. I'm actually
not because it comes back to the fact that people do not care. You know, the infosec industry is
absolutely outraged at how data is used. Whereas in the real world, not everyone cares to that level.
Whereas in the real world, not everyone cares to that level.
But is it because people are not being presented with a choice?
Because I know it is actually fairly straightforward to change your default search engine on all of these things. You know, iOS devices. I can't speak for Android, obviously.
And, you know, Mac OS and all that sort of thing.
and, you know, Mac OS and all that sort of thing.
So much like the search engine thing, probably, sorry,
the web browser stats changing once Microsoft were forced to make that offer,
the same is here as well.
As long as people get results when they search, they don't care who they use.
So I think DuckDuckGo actually did a um test um so this is a wired article uh wired uk article uh you know about this and duck duck
go actually created a choice test with 18 different options and placed google at the end of the list
um and it turns out that it doesn't actually say how many it just said pretty much all the users uh just scrolled down the list of all the options and just selected
google anyway well google's because it's become a verb hasn't it as well it takes it into the
vernacular yeah yeah people just say um you know what have you in the uk actually i'm just looking
at some stats duck duck go has 0.6
percent off the off the search engine uh market share with uh google having um 92 percent but i
think i think there's there's two two sides to this one is like um what does 0.32 or whatever
0.6 translate to in actual terms?
Because, you know, because Google just owns so much off the internet.
You know, what exactly does that carve into?
That's $20 billion worth of advertising revenue.
They make a quarter.
Who's that?
DuckDuckGo?
No, Google.
Oh, Google.
I was going to say.
So DuckDuckGo are about to break $100 million this year.
That's still a huge jump.
So Google's doing $20 billion every three months,
and DuckDuckGo is about to do $100 million for the year.
That's not bad going if you're DuckDuckGo, to be honest.
That's revenues.
Profit is about $0.10.
Yeah, yeah.
Well, that's after you funnel it through your...
Tax efficiencies.
Estonia.
The second thing I think is, you know, there's two ways whenever you look at, you know, you want change.
And I, as a security professional, I don't expect the users to change.
I expect there to be like lobbying and pressure groups being put on tech companies to change
some of their practices.
That's the camp I'm more firmly in.
You know, you can't expect everyone to change to switch to DuckDuckGo.
I just want Google to do better.
And, you know, one of the ways to do it, it's like how you see change in a lot of places.
You have a bunch of experts, they form a lobbying group,
they lobby the government, the lawmakers, the policymakers,
and, you know, you cause some change there.
See, I'm more of a person, you know, who votes with his feet.
You know, if you want change, stop giving them money.
The lobbying and all that is great, but that's kind of like, you know if you want change and stop giving them money the the lobbying and all that is great but that's kind of like you know you're sitting there using google saying i
really don't want to be using google but it's just the best engine in the world it knows exactly what
i want but i'm not happy about it there's a reason for that yeah there's a reason exactly because of
their data analytics um you know the way they use that data and they know how to present it about you yeah
exactly so my i have a i do have a problem with the data they have and how they use it so okay
but do you still use it do you still use google no no no no a practical problem okay
so for instance if i go shopping for let's say a, a mattress, a purchase I will make, in theory, I think you're supposed to replace it every seven years.
That's something the mattress industry came up with.
But yeah, it's a bit like the diamond industry saying you should spend, you know, two paychecks worth on an engagement ring.
on an engagement ring listen when you can tell the shape of my butt from the the mattress it's time from time to get a new mattress but um or get a smaller butt or get a smaller butt yeah um
oh god you've thrown me because now i'm thinking about my butt
um so i go searching for mattresses, right?
This is a theoretical exercise.
Go searching for mattresses online, blah, blah, blah.
Find one, purchase it.
I then get inundated with adverts for mattresses.
Even though I've made a purchase and I'm never going to buy one again for the next five, six, seven years.
So for the next two weeks, I've got to put up with adverts for mattresses.
That's not smart use, Google, of my data.
So it's one thing to have access to everything,
but then you've got to use it properly.
But then is that actually Google presenting those ads
or is this a marketing company which has purchased the space
and is using those uh you know analytics to present your adverts well some of them are some
of them are google um are google ads right that shadow without because you can you know they they're
marked as such uh in fact i'm sure they are google ads i'm gonna have to look now no do you asking
the probing difficult questions you well you know i just if I'm gonna get outraged I just want to know you know what the
I just want to know the facts I don't want to just read the headline and then
join the bandwagon what are you Andy just like you know a rational thought but but no
I mean I think that there is a lot of um you know that kind of stuff oh you
bought a lawnmower i mean amazon does it for example a lot you bought a lawnmower here here
are 10 other lawnmowers you might know i've only got one back i'm not like yeah tom or quinton who
live in a stately manor where i've got like it's a two-bedroom flat. Yeah. In the middle of three acres of land.
Yeah.
Filled with other houses.
So,
so yeah,
I mean,
there is a lot.
I know.
I feel like Andy,
you're not really defending privacy and a lot of things.
It's not that you defend privacy or,
or,
or against privacy or,
you know,
you don't really care about that. You're, you're,'re you're just like you've made a living off of big data and so you see the benefits
of that absolutely i do see the benefits what i'm not ranting against privacy or you know yeah no
i'm ranting against people getting outraged um you know about particular things uh you know like
tiktok for example yet they're happy to use everything else you know they about particular things, you know, like TikTok, for example, yet they're happy to use
everything else. You know, they are not, they won't use DuckDuckGo, you know, because they
actually don't care about these companies collecting their data. What they care about
is the Chinese collecting their data. But they're okay with the Americans collecting the data.
