lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr0704.txt

859 lines
35 KiB
Plaintext
Raw Permalink Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 704
Title: HPR0704: Disaster Protocol: Annoyed!
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0704/hpr0704.mp3
Transcribed: 2025-10-08 01:15:28
---
You're listening to Syndicate of Therese and Hacker Public Radio.
Warning.
Today's show is not suitable for family listening, nor is it suitable for work listening.
Discretion is advised.
Hello everybody.
Today's Syndicate of Therese Day is an episode from the Disaster Protocol podcast.
Last week was running short of episodes, and Matthew Hughes was kind enough to offer
this show today on Syndicate of Therese Day.
From the above page, the Disaster Protocol podcast is an IT Security Podcast, which aims
to educate the listener about current news and stories regarding the IT Security
sector.
Originally named SHITCAST, Students Hacker Information Technology Podcast, it was aimed
at a lower level of audience, and was more about having fun than getting anything technical
across.
There are two hosts of the podcast Matthew Hughes and Thomas McKenzie.
Matthew Hughes is an ethical-hacking student at a British University and is lead developer
of securitybsd.co.uk.
He is known to podcast for his random facts and amazing shoot downs towards Tom.
Tom McKenzie is a student studying the same course at the same university as Matt, and
he is the co-developer of Opsploit and works part-time from randomstorm.com.
Sit back and enjoy the rest of the show.
Hello everyone and welcome to episode 20 of Disaster Protocol.
Just to give you a little background knowledge on the reason why we're laughing about that
is because Matthew got it wrong in the previous recording and made us go back and change
it.
He thought it was episode 21 and he had to check the website, even to ourself, as if we're
back to SHITCAST, let's face it.
We thought that yesterday.
So yeah, we're at Tom's house recording at the studio.
Cutting the podcast.
Cutting the track with the mic out.
We're not doing another rap dude.
Not tonight.
This is going to be our first ever sober Disaster Protocol, monolightly.
I think we did it before and then we listened to them and then we got drunk because we deleted
them.
So yeah, we're back, what's been going on in your life?
The iPad 2 came out and my girlfriend was around time and I made her cue with me for six
hours to get the iPad 2, but Matthew is it worth it?
That's nice, but yeah, it kind of is worth it.
The biggest thing is not just the iPod and the sound, but how well does it integrate with
all my other products that I've got in my room?
It's beautiful, yeah, I'm getting one when I get to Geneva.
Speaking of which, I had my leaving drinks the other night.
Freya wasn't able to make it, mate, I'm sorry.
I know, it's okay, it's something that you love your girlfriend more than me.
She fell asleep man, the cheeky bent.
Sorry, I can't say that on the mic, can I, sorry Megan.
Anyway, yeah, so you abandoned the one of your best friends in a time of need.
It was good, Scotch was drunk, I lost my ticket.
Who was Scotch?
What?
Who Scotch?
Scotch is in the drink, you fucking war.
Oh right.
Who?
Yeah, we also drank some beer too.
Who's beer?
Yeah, it was a good night.
So, I'm just at the process of getting ready to head over to Geneva.
I found an apartment.
All right, yeah.
I've been in France, so I just commute over every day and it's like a 10 minute bus ride,
I guess.
Oh, that's pretty cool.
Yeah, I'm pumped, I'm really looking forward to it.
Very good.
So this is it.
Looks like we're going.
So, what have you been up to apart from looking for Geneva flats?
Yeah, here you had a bit of a running with your mother to do, to do with having to finish university.
I want to say a running, basically she wants me to kind of carry on just to least do my exams in April,
in case I want to stay and finish my degree.
Honestly, I don't think that's going to happen just because firstly I think that the degree
isn't practical, isn't going to help me get to where I want to be.
I think it's, it's, I kind of don't want to say what I really think before I get my next install
with a student loan, but it's not the best degree in the world.
You honestly could get the same quality by typing in man and map into a organic terminal
and reading the Wikipedia page for Kevin Mittnik.
