Weekly Podcast Digest for December 2, 2018

Weekly Podcast Digest for December 2, 2018
Raymond Tec News

 
 
00:00 / 13:50
 
1X
 

Intro

Hi, everyone, welcome to the first aRTy News podcast, brought to you by Raymond Tec. This is a weekly digest of tech news curated to reduce the nerd factor.

Everyday we post a brief summary of 3 to 6 articles on our site, and this podcast will be a round up and expansion of all the news we’ve covered throughout the week. I’m going to be talking about these in order of topic, rather than chronological order for two reasons: First, it makes the show flow better. Second, I plan to put the good news at the end, so we can leave each other on a high note.

I guess what I mean to say is, stick with it, it will get better.

Data Breaches

Let’s get the data breaches and exposures out of the way first.
I can’t talk about data breaches this week without first talking about the Marriott hack. Or, technically, the Starwood hack. Starwood is a hotel chain purchased by Marriott in 2016. It was hacked in 2014, and the breach wasn’t discovered until September of this year. That’s four years of continual access of data.

Without exaggeration, this is the largest data breach in history. Somewhere around 500 million people have had their data looted. Details, as of this writing are scant on the who’s, what’s, and how’s. But, Marriott has already setup a website to get information out and is providing a free one-year subscription to WebWatch, an identity theft monitoring site. Links in the show notes.

Revealed last week, and reported by us on Sunday the 25th, the US Postal Service has exposed about 60 million users’ data through a security hole that is now plugged.

Dell and Dunkin’ Donuts both got hacked, on November 9th and October 31st, respectively. These attacks were identified as they were happening. Both security teams deserve a big pat on the back.

Dell is claiming that no data was actually taken but still recommends changing your passwords on several of their sites.

Dunkin’ knows whose accounts were attacked, and already forced a password reset on those accounts. But, even if your Dunkin’ Donuts Perks account data wasn’t stolen, I’d recommend you change your password.
Australia’s Defence Department was breached through the lax security of some of its small and medium-sized IT suppliers. Most of these attacks were launched by state sponsored hackers from China.

A company few people have ever heard of named, Voxox, exposed millions of text messages. Here’s why it’s important: Voxox handles Two Factor Authentication for many big-name companies. Real quick: Two Factor Authentication, or 2FA, is where you log into a website and then that website sends you a text message with numbers in it to verify it’s really you.

It was those texts that got stolen. Not just the texts, but the phone numbers and all the data necessary to highjack accounts. For details on what companies used Voxox, see the show notes.

Security Threats

That’s it for data breaches we reported this week. Now, for something equally depressing: security threats.

China’s rideshare company, Didi, has a track record as bad or worse than Uber or Lyft. Two women were murdered by their drivers earlier this year in two separate incidents in China. The populace went on a hashtag boycott Didi and the rides dropped. Well, the Chinese government has a stake in Didi, so they’ve set out new testing, rules, and regulations to make sure the apps are safer.

While we’re talking about cars, if you rent cars a lot, or loan your personal vehicle to friends, you may want to look into an app called Privacy4Cars, that’s the number four. An industry group, with the help of the makers of the app, have recently discovered a hack where you can steal people’s personal information via the data that syncs from their phone to the Bluetooth in their car’s infotainment system.

Moving on, a report we mentioned in the Sunday edition of the daily digest says Password Reuse and Social Engineering are still the top two methods attackers use to break into systems. We also mentioned in the digest on the 28th, phishing email attacks are expected to be up this holiday season, as reported by Carbon Black, a big data IT security company. Humans are generally the weak link in any security chain and I’m going to keep saying it: stop reusing your passwords and think twice before you click links or open attachments in emails, even from people you trust.

Speaking of things you shouldn’t trust, apparently there is a group of persistent hackers that keep making advertisements to redirect you to scam sites. They performed their biggest scam to date by making their way onto a big-name advertising site in the middle of November. Here’s a tip to help you avoid this malicious advertising, or what security guys call Malvertising. If you click on an ad, and then it cycles through a bunch of different websites, close the browser immediately. You’re being redirected to a scam.

Advertising sites, like Google AdSense, verify that ads are real by checking the website that it goes to. But it’s an automated process and their bots aren’t perfect. That’s how these kinds of scams get through. No ad should redirect you through more than one website. These attackers used a bunch of redirects to obfuscate the eventual destination.
If you’re on Facebook, make sure you lock down your profile. We reported on November 28th a scam that has gotten a lot of attention recently. A scammer took public photos from a woman’s Facebook account of her child and set up a GoFundMe to get money from people.

Scammers in India have started using Google Maps to phish for bank details from customers. They use Google Maps crowdsourced information to insert their own phone numbers as bank contact numbers, effectively making it so that people call them with their banking questions. They go through the process of verifying a caller’s identity and get all the information they need to steal the person’s identity. So, for the time being, go to the company’s website directly rather than relying on details you find elsewhere.

Here are the last two items in security threats: The threat lurking at home, is your router. The device that grants you access to the internet. According to industry sources, more than 45,000 home routers have been compromised by a private hacking group for, as yet, unknown purposes. These attacks are possible through vulnerable, out-of-date software on these routers. It allows attackers to talk directly to computers and other devices on your home network from anywhere in the world.

If you have a power bank, or an external battery to charge your mobile devices while on the go, it is now, theoretically, possible to use those to steal data from your Android devices. This is a long shot, so don’t panic. My advice here is to only purchase these units from places you can trust and from suppliers whose names you’ve heard of. Never borrow one or use a public one like in a mall.

