The Host Unknown Podcast

By: Host Unknown Thom Langford Andrew Agnes Javvad Malik
Listen for free

  • Summary

  • Host Unknown is the unholy alliance of the old, the new and the rockstars of the infosec industry in an internet-based show that tries to care about issues in our industry. It regularly fails. With presenters that have an inflated opinion of their own worth and a production team with a pathological dislike of them (or “meat puppets” as it often refers to them), it is with a combination of luck and utter lack of good judgement that a show is ever produced and released. Host Unknown is available for sponsorship, conferences, other web shows or indeed anything that pays a little bit of money to keep the debt collectors away. You can contact them at contact@hostunknown.tv for details
    All rights reserved - Hands Off!
    Show more Show less
Economics Leadership Management & Leadership
Show more Show less
Episodes
  • Episode 213 - The So Many Technical Issues Episode

    Episode 213 - The So Many Technical Issues Episode
    Apr 25 2025
    This week in InfoSec (10:26)With content liberated from the “today in infosec” twitter account and further afield1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion".https://x.com/todayininfosec/status/1907094503552336134 1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based e-mail service quickly won converts. The fact that Gmail was invitiation-only for a long time helped fueled a mystique that those who had a Gmail address were hip and uber-cool. Those of us who are actually hip and uber-cool didn’t mind, of course, as those types of things don’t bother hip and uber-cool people. https://thisdayintechhistory.com/04/01/gmail-launched/ Rant of the Week (14:07)Kink and LGBT dating apps exposed 1.5m private user images onlinehttps://www.bbc.co.uk/news/articles/c05m5m5v327oResearchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.These services are used by an estimated 800,000 to 900,000 people.M.A.D Mobile was first warned about the security flaw on 20 January but didn't take action until the BBC emailed on Friday.They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Billy Big Balls of the Week (24:00)Oracle's masterclass in breach comms: Deny, deflect, repeatThere have been some disclosure stinkers in the past. Back in 2016, The Reg discovered that Yahoo! had taken a few years to disclose security snafus that occured in 2013 and 2014, for example. These days we often see organizations simply choose not to publicly address their issues. A quick self-referral to the regulators and some letters sent directly to those affected pass as the bare minimum, and while these organizations won't get any Brownie points for transparency, the approach doesn't tend to invite too much in the way of long-lasting criticism either.When Oracle issued its flat-out denial of the first breach allegations that surfaced from cybercrime forums, it seemed like it was yet another wannabe big-time scriptkiddie making false claims for clout.To make matters worse, Oracle seemingly tried to swerve any flak with some careful semantics. Its original denial stated: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."Infosec experts Kevin Beaumont and Jake Williams later both claimed that Oracle appears to have used the Internet Wayback Machine's archive exclusion process to remove evidence about the intrusion. Industry News (33:25)Google to Switch on E2EE for All Gmail UsersICO Apologizes After Data Protection Response SnafuNorth Korea's Fake IT Worker Scheme Sets Sights on EuropeRoyal Mail Investigates Data Breach Affecting SupplierStripe API Skimming Campaign Unveils New Techniques for TheftOver Half of Attacks on Electricity and Water Firms Are DestructiveAmateur Hacker Leverages Russian Bulletproof Hosting Server to Spread MalwareCrushFTP Vulnerability Exploited Following Disclosure IssuesMajor Online Platform for Child Exploitation Dismantled Tweet of the Week (41:25)https://x.com/MalwareJake/status/1907416667052786110 Come on! Like and bloody well subscribe!
    Show more Show less
    52 mins
  • Episode 222 - The Disappearing Episodes Episode

