The Host Unknown Podcast

Our presenters delve into their darkest secrets from the past,  the internet is rebooted, the logs cleared, and cats play havoc with your home security (according to your training programme).This week in Infosec24th October 2010: 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial.Today, by far, high traffic sites redirect HTTP requests by default - so 90% of Internet web traffic is encrypted. That long tail though? Sad face. https://twitter.com/todayininfosec/status/1320095119857561603?s=2027th October 1980: ARPANET ground to a halt because a bad status message propagated, causing all IMPs (routers) to exhaust memory. The solution? Reboot all IMPs! Yep, a reboot.This incident was such a big deal that the case study of it was published as RFC 789.https://twitter.com/todayininfosec/status/1321054719863828481?s=20 Tweet of the Weekhttps://twitter.com/KathsBurgess/status/1321509257431449600?s=20Very good awareness video: Billy Big Ballshttps://www.huffingtonpost.co.uk/entry/no-woolworths-is-not-returning-to-the-uks-high-streets_uk_5f97f50ec5b6b74d85f459ccHere to save 2020! Woolworths is coming back to your high street, as a physical store!A couple of legal things to get sorted, but we’re full steam ahead at Woolworths HQ.We want to get this right, so we need your help. What do you want at your UK #YourWoolworths?https://www.standard.co.uk/news/uk/woolworths-reopening-prank-student-a4573379.html Industry NewsUS and UK Issue Sanctions to Iran and RussiaAmazon Warns Users of Insider Disclosing Details to Third PartyReport: Application Flaws Being Fixed Faster Although Bugs PersistAkamai Boosts Mobile Security Offering with Asavie Acqusition Rant of the weekhttps://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/A Finnish psychotherapy centre was hit by hackers who stole therapy session notes – before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material."Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week (in Finnish), adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom." The Little PeopleMadelaine Howard of Cygenta and the NCSC Come on! Like and bloody well subscribe!

Perhaps a total IQ of 197 is a little ambitious, as this podcast clearly shows:This Week in InfoSec20th October 1995: Mudge published "How to Write Buffer Overflows", one of the first papers about buffer overflow exploitation. Then @dotMudge sent a copy to @aleph_one, who wrote "Smashing the Stack For Fun and Profit" in 1996. Seminal paper to seminal paper.https://insecure.org/stf/mudge_buffer_overflow_tutorial.htmlhttps://twitter.com/todayininfosec/status/1318551462000185353?s=2020th October 2006: IBM announced it had completed its acquisition of Internet Security Systems, Inc. (ISS).https://twitter.com/todayininfosec/status/1318652004894412808?s=20Billy Big BallsJavvad wouldn't say who he chose this week...https://news.sky.com/story/goldman-snubs-2bn-darktrace-float-amid-lynch-extradition-battle-12075941Sky News has learnt that Goldman has declined to seek a role on the initial public offering (IPO) of Darktrace, a leading player in the provision of artificial intelligence (AI) cybersecurity services. Tweet of the Weekhttps://twitter.com/wimremes/status/1318981442114867201?s=20 Industry NewsElection Security and Confidence Can Be Enabled Through Public-Private PartnershipsBA GDPR Data Breach Fine Lowered to £20m Due to COVID-19DDoS Attacks Triple in Size as Ransom Demands Re-EmergeModern Attacks Include Supply Chain "Hopping" and Reversing Agile Environments#InfosecurityOnline: Beware of Malicious URLs and Rogue Redirects#InfosecurityOnline: Consider Flexible Training for Different Skill SetsTrust in Remote Working Tools Declines as Need for Security Increases#InfosecurityOnline: Are the Cloud and Automation Driving or Hindering Your Business?#InfosecurityOnline: Tactics for Defending Against Credential Stuffing Rant of the WeekContributions from: @notameadow @astr0sec @Sinwindie @ginger_hax @Jaysonstreet @Mattjay @chrisculling @zwned @krypt3ia @0xBanana @gossithedog @secops_and_hops @dfirsamurai @stuarthare @lee_holmeshttps://en.wikipedia.org/wiki/List_of_burn_centers_in_the_United_States The Little People  Come on! Like and bloody well subscribe!

