Welcome to the January 27th, 2019 episode of the Raymond Tec News podcast. Each week, I scour the web and curate the articles, tweets, and backchannel sources to provide you, the non-nerd, a concise tech news summary where I answer the question, “Why does this matter to me?”
I start off each episode with the stuff to keep you up at night; data breaches, privacy concerns, and security threats. But I like to instill a bit of joy around technology so I end with a series of stories that will restore your faith in our technological future, and, hopefully, humanity.
Last week’s episode was 37 minutes long, and you voted with your listening minutes, my total downloads were way down, so this week I’ve kept each article and section concise. As always, details and links to source articles will be in the show notes at raytec dot co slash listen.
Let’s dive in.
Up first in data breaches, fans of PewDiePie, a popular YouTuber, have struck again. This time they’ve defaced the website of a newly launched game and spammed players with “Subscribe to PewDiePie” messages for several hours.
Montreal-based International Association of Students in Economic and Commercial Sciences, or AIESEC, exposed about four million applications from students globally when they accidentally left a server available to the public without password protection. The exposure was disclosed privately by a security researcher to the non-profit, who secured the database the same day. The organization analyzed the traffic for the server and determined that only about 50 data records were accessed while it was available, meaning no large leak occurred.
In another example of carelessness, a server belonging to an online casino company was discovered open to the public exposing transaction and user details. The exposure was discovered by a security researcher and the server has since been taken offline. Data was from a variety of domain names including Kahuna Casino dot com, Azur dash Casino dot com, easy bet dot com, and VIP room casino dot net. The user details included a lot of personally identifiable information. Identity theft often results from these types of breaches, because small, less frequently visited sites are the ones that people are most likely to recycle passwords on.
If you’re still recycling passwords in 2019, it’s time to step up your cybersecurity game by using a password manager. I use LastPass. LastPass generates random passwords for every website I log in to, keeps track of them all, and works on my PC, phone, and tablet. Your LastPass vault unlocks with one strong password, and it’s the last one you’ll have to remember. On mobile devices you can also log in with facial recognition, fingerprint, or PIN. It’s the best thing you can do to ensure your online life stays secure. Don’t wait to be a victim of identity theft or fraud; sign up for LastPass today with my affiliate link at raytec.co slash LastPass, that’s r-a-y-t-e-c dot c-o slash l-a-s-t-p-a-s-s.
If I didn’t use it myself, I wouldn’t recommend it. There’s a disclosure about affiliate links at raytec.co slash affiliate.
Alaska’s Department of Health and Social Services completely dropped the ball on a data breach from April of last year. It initially reported 501 people’s records were accessed, then updated the number this week to 700,000 patients, then, the next day to 87,000. Just know that if you were on Alaska’s eligibility lists, your data likely was stolen.
Some good news for data breaches this week: North Carolina lawmakers have reintroduced strict legislation that gives companies just 30 days to report a data breach.
One final note before we move on to Privacy News. Last week I mentioned a data breach at Sacred Heart Rehabilitation Hospital, and I stated it was based in Memphis, Tennessee. The article didn’t specify a state, and I didn’t realize there was a Memphis, Michigan, which is where Sacred Heart is located.
A family in California was panicked last weekend when their Nest security camera started blaring a realistic sounding warning about nuclear missiles being launched by North Korea. The camera was hacked by an attacker using a password found in another data breach.
In positive security news this week, Apple has addressed dozens of vulnerabilities in both iOS and macOS. Make sure you download the updates. Details on the vulnerabilities in the show notes.
Avast, a manufacturer of digital security products, has released a study showing that 55% of PC applications are out of date. This number is up 7% from 2017, with Microsoft Office being the most out of date application. This news comes on the heels of an announcement that two new viruses are spreading via Microsoft Word macros sent via emailed or downloaded attachments. Don’t open files if you aren’t expecting them or don’t trust the source.
Unfortunately, Google Docs and Google Drive are not immune to these sorts of attacks any longer. Attackers are using the inherent trust built into Google’s platform to trick victims into opening Google Docs that contain viruses or Trojans.
A group of four academics from the University of Illinois at Urbana-Champaign have discovered security flaws that impact 26 lesser known cryptocurrencies. These flaws appear because the creators copy code from stable cryptocurrencies like BitCoin, but then add in their own features, making the their creations insecure. Before you jump on the latest crypto coin bandwagon, make sure you do your research.
Facebook has begun making changes to fight fake news and fake ads. To fight fake news, Facebook’s secure messaging platform WhatsApp will be preventing messages from being forwarded more than five times. This stems from an event last year where rumors of child kidnappers went viral in India and five people were killed as a result. In response to a lawsuit filed over fake celebrity endorsements, Facebook will be rolling out fake ad reporting tools and partnering with pro-consumer charities via a 3.9-million-dollar donation.
Monday this week saw the largest fine yet in violation of the European Union’s General Data Protection Regulation, or GDPR. Google felt the sting of France’s bite when a 50 million Euro, or 57 million dollar, fine was handed down for privacy and data violations. Google has announced it will appeal this fine.
Microsoft has incorporated ratings of news organizations into its Edge browser. Using information from third-party sources, such as startup News Guard, Microsoft will label sources based on how trustworthy they are.
