 Ladies and gentlemen, we are about to record an audio podcast for your visual pleasure. I was trying to let them know it's an audio podcast, but not make it seem like they're getting something less if they're watching the video and we don't have enough time. What's the thing that I do that makes Darren laugh uncontrollably every single time? Oh man, there's so many things. I know. There's one thing in particular that every time I say I can't. In the industry we call this fuzzing. You just throw out whatever you got and see the sticks. I forget. I forget. There's one thing I know that always makes you laugh, and now I can't remember what it is. We'll discover it by the end of this episode. There's new invulnerability in the Darren pot. There's an exploit. All right, here we go. Yes, hi. I'd like to place an order for download. Can I have the Daily Tech News show dinner special without the ads, not even on the side? And can I get that downloaded every weekday, please? Great. I'm reporting with patreon.com slash ace detect. Thank you. This is the Daily Tech News for Friday, August 14th, 2015. I'm Tom Merritt. Thank you for joining us. Back from Def Con, Black Hat, and the 10-year anniversary of Hack 5 is Mr. Darren Kitchen. How's it going, brother? What? I turned 10. I'm 10. You're 10 years old. You're 10 years old. I'm 10 years old. Well, in some ways, Hack 5 Darren is 10 years old, but that's neither here nor there. We had an amazing time at Def Con. It's such a great crew, so great to go out with Shannon and Sarah and Jason and Patrick Norton joined us, too. There was mayhem galore, and so, just overall, we're just excited to be here. That's what we're going to talk about later in the show, some of the things that Darren found, why they sound scary, and why maybe you don't need to be quite as afraid as the clickbait headlines would like you to be. Also joining us, Lemp Rolte, in to illustrate the episode, are your drawing fingers warm, Oh, absolutely. They are incredibly warm, and I'm ready to hit it in much the same way that Paul Stanley from KISS hits it on stage every single night. Man, you're really into the KISS these days. I am. It's pretty exciting stuff. Anyway, I'd like some alcohol. I can't do that. Let's just move right into the headlines. Here we go. Peter Kafka from All Things D reports Apple will bring out a $30 a month internet TV service. Wait, that's from November 2009. Business Insider has the real story. Apple is on the cusp of a cloud-based, oh, no, April 2011. Steve Jobs says he cracked the code on a TV interest. No, that's October 2011. MacRumors says Apple will have a streaming service by the end of the year. Oh, wait, that's March 2012. Apple Television will have no commercials and be controlled by a ring, says the daily mail. Apple talks with Comcast, says Wall Street Journal, that's March 2014. Oh, wait, here we go. New York Times reports Apple planning a low-cost streaming service by the end of, damn, this one's from March 2015. Here we go. Bloomberg today reports Apple aiming to introduce a TV service in 2016. So the service is delayed. Does any of this stuff quote Apple? No, it doesn't. Kudos, Tom. Kudos. That was epic. Thank you. But we can't lose hope. The dream is still alive. The dream is still alive. We're waiting about it. Live now for six years. Can't let it die now. It's the sunk cost problem. Apple and Junior are like, we're doing a what now? Yeah. Previously on Stagefright, a buffer overflow bug in a video processor threatened to infect 950 million Android phones, but four lines of code were brave enough to patch that vulnerability, and Google made that patch available. However, on today's episode, Jordan Groskovniuk and Aaron Portnoy from Exodus Intelligence say that MP4 video that supplies variables with 64-bit lengths are still able to overflow the buffer despite the patch. So now we're waiting for a patch of the patch. And also, ours technically reports NWR Labs disclosed a bug in the Android Admin app that can subvert sandboxing that normally separates apps from sensitive data like passwords. Well, thankfully Android now has a memory randomization technique that would make said buffer overflow just crash the device rather than potentially own it. We'll see. Also, just carry around an air-gapped burner phone that you never use, and that one will be secure. That one will most likely be secure if you don't put any data on it, especially. Don't take it. You know that new Nexus you just bought? Don't take it out of the box. It's going to be set around the box. So Reddit got banned in Russia because of a threat about psychedelic mushrooms. We talked about this on the show within a day. They removed the post in Russia and got reinstated in that country. Now, lots of people like to be mad at Reddit these days. So you're going to see headlines about Reddit censoring in certain countries. Reddit does remove posts that are against laws in regions in which they operate. This is not unusual. Reddit does the same thing. Wikipedia does the same thing. TechCrunch reports Reddit told it, we receive a valid request from an authorized entity. If we receive a valid request from an authorized entity, we reserve the right to restrict content in a particular country. Darren, does this bother you that Reddit is doing this? A lot of people were hoping. I think what happened is they took too long to respond, and that got them banned. And a lot of people thought, oh, this is cool. Reddit