Speaking of Kevin Mittnik, a new book of his is coming out on the 15th of August.
Cool, and what's it about his life story, isn't it?
Yeah, from what I understand there was an injunction about him making a book about his criminal youth
as well as his wild days.
So he's got a book coming out, which is finally coming out.
We also hear the truth, and not the John Markovized version of it.
Very, very nice.
You had a bit of a running with Markov once again.
I did.
I've had a lot of runnings with people lately.
John Markov, Adrian Lamo.
It's as if I'm trying to alienate people in the industry.
Are you?
That's the question.
Well, if Lamo actually is in the industry, which I kind of doubt.
Speaking of Lamo, the first news story really wasn't supposed to be a new story,
but I just think it kind of ties in well with what Matthew was just speaking about.
And his nude women were rallying in the US for Bradley Manning.
Oh, take it away.
So at disaster protocol, I like Bradley Manning.
I think he's a true American hero who stood up for the principles that America was founded on.
I also like nude women, which I'm sure you do too.
I do, but not least.
Look at me in there.
Why don't we mean some of these look like Shirley Phelps' ropers?
Honestly, isn't that Divina McCall?
What kind of face?
Yeah, but Divina McCall is a wood.
You wood.
Light Rebecca Black.
This is really inappropriate.
It's just the in-your-sick fuck.
That wasn't what you were saying off it.
Tom, Tom, why don't you take a seat over there?
Wait a minute.
I'm already over there.
That's what you're going to say, won't it?
Have you never seen to catch a predator?
Nope.
Okay, but we'll have to.
In fact, we actually saw it on one of our computer crime investigations.
When you want to be in information security, you have to have a good knowledge of to catch a predator.
Good luck, Nathan.
The first real news story is TripAdvisor.
First off, as a service, TripAdvisor doesn't have a scratch on Expedia or Kipe.
Yes, but TripAdvisor isn't about making money for selling holidays.
It's just about...
Yeah, but you can get the same services from Expedia.
You can get...
Yeah, no, but the thing with TripAdvisor is that it's just advising.
Okay.
And for that, you've got a said Kipe as well.
Okay.
I mean, in Expedia, you've got the reviews of the hostels.
You can actually see what amenities the hostels have.
You can do that with TripAdvisor.
Yeah, but TripAdvisor is the one that comes up.
But it sucks.
It might suck, but at the end of the day, it got hacked.
Yeah, and it sucks.
Right.
It got hacked and all other subscribers, and if you're a subscriber and you're listening
to, just a protocol, do please take note that an attacker has your email address
and you may receive spam.
And this is following the attackonplay.com.
And a similar incident happened where the members list was attacked or hacked.
And mischief happened.
And that email list became exposed to spam.
Firstly, it wasn't play.com.
That lost the list.
It was one of the customers.
Silver pop, wasn't it?
Yeah.
So...
Fair enough.
Yeah. And obviously, let's say if you subscribe to TripAdvisor and you work
where the email list has gone there.
So you might want to kind of delete your account, sub a new email, make an account with
Kip and Expedia.
Oh, you might not.
But that's your decision.
That's your prerogative.
What's the next story?
What is the next story?
So, going on the theme of Naked Ladies, here's the RSI.
RSI?
RSI.
RSI, RSI.
Repetitive Strain Injury.
I'm sure there's a joke there about getting RSI in from Naked Ladies.
I'm sure there is, but I'm not going to make it because they've already had their...
They've already had the tough few weeks.
Oh, bless them.
What's gone down?
So, over the...
Basically, last week, RSI dropped a huge...
It says bombshell.
So I'm going to use bombshell.
And it said that 30,000 customers that use the secure ID system, which is two-factor authentication,
may have had their network their stuff compromised.
Okay.
So, what does this mean to the end user?
This means that the two-factor authentication that they use isn't really safe.
It isn't doing what it's supposed to be doing.
Okay.
I'm going from what the register's saying here, but I'll just read here.
Funny some universities do that as well.
