Hi everyone, welcome to the January 6th, 2019 episode of the aRTy News podcast, brought to you by Raymond Tec. Happy New Year! For those of you listening for the first time, I scour the web every week for tech news and curate the articles, tweets, and backchannel sources to provide you, the non-nerd, a concise summary of news where I answer the question, “Why does this matter to me?”
Like usual, I’ll be starting off with the scary stuff, the data breaches, privacy concerns, and security threats and ending the episode with the stuff that will leave a smile on your face, because I’d rather leave everyone feeling warm and fuzzy rather than cowering under the covers.
Let’s rip the band aid off and jump right in.
Just a handful of reports in another relatively quiet week for data breaches and exposures. I have two ransomware attacks originating from North Korea. These attacks were carried out using the Ryuk virus, first identified in August of 2018. The first victim was Data Resolution, a company providing cloud hosting services for large enterprises that was attacked on Christmas Eve. Data Resolution offers cloud-based email, accounting, and other internet-based software for large companies.
The second attack was against the Tribune Publishing Company, a digital and print publisher that handles distribution for several large name newspapers across the country. The Tribune’s systems were crippled to the point where they missed their print run last Saturday morning. More details on both in the show notes.
Hack Read dot com reported on two data breaches this week. First was a browser game called Town of Salem. Its database was breached exposing all 7.6 million player’s personal data. This included email addresses, IP addresses, passwords, and for certain users who paid for premium features, payment information. That last one is a point of contention between the game’s publisher and a news report. So, I’m not sure if payment details were exposed or not. Better to be safe than sorry.
The second data leak from Hack Read is a bit more disturbing. Abine, the company behind the Blur Password and Privacy manager has been leaking data since at least January sixth of last year. This data includes usernames, masked credit card details, email addresses, phone numbers, password hint answers, and encrypted passwords. Currently Abine is claiming a potential 2.4 million users’ information could have been exposed. Abine is recommending all users immediately enable two factor authentication on their accounts to stay safe.
Moving on to privacy concerns.
A security flaw from early in Twitter’s lifetime has come back to bite it. For its first ten years, Twitter didn’t confirm email addresses at sign up, which means there are many accounts not being used with email addresses attached that don’t exist. A malicious user can find these dormant Twitter accounts, create the email address, and take control of an account.
This was a technique used by Isis to recruit new followers, because there have been occasions where some of these dormant Twitter accounts had tens of thousands of followers. Many accounts were exposed this week by TechCrunch and deleted by Twitter, but this highlights a fundamental issue with social media as a whole. How do you provide an environment that promotes free speech while still keeping people safe?
For more information about how fringe groups use social media for coordination and recruiting, check out the show notes for the link to a podcast called Cyber by Motherboard.
I debated putting this next article in the good news section. A year ago, chip maker Intel assembled a team of academic and independent researchers to battle the Meltdown and Spectre bugs. One revolution around the sun later, and this team is still hard at working identifying and resolving similar flaws in chips. And along the way, they’ve been rewriting the book on how chips are designed and manufactured. The deeper down this rabbit hole we go, the more pervasive the bugs seem to be.
It would appear two decades worth of chips from Intel, AMD, and Arm, all share similar flaws. Some of you may remember when Intel started rolling out patches for these bugs, many computers slowed down. Some of this was due to bad patches, but it was mostly because security was an afterthought for chip manufacturers. Now, thankfully, security is top priority in this industry.
Starting from the ground up, or, in this case, the chip out, is a good way to ensure the security of future products. This is a good thing for everyone.
I don’t often talk about Macs in the security threats portion of the podcast, because there just aren’t as many threats out there. This week though, a company call MacPaw who makes software called CleanMyMac has released an update that patches several critical vulnerabilities. The hard drive cleaning software allowed attackers to remotely take complete control of your system. For details on what was patched, check out the show notes.
Moving into that informational grey area, other news.
As I’ve mentioned in previous episodes, there are battle lines being drawn surrounding the freedom of the internet and information itself. This week the Chairman of the Federal Communications Commission released a statement that praised the outgoing congress for keeping the FCC weak in its ability to properly regulate how internet service providers operate.
I know, regulation is boring, but it’s important. These companies have been given the freedom to restrict and regulate what you can see and do online while also continuing to build monopolies.
