The Host Unknown Podcast

8th July 2008: Several DNS vendors released patches to mitigate an attack method discovered by Dan Kaminsky which could be used to cause DNS cache poisoning. Kaminsky had discovered the vulnerability 6 months prior and reported it to vendors privately so they could address it. RIP, Dan.

https://x.com/todayininfosec/status/1942695691270193211

10th July 1999: Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the successor to Back Orifice, released by cDc a year prior. DilDog proclaimed it "a remote administration tool for corporate America". 

h...

27th June 2007: Live Free or Die Hard was released. Cop John McClane partners with hacker Matt Farrell to stop cyberterrorists trying to take down the US's infrastructure. Traceroute (1337!) is used to find the ringleader's location, then McClane kills him by shooting HIS OWN shoulder.

https://x.com/todayininfosec/status/1938731279937057144     

1st July 2003: California's data breach notification law went into effect. California became the first US state to require disclosure of breaches of personal information.
https://x.com/todayininfosec/status/1940220561080332760 

Meta calls €200M EU fine over pay-or-consent ad model 'unlawful' 

Meet Soham Parekh...

17th June 1995: Spyglass goes public

World Wide Web software producer Spyglass Inc. went public, the year after it had begun distributing its Spyglass Mosaic software, an early browser for navigating the Web. With previous year's earnings at $7 million, Spyglass was founded by students at the Illinois Supercomputing Center, which also inspired Netscape Communications Corp.

https://www.computerhistory.org/tdih/june/27/#spyglass-goes-public  

26th June 1989: Robert Tappan Morris (who released the Morris worm in 1988) became the first person to be indicted under the US's Computer Fraud and Abuse Act (CFAA), enacted by Congress 3 years earlier. He...

11th June 1986: Ferris Bueller's Day Off was released. https://x.com/todayininfosec/status/1932838235102716317

13th June 1994: A Russian hacker group led by Vladimir Levin stole $10.7 million from Citibank via X.25, in what was the first international bank robbery over a network to be made public. Levin was caught in London in 1995 and sentenced in the US to 3 years in prison in 1998. https://x.com/todayininfosec/status/1933504310643773697 

“Localhost tracking” explained. It could cost Meta 32 billion. 

Wanted: Junior cybersecurity staff with 10 years' experience and a PhD 

Industry News

#Infosec2025: Top Six Cybe...

26th May 1995: Realizing his company had missed the boat in estimating the impact and popularity of the Internet, Microsoft CEO Bill Gates issues a memo titled, “The Internet Tidal Wave,” which signaled the company’s focus on the global network. In the memo, Gates declared that the Internet was the “most important single development” since the IBM personal computer — a development that he was assigning “the highest level of importance.” Still, it is curious why it took someone who was regarded as a technology “innovator” so long to realize this.

https://thisdayintechhistory.com/05/26/bill-gates-internet-tidal-wave/

Irish privacy watchdog OKs Meta to train AI on EU folks' posts

Judge allows Delta's lawsuit against CrowdStrike to proceed with millions in damages on the line

https://x.com/fesshole/status/1925815219655233765?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg

And of course... can't NOT mention: https://www.bbc.co.uk/iplayer/episode/m002d2lh/inside-the-high-street-cyberattacks 

Come on! Like and bloody well subscribe!

As always we will bring you today in infosec, a rant, admire a billy big ball move, talk about industry news, and bring you a tweet or alternatively suitable social media post of the week.

Hey, it's hard enough Thom being off that I have to edit and publish this, I need to find an AI to write the notes for me. Love you all, Javvad... now go an subscribe! 

Come on! Like and bloody well subscribe!

Episode 219 of the Host Unknown Podcast covers a wide range of humorous and insightful discussions relating to both technology and personal anecdotes. Key segments include a nostalgic look back at significant moments in InfoSec history, as well as a critique of a poorly-constructed analogy between casino strategies and cybersecurity. The hosts also discuss the misadventures of an AI app that wasn't really AI, cyber insurance claims, the fines against TikTok and NSO Group, and the importance of Cyber Essentials certification. The episode is peppered with casual banter about everyday life and observations, making for an entertaining yet informative listen. 

This week in InfoSec  (10:26)

With content liberated from the “today in infosec” twitter account and further afield

1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion".

https://x.com/todayininfosec/status/1907094503552336134     

1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based e-mail service quickly won converts. The fact that Gmail was invitiation-only for a long time...