It's been a week since RSI dropped a vaguely-worded bombshell on 30,000 customers,
the soundness of the secure ID system that they used to secure their corporate and governmental networks
was compromised after hack and stole confidential information.
You stole confidential information?
Concerning the two-factor authentication products.
Who wrote that article was Elmerford?
I thought it was funny, but what is it?
That was fucking Sylvester.
That's Sylvester.
What did he say?
He goes, kill the way I'll be.
Kill the way I'll be.
Next article is going to be red in Swedish.
What's your standpoint on RSI then?
What's my standpoint on RSA?
RSA is good as long as you don't get RSI from it.
It's still early days, and we don't know how this is going to affect people who use it to secure their online transactions,
so it could just be a kind of...
I don't know.
I'm not sure how...
A paraphrasing of what RSA has said.
This is paraphrasing, like I say.
Yes, we were hacked, and yes, the hack is made off with confidential information
that compromises the security of a product.
You've spent huge amounts of money on, but you'll just have to trust us that you're still safe.
But isn't that what the industry is based on?
Trust.
It might be based on trust, but...
I mean, isn't that what a CA is?
You trust someone to...
Save your certificates of valid, and...
I suppose so, but a certificate being valid,
and authentication on your service or your product,
or whatever you're using the two-factor R4 is completely different.
No, it's massively different, but the principle is trust is essential.
You trust a security order, so you trust a pen tester.
This isn't what people are thinking, though.
I mean, this is another quote.
If they don't give me an answer by the end of tomorrow,
that's whether or not they have been attacked on what the deal is.
If they don't give me an answer by the end of tomorrow,
about whether the seeds were taken,
I'm returning the product.
Said the admin who asked not to be named.
Their integrity is just shot.
Yes, they got hacked, but their response is what's so troubling.
One of the things that I remember back when...
Well, I think it might have been Monster.com,
or some job website.
When they got attacked, they came clean with it straight away.
And that did really well for them.
But then there was another website, similar to that,
that kept it hidden for about six months,
and when that did come clean, nobody was happy
and that it lost our credibility.
So I think telling your customer base that you've been attacked,
at first, may not seem like a good idea,
but you know, it might...
Yeah, but...
Okay, it might be good ideas come clean,
but in the same respect,
it might also be a good idea to keep it quiet.
Just...
Oh, yeah, definitely.
I agree with it.
I know there are falls and against with it,
but the truth really is,
whether or not you lose a few customers at first,
and you know, sustain your brand by telling the truth,
or you...
You know, I've got to lose any customers at all,
and then you go on to tell them about it in the future
or something comes out, something gets leaked,
and then, you know, you've got a problem there.
Oh, so what's next?
What is next?
A black screen, apparently.
It just works.
It does just, but don't you even start?
No, well, we have an Apple TV.
I want an iPad too.
Right.
Talking about a Russian who has been jailed for six years
for hacking a billboard in a catman world where it was
on the busy garden ring road,
close to the interior ministry building in central Moscow.
Basically, what he did was he hacked a billboard
for about 20 minutes,
and he put a two-minute clip that looped on
of pornographic imagery.
Wow.
So, we have a naked girl, Venus, this episode.
Yes, we do.
Maybe we'll end the show with something naked.
Burn naked ladies, the band.
Canadian Prague rocker.
I was thinking maybe you get your top off when we post
another picture on.
I was thinking you get your top off,
and then we kind of push you into the scene,
sort of destroy, you know, the...
Yes, but mate, there'd be no listeners left after seeing me.
At least none alive in sort of, like, you know,
Western Europe.
Just a tsunami that would emerge.
People were like beastly, I see, maybe.
I don't even know where this is going,
but I want to start.
Just your stuff.
So, yeah.
Do you think it was a bit harsh?
Six years.
Yes, but a subsequently says here a subsequent raid
recorded 20 grams of marijuana
enough to charge Blinkoff with narcotics distribution.
All right.
So it just adds...
It just adds up.
What the...
What a shitface bastard.
Trugs are bad.
Yeah, don't do them, kids.
Ever.
Especially...
Morphe.