The freedom of communication on the internet is an important tool for everyone. Having companies like Comcast, Verizon, or Time Warner controlling what you see or allowing them to charge you more to see certain content isn’t improving freedom.
A new bug, named CastHack, was exposed this week when thousands of Chromecast streaming devices, a competitor of Roku and Amazon’s Fire Stick, were forced to play a YouTube video. The video warns users about the bug and instructs them to subscribe to a YouTube channel. You may remember a few weeks ago when printers were hacked ordering people to subscribe to PewDiePie’s YouTube Channel.
Research around the Chromecast bug shows that many smart home devices can be hacked in a similar way. The bug is an exploit of UPnP, or Universal Plug and Play, in most home routers. Do yourself a favor and make sure you have UPnP turned off in your router.
While there’s generally security in numbers, Microsoft’s struggles with securing its operating system and, more recently, Office 365 illuminates why large user bases can be a bad thing for closed source software. I’m not trying to start a debate, but the fact of the matter is that open source software allows people from very different backgrounds to examine programs for bugs which can then be fixed quickly. Whereas Microsoft’s history of releasing software where only they hold the keys to the source code has proven problematic.
Moving onto security threats.
Netflix has released a plea to users of its service to stop doing the Bird Box challenge. If you’re unfamiliar a challenge has gone viral in which people put blindfolds on and navigate like the characters in the controversial horror movie “Bird Box.”
In other Netflix news, the streaming giant has forged in a new direction with the latest episode of Black Mirror, titled Bandersnatch, which makes viewing a more interactive experience. It’s reminiscent of the choose your own adventure stories many of us read when we were children. Interactive formats offer more engagement and create more word of mouth buzz but reduce time available for further consumption or require more attention than I’m, personally, willing to give over to entertainment. I usually use Netflix as background noise while I’m doing other things. I rarely have time to sit down and just watch a show or movie. Either way, it’s interesting to see the fourth wall get broken by interactivity in what had been a spectator only endeavor.
Finally, in what I should have labeled Netflix corner, a new Stranger Things trailer has dropped announcing the arrival of season 3 in July of this year. If you haven’t already watched the first two seasons, add it to your list and watch it as soon as the podcast is over. You can thank me later.
This next piece is a mixed bag, which is why I put it in other news. Apple this week released an update which slashed its anticipated first quarter earnings for this year. While this was bad news that tanked the stock market for the better part of the week, a silver lining was in there for those who looked. The earnings reduction stems from consumers who no longer replace their phones as readily or regularly. This means less electronics waste and more savings for consumers around the world. Why buy a new iPhone, which goes up in price 5-15% every year when your old iPhone will work just fine?
USB-C, which is the latest standard on Android phones, tablets, and Chromebooks could now become less convenient. The USB standards body has officially launched a Type-C authentication program which will allow manufacturers to check whether USB chargers are non-compliant. There are two potential uses for this. First, and what I’m hoping for, is checking to make sure chargers aren’t going to burn up your devices. This would reduce fire risk. Second, and what I’m expect, is that manufacturers will use this new program to determine whether you’re using their charger or the cheap one you bought online for three bucks. In other words, if you don’t plug in your Samsung phone to a Samsung charger, they can stop the phone from charging until you plug in a quote “certified” charger. Time will tell.
On the heels of last week’s announcement, Google has revealed that its Duo video calling app will soon have a group calling feature added. This will make it an even stronger competitor to Apple’s FaceTime.
It’s finally time to move on to move on to the good news.
The Good News
Google’s Advanced Technology and Projects, or ATAP, group is responsible for experimental initiatives. On Monday a waiver was approved by the FCC allowing ATAP to commence with what it calls Project Soli. This project uses powerful radar to detect movement of your fingers in three-dimensional space, so that, potentially in the future you will be able to wave your fingers around instead of sliding on a touch screen or typing on a keyboard. This will improve accessibility for those unable to use regular interfaces.
Many of you probably didn’t know that January first is public domain day. At midnight January first, tens of thousands of books, movies, songs, and cartoons entered the public domain. This means they’re free for people to download, share, or repurpose. Copyrighted works that are 95 years old can now be accessed free of charge. And 1923 was a good year for books with releases from Virginia Woolf, Agatha Christie, and Robert Frost. There’s an article from Vice in the show notes with links to a variety of sites to download from.