This week in InfoSec  (11:22)

With content liberated from the “today in infosec” twitter account and further afield

27th February 2002: Timothy Allen Lloyd was sentenced to 41 months in prison for activating a logic bomb at Omega Engineering, 20 days after being fired as a network administrator.

https://x.com/todayininfosec/status/1895255588881474024    

18th February 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets. The incident was a...well...Whopper! 

https://x.com/todayininfosec/status/1891999132866183322

Rant of the Week (17:34)

Army soldier sus...

This week in InfoSec  (11:10)

With content liberated from the “today in infosec” twitter account and further afield

4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of  compromised records from hundreds of breaches.

https://twitter.com/todayininfosec/status/1864299155583127739    

5th December 1996: Julian Assange pleaded guilty to 25 of 31 hacking charges and related charges and was ordered to repay $2,100 to Australian National University. He had been arrested in 1994 for hacking crimes comm...

This week in InfoSec  

With content liberated from the “today in infosec” twitter account and further afield

24th November 2014: The Washington Post published an article which included a photo of TSA master keys. A short time later functional keys were 3-d printed using the key patterns in the photo. Oops.

https://twitter.com/todayininfosec/status/1860803840620044356   

22nd November 2010: Matt Blaze published the PowerPoint slides he was contractually required to submit for his 2011 RSA Security Conference presentation. Matt hates PowerPoint. Take a moment to admire the slides he submitted.

https://twitter.com/today...

This week in InfoSec  (08:24)

With content liberated from the “today in infosec” twitter account and further afield

12th November 2012: John McAfee went into hiding because his neighbour, Gregory Faull, was found dead from a gunshot. Belize police wanted him to come in for questioning, but he fled to Guatemala where he was then arrested. He was never charged, though he lost a $25 million wrongful death suit.

https://x.com/todayininfosec/status/1856538748361515355   

12th November 2000: Bill Gates demonstrates a functional prototype of a Tablet PC. Microsoft claims “the Tablet PC will represent the next major...

This week in InfoSec (13:28)

With content liberated from the “today in infosec” twitter account and further afield

5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs.

https://twitter.com/todayininfosec/status/1853799779626578186  

5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version...

No notes this week - Andy had ONE job...

Come on! Like and bloody well subscribe!

How does Thom also do the episode notes? 

This week in infosec  was about a EULA

Rant of the week

https://securityaffairs.com/170125/laws-and-regulations/sec-fined-4-companies-misleading-disclosures-impact-solarwinds-attack.html

Billy Big Balls

https://www.theregister.com/2024/10/24/anthropic_claude_model_can_use_computers/

Some news articles from infosecurity-magazine.com 

Tweet of the week 

https://x.com/thomas_violence/status/1849627627474293148 

Come on! Like and bloody well subscribe!

This week in InfoSec  (08:29)

With content liberated from the “today in infosec” twitter account and further afield

10th October 1995: Netscape introduced the "Netscape Bugs Bounty", a program rewarding users who report "bugs" in the beta versions of its recently announced Netscape Navigator 2.0 web browser.

Navigator was the dominant browser from 1995-1998, when it was overtaken by Internet Explorer.

https://twitter.com/todayininfosec/status/1844466277718556683

8th October 2008: University student David Kernell was arraigned. He compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, using public info to reset her p...

This week in InfoSec  (10:01)

With content liberated from the “today in infosec” twitter account and further afield

27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits.

https://twitter.com/todayininfosec/status/1839709145282277614

3rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress that one perso...

This week in InfoSec  (10:44)

With content liberated from the “today in infosec” twitter account and further afield

18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes.

https://twitter.com/todayininfosec/status/1836495262409175187  

17th September 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would be architected to prevent it from being technically feasible for the company to extract data from customer devices. A day later Google made a similar announcement pertaining to Android.

With iOS 8 Update...

This week in InfoSec  (11:25)

With content liberated from the “today in infosec” twitter account and further afield

12th September 2014: Stephane Chazelas contacted Bash maintainer Chet Ramey about a vulnerability he dubbed "Bashdoor", which later becoming known as Shellshock. It was publicly disclosed 12 days later.

Shellshock was kind of a big deal - and the vuln had been in Bash for 25 years!

https://x.com/todayininfosec/status/1834293229472416242  

9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project). In 2023 it was renamed the Open Worldwide Application Security Project.

https...

This week in InfoSec  (13:08)  

With content liberated from the “today in infosec” twitter account and further afield

3rd September 2014: Twitter launched its bug bounty program via the HackerOne platform, stating it would award at least $140 for vulnerabilities found in http://x.com/ or its Android or iOS apps.

$140? 140 was the max tweet length. $1.6 million has been paid out since inception.

https://twitter.com/XSecurity/status/507220774336225280

https://x.com/todayininfosec/status/1831408686604140602

30th August 2014: A user of the message board 4chan posted leaked nude photos of Jennifer Lawrence, Kate Upton...

