Weekly Tech News for March 10, 2019

Raymond Tec News Podcast Cover Art
Raymond Tec News
Weekly Tech News for March 10, 2019
Loading
/

Intro

Welcome to the March 10th, 2019 episode of the Raymond Tec News podcast. Each week I curate the articles, tweets, and backchannel sources to provide a 15 to 20-minute summary of tech news.

This week I’ll be doing things a little differently. The basic format will be the same, but I’ll only be sharing the headlines, instead spending our time together focusing in-depth on a hot button issue of the week.

Let’s dive in.

Data Breaches

Citrix, a company that provides cloud computing services to the US government and over 400,000 companies worldwide, including 98% of the Fortune 500 has had their internal network breached this week. ZDNet | Dark Reading

Jackson County, Georgia has paid a cybersecurity consultant to negotiate a ransomware fee after the local government’s IT systems were locked in an attack. ZDNet

A pair of security researchers have discovered Verifications IO, an email marketing company, has left a database containing more than 700 million email addresses exposed on the web. Wired | Researchers’ Report

Security Week reports that the Starwood hotels hack has cost parent company Marriott $28 Million dollars so far. Security Week

Privacy Headlines

The House of Lords in the United Kingdom has ordered the creation of an authority to regulate online services like Facebook and Google. Computer Weekly

As you heard at the top of the show, NBC 7 in San Diego shocked the journalist community this week by revealing that the US and Mexican governments have been tracking more than 50 people including journalists, an attorney, and immigration advocates. NBC San Diego

Chelsea Manning is back in jail after refusing to testify against Wikileaks founder, Julian Assange. NPR

The NSA may finally be shutting down its phone spying program, not because of outrage, but because people have shifted to encrypted messaging. ARS Technica

Equifax is back in the privacy news again, with their MyEquifax.com site. Brian Krebs, of Krebs on Security, reported this week that it was too easy to set up an account on this site that is meant to protect credit holders. TechCrunch

Sue Kalina, a former patient coordinator at the University of Pittsburgh Medical Center, was found guilty in Federal court of disclosing patient information improperly and to cause harm this week. She faces a fine of up to $250,000 and 10 years in prison. Data Breach Today

Google has stated that it will not be pulling the Saudi app Absher from its Google Play store, even though the app is used to track and control women by Saudi men. The Verge

Facebook’s two factor authentication, which I recommend Facebook users enable, has a serious flaw that links your phone number with your account, allowing people with your phone number to find you in search. 9 to 5 Mac

Let’s move on to security headlines.

Security Headlines

Car alarms made by Viper and Pandora which bill themselves as being unhackable, have been hacked allowing attackers to locate the cars, unlock the doors, and disable the alarms remotely. ZDNet

Google announced a new, and admittedly rare, bug in Apple’s MacOS operating system affecting all laptops and desktops. The flaw is very technical and requires physical access to the machine. No word on a patch yet. Wired

Google also announced a patch for its Chrome browser for a particularly nasty bug. Most Chrome browsers have auto-update on, but it still makes sense to check that you have the latest version. Wired

The announcement of the Chrome vulnerability came in tandem with an announcement from Google that Microsoft’s Windows 7 Operating System is vulnerable to an attack that hackers are actually using in the wild. There is no update for this issue yet. The Verge

With the 2020 US elections looming on the horizon, a report by New York University’s Brennan Center for Justice finds that state and federal governments need to boost their spending to fix and upgrade their voting machines. Wired

A new study shows nearly half of programmers will take the easy way out and not properly obfuscate passwords. But, on further digging, the study is flawed and doesn’t give a representation of real-world application development. I wanted to mention this to do my part to rid the world of click bait. ZDNet

Konstantin Ignatov and his sister Ruja Ignatova, have been arrested by US authorities for running a cryptocurrency pyramid scheme called OneCoin. The Verge

Security researchers presenting at this week’s RSA security conference have exposed major security gaps in ultrasound medical devices. Dark Reading

Trend Micro has discovered Slack, a messaging app, and GitHub, a tool used by programmers for storing and sharing source code, have been used to install backdoors in targeted attacks. Security Week

Security companies Avast and Emsisoft have released decrypters for a strain of ransomware called BigBobRoss, which has been seen in the wild since mid-January. ZDNet

Apple is well known for using China-based manufacturing for its iPhones. A new report this week shows that developer-only models are disappearing from factories and ending up on the black market for hackers to tamper with and find exploits on them. Sophos Naked Security

Let’s move on to other news.