 All your regular Host Unknown goodness, proof we really are part of your five a day. This Week in InfoSec10th October 1990: The case of black hat hacker Kevin Poulsen aired on Unsolved Mysteries, 7 years after he went on the run. https://apnews.com/article/5998a45685b94e569c76c1908497d320https://twitter.com/todayininfosec/status/1314988791153790978?s=2014th October 2003: Microsoft launched its first Patch Tuesday, its program to release security updates the second Tuesday each month.https://twitter.com/todayininfosec/status/1316542893079834625?s=20 Tweet of the Weekhttps://www.huffingtonpost.co.uk/entry/government-branded-ad-telling-a-ballet-dancer-to-retrain-slammed-for-lack-of-respect-for-the-arts_uk_5f841a6ec5b62f97bac5140a?ncid=APPLENEWS00001&guccounter=1https://twitter.com/AnneVosser/status/1315419252783034368?s=20   Billy Big Balls of the Week(Not sure where we’re going with this one) Industry NewsGlobal Privacy Control Launched to Offer Users Greater Internet TrustGov-Linked “Fatima” Cybersecurity Career Advert Removed After BacklashHackney Hacked as Council Investigates AttackSecurity Serious Unsung Heroes Awards Winners AnnouncedRansomware Victims Struggle to Recover, Hire and Spend on Threat PreventionGovernment CIOs Praised for Pandemic Response, Better Collaboration Required Jav didn’t win a security serious award - boohooBut Jav did make another list, and it’s not the kind he’s usually on… https://onalytica.com/blog/posts/whos-who-in-cybersecurity/ Rant of the Weekhttps://www.independent.co.uk/life-style/scarlett-london-instagram-death-threats-blogger-twitter-viral-a8520311.htmlA London-based blogger has revealed that she received death threats after a tweet mocking one of her Instagram posts went viral.Scarlett Dixon, 24, posted a picture on Instagram of herself sitting in bed drinking a cup of tea.The blogger, who has 45,600 followers on the photo- and video-sharing social network under her blog name, Scarlett London, added that the picture was a sponsored post in collaboration with Listerine. The Little PeopleMagda de Jager Host Unknown at a Conference Come on! Like and bloody well subscribe!

Your regular features and even more, such as vegan sweets, Host Unknown imposters, Jav appears in the press with the same quote for different stories, and HMRC incompetence.Vegan sweetshttps://www.thejealouslife.com/products/tropical-wonderWill the real Host Unknown please stand up? This Week in Infosec5th October 1991: The Linux kernel was released by Linus Torvalds."This is a program for hackers by a hacker." -Linus Benedict TorvaldsFor those keeping score at home, he said "hacker[s]" 4 times in his post to the comp.os.minix newsgroup.https://twitter.com/todayininfosec/status/1313239418682179585?s=204th October 2005: The Samy worm, the first self-propagating cross-site scripting worm, was released onto the-then-mega-popular MySpace by Samy Kamkar.https://twitter.com/todayininfosec/status/1312752236712333312?s=204th October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.https://twitter.com/todayininfosec/status/1312589059559170050?s=20 Tweet of the Week Billy Big balls of the Weekhttps://twitter.com/repshalala/status/1313187148540137474?s=21 Industry NewsFormer Australian PM Talks Importance of Cyber AwarenessHMRC Hit by Multiple Phishing and Spam EmailsEndpoint Security Primary Pain Point in 2020 Food Delivery Service Chowbus Experiences Data Breach Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines Rant of the Weekhttps://www.verdict.co.uk/excel-coronavirus-test-data/It has emerged that almost 16,000 cases were delayed in being transferred to the test-and-trace system because the government was using an Excel spreadsheet to store the data, with an individual column for each case.This reportedly caused problems because the maximum number of columns on an Excel spreadsheet is 16,384, meaning the sheet exceeded its maximum size and so failed to update, preventing the coronavirus test data from updating.Notably, if rows had been used instead, the problem would have been avoided, as Excel supports up to 1,048,576, although many experts are arguing that the software is wholly unsuited to the purpose at all.“If indeed the government was using Excel to track Covid cases, it is a wholly inappropriate use of the tool,” said Javvad Malik, security awareness advocate at KnowBe4.“Excel is a very good spreadsheet, but it has its limitations and in no way ever intended to be used as a database.” Come on! Like and bloody well subscribe!