Privacy Concerns

Moving on to privacy concerns. The one that stands out most this week is that insurance companies are monitoring use of CPAP machines to ensure they’re being used as directed. To me, this feels like an invasion of privacy, but I’ll let you do your own reading, rather than editorializing.

Germany is proposing a set of rules governing how home and small office routers operate. Opinions on these guidelines are split. There are some good suggestions, but many privacy advocates feel telecommunications companies have had too much of a role in the design of the proposed mandate.

An article posted Monday on Hmm Daily indicates that some support chatters can read as you type into those support boxes on websites. So, make sure you’re nice, boys and girls. Santa AND Support are watching.

In a reversal of years of password policy, the National Institute of Standards and Technology, or NIST, has removed the recommendation that users be forced to change complex passwords regularly, because it didn’t reduce people reusing passwords. The NIST now recommends multi factor authentication with strong passwords as the standard.

Finally, in privacy concerns corner, we have an important issue I urge all of you in the US to contact your senators about. There is a bill that’s already passed the house and is now before the Senate to make the Register of Copyrights a presidentially appointed position. It is imperative for everyone in this country, that this position remain impartial and not tied to a political agenda. The Register of Copyrights protects intellectual property and influences fair use policies. Having this position tied to either end of the political divide is a terrible idea for everyone.

‘Other’ News

A quick summary of the headlines that didn’t fit into other categories: A woman in Michigan was told by a healthcare facility to take to social media to raise the funds necessary for a heart transplant. The state of Ohio will now accept Bitcoin for paying certain types of taxes. Google is axing another one of its social media services; Google Hangouts will no longer function sometime in 2020. Netflix has decided not to renew a third Marvel Comics show, Daredevil. A Psychology Today article discusses how to use creative artificial intelligence to re-write all those dystopian nightmares into something that doesn’t feel dreadful. Microsoft has won a military contract to create an augmented reality training ground using its HoloLens headset and real weapons. And, finally, Chinese exporters have created an app to allow quick digital payment for Kenyan importers, making movement of goods and money safer and more secure.

The Good News

And for our final segment, all the stuff that should make you feel warm and fuzzy for the technological future we’re barreling towards.

A company named ChargePoint has geared up for its next round of expansion. They currently have 57,000 public or semi-public, whatever that means, charging spots around the US. This is good news for the environment and the economy. Funding this round has come from a variety of sources, even within the fossil fuel industry.

Microsoft worked with New Delhi, India police forces this week to take down 63 people and 26 call centers that have been running fake technical support scams. This should mean less of those obnoxious phone calls for the holiday season. Thank you, Microsoft!

Social media giants, Facebook and YouTube, are rolling out changes soon. Facebook will update their messenger app with the ability to delete messages from the recipient’s inbox, as well as your own. And YouTube will be releasing all its future premium content to everyone soon. This content will now be ad supported. This is good news, because the wide variety of streaming services makes it worse for content creators; piracy has actually ticked up a bit this year according to some.

In happy news for commuters, several Nevada transportation agencies teamed up with a tech firm called Waycare to test a yearlong pilot program on I-15 in Las Vegas. Waycare pulls data from connected cars, road cameras, and apps like Waze to predict and prevent traffic issues. The number of crashes has dropped by almost 20%.

AWS, or Amazon Web Services, has designed and released their own tiny computers for use in their cloud services. Here’s why this is in the good news, and why it’s exciting for everyone. AWS hosts a large swath of the internet. Many startups begin here, and many of the world’s largest companies rely on Amazon’s networks and computers to make the internet happen. With these new, smaller, cheaper computers, AWS has made it easier and cheaper for startups to adjust how much their using. It allows a finer balance between profitability and service.

Think of it like water hoses. You’d start off with a small garden hose for your service, now your service, like, Netflix, for instance, grows more popular. You need more water. Previously, the next step was to replace your small garden hose with a firehose. That firehose costs more to run than you’re making, so you have to hope the popularity of your service keeps growing. Now, with Amazon’s new chips, you can a trickle at a time to compensate, staying just ahead of the curve, without blowing your budget for new features on service that’s not getting used.

That means more cool innovation for everyone.

Finally, our last article for the week. And the one that is most exciting to me, as it has the potential to change lives for the better forever.

I’m talking about BrainGate2. It’s a brain implant that can read a person’s brainwaves in real time. Before you ever decide to reach out and grab your phone, your brain is sending an electrical signal to your muscles to make that happen. For individuals who are paralyzed in some way, whether missing limbs or an issue with the central nervous system, BrainGate recognizes the instruction to move the limb, even though the limb never receives it. What BrainGate does then, is interface with whatever device they want to interact with whether that’s a phone, a tablet, or even an advanced prosthetic limb.

Now the user can naturally and intuitively maneuver and interact in an un-adapted environment.

That, my friends, is why technological advancement is important. We all know and hear about the risks every day. Some of us have even been affected by those risks. But, if we can start granting the ability of movement and interactivity to those who lack it, it makes all the drawbacks worth it.

And with that sense of hope, I will leave you to the rest of your Sunday. Thank you for listening. If you’ve enjoyed this podcast, please like and follow us on Facebook and Twitter. We’ll update you when we get listed on iTunes, so you can rate, subscribe, and review there. Keep an eye on Raymond Tec dot com for more news and updates. Have a great week!