You know, it's, I kind of see your point, but, you know, people, you can only change so much at any one time. And a lot of time, it's not outrage, people are just asking the question. And it's a bit like, say, like Tom saying, I'm going to go sober now, like three years and two weeks ago.
a point in going sober if you're not going to cut out carbs from your diet or what's the point of going sober if you're still going to be a horrible person um you know you've got to start where you
can and everyone has their own limits on where they they feel comfortable with it's it's that
feeling of of fairness that that goes and i'll i'll expand on what i mean by that feeling of fairness. So there was, many years ago, there's the Aladdin cartoon made.
And Robin Williams, rest in peace, he done the voice of someone in there.
I can't remember which character, the genie or something.
The genie.
Yes.
Thank you.
Yes. Thank you. And he said that, well, he reduced his normal fee of whatever millions it was to 75,000 because he wanted to renegotiate his contract and he wanted his original fee of whatever, 2 million.
Not so funny now, is it?
No, no.
But, you know, when you pick apart that thing,
he wasn't outraged because he got what he actually fairly negotiated.
He was outraged because he just felt like it wasn't fair that the company that the movie went on to make billions or billions and he
only got 75 grand of it whereas he was part and and so psychologically humans have this this thing
of like they have this inbuilt feeling of what's fair and what's not fair and what they feel like they deserve or don't deserve.
And because that's calibrated differently for some people, that's why you see some people getting upset
or they voice opinions against certain things and they don't against other things.
So, you know, hence why someone might be happy giving their data to google but they they absolutely draw the line
when it comes to china taking their data because they've read a lot of fox news over the years and
they know the chinese are out to get them or mandiant reports have led them to believe
yeah yeah no that isn't how uh tao security sounds but um But I think there's a lot of that psychological play at work.
For most people, it's not a simple case of,
well, if I'm willing to give my data to one person,
I should be willing to give it to everybody or not.
There's all these multiple factors at play.
So what you're saying is the world is a complicated place.
Yeah, far more than uh
andy's simplistic view and we live in unprecedented times it's a new normal it's the new normal guys
wow we seem to have gone full loop there now
wow so looking at the time we've uh we've pr on. Once again, we don't have time for the little people.
Okay.
We'll get it out next week.
Yeah, mainly because Jav hasn't got it yet.
But, you know, you had one job, Jav.
You know, I really can't believe how quickly Friday comes around.
I know.
I know, right?
One minute is Monday, then it's Tuesday, then Wednesday.
Before you know it, it's thursday you wake up boom
didn't see that the other thing that the other thing that sneaks up on jav is 9 00 a.m yes
well if you stop messaging me at 2 30 in the morning tom maybe i'd get some sleep
i was panicking i was panicking did you find it in the end no no i'm gonna have to get you to log on uh folks just so you know so your sex toy you've find it in the end? No, no. I'm going to have to get you to log on.
Folks, just so you know.
So your sex toy, you've lost it in the mood.
No, they didn't arrive.
No, but just so you know, this may be a slightly delayed podcast
because I logged on to our Simplecast account in preparation last night
and everything's gone.
So something's happened.
So Jav and I will sort it out after this,
but hopefully we'll get it all squared away.
But yes.
All of them are there, Tom.
I've just logged on every single episode's there.
Excellent.
I can't get access to it, so we'll work something out.
Have you logged on to the host unknown podcast
and not like, you know, Tom's DuckDuckDuckGo podcast?
We're deleting them all for privacy reasons
As soon as you log off
I'm logging in with the only
Calc credentials I've got
So I don't know what's going on
I honestly don't know what's going on
We'll sort it out afterwards
But anyway I had a little mini heart attack
Last night
Anyway so let's leave it there
At least you didn't say you had a mini stroke
I've been too tired for that Anyway, so let's leave it there. At least you didn't say you had a mini stroke.
I've been too tired for that recently.
Look, I'm trying to finish the show under an hour this week.
Right, okay. Oh, God.
Dear me.
Such an inclusive show, this one.
You said inclusive.
Here are some articles you might like on inclusivity.
Gentlemen, thank you very much.
Javad, I hope you have a lovely weekend.
And thank you for joining us, albeit for 55 minutes of the hour-long episode.
You're welcome.
And, yeah, don't talk to me over the weekend and i'm sure it'd be great and i won't be here next weekend so you two can record without me i've got
a week off thank you what do you mean you got a week off i i just i i'm not going anywhere i was
going to say i'm going somewhere no i i i just need a break so you have access to internet
no i'm going to disconnect the internet for the week. What?
Yeah. Oh, God.
Because I heard the internet tracks me, so I'm
just turning it off.
Alright, so next week's
show is going to be amazing.
Anyway, so thank you,
Jav. Andy, thank you very much.
Stay secure, my friends.
Stay secure. Go to hell, you guys.
Host Unknown, the podcast, was written, performed and produced by Andrew Agnes, Juvad Malik and Tom Langford.
Copyright 2015, or something like that.
Insert legal agreements here as applicable and binding
in your country of residence we thank you
so you're uh skipping next week to avoid getting a little people sorted out for three weeks running.
It's like the kid that skips class because he hasn't done his homework.
No, you know what?
I completely forgot.
I just messaged him this morning saying, oh, did PR get back to you?
And obviously he's still asleep because he's in America.
What he's going to do is spend a week getting a dog to claim the dog.
Well, that's what you're coming out with I logged on this episode