It has been a quiet week, but Host Unknown still provides the goods. Admittedly the goods have come from Lidl.This Week in Infosec25th September 2003: A report critical of Microsoft, "CyberInsecurity - The Cost of Monopoly", was published. As a result, Dan Geer, one of seven co-authors of the report, was fired by @stake. https://cryptome.org/cyberinsecurity.htm#Fired30th Sept 2009: "Schneier on Security" was published. It consisted of a compilation of articles Bruce Schneier wrote between 2002 and 2008. Billy Big Balls Tweet of the Weekhttps://twitter.com/J4vv4D/status/1311682834738929665?s=20Industry NewsIvanti Adds VPN and MDM Technolgies in Double AcquisitionResearch: Cloud Skills and Solutions Are in Short SupplyUK Receives 2020 European CYBERSEC Award#DTXNOW: Time to Remove Security from ITTechnical and Cost Concerns of Passwordless Authentication Bother Security Leaders Rant of the Weekhttps://twitter.com/hacks4pancakes/status/1311295830838710273?s=20https://collider.com/hackers-movie-sequel-reboot-details/   Monkey Business Illusion / Invisible Gorilla:https://youtu.be/IGQmdoK_ZfYhttps://www.itsecurityguru.org/2020/09/23/the-invisible-risk/Drinking quotes: https://imgur.com/gallery/i0Wt7 Come on! Like and bloody well subscribe!

Andy's microphone is miraculously fixed, Thom's story is broken and Jav joins The Lemon Party.This Week in InfoSec19th September 2011: Thai Duong and Juliano Rizzo demonstrated a proof of concept at the Ekoparty security conference to decrypt encrypted cookies, exploiting a vulnerability in TLS 1.0 and earlier. They named the attack BEAST (Browser Exploit Against SSL/TLS.https://www.theregister.com/2011/09/19/beast_exploits_paypal_ssl/21st Sept 1996: An email began spreading about a destructive virus named Irina. Friend of the show Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.http://web.archive.org/web/20170924094557/http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/static/vdat/ephoaxes.htmBilly Big Balls of the WeekHow to Sell Protest Footage to FOX AND CNNhttps://youtu.be/xiYZ__Ww02c“This isn’t even satire anymore. You are just giving away industry secrets.” Rant of the Weekhttps://www.epicgames.com/help/en-US/epic-accounts-c74/general-support-c79/how-do-i-delete-my-epic-games-account-a3636Industry NewsActivision Denies Hacking Claims Over Leaked AccountsUncomplicated Cyber Insurance Program LaunchedCisco: Ensure Collaboration to Better Survive Remote WorkingCisco: How Real is a Passwordless Future?Shopify Insiders Attempted to Steal Customer Transactional RecordsDoes Cybersecurity Have a Public Image Problem?Tweet of the WeekSwitching off a faulty telly sees internet speeds increase"The source of the ‘electrical noise’ was traced to a property in the village. It turned out that at 7:00 am every morning the occupant would switch on their old TV which would in-turn knock out broadband for the entire village,"https://twitter.com/BBCWalesNews/status/1308315605272080386Fake News! TV Did Not Wipe Out aa Villages Internet!  Come on! Like and bloody well subscribe!