Especially Morphe.
That's really bad.
That is really, really bad.
Not that we've done Morphe.
No, we personally haven't.
I personally have not.
It gives you bad constipation though.
I've heard it gives bad constipation as well.
And...
So, Russians.
Jay, get jailed for six years for putting porn on billboards.
I think that's a wrap on that story.
Why are you playing Angry Birds upside down on my iPad
when there's a switch that'll turn it right ways up?
Because I don't know this shit.
That switch there...
Switch is quite tough.
That's what she said.
Come on.
Wow.
It's revelation.
Yes, so...
Have you been working on anything fun lately?
We had a bit of a problem with Ubsploit this week.
Okay.
Talk about it.
What happened?
Well, I have been unaware of the way in which we were storing passwords in the database.
Now, the passwords were all salted.
But one of the things that we were using was a static salt for each individual user.
Okay.
What we did was we created a salt for every single user, separate salt for every user.
But we needed a way in which we could reset everybody's passwords.
And we could just reset everybody's passwords, but it'd just be a big bother.
So, we thought we'll wait on it and we'll see what happens.
Anyway, we kind of forgot about it.
And a friend of ours, a friend of the show, Simon Whitehouse.
He found a small book in Ubsploit which changed a lot of people's passwords.
What happened was he edited these email address and some loop occurred.
And it didn't compromise the server in any way, shape, or form in the sense that he was able to get people's passwords.
But what happened was some people's passwords were changed to a random string.
And I myself couldn't even log into the application.
That was for the public area, the administrative area I could still log into because that's separate.
But like I say, there was nothing really bad, nothing really bad happened apart from passwords were changed.
You could easily rectify it by forgetting, you know, clicking forgot password and so on.
Now, so what we did is we used this opportunity to change the passwords of every single user and implement this new salt.
And this new salt is now implemented, meaning that everybody now has their own unique salt.
I'm sorry, but whatever.
You say salt, I just get hungry, dude.
I had computers in the fridge.
Have you, if only I had money to go to McDonald's?
I'm flipping wish the same.
We were both broke as.
Oh, yeah.
So until next week.
I had an interesting weekend, so as I said, I had my weave and drinks.
And on the way back my girlfriend lost a phone and we presumed it was stolen because I got a voicemail at 2am when I was passed out in bed.
Which was just someone walking with the phone.
Right.
So we had to go and deal with that.
And I phoned up the voter phone.
And I canceled the phone.
No, it has to do with say her name, which is a girl's name.
So I obviously don't have a girl's name.
I don't sound like a girl.
You help.
I'm quite convinced to be honest mate.
And I just had to give her a name and her phone number and the phone was cancelled straight away.
That's not very good.
She blocked the IMEI number.
So not only did the cancel the contract that the phone itself was bricked.
And I was just thinking this could be the new frape just when someone's not looking.
Yeah, you're just social engineer, voter phone or team mobile.
Yeah, my name's stolen.
My name's Tom McKenzie.
My number is...
You best not.
I'd never do that to you.
You fucking best not.
Would you fly to Geneva and kick my ass?
I would do more than fly to Geneva and kick your ass.
I would fly to Geneva.
And the airplane would fly so far up your ass that it would come out the other end.
And it would like...
You would be shitting backwards.
Do you know how I know that's not going to happen?
Oh.
Because there is no airplane big enough to take you there.
I'm apparently now installing Nitotv.
That's the protocol, reaching new levels and information security podcasting.
Very, very new levels.
Angry birds and Nitotv.
I just thought it was weird how a voter phone didn't require any authentic cable.
How angry.
That is very weird.
I just think there's just so much room for it to be abused.
When I say there was no authentication, there was actually no authentication.
I just phoned up and just can't...
Problem, Tom?
No problem at all.
And I just can't say a bit.
Even calling from a different phone as well.
Which obviously would be because it was stolen, but...
Hey, have you got anything to add, Tom?
To your story.
That's it.
Not to my story, but have you got anything to talk about?
