aRTy News Weekly Podcast 2018-12-09
Intro
Hi everyone, welcome to this week’s aRTy News podcast, brought to you by Raymond Tec, where we drop the jargon and answer the question: “Why does this matter to me?”
Every day we post a brief summary of 3 to 6 articles on our site, and this podcast is a round up and expansion of all the news we’ve covered throughout the week. I do the podcast by order of topic rather than chronologically. It’s like chocolate cake at the end of a meal of liver and onions. The good stuff is at the end to wash down the taste of the bad stuff.
Let’s begin with data breaches and exposures.
Data Breaches
First up in everyone’s least favorite news category, Moscow’s new cable car system was shutdown for two days, two days after it opened. With much fanfare a scenic cable car transportation system launched in Moscow, only to be hobbled by a ransomware attack 48 hours later. Sadly, this isn’t the first instance of transportation being crippled by cyber-attack; US transportation systems in San Francisco and Colorado have been compromised in the recent past.
I keep seeing this next story in my Twitter feed and on the tech news sites I subscribe to. About 50,000 internet connected printers were attacked in an effort to gain YouTube followers for a popular poster. While this was a relatively harmless prank, it highlights the need to double check the security of miscellaneous devices connected to the internet. I mean, sure, it’s convenient to print from anywhere, but do you really need to print color copies over the internet while you’re enjoying your morning constitutional? No, I didn’t think so.
I’m finally starting to see a little bit about the Marriott/Starwood breach in the mainstream media, which is good, considering the number of people affected. In the show notes, I’m going to include a link to an article from CNet if your passport was one of the 327 million compromised.
Popular question and answer forum, Quora, was breached recently exposing 100 million user’s data. Not much to tell here, as they’re still investigating with third-party security firms and law enforcement. If you’re a Quora member and you reuse your passwords, make sure you change them.
Yesterday we reported on hacks of banks in Eastern Europe. I still haven’t found out the names of these organizations, but I have found more details on the hacks themselves. Without being too technical, this was a two-part scheme. People from outside the organization’s country would open accounts, and hackers in the bank’s country would gain access to the bank by stealing passwords. Once the hackers had access to the accounts, they would activate the out-of-country bank accounts, issue debit cards, and activate overdraft protections. Now, the people outside the country could go to any ATM and withdraw money.
Since the accounts appeared legit to the banks, it took them longer to be flagged. Sources are reporting losses upwards of 100 million US dollars.
Thankfully, that’s it for data breaches. Onto a short security threats section.
Security Threats
First up, China is misdirecting Internet Traffic. This is much sneakier than I first thought. I misunderstood the first reports I read, thinking it was internet traffic heading to Asia that was being mishandled, but China Telecom actually has a presence here in North America, with 8 points of presence in the US and 2 in Canada. This is allowing China Telecom to grab internet traffic, and route it to China. Of course, if the traffic is properly encrypted, this becomes a less worthwhile task for the Chinese government, as it means more work to figure out what’s in the information being exchanged.
Rest assured, China definitely has a picture of your cat in a file somewhere.
Second and final story in Security Threats is about Facebook and their lack of a highly available support system.
For businesses and non-profits this cloudy system for getting help is a huge detriment. When you spend advertising dollars, you want to be sure they’re being used effectively, and if they’re not, there’d better be someone to talk to about it.
Or, what if someone takes over your brand on Facebook? If a hacker or social engineer gains access to your group to defraud your clients and customers? There’s no number to call, no direct email, nothing. You’re just hung out to dry. It’s time for companies and nonprofits to take cyber security seriously and train their staff properly.
Fortunately, in both the cases reported in the article I linked to in the show notes, both nonprofits were able to get back up and running with minimal interruption.
On to privacy concerns.
Privacy Concerns
A report this week by Disconnect, a firm that creates tools to improve online privacy, shows that Apple’s iTunes store and app store do not use encryption for downloading content. Here’s what that means for you, if you’re on Wi-Fi in a public place and you choose to download something from iTunes, malicious people can see what you’re downloading. While that information alone isn’t enough to hack you, it may lead to clues that could help to narrow a phishing or social engineering attack.
This isn’t a deal breaker, I wouldn’t warn people off of Apple products for this, but it is something to remember, and maybe limit downloading to Wi-Fi networks you trust until this issue is resolved.
Next up in Privacy Concerns, a technical paper from Georgia Tech shows how websites you’ve viewed stay in your graphics card’s memory.
This one is way too technical to really dive into, and likely will only be a viable tool for criminal investigators. Just remember this: if you’re thinking about doing something illegal, it is possible for digital forensics techs to see exactly what you were looking at.
In two articles that fit very neatly together we have FBI v Facebook, reported by Raymond Tec on the fourth, and Australia doesn’t understand what encryption is for, reported on the seventh.
With 2 billion users, Facebook has a lot of responsibility, and with a few notable missteps, have done a fair (ish) job of not being the most evil tech company in the world. In 2015, the FBI sought to further tear down Facebook’s already tenuous grasp of what privacy means by demanding a backdoor be built into Messenger’s encryption, allowing the FBI to spy on whomever they choose.