It's definitely episode 24 and don't let anyone tell you otherwise.This week in Infosec17th Sept 2003: Court documents were unsealed which showed that Melissa virus author David Smith began working with the FBI within weeks of his 1999 arresthttp://web.archive.org/web/20030922234951/http://ap.tbo.com/ap/breaking/MGA2Q265QKD.html18th Sept 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would encrypt data by default for the first time. A day later Google made a similar announcement pertaining to Android.Tweet of the WeekThis weeks Tweet of the Week is from the second best Infosec Podcast after we discovered they crowdsource their content (which is why it’s probably better than ours):https://twitter.com/SmashinSecurity/status/1305801947149225986?s=20Billy Big Balls of the WeekBest security blog post you'll ever read - better than 90% of blackhat / defcon talks “When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number”https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagramIndustry NewsZero Trust Adoption Increases During Lockdown#GartnerSEC: Professionals Survived #COVID19 as Businesses Relied on Security#GartnerSEC: Top Projects for 2020 Include Authentication, Risk Management and Cloud#GartnerSEC: Five Steps to Ensuring Board Engagement#GartnerSEC: #COVID19 Created New Roles, More Data Collection and Flexible Businesses#GartnerSEC: Rewrite Recruitment Strategies to Fit New Roles and Career PathsOutbound Email Errors Cause 93% Increase in Breaches#GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation and Privacy#GartnerSEC: How Midsized Enterprises Can Recover from RansomwareDDoS Attacks Hit 1 Tbps in 2020Universities Face Increase in Ransomware Attacks as Students ReturnRant of the WeekFirst rule of twitter - rather than just praise someone and applaud them for good work... make it all about you Novi Sad, Serbian Gangster (not for the faint of heart... unpleasantness abounds) https://newsbeezer.com/serbiaeng/the-novi-sad-attacker-is-the-director-of-the-company-that-founded-the-maxbet-bookmakers/ Come on! Like and bloody well subscribe!

Lest we forget. It is a scant 12 months since Host Unknown released this onto their unsuspecting public:Lost all the MoneyTweet of the Weekhttps://twitter.com/happygeek/status/1302582251159519233?s=20Billy Big Balls of the Weekhttps://www.bbc.co.uk/news/world-africa-54051424Industry Newshttps://www.infosecurity-magazine.com/news/incidents-third-ico-reports/https://www.infosecurity-magazine.com/news/credit-skimmer-1500/https://www.infosecurity-magazine.com/news/ransomware-2020-election/https://www.infosecurity-magazine.com/news/bsides-london-44con-cancel-2020/https://www.infosecurity-magazine.com/news/smbs-invest-budget-firewall/https://www.infosecurity-magazine.com/news/businesses-insider-breaches/https://www.infosecurity-magazine.com/news/threatconnect-nehemiah-quantifier/Rant of the WeekEntitlement and job searches.no notes supplied... Come on! Like and bloody well subscribe!

The now world famous Jav and Thom take Andy to task for not being as famous as them and not appearing on the recent InfoSecurity Magazine front cover. Next week's Little People will be by Andy.This week we have:Tweet of the Weekhttps://twitter.com/WBLooneyTunes/status/1301375017515712513Billy Big Balls Industry Newshttps://www.infosecurity-magazine.com/news/covid19-spam-emails-analyzed/https://www.infosecurity-magazine.com/news/fake-login-detections/https://www.infosecurity-magazine.com/news/tls-certificates-398/https://www.infosecurity-magazine.com/news/dhs-biometric-collection-rules/Rant of the WeekThe Little PeopleThe spectacularly lovely, furry and moist James McQuiggan Come on! Like and bloody well subscribe!

Marital advice, PETA safe hobbies, Aimee Laycock and Cardi B's WAP. We are nothing if not varied.The Little People (Part 1)Aimee Laycock talks about ResearchTweet of the Weekhttps://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon/Billy Big Ballshttps://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company/Industry Newshttps://www.infosecurity-magazine.com/news/palo-alto-crypsis/https://www.infosecurity-magazine.com/news/tls-vpn-flaws-tester/https://www.infosecurity-magazine.com/news/bt-security-vendor-partners/Rant of the Weekhttps://www.linkedin.com/posts/brianbrackenborough_im-more-sympathetic-than-ive-ever-been-activity-6704317848841420801-lYr-/The Little People (Part 2)Aimee Laycock is still talking about Research. Come on! Like and bloody well subscribe!