I think to be honest with you, I haven't really done anything much because my girlfriend's been here and obviously now I've got my iPad.
That's really all I've been doing is my iPad.
My girlfriend's been up too.
My girlfriend's up all the time.
I suppose there's some proof in that.
Wow.
So...
Yeah.
So this was disaster protocol.
I'd like to end the show now, but I'm kind of locked out with Tom's computer.
So I've got a carry on podcasting.
Yeah, because I forgot my password.
Is it the same as the password for your iPhone, which is 0208?
Is it the same for the password for your Twitter, which is?
No, I wouldn't do that.
I wouldn't do that.
I know you would.
Well, so we have to talk about it.
See, being drunk helps.
It does.
Do you want to kind of like pause the recording?
Go back into the kitchen and think you've got like a bottle of yeager moster in there.
It's not mine.
I'll buy her another one next week.
Well, you fuck buy her another one next week, she'll go mental.
Well, it's not safe for me to do on a cardboard cut or something.
I need to tell you what, is it better for me to get drunk or is it better for you to get drunk?
Well, I'm not drinking.
I have about 8,000 words to write tonight.
So, I'll have that if you want.
I thought you were drinking.
That's quite fancy a lot, though.
No, you said you were not drinking.
Maybe we'll down it.
I'll have a nice refreshing water.
Now, one thing I did want to talk about is this new thing called codeschool.com.
And it's very much a kind of training.
I think they've got to teach you how to program in Ruby and HTML, CSS and Ruby best practices.
So, avoid.
It's been a while.
Yeah, you probably have got a bit of experience last Friday.
So, if you went to my leave and do like a friend.
It can be a go off.
Yes, but not when it's in a can.
You've just got a one kind of fosters, which is terrible.
Jesus construct my head.
Yes, so they have a free training class out now, which teaches you the basics of Ruby on Rails
in a pretty effective format.
Yeah.
So, yeah, that's sort of so about.
Oh, what's pleads?
Yeah.
Oh, please was really good.
I spoke.
And you got...
Well, it didn't really go down well, did it?
No, they didn't...
They didn't like my deer as much as...
They didn't like my deer as much as they did that tomb con.
But after thinking about what they were saying and looking into what they were saying,
I don't think I agree with them either.
The argument was my talk, by the way, was on them simulating real world attacks.
So, creating test environments that were actually like real world attacks.
So, allowing not just for the fixing of holes and vulnerabilities,
but to allow the cis admin and into the response teams to actually see how they would monitor
and log an incident right from the start right to the end.
And their argument was that it was very Americanized, which I can understand,
because a lot of my research came from people based out in the States.
But what they did say was that it was something that crests methodology,
crest or check methodology, followed that this needed to be done.
Which, again, I agreed at the time, but after looking at crest and check a bit more closely,
it isn't actually something that is stated about simulating real world attacks.
In fact, after looking a bit more closely into crest and check,
a methodology isn't properly written out.
And when I say a methodology, I think I mean things like OSS, TWM,
and the PTS, and the OST testing guide.
So, what I'm going to do is I'm going to look a bit more into it,
because I may be wrong at the moment, but I'm going to look a bit more into it,
and I'm going to carry on my research, because I am speaking beside Chicago
on the 16th of April I think it is.
And to be honest with you, I think the talk will go down the hell of a lot better in America
than it will do in England.
The reason why I brought this up was I just thought,
I mean, you could be wrong, you know, you could be Greg Evans in,
but I just, I don't think the showed the right amount of respect to you.
It was a bit like a public execution moment, anything.
I understand exactly what they were saying,
and at the time I agreed with them, and I gave them all the right answers back.
But the biggest thing that the guide said really shot himself in the foot,
what he was saying was basically if you follow Crest or if you follow Check,
then, you know, this isn't necessary.
Two things, not everybody's in Crest, not everybody's Check, that's the first one.
So what are people like myself, like Matthew,
like anybody who does pen testing without them qualifications meant to do?
How are they supposed to follow a methodology that you have to take an exam for,
or in their parent methodology?