Two bright spots for the environment hit my radar this week. First from Germany. Volkswagen is prototyping new mobile charging stations for electric vehicles. These charge stations are battery powered and carry enough juice to fully charge 15 EVs. With the fast charging technology that VW is developing, each car should reach 100% in about 17 minutes.
The second piece of happy environmental news comes from Shenzhen, China. With an eye towards reducing pollution and increasing exports, China has beefed up its electric vehicle game in recent years, most notably in this city of about twelve and a half million people. The city’s entire bus fleet had been converted to electric by the end of 2017 and 99 percent of its 21,000 taxis are now electric as well.
In the perpetual war against misinformation, a new hacker collective is fighting back. A Buzzfeed analysis of the top 50 fake stories shared on Facebook in 2018 got 22 million shares, reactions, and comments. While this is down 7 percent from 2017, it’s way above 2016. A collaboration of academic researchers, pro-democracy hackers, and tech employees are fighting to restore trust to the internet. At the first conference that organizers are calling CredCon, the assembled experts worked together to brain storm and problem solve by creating the framework for automated solutions to combat misinformation. Think of these as defensive weapons in what is now being called ‘information warfare.’
Potential solutions for misinformation campaigns include scouring Wikipedia for unreliable sources, evaluating a Twitter user’s reputation by the number of times they’ve shared fake news, and a quote “proof of patience bot.” The latter would evaluate how long an article is versus how long someone looked at it before sharing it on social media. The participants at CredCon seem to be some of the best and the brightest using their talents to inoculate the masses against a misinformation infection. Check the show notes for the link.
Up next I have four hope filled articles about the meeting of medicine and technology.
Launching at this week’s CES show in Las Vegas is a virtual assistant that will help healthcare professionals monitor people in their homes. The company, Electronic Caregiver, sees their virtual assistant as a vital link in ensuring communication between patients and doctors. Not taking your pills? The virtual nurse will remind you. Are you developing symptoms the doctor should know about? The virtual nurse will send your doctor an alert. This is all accomplished via a chatbot named Addison. While chatbots aren’t new concepts in healthcare, this is the most advanced use so far.
The Food and Drug Administration has cleared a new device to make breast exams quick and painless. iBreastExam is a scanner that will detect non-palpable breast lumps without pain or radiation in just a few minutes, according to the official site. The company hopes to make this affordable and available worldwide to the more than 90 percent of women in developing countries who don’t have access to technology that aids in the early detection of breast cancer.
Google wants to help you achieve your New Year New You goals with its Google Fit New Year challenge. For 30 days, this challenge will push users to accumulate what it’s calling heart points. Heart points are earned through strenuous activity like brisk walks, running, or cycling. Link to more info in the show notes.
In a medical breakthrough straight out of science fiction, a man is learning to walk again after having three vertebrae crushed in a motorcycle accident. Danny Bal of Florida, was riding his new motorcycle to work one day two years ago when a driver of an oncoming car fell asleep and crashed into him. Even though he adjusted to life in a wheelchair, including making modifications to his pickup truck so he could continue driving it, Bal decided he wanted to walk in his daughter’s wedding.
The device helping him to walk is an exoskeleton developed by Japanese firm Cyberdyne. Dubbed HAL for Hybrid Assistive Limb, this exoskeleton has two-way communication with the wearer’s brain. It detects the electric signals sent through nerves to signal the leg muscles to walk, assists the legs in moving, then sends a signal back to the brain telling it that the movement was completed. This creates a positive feedback loop creating a better chance for sufferers to regain their ability at natural movement.
Seven patients have completed a full treatment program with HAL so far. Currently there is only one clinic in the US that has a HAL suit but the clinic is in discussions with Cyberdyne to expand to five other locations by the end of 2019.
I hope I’ve restored some sense of faith and hope for humanity’s technological future, gentle listeners. I know I feel better.
If you’ve enjoyed the podcast, please subscribe, rate, and review on iTunes, Google Play, Spotify, Stitcher Radio, or TuneIn. The more buttons you press on those sites, the easier it is for other people to find us. Also, be sure to follow us on Facebook and Twitter at Raymond Tec IT for tech news updates that matter to you.
Make sure you log on to Raymond Tec dot com and check the show notes, as there are a couple of bonus links to check out for further reading.