DTNS 2216 – Sporglebörk

Logo by Mustafa Anabtawi thepolarcat.comDarren Kitchen is on the show today to talk about the latest frightening Heartbleed attack on VPN, and just how scared we all should appropriately be. Also a listener suggests using our hearts as passwords, thus making heartbleed possible IRL. Plus Len Peralta illustrates the show!

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests:  Darren Kitchen of hak5.org and Len Peralta of the art world. 

Headlines

Let the updates begin: The Next Web reports Facebook has made the first major update to its “Paper” app, the alternative way to access Facebook posts on a mobile device. Paper now has notifications for birthdays and events, the ability to add photos in comments, unread counts to groups, as well as nine new article covers for Bloomberg News, Mashable, FT, kottke, Fox News, Popular Science, The Hollywood Reporter, Vanity Fair, and Hacker News. Still no word on availability on Android or anywhere outside the U.S. 

Start thinking of new passwords, people: Ars Technica reports security firm Mandiant says they found an attacker using the Heartbleed vulnerability to subvert a client’s VPN concentrator. Yeah you heard that, somebody used Heartbleed to bust into a VPN. The attacker used multiple attempts to gain active session tokens, meaning they could appear to be authenticated users, thus bypassing any authentication methods including multifactor. Once inside the attacker proceeded to attemtp to gain additional control over the network. In addition to patching systems as soon as possible, Manidant recommends companies implement network intrusion detection and historical reviews of logs. Attackers will send hundreds of attempts since Heartbleed only leaks 64KB of data at a time, and once in a VPN will appear alongside valid users from significantly different IP ranges and geographical locations.

Why pay for the cow when the milk is … $3.99? The Next Web reports that Samsung’s free ‘Milk Music’ service might soon include ads, and charge $3.99 a month for a premium ad-free version. The information appeared in an infographic about Milk published by Samsung. Milk Music launched in March and is only available to U.S.-based users. 

Zoom zoom: Android Headlines passes along that HTC’s head of imaging Symon Whiteburn told Vodafone DSLR-like optical zoom lens may begin to be common in smartphones within the next 18 months to 2 years.

You get what you pay for: Geekwire reports Uber sent an email to its Seattle UberX drivers that a “Safe Rides Fee” of one dollar will be added to fares starting today. And yes, the fee will be paid by riders. The fee applies nationwide and will help pay the cost of background checks on drivers as well as insurance, education and safety monitoring. Uber will give drivers a dollar per trip until August 31st to ease the transition. However, in the cities where the company reduced the cut they take of fares to 5%, they’re raising it back up to 20% starting April 23.

PlayStation 4 for the win: The Next Web reports Microsoft announced it has sold more than 5 million Xbox Ones compared to Sony’s 7 million. The PlayStation 4 is on sale in 72 countries and regions; the Xbox One in 13. Even with the console lagging behind, Microsoft’s Titanfall took the top spot in games sales last month according to the NPD group.

Skynet. Is. Aware. Ars Technica reports DARPA is researching robotic pods that sit on the ocean floor and can release flying and floating drones to the surface to attack on command. In fact, DARPA has requested bids this week for the final two phases of its Upward Falling Payloads (UFP) program. Phase 2 will consist of the development of prototype systems testing and demonstrations at sea in 2015 and 2016. Phase three would test multiple distributed modules at full depth in spring 2017. 

News From You

the_corley sent in the Verge article about HTC hiring Samsung’s former Chief Marketing Officer, Paul Golden. Golden created and launched the Galxy brand and was in charge during the successful Samsung “Next Big Thing” ad campaigns. Golden is said to have been hired on a three-month contract at first, reporting directly to chairperson Cher Wang. 

gullwingdmc submitted the Apple Insider story that Amazon confirmed Fire TV will add unified voice search for Hulu Plus, Crackle, Vevo and Showtime apps sometime this summer. Currently the voice search only displays options from Amazon.
(the_corley submitted a similar link)

metalfreak posted the OS News article that Judge Claudia Wilken has ruled that Rockstar, the patent holding company of which Apple is majority shareholder, must conduct its suit against Google in California. Rockstart had filed the suit in the patent friendly Eastern District of Texas. Goolge had moved to have the suit in California because of Apple’s involvement and the fact that both companies are headquartered there. Judge Wilkens agreed.

rtwalz let us know about the CNET story that NASA has confirmed for the first time the existence of an Earth-sized planet that ALSO could hold liquid water. Kepler-186f was observed by NASA’s Kepler telescope circling in the habitable zone of the M-dwarf star Kepler-186. No, that does not make it an “M-Class planet” like in Star Trek.

Discussion Section Links: 

http://arstechnica.com/security/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/

http://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

http://arstechnica.com/security/2014/04/now-theres-an-easy-way-to-flag-sites-vulnerable-to-heartbleed/

http://www.wired.com/2014/04/https/

http://www.netcraft.com/about-netcraft/privacy-statement/

http://spectrum.ieee.org/riskfactor/computing/it/heartbleed-bug-bit-before-patches-were-put-in-place

Pick of the Day:

Monday’s guest: Iyaz Akhtar, of cnet.com

2 thoughts on “DTNS 2216 – Sporglebörk”

  1. Hey, Mathias from Stockholm here. Great show as usual! One comment tho – felt a bit sloppy not to mention shipped vs. sold to customers in the xbox one sales number headline story. Makes quite a bit of difference imho…

    Keep up the great work, and have a nice weekend!

    1. Both Sony and Microsoft reported sold not shipped. The slight difference is Sony reported “sold” http://blog.us.playstation.com/2014/04/16/ps4-hits-7-million-globally/#sf2613495 and Microsoft “sold-in” (http://news.xbox.com/2014/04/xbox-one-march-npd). Shipped sometimes refers to warehouse shipping which would be different than sold-in to retailers. Still, Microsoft *is* using the more forgiving number.

      However shipped numbers almost always turn into sold numbers so the distinction is often without a difference, barring BlackBerry-like returns. If Microsoft was claiming they sold more than Sony so far and were counting differently it might matter more. Since they’re still behind a few million it doesn’t really change the conversation much.

      In my opinion there’s a bigger gap in availability at this point, as I pointed out, which makes it difficult to compare these numbers anyway. Always want to keep it easy to understand but accurate. Thanks for the gut-check.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.