Tag Archives: Black Hat

PTJ 104: Internet Security? No Such Thing.

August 7, 2014 Pedro Rafael Rosado Leave a comment

This week cybercriminals made off with billions of usernames and passwords from hundreds of thousands of websites around the world and El Kaiser was, not surprisingly, more than a little upset about it. Sensing Pedro’s imminent panic attack, J.D. cheers him up with a segment on how to buy a new gadget at its peak of freshness.

In other news, the Rosetta probe from the European space agency has caught up with comet 67P/Churyumov-Gerasimenko; The Shaknado sequel is a hit on TV and on social media networks; it is once again legal to unlock your mobile phones; the Department of Transportation considers banning cellphone voice calls on commercial flights; Google helps law enforcement apprehend a pedophile; researchers at the Massachusetts Institute of Technology develop an algorithm that constructs an audio signal from a video based on vibrations; and concerned Facebook users called 911 and the Los Angeles’s Sheriff’s Department after the social media behemoth suffers a short outage.

No, we are not kidding.

Episode Links

PTJ 104 News: Hack ‘n’ Sack

August 7, 2014 J.D. Biersdorfer Leave a comment

Here we go again — Internet Security Freakout! The New York Times reported late on Tuesday that a Russian gang of cybercriminals made off with 1.2 billion usernames and passwords from 420,000 websites around the world, (as well as 500 million email addresses), all with botnets and malware. The Milwaukee-based company Hold Security discovered the stolen data, but wouldn’t say which websites were affected due to confidentiality agreements with its clients. (Not helpful to the rest of us, Hold Security.)

Although snagging credentials off compromised websites was one big way the infohaul was reeled in, a few online observers have suggested that the Russian gang may have also bought chunks of the stolen data from other hackers. This may mean some of the information may be old and out of date, especially after the Heartbleed panic earlier this year when responsible folk went and changed all their passwords then, too. Other sites, like The Verge, The Wall Street Journal and Forbes have noted Hold Security was awfully quick to capitalize on the heist. (The Washington Post took a look at Hold Security itself and had some interesting observations.)

So what can you do to protect yourself? No one knows yet exactly which websites were affected, so let’s just assume it was All of Them. The Times posted some tips for dealing with the breach, so start there. And it may be time to break down and get a password-manager programs like LastPass or 1Password, as this sort of Massive Data Protection FAIL is unfortunately starting to become a regular occurence.

For happier news, we go to outer space, where the Rosetta probe from the European space agency has finally caught up with comet 67P/Churyumov-Gerasimenko after a 10-year chase. Rosetta is now orbiting the comet and sending back photos, and yes, the pictures are on its Facebook page — or rather the European Space Agency’s Facebook page. Good hunting, Rosetta!

Sharknado 2: The Second One, the sequel to last year’s unexpected pop-cult powerhouse, grabbed 3.9 million viewers on its original airing last Wednesday on the SyFy Channel and dominated trending topics lists. The film reportedly delivered one billion mentions in Twitter conversations throughout the day of its broadcast. The cameo-filled sequel was set in New York City and another sequel is on the way.

Some more good news: It’s now perfectly legal once again to unlock your mobile phone from the carrier you bought it from, so you can use it with another company’s compatible network after your contract runs out. President Obama signed the Unlocking Consumer Choice and Wireless Competition Act on August 1^st. In other government-and-phones news, The Wall Street Journal is reporting that the Department of Transportation is considering a rule to ban cellphone voice calls on commercial flights to, within and from the United States. Here’s hoping!

In other law-enforcement matters, Google recently alerted authorities to illegal images in the account of a particular Gmail user after illegal child-pornography images were detected during an automatic scan. Google had discussed its efforts in stopping child porn with London’s Daily Telegraph last year, but the news of the arrest got some privacy advocates worried about what companies can do with your mail. (Google said this is the only crime it scans for in Gmail.) In addition to its own VideoID software, Google and other companies also use Microsoft’s PhotoDNA and Friend MTS’s Expose F1 forensic programs to scan for photos and videos depicting abuse.

It’s the height of summer and the hackers are gathering in Las Vegas for their annual Black Hat and DEF CON conventions. Black Hat started last weekend, and in addition to a demonstration about how USB devices have huge security issues, another consultant was preparing to show how the satellite communications gear on passenger gets could be hacked by going through the aircraft’s in-flight entertainment and onboard WiFi systems.

Meanwhile, another presentation at the conference dealt with spoofing signals in wireless key fobs to unlock cars. Corporate America, please pay attention, okay? That includes you, Wearable Computing Developers. That’s because the security firm Symantec got itself a $75 Raspberry Pi computer and wrote up a blog post describing how easy it is to track people with fitness monitors and other wearable tech through wireless protocols and other security holes in the apps and software.