will take a stand against censorship in Russia, and they did what every other site does, which says, well, if it's actually against the law and it's a proven thing, we'll abide by the laws of the country we're operating in. Yeah, that's a weird thing where it's like, well, you got to play by the rules of the game, except the game is existing in so many nationalities, and yet you exist in this kind of like cloud thing that is overarching over top of all of these nationalities. And so it's like, well, how do you win anywhere? And we don't want to fragmented internet. No, it's not surprising. In fact, I see this kind of stuff, and it's really just like drama on the internet. It reminds me of IRC so much, as if there was ever a drama there. But I just imagine IRC.Earth, and in pound Russia, this dude named Reddit just got kick banned, and everybody's like, lol, oh my god. And then they're like, oh, you know, we'll lift the K-line. It's cool, you can come back. And then the other people are like, you should stay out of that channel. That'll show them. Just don't go back into that channel. I get the impulse to say, hey, Reddit, take a stand against this. This shouldn't be banned. But you have to choose those battles. Google did that in China. They don't operate a search engine there because they don't want to abide by the rules of the Chinese firewall. But that's pretty unusual. Right, and it's like your friend that's kind of an A-hole sometimes and you just have to work within their capabilities because overall they're a good person, but they have these tendencies. And if you just kick banned everybody that was ever an A-hole to you, you'd have very few friends. Well, you're going to find a friend in the court of Australia if you downloaded the Dallas Buyers Club movie there. The federal court ruled Dallas Buyers Club LLC must pay $600,000 Australian Bond to access details of customers accused of illegally downloading the Dallas Buyers Club according to the BBC. The court had originally ordered ISPs to hand over the data on who downloaded what, but they put that order on hold in May pending a review of the letters and call scripts that Dallas Buyers Club wanted to use when contacting customers. After looking at that, Justice Nye Parham said, quote, it seems to me that I should set the bond at a level which will ensure that it will not be profitable. He says, you get to recover damages, you know, but you don't get to just like rake in profits on this. So a very sensible ruling in my opinion. Wait, you're saying that we can't use litigation as a means to profit? That's not a business model? Apparently the US thinks that's not OK somehow. Australia. That's what, yeah. And Gadget reports Samsung's attempt to appeal Apple's 2012 patent infringement victory has not met with as much success. It got turned down. In fact, even with the backing of Google, Facebook and Hewlett Packard, the US Federal Court of Appeals rejected the bid for reconsideration. That's according to the San Jose Mercury News. Remember, they lost the case back in 2012. They got charged a billion dollars and then the court reduced that to 548 million dollars in damages. And following this latest decision, Samsung's got one option now that's try to convince the Supreme Court to hear an appeal and potentially reverse the damages ruling. It's either that or pay up 548 million. Ouch. Xiaomi has announced Chinese customers using its MIUI 7 OS powered handsets will get on-demand roaming data according to the next web. MIUI 7 isn't out yet, but when it does come, it can create a virtual local SIM card based on your location. So you can use mobile data at an affordable rate without needing to switch carriers. Xiaomi says its average price for data roaming will be around 10.1 RMB, so about 2 cents per megabyte, and will support 36 countries and regions at launch, including Hong Kong, Taiwan, US, Japan, UK, Australia. Android MIUI 7 launches August 19th, but the support in those countries is only for Chinese customers. The virtual will only be available to Chinese customers. That's the thing that I'm most interested about is just the virtual SIM thing and how that works or if it's just like some boring roaming agreements then I'm not really that excited, but if it's actually doing what it sounds like it's doing, I just want it to be in the hands of security researchers in China or otherwise. Yeah, there's a lot of virtual SIM work out there, so I'm guessing when they say virtual SIM, they mean it? They could be fudging it and using it as a marketing term, but from what I've read, I don't feel like they are. I think they're actually doing a virtual SIM, so yes, that's intriguing. We get intriguing news from you guys all the time at dailytechnewshow.reddit.com and we thank you for that. Anybody who sits here and thinks, wonder why they didn't cover that story? One way you can affect that is get into the subreddit and do some voting on the stories. Star Fury Zeta passed along the recode report that two former employees of security company Kaspersky Lab alleged that the company tried to trick competing antivirus applications into classifying benign files as malicious. Microsoft, AVG Technologies, Avast, other rivals were supposedly targeted because Kaspersky Lab told Reuters, quote, our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. In fact, they say they've been a victim of that same procedure by others. He said, she said, unless you want to over parse