This week in InfoSec  (07:42)

With content liberated from the “today in infosec” twitter account and further afield

29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material".

https://twitter.com/todayininfosec/status/1829252932178719161  

27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution."

https://twitter.com/todayininfosec/status...

This week in InfoSec  (06:43)

With content liberated from the “today in infosec” twitter account and further afield

18th August 2004: Text messages sent to promote the video game "Resident Evil: Outbreak" stated "Outbreak: I'm infecting you with t-virus". This scared recipients, who were only about 7% less technologically savvy than mobile phone users today.

https://x.com/todayininfosec/status/1825257955878641888   

20th August 2003: Philippe Oechslin shared his technique he called "rainbow tables" during a talk at the 23rd annual crypto conference, Crypto 2003.

It became a popular approach for cracking password hashes. Today it...

This week in InfoSec  (10:28)

10th July 1999 - Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the successor to Back Orifice, released by cDc a year prior. DilDog proclaimed it "a remote administration tool for corporate America".

https://twitter.com/todayininfosec/status/1811133606015983680

9th July 1981 - The game that launched two of the most famous characters in video game history is released for sale. Donkey Kong was created by Nintendo, a Japanese playing card and toy company turned fledgling video game developer, who w...

This week in InfoSec  (07:40)

With content liberated from the “today in infosec” twitter account and further afield

3 July 1996 - a mere 28 years ago the movie Independence Day was released.  In it, Jeff Goldblum and Will Smith fly into an alien vessel in a 50-year-old space junker, then upload a computer virus in less than 5 minutes

https://twitter.com/todayininfosec/status/1808464060972667170

Rant of the Week (11:07)

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

https://www.theregister.com/2024/07/05/qilin_impacts_patient/

EXCLU...

This Week in InfoSec (12:30)

With content liberated from the “today in infosec” twitter account and further afield

24th June 1987: The movie Spaceballs was released. With a budget of $23 million, it grossed $38 million at the box office in North America. Though 37 years have passed, the secret code scene remains a reminder of why security is hard.

Watch the secret code scene from Spaceballs and weep. Or laugh. Or both. Has much changed when it comes to password security since the movie was released 37 years ago today?

The 64 second scene: https:///youtu.be/a6iW...

This week in InfoSec  (11:16)

With content liberated from the “today in infosec” twitter account and further afield

5th of June  1991, a mere 33 years ago, : Philip Zimmermann sent the first release of PGP to 2 friends, Allan Hoeltje and Kelly Goen, to upload to the Internet. 

From the man himself, 

First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world. Then, I uploaded it to Kelly Goen, who proceede...

This week in InfoSec  (07:29)

With content liberated from the “today in infosec” twitter account and further afield

28th May: 2014: LulzSec hacker Hector Monsegur, known as Sabu, was sentenced and released the same day on time served for his role in a slew of high-profile cyberattacks. He had served 7 months in prison after his arrest.

https://x.com/todayininfosec/status/1795228730735886650

25th May 2018: The General Data Protection Regulation (GDPR) in the European Union (EU) to strengthen and unify data protection became effective - just over 2 years after it was adopted by the EU.

...

This week in InfoSec  (11:36) 

With content liberated from the “today in infosec” twitter account and further afield

17th May 2015: CNN published their article on a statement Cybersecurity Consultant, Chris Roberts had publicly made on Twitter a month earlier.  There were lots of accusations made regarding Chris Roberts' actions hacking into computer systems while a passenger on multiple airline flights. Did he actually cause a plane to fly sideways? Maybe? But it's not like he made it fly upside down.

FBI: Hacker claimed to have taken over flight’s engine controls

https://twitter.c...

This week in InfoSec  

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000. 

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthori...

This week in InfoSec  (07:04)

With content liberated from the “today in infosec” twitter account and further afield

23rd April 2005: The first video uploaded to YouTube, “Me at the zoo,” is posted on April 23, 2005 at 8:27 PM by co-founder Jawed Karim. For now being a piece of history, the video is actually pretty dumb.

Note to future entrepreneurs: what you do may be for posterity. Choose wisely.

22nd April 1988: 1988: The VIRUS-L email mailing list was created and moderated by Ken van Wyk while he was working at Lehigh University. It was the first electroni...

This week in InfoSec  (08:49)

With content liberated from the “today in infosec” twitter account and further afield

7th April 1969: Steve Crocker, a graduate student at UCLA and part of the team developing ARPANET, writes the first “Request for Comments“. The ARPANET, a research project of the Department of Defense’s Advanced Research Projects Agency (ARPA), was the foundation of today’s modern Internet. RFC 1 defined the design of the host software for communication between ARPANET nodes. This host software would be run on Interface Message Processors or IMPs, which were the precursor to Internet routers. The “host sof...