Just this week, Australia passed a law requiring all companies to provide a backdoor their government can use to access encrypted information, from files to phone calls. This means, Facebook Messenger, What’s App, Microsoft’s Skype, Slack, Discord, and all the other communications platforms out there. Creating these kinds of backdoors, besides being intrusive and destroying what small sense of privacy we can have online these days, actually opens everyone up to more vulnerabilities. If a backdoor exists, it’s not a matter of if but when a hacker will find their way through it.
Onto all the news I couldn’t figure out how to categorize.
‘Other’ News
The US government moves towards relaxing the laws that currently prevent self-driving cars from being legal on our roads. California passes a law that requires all residential buildings built after 2020 have solar panels installed. Google starts a new test of its drone delivery service in Finland. PC makers have begun producing laptops with built-in cell cards and 25-hour batteries, dubbing them always on, always connected PCs. Apple patches dozens of small- to medium-sized holes in iOS and macOS; make sure you update your devices.
Apparently the new 5G or fifth generation cellular service is going to be pricey, because the cheap guy on the Android block, OnePlus, has announced they will do their best to keep their phones under $1000.
Lastly in Other News, Mobile carriers are being called out for lying about their cellular coverage. The US government was holding an auction to subsidize rural expansion of cellular networks. At least one of the companies, thinking they were being slick, fudged their coverage map to try to edge competitors from winning bids in nearby areas. This doesn’t really have a direct impact on anyone, it’s just disheartening to hear about this kind of deceit on such a large scale.
Finally, what we’ve been waiting for since the intro, the Good News.
The Good News
Apple has announced a 10% discount on select items in their store for Active Duty Military and Veteran shoppers just in time for the holidays. Link in the show notes to the store.
Next up, I can’t decide if Tesla just scored a huge victory for autonomous vehicles, or made a successful argument against humans making their own decisions? I’ll be really honest here and admit, I’m not a huge fan of self-driving cars. Maybe I’m just an old school, red-blooded, American male (am I still allowed to say that?), but I like to drive myself.
But in the wee hours of last Friday morning, a man, or rather, a man’s car was stopped by police. A Tesla owner got in his car, drunk as a supreme court justice, and set a course for home. The Tesla was clocked doing 70 on the 101 by police who quickly realized what was going on once they noticed the man was asleep behind the wheel.
The quick-thinking CHP pulled ahead of the car and slowed to a stop, forcing the Tesla to do the same. The man was completely unaware of what was going on, because he didn’t wake up until the cops knocked on his window.
It’s tough to see this as anything but a win for Tesla and autonomous vehicle proponents.
Back in May, Ring, a subsidiary of Amazon that makes internet connected video doorbells, released a social app that may reduce crime. The app features news articles about crime in a radius you select around your home as well as videos posted by ring doorbell owners. The posts allow commenting and could help to reduce incidence of crime.
Most of what I saw was paranoid people trying to play up what were likely innocent interactions. But, if It reduces crime, and gets people more involved with their own security, rather than relying on police or other outside agencies, I’m all for it.
In the US, only 18% of computer science degrees are held by women and only 12% of engineers are female. Why is this in good news? Well, because the US has a new goal.
It would seem Russia has a 100-year head start on gender equality over the US. After the 1917 revolution where the communists took power, laws were enacted to ensure women had working opportunities equal to men. Evidence of its effects can be seen today in some of the highest percentages of females in the workforce of what are typically male dominated fields, Science, Technology, Engineering, and Math, or STEM fields. The encouragement starts in childhood, by parents pushing their daughters who show interest in STEM careers into learning more about the fields that excite them.
Outside the home, young girls can find role models, because there are several generations of women working high-profile STEM careers. It translates to greater than a third of most STEM careers being filled by Russian women.
Next we have a story on French start up, Agricool. Focusing on high efficiency, small footprint methods of growth, Agricool is growing GMO-free, pesticide-free plants inside shipping containers. By recycling water, and using LEDs which are more efficient and reliable than natural processes, Agricool aims to revolutionize the way Urban agriculture is done. So far, they’ve only been growing strawberries, but the company plans a huge expansion by 2021.
Finally, the last article in good news. Sadly, this one is tinged with political controversy, but I feel the benefits outweigh the nonsense swirling around the company. Embattled Chinese manufacturer Huawei has released a children’s book app for Android devices that will help deaf children and parents of deaf children learn sign language.
Huawei’s StorySign app has an animated AI character, created by Wallace and Gromit’s Aardman Animations, that will sign out the words next to the text of children’s books. The app is freely available on Google Play and doesn’t require proprietary hardware to run.
Deaf children and their parents learning sign language together with the aid of technology makes me feel warm and fuzzy.
With that sense of ebullience, I will leave you to the rest of your Sunday. Thank you for listening. If you’ve enjoyed this podcast, please like and follow us on Facebook and Twitter. We’ll update you when we get listed on iTunes, so you can rate, subscribe, and review there. Keep an eye on Raymond Tec dot com for more news and updates. Have a great week!