    Episode 222 - The Disappearing Episodes Episode
    Mar 3 2025
    This week in InfoSec (11:22)With content liberated from the “today in infosec” twitter account and further afield27th February 2002: Timothy Allen Lloyd was sentenced to 41 months in prison for activating a logic bomb at Omega Engineering, 20 days after being fired as a network administrator.https://x.com/todayininfosec/status/1895255588881474024 18th February 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets. The incident was a...well...Whopper! https://x.com/todayininfosec/status/1891999132866183322 Rant of the Week (17:34)Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.The military man even Google searched for "can hacking be treason," and "US military personnel defecting to Russia," according to prosecutors who argue he poses a serious flight risk and should be detained.Cameron John Wagenius, 21, was arrested in Texas in December, and last week told a federal court judge he intends to plead guilty to unlawfully posting and transferring confidential phone records. Prosecutors have also linked Wagenius to two other men accused of stealing data from more than 150 Snowflake cloud accounts in April 2024, and then demanding payment to keep a lid on that info.After admitting his crimes in court, and showing a willingness to enter a guilty plea, "Wagenius should be detained as both a danger to the community — given his ability to access sensitive datasets — and a serious risk of flight," Uncle Sam's attorneys argued."While engaged in these criminal activities, Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service," the documents allege. Billy Big Balls of the Week (24:32)100-plus spies fired after NSA internal chat board used for kinky sex talkMore than 100 US spies have been fired, and their security clearance revoked, after an internal NSA messaging system was used by staff to chat about their sex lives.After the NSA – the National Security Agency, that is, not the other meaning – confirmed on state media it was "aware of posts that appear to show inappropriate discussions" by intelligence community employees and that "investigations to address this misuse of government systems are ongoing," Trump's Director of National Intelligence Tulsi Gabbard announced more than 100 people had since been terminated.The messaging app in question is the NSA's Intelink, a secure intranet service used by various American military and intelligence teams to share information, including top secret and classified threat intel.Federal workers said to have been involved in the NSFW Intelink chatter included personnel at the NSA, the Defense Intelligence Agency, and US Naval Intelligence."There are over 100 people from across the intelligence community that contributed to and participated in … what is really just an egregious violation of trust," Gabbard told Fox News commentator Jesse Watters Tuesday. "What to speak of, like basic rules and standards around professionalism." Industry News (32:54)Chinese-Backed Silver Fox Plants Backdoors in Healthcare NetworksRansomware Gang Publishes Stolen Genea IVF Patient DataHaveIBeenPwned Adds 244 Million Passwords Stolen By InfostealersSignal May Exit Sweden If Government Imposes Encryption BackdoorDISA Global Solutions Confirms Data Breach Affecting 3.3M PeopleFBI Confirms North Korea’s Lazarus Group as Bybit Crypto HackersOpenSSF Publishes Security Framework for Open Source SoftwareSoftware Vulnerabilities Take Almost Nine Months to PatchDragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen Tweet of the Week (42:59)https://x.com/roytait/status/1895224942565970354 Come on! Like and bloody well subscribe!
    Show more Show less
    47 mins
  • Episode 211 - The Last of the Year Episode

    Episode 211 - The Last of the Year Episode
    Dec 11 2024
    This week in InfoSec (11:10)With content liberated from the “today in infosec” twitter account and further afield4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches.https://twitter.com/todayininfosec/status/1864299155583127739 5th December 1996: Julian Assange pleaded guilty to 25 of 31 hacking charges and related charges and was ordered to repay $2,100 to Australian National University. He had been arrested in 1994 for hacking crimes committed in 1991. The court case details weren't released until 2011.https://twitter.com/todayininfosec/status/1864664694243434977 Rant of the Week (17:21)Severity of the risk facing the UK is widely underestimated, NCSC annual review warnsThe number of security threats in the UK that hit the country's National Cyber Security Centre's (NCSC) maximum severity threshold has tripled compared to the previous 12 months.Published Tuesday 3rd December, GCHQ's tech offshoot's 2024 review reveals that 12 incidents topped the NCSC's severity classification system out of a total 430 cases that required support from its Incident Management (IM) team between September 2023 and August 2024. The finding represents a 16 percent increase year-over-year.The number of nationally significant incidents also rose from 62 last year to 89 in the latest data, six of which were caused by exploiting two Palo Alto and Cisco zero-days. This number includes the 12 deemed maximally severe and an undetermined number of attacks on the UK's central government. Billy Big Balls of the Week (25:50)Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spywareA Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.Kirill Parubets was detained in Russia for 15 days after being accused of sending money to Ukraine, during which time the man was beaten and subjected to aggressive efforts to recruit him as an FSB informant on his contacts in Ukraine.According to his account of the story, published with his consent by Toronto University's Citizen Lab and First Department legal organization, he says he was threatened with life imprisonment if he failed to comply with the recruitment drive.In order to secure release, he agreed but before he was indoctrinated he and his wife fled the country. Always keep a second passport, if possible. Industry News (32:21)Crypto.com Launches Massive $2m Bug Bounty ProgramGerman Police Shutter Country’s Largest Dark Web MarketENISA Launches First State of EU Cybersecurity ReportWirral Hospital Recovery Continues One Week After Cyber IncidentFBI Warns GenAI is Boosting Financial FraudEuropol Dismantles Major Online Fraud Platform in Major Blow to FraudstersDeloitte Denies Breach, Claims Cyber-Attack Targeted Single ClientRomania Exposes TikTok Propaganda Campaign Supporting Pro-Russian CandidateFCC Proposes Stricter Cybersecurity Rules for US Telecoms Tweet of the Week (43:43) https://twitter.com/McGrewSecurity/status/1865050788369772974 Come on! Like and bloody well subscribe!
    Show more Show less
    51 mins
adbl_web_global_use_to_activate_webcro768_stickypopup

What listeners say about The Host Unknown Podcast

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available