This week in InfoSec  (06:10)

With content liberated from the “today in infosec” twitter account and further afield

3rd April 2011: Email marketing and loyalty program management company Epsilon reported a data breach of names and email addresses of numerous companies' customers, totaling at least 60 million records. Dozens of companies were impacted, including Kroger, Walgreens, Verizon, and Chase.

https://twitter.com/todayininfosec/status/1775598288277835996  

1st April 1995: US President Bill Clinton and Russian President Boris Yeltsin announced a pact to exchange their personal PGP keys and to make the technology available to all citizens worldwide. (April F...

This week in InfoSec   (07:32)

With content liberated from the “today in infosec” twitter account and further afield

20th March 2007: Dragos Ruiu announced the first Pwn2Own contest, which was held that April in Vancouver, Canada. The contest is still being held today - and in fact Pwn2Own Vancouver 2024 started today.

https://twitter.com/todayininfosec/status/1770592695255249038

16th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after the Creeper - a villain from a 1970 episode of the TV ser...

This week in InfoSec  (14:26)

With content liberated from the “today in infosec” twitter account and further afield

7th March 2017: WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency (CIA). Code-named Vault 7 by WikiLeaks, it was the largest ever publication of confidential documents on the agency.

https://twitter.com/todayininfosec/status/1765828993713090565

14th March 2013: Security journalist Brian Krebs was swatted when police responded to a spoofed 911 call claiming Russians had broken into his home and had shot his wife.

One of several people who made the false...

This week in InfoSec  (06:53)

With content liberated from the “today in infosec” twitter account and further afield

1st March 1988: The MS-DOS boot sector virus "Ping-Pong" was discovered at the Politecnico di Torino (Turin Polytechnic University) in Italy.

The virus would show a small ball bouncing around the screen in both text mode (ASCII character "•") and graphical mode.

https://twitter.com/todayininfosec/status/1763540406443163705  

26th February 2004: Antivirus firm F-Secure apologized for sending the Netsky.B virus to 1000s of its UK customers & partners via a mailing list. The unknown sender sent it throug...

This week in InfoSec  (06:25)

With content liberated from the “today in infosec” twitter account and further afield

16th February 2010: Version 2.0 of the CWE/SANS Top 25 Most Dangerous Software Errors was released.

Take a look and decide which of these weaknesses have been eradicated over the last 14 years.

Web Archive

https://twitter.com/todayininfosec/status/1758712418601971748

20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guilty to a federal charge of intentionally causing damag...

This week in InfoSec  (08:40) 

With content liberated from the “today in infosec” twitter account and further afield

14th February 2001: In a presentation at Black Hat Windows Security Conference 2001, Andrey Malyshev of ElcomSoft shared that Microsoft Excel uses a default encryption password of "VelvetSweatshop".

https://twitter.com/todayininfosec/status/1757782275406622835

16th February 2004: The Netsky worm first appeared. It spread via an email attachment which after opened would search the computer for email addresses then email itself to those addresses. Its dozens of variants accounted for almost a quarter of malware detected in 2004...

This week in InfoSec  (08:59)

With content liberated from the “today in infosec” twitter account and further afield

8th February 2000: A 15-year-old Canadian identified at the time only by his handle  "MafiaBoy" launched a 4-hour DDoS attack against http://cnn.com. The attacks also targeted Yahoo, eBay, Amazon and other sites over a 3 day period. In 2001 a Canadian court sentenced him to 8 months.

https://twitter.com/todayininfosec/status/1755576730306089245

7th February 2000: Dennis Michael Moran (aka Coolio) performed a smurf attack against Yahoo's routers, causing its websites to be inaccessible for hours. Conversations on an IRC...

This week in InfoSec  (08:19)

With content liberated from the “today in infosec” twitter account and further afield

31st Jan 2011 (13 years ago): Chris Russo reported a vulnerability to dating website PlentyOfFish's CEO Markus Frind's wife. Yada yada yada Markus Frind then accused Russo of extortion and emailed Russo's mother.  

https://techcrunch.com/2011/01/31/plentyoffish-ceo-we-were-hacked-almost-extorted-so-i-emailed-the-hackers-mom/

https://krebsonsecurity.com/2011/01/plentyoffish-com-hacked-blames-messenger/

Rant of the Week (13:56)

The TikTok Hearing Revealed That Congress Is the Problem

For some, the job on Thursday was casting the hearing's only witness, TikTok CEO Shou Zi...