DTNS 2437 – Gemalto Says it’s Just SIM Antics

Logo by Mustafa Anabtawi thepolarcat.comChris Ashley joins us to talk about whether we believe Gemalto when they say no SIM keys were stolen, and whether Microsoft plans to supplant Google on Android.

MP3


Using a Screen Reader? click here

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke, sebgonz and scottierowland on the subreddit

Show Notes

Today’s guest: Chris Ashley, co-host of the SMR podcast

Headlines: 

Gemalto issued a press release today stating it detected two sophisticated intrusions in 2010 that it now believes could have been an operation by the US NSA and UK GCHQ as described in leaks from Edward Snowden. Gemalto is the world’s largest supplier of SIM Cards for phones. One intrusion was an attempt to intercept communication by employees in a French office and another was a phishing attempt on a mobile operator. Gemalto detected no breaches in its SIM Card database and does not believe the breach of office networks could have resulted in massive theft of SIM encryption keys.

ReCode reports The US District Court for the eastern district of Texas ordered Apple to pay $533 million dollars after being found guilty for patent infringement. The jury found Apple willfully violated three Smartflash patents in iTunes related to DRM, storage and access through payment systems. Smartflash lodged the suit in May 2013 in Cupertino California but was held in Tyler Texas where Smartflash is based. Apple had asked the jury to find the suit invalid because previous patent inventions covered the same technology.

 

Motorola’s new Moto E has LTE and a bigger screen for $149 The second-gen Moto E has a 4.5-inch (but still 540 x 960 pixel) display, 4G LTE networking, and a Qualcomm Snapdragon 410 processor. The removable backplate has been replaced by six colored bands that can be used to personalize the device. Other upgrades include a new 5-megapixel camera withautofocus, 8GB of internal storage, up from 4, and Android 5.0 Lollipop. Motorola also added its Quick Capture feature, which lets you launch the camera with just a twist of your wrist and the Active Display feature that wakes the screen up with notifications or when you pull it out of your pocket.

ZDNet reports Google unveiled an Android for Work program Wednesday which can establish work profiles on mobile devices. The program lets sys admins manage approved apps on the profiles and set up default encryption on Android 5.0 Lollipop devices. Employers can only manage work data and do not see personal data. Likewise users can add and remove apps at will on the personal side. Google is partnering with enterprise management firms to deliver the program, including Cisco, Salesforce, BOX and SAP among others.

Threatpost reports Google is making its bug-finding contest Pwnium a never-ending affair. Bug-hunters no longer need to wait for a security conference to cash in. Security researchers can submit bugs found in Chroium year round and Google will not place a limit on the number they will reward with cash money. In fact Tim Willis of the Chrome security team said the rewards pool “goes all the way up to infinity million dollars.” The bugs just have to meet the same criteria they always did. And winners have disclose all the details of the vulnerability along with the exploit.

Deep Q-network or DQN a product of Google’s DeepMind artificial intelligence program has successfully mastered 49 Atari 2600 games according to Ars Technica. Unlike previous AI game masters where information like rules for playing chess or trivia information was pre-loaded into the system, DQN taught itself how to play the games and win. Researchers modeled DQN’s AI on a trial-and-error behavior similar to humans and animals, and developed a process called “deep reinforcement learning”. By “remembering” past outcomes and its associated actions DQN was able to score about 75% of the points of a human game player. Games DQN successfully mastered include Breakout and space invaders but it failed at Ms Pac-Man and similar games that required planning and foresight.

CNET passes along the South Korean daily Donga News’ report that Amazon may open branch offices in Seou’s Gangnam area as early as next month. Amazon’s US carerres website lists several positions in Seoul and first-round interviews for 300 positions reportedly took place over the last week. That’s a challenge to local ecommerce heavyweights eBay Korea and Gmarket. At least it’s not Alibaba’s Tmall… Yet.

News From You: 

KAPT_Kipper sent us the news that the Eiffel Tower now generates its own power with new wind turbines. CNET reports that a pair of VisionAIR5 wind turbines designed by renewable energy specialist Urban Green Energy have been installed on the second level, about 122 meters or 400ft from the ground. The turbines have been painted to blend in with the Eiffel tower, and produce almost no sound. They can produce, a total of 10,000kWh per year — enough to power the tower’s first floor. The tower will also soon get LED lighting, solar panels, a rainwater collection system and high-power heat pumps. Not bad, giant iron tower built in 1889, not bad at all.

AllanAv submitted the Tom’s Hardware exclusive that A “source with knowledge of the matter” says the DirectX 12 will work much differently than older versions. For one the API will combine all graphic resources in one bucket and let devs divide up the workload as they wish. The upshot is reduced latency by reducing the frame queue to one or zero. The source also indicated that DirectX12 could work across multiple GPU architectures at once. Meaning you could build a system with a Geforce and Radeon working in tandem or even aggregating APUs with GPUs.

mranthropology passed along a Windows Central report that Microsoft will remove Google Chat and Facebook Chat support from Outlook.com in the next couple weeks. The People page in Outlook will stay updated with the latest contact information from Facebook and Google if you’ve connected them. Microsoft blames Google for discontinuing its Google Talk chat protocol. No word on why Facebook is getting the boot.

Discussion Section Links:  

http://www.bbc.com/news/technology-31619907
http://www.theverge.com/2015/2/24/8101585/the-nsas-sim-heist-could-have-given-it-the-power-to-plant-spyware-on
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
https://gigaom.com/2015/02/25/gemalto-downplays-impact-of-nsa-and-gchq-hacks-on-its-sim-cards/
http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx
http://blog.cryptographyengineering.com/2013/05/a-few-thoughts-on-cellular-encryption.html

 

Pick of the Day: http://testmy.net/

Bill Russell writes: “I wanted to throw in another ISP speed test. TestMy.Net is a great alternative that I’ve been using since I read about the possibility that ISPs were prioritizing their packets to boost the numbers. TestMy.Net randomly generates the data that is sent so ISPs can’t even cache the data to deceive the meter.

One thing I really like about TestMy.Net is the ability to run repeated tests. You can set it to run once every 5 minutes for 100 repeated tests or every 24 hours for only 5 tests. This recently helped out a coworker that had a 60Mbps connection that was being slowed down every night around 11pm to the point that he couldn’t watch Netflix or play online games(less than 500kbps). He used TestMy.Net to show his ISP exactly when and how often this was happening and within a few weeks the ISP replaced hardware and now he’s getting his 60Mbps and sometimes more.”

Thursday’s guest:  Justin. Robert. Young.

 

2 thoughts on “DTNS 2437 – Gemalto Says it’s Just SIM Antics”

  1. On show 2437, speaking about Microsoft’s removal of Google and Facebook chat from Outlook.com Tom made the comment that XMPP is not much supported any more.

    Google Cloud Print uses XMPP and my company wishes they didn’t. We make a GCP print server. Every print job must first be sent to the GCP servers via XMPP, then sent back to our device to be sent to the printer.

    If a site is running a firewall this can cause real problems. It also guarantees that GCP will never be used at security conscious sites.

    IMHO GCP should check to see if the job is for a local printer, and if it is just send it directly. Or use a protocol more likely to be accepted by firewalls (ssh, ssl, https?)

    But what do I know?

    Your boss,
    Gary “LAN_Guy” Fisher

Leave a Reply

Your email address will not be published. Required fields are marked *