Algorithms are everywhere. The Massachusetts Institute of Technology just announced that some of its researchers, along with scientists from Microsoft and Adobe, developed an algorithm that accurately reconstructs an audio signal from a video based on vibrations. In one experiment, the researchers were able to reconstruct intelligible speech from a potato-chip bag filmed 15 feet away from the camera and through soundproof glass.

The CEO of Verizon Wireless threw shade at the chairman of the FCC over a letter the agency sent to Big Red expressing concern over treatment of customers with unlimited plans. In a blog post, Verizon had outlined what it calls its Network Optimization policy, in which bandwidth for heavy users is scaled back during peak times on overcrowded sites. Verizon 3G hogs have been “optimized” for years, but the FCC only spoke up when the company recently announced it was also going to start throttling 4G LTE users this fall. Among other points in its rebuttal, Verizon said its practices were consistent with the reasonable network management definitions laid out in the 2010 Open Internet Order and other companies were doing the same thing. So there.

Comcast, which has not had a lot of good press lately, announced this week that it will be providing up to six months of free Internet access to low-income families as part of its Internet Essentials program. Requirements for the program include being in an area where Comcast has service and having at least one child eligible for the National School Lunch Program.

Let the frothing begin: the Re/Code site is now reporting that Apple’s iPhone 6 event will be on September 9^th^.

And finally, as millions noticed last Friday, Facebook suffered a major site outage. During this time, some concerned Facebook users called 911 and the Los Angeles’s Sheriff’s Department. Others took a more thoughtful approach and used the outage as an opportunity to study Web traffic. The Chartbeat blog found that Web traffic to news sites dropped 3 percent and showed how social media drives visitors to other sites. The countries affected by the outage included the United States, India and Chile, so it did not seem to be a worldwide crash.

That may seem like a big dent, but compare it to last year when Google took a dive: experts said world Internet traffic dropped by 40 percent. So in addition to keeping your password-manager program at the ready these days, you may also want to pack a book for those times when various parts of the Net are down. And don’t pester 911 because Facebook or Google crashing IS NOT AN EMERGENCY. Just think of it as an offline disco nap and take a break.

Episode Links

Episode 50 News: Radio Ga Ga

June 6, 2013 J.D. Biersdorfer Leave a comment

Can the mythical iRadio finally be on the way for real? Apple’s recent deal with the Warner Music Group has some wondering if the company’s long-rumored streaming music service will soon be announced — maybe even at the World Wide Developers Conference in San Francisco next week.

Apple also has some other things on its To Do List this month, namely that Federal antitrust case against the company that opened this week in the United States District Court for the Southern District of New York. Federal lawyers accuse Apple and five major book publishers of conspiring to raise e-book prices together before the iPad came out in 2010.

Meanwhile, Amazon continues to expand its empire with 4,000 TV episodes — mainly children’s shows from Viacom — going into the Amazon Instant Video inventory. Amazon Instant Video now has about 41,000 titles for the streaming.

Samsung keeps adding Galaxies to its universe of flat devices. The Galaxy Tab 3 — available in 8-inch and 10.1-inch screen sizes, were announced this week and the new models are said to run on Intel processors instead of ARM chips. Other companies are also rolling out new hardware sporting Intel processors; among others, the new Haswell chips are included in Toshiba’s top-shelf Qosimo X75 and a new 27-inch all-in-one from Dell Computer.

Yahoo Mail Classic has become extinct, replaced by the new-look Yahoo Mail. A page on Yahoo’s Help site said that the new terms of service for Yahoo Mail required “the acceptance of automated content scanning and analyzing of your communications content, which Yahoo Uses to deliver product features, relevant advertising, and abuse protection.” Yahoo points out that those not wishing to be scanned can download mail with an IMAP e-mail client or just close their accounts.

Microsoft, while trying to get people interested in buying Windows RT tablets, is said to be cutting the price of the software to get OEMs interested and have lower-priced Windows-based tablets available for consumers.

As for Android hardware, the Jelly Bean version of Google’s mobile operating system is now running on a third of the Android-powered devices out there. Android used also got their own version of Twitter’s Vine app for creating six-second videos. Mashable gave the app a test drive and also reported that a 16-year-old user figured out how to breach the six-second Vine limit and rickrolled the service.

A trio of researchers at the Georgia Institute of Technology say they’ve figured out how to hack an iPhone in less than a minute with a malicious USB wall charger. The proof-of-concept Evil Charger will debut next month at the Black Hat security conference.

And finally, fans of the 11^th Doctor were upset to learn over the weekend that Matt Smith is leaving the starring Time Lord role on Doctor Who after this year’s Christmas episode. This means holiday regeneration and a tidal wave of Internet speculation on who the 12^th Doctor will be. Actor Ben Daniels has been mentioned, along with more diverse possibilities. The online betting firm William Hill has the odds and online polls have popped up everywhere, but really, just make Helen Mirren an offer.

The independent audio magazine devoted to mashing up pop culture, technology and more. J.D. Biersdorfer and Pedro Rafael Rosado are your hosts. It's an Internet Radio revolution!