And secondly, he then went on to say that Check and Crest isn't as hard as people make out
because you can take the exam over and over and over again, until you pass it.
So what he actually said there was that, yeah, there's a methodology in place.
But if you fail, just try again, and it's trial and error really,
which, to be honest with you, kind of completely counts his argument as void.
But if we take away what he said there, I mean it's the monkeys of typewriter's argument.
Yeah, exactly. Well, that's exactly what we were talking about was how, you know,
at the moment we have people who just run scans and give out a automated report.
Yes, there's monkeys.
Yes, there's monkeys, exactly.
I've got to give full disclosure for that one, Mike Kemp, I've made it that term.
So that's something that, you know, is...
I'm not annoyed because, to be honest with you, what the guys have done
is they've readyed me for that kind of thing to happen again.
And also, it showed that my presentation was slightly incomplete,
which, what I mean by that is that I need to include stuff about crest and check.
But in fact, presentation.
If you're giving that presentation at B-sides...
Nobody's going to know what...
Yes, it's a UK-specific thing.
So, like I said before, I'm not worried about Chicago.
My only issue with it is that they didn't show the right amount of respect in the corner.
I just thought it was about public crucifixion more than, you know,
a bunch of professionals talking about an idea.
I can understand what you're saying.
Do you agree with what I'm saying or do you think?
No, I understand what you're saying, but at the same time,
I do think that they could have gone about it about a different way.
But at the same time, I think that if they hadn't,
it wouldn't have made me research into the topic more and realised that I think I was right.
Well, I'm glad you've reached that conclusion.
But if anybody has any information about check and crest
and how it relates to a methodology or how we can...
how the methodology talks about simulating real-world attacks,
if you can send me an email at tomas.machenzie at upspoint.com
or info.upspoint.com.
I'd be really interested to hear back about it and, you know,
I'll include references to you and your findings or whatever in my presentations.
Going back onto my presentations and stuff,
I'm going a bit more deeper into creating a methodology.
At the moment, it's just an idea.
But for Chicago, I need to come up with a baseline methodology.
And Simon Whitehouse has actually helped me out with that
and we're hoping to have a website up in the next few weeks
with information about the project and how we aim to have it
linked in with other things.
And like I say, I'm not expecting it to be taken off and whatever.
But what I want is I want to be able to have,
as opposed to the red team of penetration testing.
So how red teaming is more like you're not attacking the whole,
you know, getting into the building and, you know,
getting information what I want to do is I want to create a pen test red teaming,
like based approach where you actually are given full access to that network
and you can fully, I wasn't going to say a bad word then,
fully kill a network.
Like Chris Nixon's talk at Bruchon.
Very similar to Chris Nixon's talk at Bruchon.
Chris Nixon's talk at Bruchon is one of the things that I refer to in my talk
because Chris Nixon has helped me out a lot with ideas and information
about all this type of thing.
And yeah, Chris Nixon's talk is something that I'm linking it to.
But I'm also linking it to a talk that Carlos Perez did at HackCon last November.
And he's talking about obfuscation methods.
So instead of using Chris Nixon's idea about grading on a skill level,
so grading on the level of script kiddie to like professional,
I'm talking about grading on a noise level, so low medium and high.
So low medium and high noise.
Okay.
So like kind of script kiddie, not from a university graduate.
No, not from a university graduate, but low script kiddie.
Oh yeah, that's true, that's true.
I can use N-Map.
Speaking of that fine educational institution.
I know what you're going to say now.
Can we talk about it?
I think, yeah, I think I think you can.
I think I'm angry for you.
I'm past angry.
Tom, what happened?
I did a paper on the upswipe of all things.
And my lecturer beforehand asked if he could use my paper
to reference for a magazine article for the BCS.
And for those who don't know BCS, it's the British Computing Society.
So I said, yeah, that's brilliant, that's fine.
Expecting, you know, him to understand that, you know,
I know all knowledge, but it's quite because I am the founder and the owner
and the director of Upswipe Limited.
So I handed the paper in nine pages.