A court case in Illinois has reinforced a 2008 law called the Biometric Information Privacy Act, or BIPA. BIPA requires companies to obtain direct and clear consent for gathering and storing biometric markers like fingerprints and facial scans. The lawsuit arose because a 14-year-old was fingerprinted at Six Flags without parental consent. Six Flags argued that there was no direct harm from this act, but the Illinois supreme court justices weren’t convinced by this ruling that “a person need not have sustained actual damage beyond violation of his or her rights under the Act.”
If you’ll recall, Australia passed a terrible communications bill last year requiring companies to create a backdoor for technologies that encrypt communications thus, allowing the government to spy on communications sent between any party and leaving a backdoor for hackers to eventually find and exploit. This week, Japan has announced it’s considering doing the opposite. Currently, Japan has a secrecy of communications rule that covers all domestic companies. They are now considering applying this to foreign tech firms with servers and data centers within the country. Now Google, Facebook, and others will have to station a security official in the country to ensure the privacy of all users’ communications on their platforms.
Moving on to Security News.
Google engineers have been hard at work this week. Changes are planned for the way extensions interact with the browser which means many ad blockers, antivirus products, parental controls, and privacy-enhancing services will no longer work. They will also be adding protections to stop websites from automatically downloading files to your computer, a feature which has been available in Firefox and Internet Explorer since 2015.
Meizu, a Chinese consumer electronics firm, has released information on its newest flagship phone, the Zero, which has no ports. No headphone jack, no charge port. I don’t usually mention product releases, but this one is pretty neat. It’s all display, with the speaker and fingerprint reader being built into the screen. Wireless charging is, obviously, included. The only holes on it are a pinhole for the microphone, another for hard resets, presumably using a paper clip, and openings for its 12 and 20 megapixel rear cameras. I assume the lack of openings also makes it more water resistant. Check out the specs and pics in the show notes at raytec.co slash listen.
Apple, to help us become more aware of our device usage, is planning a change to the way its screen time feature works for the upcoming 12.2 iOS release. Screen time will now include downtime, which will allow you to schedule hours and days of the week where certain apps will be unavailable for use.
Elon Musk announced this week that forthcoming updates to Tesla’s software will enable what he’s calling sentry mode. This will enable Tesla’s 360-degree cameras to be always on and recording which will allow owners to track down vandals and careless parking lot bandits.
YouTubeTV, Google’s live TV streaming service, is now available nationwide just in time for the Superbowl. If you’ve been hesitating on cutting the cord, now might be a good time. For $40 per month and no contract, YouTubeTV provides access to local and global streaming TV stations. Just visit tv dot YouTube dot com and enter your zip code to see what stations are available to you. This announcement arrives the same week that cable giant Viacom announced the purchase of ad-supported PlutoTV. This means that content from Paramount Pictures, MTV, Nickelodeon, and Comedy Central may soon becoming to the streaming platform.
Authorities in China have determined, after a preliminary investigation, that the Chinese scientist who created the first gene-edited babies, has violated both ethical and regulatory principles. The technique he used is called Clustered Regularly Interspaced Short Palindromic Repeat, or CRISPR. For a non-technical but in-depth look, check the show notes.
After last week’s announcement that the next generation F-150 pickup trucks will be electrified, Fiat Chrysler has announced the next generation Challenger will also be electric. Although, in this case, it will likely be a hybrid system, and not full-electric.
Spotify is about to roll out a feature I’ve nicknamed the R. Kelly button. This new feature will allow you to mute or block artists you don’t want to hear from.
Two weeks ago, I mentioned that Amazon was dipping its toe into the game streaming market, allowing people to play the latest triple-a titles on any device by streaming from high powered servers in their data centers. Google has just wrapped up a technical test of its Project Stream using Assassin’s Creed Odyssey. This allowed users to play the game, which usually requires a console or high-end hardware right in their browser.
Finally, in other news, Henn Na Hotel in Japan laid off half its robot staff for being terrible at their jobs. Since 2015, the hotel has had 243 robots in its employ. Robots were interrupting people’s sleep because their snoring sounded like talking, waking the guests by asking “Sorry, I couldn’t catch that. Could you repeat your request?” I guess human jobs are safe for another few years.
Now it’s time to remove the veil and step into the light. Time for the good news.
OnStar has announced that this week marks its tenth anniversary. But, not to be outdone, BMW, Porsche, and Jaguar Land Rover have invested in roadside assistance startup Urgently. The app seems poised to upset the market, not requiring contracts like traditional auto clubs and being scalable for individual motorists all the way up to large fleets.
Two former NFL players, Walter Powell Jr and Brandon Williams, have expanded the reach of their new non-partisan app Politiscope. Politiscope’s goal is to provide information about the voting records of members of Congress and the bills they’re introducing. This new expansion of the app includes an Android version of the service. The app’s data is sourced from non-partisan places like the Congressional Budget Office, the Library of Congress, and the Pew Research Center. Being better informed is always a good thing, in my opinion.
Japanese electronics giant, Mitsubishi, has created new technology to help protect against connected vehicles from being hacked. Mitsubishi’s offering creates multiple layers of defense including an intrusion detection system, secure booting, and authentication mechanisms. There’s a technical article link in the show notes.