Other Headlines

Law makers in Philadelphia have become the first to ban cashless stores and restaurants in a move designed to help low income populations who don’t have bank accounts. CBS News

A new startup named Ever Loved has been built to guide families through the expensive, and often confusing, funeral process. TechCrunch

Finnish company, Jolla, is making waves in the business and government sectors with their Sailfish Operating System for mobile devices; an alternative to Google’s Android and Apple’s iOS. TechCrunch

Major League Baseball is partnering with the independent Atlantic league to test out new tech that will automatically call balls and strikes. TechCrunch

SpaceX’s Crew Dragon capsule has made history when it became the first privately built manned spacecraft to safely splash down in the Atlantic Ocean. TechCrunch

A professor of technology and digital business at the University of Pennsylvania, spoke with The Verge this week about how to fix the problems with search and recommendation algorithms which have been dominating the news recently. The Verge

Continuing its efforts to fight disinformation and conspiracy theories, YouTube has rolled out information panels on videos related to sensitive topics. 9 to 5 Google

Monika Bickert, Facebook’s VP of Global Policy Management, has written a blog post detailing how the social media giant will combat anti-vax conspiracy theories. Wired

FCC Chair Ajit Pai has come under fire again for allowing telecommunications companies to self-report new broadband connections, inflating the number, which is how the FCC determines where and how to spend money. TechCrunch

I reported a few weeks ago on the Olli self-driving shuttle bus trial in Australia. This week the manufacturer has released footage of the 3D-printed vehicle’s crash tests to prove its safety. The Verge

Older GPS devices will need to be updated before the end of the year to prevent a Y2K-like bug when 2020 finally arrives. The Verge

Huawei is suing the US government, not simply to contest what it calls unfair business practices, but to defend its reputation as a global telecom provider. Wired

Google has filed a patent for a new game controller which reveals details of its upcoming streaming video game service. The controller puts much of the storage and logic directly in the user’s hands. 9 to 5 Google

That’s it for other news. Now for this week’s feature story.

Good News

In the feature, I mentioned being able to identify the source of information without revealing the personal details. This may be closer to reality thanks to a new standard by the World Wide Web Consortium, or W3C. WebAuthn, short for Web Authentication, has just been finalized and is already supported by Chrome, Firefox, Edge, and Safari web browsers. The standard will allow website to communicate with a physical authentication device. For instance, rather than having to use a password manager, you may plug a USB key into your computer which uniquely identifies you to a website without having to expose a password on the internet. The Verge

Passwords won’t be going away just yet though, so I still recommend you use a password manager in the meantime. You are using one, right? If you’re not, I recommend LastPass. LastPass allows you to sync passwords securely across your computer, phone, and tablets. More than just keeping a list of your logins, it generates secure random passwords for you and on many websites allows you to change your password with just a couple of clicks.

Don’t get caught recycling passwords, use LastPass. You can learn more about LastPass by visiting my affiliate link at Raytec dot co slash LastPass, that’s r-a-y-t-e-c dot c-o slash l-a-s-t-p-a-s-s.

Back to the good technology news.

Representatives Jim Langevin of Rhode Island and Glenn Thompson of Pennsylvania have reintroduced a bill in the US House of Representatives this week would fund cybersecurity education programs. The bill aims to ensure the workers of the future understand how to meet changing technical security needs. It focuses on funding for cybersecurity for power plants, dams, hospitals, and other critical infrastructure. Health IT Security

Creative Commons, which is an alternative to copyright and public domain licensing got a big win this week when Flickr announced that photos licensed under the Creative Commons framework won’t be subject to its 1,000-picture limit. Creative Commons allows creators of original works to specify how their works are to be used and attributed. The least stringent being Creative Commons Zero, which doesn’t require attribution and may be used in any way. All the way to Creative Commons NC-ND, or Non-Commercial, No Derivative Works which specifies the original content may not be remixed into other work or used for commercial gain and must show attribution to the original creator. The Verge | Creative Commons

Friday was International Women’s Day. To celebrate an app called Safe & the City, or SatC, released a slew of new features. SatC uses GPS, crowdsourced information, and police risk data to reduce the chances of women falling victim of crime and sexual harassment. Billed as a personal safety navigation app, it uses route sharing and geotagging then shares its data with businesses and authorities to advise insecurities. SatC is also adding safe sites identified by users as places where women can get support. Its pilot program focuses on London, but a global rollout is coming soon. TechCrunch

That’s it for this week in tech news that matters to you. If you’ve enjoyed the podcast, please share what you found interesting in a post on your social media by linking to Raytec dot co slash listen. That’s r-a-y-t-e-c dot c-o slash listen. That will link directly to the current episode’s show notes along with a podcast player. I really appreciate anyone who’s willing to share my podcast.

As always, there are bonus links in the show notes. Articles in this week’s extracurricular reading include: an update to the court case of Adnan Syed the star of Serial podcast’s first season, an interview with a Tufts University student who was unfairly expelled for grade hacking, a chat room that charges you a penny per letter to talk to others, and much more. The show notes have links to each of the podcast apps I’m listed on and links to my social media. If you have any information, updates, or constructive criticism, feel free to reach out via social media.

Thanks for listening and have a great week!