And it was a good paper.
I read it.
I thought it was a good paper.
So I get the mark back three weeks later,
which was about two days ago.
And I get 50%.
So I'm thinking right, 50%.
Okay, so I must have some, you know, comments how to make this better.
The comments were,
we don't have enough background knowledge into the subject area.
Which it was about vulnerability exposure and direct vulnerability exposure company,
which is, you know, has contracts.
It's used by a lot of professionals.
And business partners in place and all that.
So that's the first one.
And the second one was that I didn't use enough up-to-date resources.
And which I find quite amusing because I am the up-to-date resource.
And I did use up-to-date resources.
And I even fucking referenced myself in my paper.
So pretty much fucked, basically.
Pretty much what the fuck?
What the actual fuck?
Fuck me sideways would be the right expression right there.
Yeah.
Honestly, it's such a terrible cause.
Let's put it this way.
I mean, we've both had terrible years.
Very bad, yeah.
Not, I'm not talking about Mark what is bad, yeah.
I'm just talking about how just motivation to live here with this cause.
Yeah.
Our, I mean, in the past year, our lives have basically...
Been outside of uni?
Not outside of uni, but things just haven't been well built for us.
You know, you recently lost your job.
I've been a single.
I mean, I've got a new one of the moods.
Do you think that things great, that things have been good?
I've been living with people who are fucking terrible people at the best of times.
Like, they make Mussolini look like Spartacus from LazyTown.
I love how you like, I know love how you know who Spartacus off LazyTown.
Spartacus.
Exactly.
See, I should know this shit cause I've got younger siblings.
You've got fucking no reason to understand or know who the fuck Spartacus is.
Yeah, it's...
I just get from that.
It's just the fact that we've been doing a course which we feel has gone nowhere.
It's just kind of being as both fucking miserable and physically.
But I think that the end point now, and this is the last time I'm going to speak of the university on the podcast
because I think he's getting old like the Greg Evans shit got old.
Yeah, but...
I was in class and I gave a presentation in my forensics class to my ethical hacker and ethical hacking lecturer
about a project that I was going to be doing on obfuscation.
This is where the simulating real world attack thing came out of.
And in my presentation, it said that what I was going to do is I was going to get the help of the lecturer
and the sub lecturer to help me undergo forensic analysis because they are forensic analysis.
That's what they do there.
They're in forensics.
So they're like two in forensics.
One of them is in forensics.
The other one is not.
Anyway, by the by.
As a joke to try and embarrass me in front of my peers, he went,
ah, that's going to cost you 350 euros a day.
Because that's how much I charge myself out for.
Well, too bad because I charge myself out for no less than £550 a day.
So, you know, that's the kind of thing that you can end it there.
That is the end.
That is the...
You draw a line underneath that.
Yeah.
I charge at least £200 a day more than he does.
At least.
And people are willing to pay for it because you offer a quality service.
And you get a free iNK.
And you get a free iNK with the report on?
Yeah.
With the report comes on the free iNK.
With my logo etched on it.
No, it's...
I'm not going to talk about the University again.
Not on any kind of serious level just because it's going to be a non-issue.
I'm going to be doing a well-paid job in one of the most guffable cities in the world.
Doing something which people...
I don't like Liverpool.
Liverpool is one of the most...
Yeah, I'd say it's guffable.
Now, I know it'll be working with cool people in an international environment.
Yeah, and I'm really looking forward to it for you mate seriously.
Yeah, I'm looking forward to it.
Gee, that is...
Well, I don't know how this will affect my knowledge of the inner workings of N-Map.
So...
So yeah, University, great.
It's just...
It's made as fucking miserable.
It's zapped motivation from us.
And a lot of people who were interested in it.
You won the guys in the course last year.
One of the most brilliant Linux guys I've ever met.
It was a great coder runabout.
Yeah, I know, you mean, yeah.
He was just got so disillusioned with the course.
He left to become a plumber.
Yeah.
And this was a guy who...
He could rewrite the Linux card he wanted to.
This guy...
He was phenomenal.
This guy did the whole year's programming assignment in one lesson.
Which...
Pardon me.
And it's no surprise that the course is such a high turnover of students.
In the last year, there's about, I think, I got told it was five people there.
Don't quote me on that.
In your year, how many people were there?
I don't know, because I haven't been since Christmas.
Yeah.
Exactly. That's the point.
And the thing is, is I'm getting better marks this year, not going.
Then I am last year when I went to pretty much every lesson.
Yeah.
It's...
It's just a waste of time.
It's fucking shit.
Right. Anyhow.
Anyhow.
I'm just...
I'm doing...
I'm moving on.
Things are good.
I've accepted the job.
And it's going to help me become a better professional than the course will be.
And whenever people email me, hey, I heard you're podcasting.
And how do you do ethical hacking enough from university?
I just tell them straight up what I think about the course.
Straight up.
Matthew.
Yeah.
Fucking turn your noise down.
Noise down.
Oh, shit.
That was me, sorry.
Fucking hypocrite, dude.
No.
Well, I think we've covered pretty much everything we've talked about.
I just wanted to vent about that.
I think I was angry for you.
Yeah.
Fuck.
We're all can.
Three.
So, Tom, if people want to email you, if you email me at Tom at disasterprotocol.com.
And my website is www.teamacuk.co.uk.
Twitter.
www.twitter.com forward slash teamacuk.
I started the HTTPS.
HTTPS.
That's a good point.
We didn't even ever speak about that.
Yeah.
Twitter has HTTPS now.
Woo.
I shouldn't cut you got fire sheeped.
Did he?
He does.
Where was he?
Was he in like subways or something or where?
No, he was head conference.
No.
I know.
I come with a group and see how many people get fire sheep.
Get a fire sheep.
And put on the wallet.
The wallet sheep.
The wallet sheep.
Yeah.
And upspot.com.
Oh yeah.
HTTPS.
Upspot.com.
Keep your eyes peeled because probably before the next episode there will be a huge announcement
on the upspot front.
Huge announcement.
Yeah.
The biggest announcement since the release of upspot we hope all depends on a certain company.
Yeah.
This is the research license.
Oh.
Just people.
That's public.
Research license is a corporate version of the upspot framework that sits locally on a business
machine.
We have made our first partnership with a company and hopefully the company who we have
the partnership with will step forward on well by the next the next date.
The contract does say that they will have the service and we will hopefully be able to
announce that on the show.
And then we'll come forward to it.
It's going to be very good.
It's going to be very, very good.
If you want to email me me at Matthew Hughes that code at your K. If people want to tweet
me to it.com for a slash Matthew Hughes Matthew Hughes that code at your K.
I still love it.
I don't know what I look when I haven't spoke about it in a while.
John Bell.
Yes.
John Bell University of New Mexico.
Albuquerque New Mexico.
Albuquerque New Mexico.
Albuquerque New Mexico.
I love John Bell.
She lives in Albuquerque New Mexico, you know.
Jess Gonzalez.
Oh, right.
I thought she was from Chino Hills.
Yeah, but she lives in Albuquerque New Mexico now.
Oh, right.
We should set her up.
Me, introduce her to John Bell.
See, I don't know what John Bell looks like otherwise I would.
He may be like her.
He may be Greg Evans.
Yeah.
I have some friends at the Lancet.
There's actually a big info set community there.
I can imagine.
I know.
I can imagine them just sprouting out because of Greg Evans.
If Greg Evans came in my hometown, I would sprout out and become an info set professional
just because of him being there.
Yeah.
He's the best media fucker in the world.
Second best.
After you.
Third best.
No, we won't go there.
No, we won't go there.
We won't go there.
I'm on that note.
I don't know.
I don't know.
It's seen a bit, guys.
It's okay.
Thank you for listening to Haqqa Public Radio.
HPR is sponsored by Carol.net.
She'll head on over to C-A-R-O dot N-E-T for all of her TV.
Thank you.
Thank you.
Reference in New Issue Copy Permalink