it, Darren, and say, no secret campaign, maybe it was just out in the open. Well, no. I mean, this is the thing. It's like the whole, like, oh, you know, you're alleged of something taboo and it doesn't matter what's the truth because now that's in what's in people's minds. It sounds like an information, or a misinformation campaign. Yeah, it doesn't. It could be on either parties. Or it could just be internet rumors. Yeah. I mean, what is true is that false positives are perpetrated upon antivirus software. People do that. They try to make that happen. Who's responsible for it, whether it's just, you know, people having fun, whether it's anti-competitive, that is to be determined. These two former employees seem to convince Reuters that they were credible, though, and so it's, you know, it's more than just internet rumors, but we still don't know if they're telling the truth. It could also be like, hey, antivirus, remember us? We're still the thing as all of the DEF CON Black Hat news goes on. Yeah, no, it could be, too. Hey, Rejoice, for hometown rival, has sent glad tidings from the Verge, the US FCC has approved iRobots application to build a hands-free lawn mower. The mowing bot would operate through stakes in the ground, that wirelessly connect the mower and map out where it should cut, so that approach required a waiver from the commission, which was granted, despite objections from National Radio Astronomy Observatory, which is worried about interference with telescopes, FCC says we don't think it'll get in the way of your telescopes. So, yeah, I mean, folks made the Roomba make it a lawn mower, it's pretty exciting, still not quite as autonomous as maybe my science fiction mind was hoping. Well, if we can have self-driving cars, hopefully we can have self-driving robots. Yeah, I mean, the Roomba can totally stay away from my furniture, it's not really that good at it. What could go wrong? What could possibly go wrong? All right, the headlines. All right, Darren, as we mentioned, was at DEF CON and Black Hat, and that means we had a week full of scary news that made lots of people try to hide their heads under their desks. We're going to talk about some of the scary news, some of Darren's favorites, and explore why they're your favorites. What should we start with? You know, there were so many. There's like a million runners up that I couldn't even put into the dock, a plethora of amazing things at both Black Hat and B-Sides and DEF CON. It's weird. I wonder what normies feel about August. They must be like, oh my god, why is it that everything is broken in August? All the cars got hacked. Why did they all get hacked this week? Yeah, everything's always hacked in August, but no, it's because we just kind of clumped together all of the summer fun at the three biggest cons. So, first up, Sammy Kamkar. You may know him from some of his other research, including Skyjack Tools, which was basically Wi-Fi hacking from drones, as well as the other key sweeper, which is like a little tool that you can put somewhere that would sniff up Microsoft and Logitech Bluetooth, or not Bluetooth, but wireless keyboard keystrokes, which is pretty cool. New tool coming out of Sammy Kamkar named the Roll Jam, and this thing is pretty sweet. It's like $32 little device. Built on Arduino and some other radios, and essentially what it does is it sniffs up rolling codes from key fobs for automotive keyless entry, as well as garage door openers. It's interesting in the way that it works. It basically jams the radio frequency that those two devices typically operate on, while simultaneously sniffing up what your key fob is actually saying. So it's part pineapple-ish? Yeah, part pineapple, except it uses jamming techniques, which is totally not cool with the FCC. So like, don't expect to see this. This is not a product you can buy. I got it. No. And it really isn't something that, it's something that you could absolutely get yourself in trouble with building because jamming is totally not cool. But it's interesting that it basically prevents your key fob from speaking to the car by jamming that frequency while simultaneously sniffing up that code. Then when you press it again, what it does is it allows the first code to be retransmitted while keeping that second code to itself. So, I mean as far as like an RF perspective, this thing really has to be, I can't imagine it being as simple to deploy as just dropping it under a car. But it sounds pretty effective in that the way that the rolling code system works is, and you should do this, next time you're at the pub with your friend and his key fob is like, you know, on the table when he goes to the washroom, just pick up his key fob and then press the unlock button 256 times. He'll be very upset when he goes to his car again. Rolling codes are really amazing, but they're not cryptographically sound, they're far cry from two-factor authentication and, yeah, it's pretty cool. They rely on an accidental system, right, which is well, once that code is transmitted, the car gets it and then that's it. I'm good, nobody else can use it again so it wouldn't have been transmitted if you weren't near your car and that's what the system does is it jams it so that it gets it essentially captures a code that doesn't get used. Exactly, and so that's the thing is it's going to use whatever the highest code is, whatever the next unused code is because it's taken care of, well, just a, just not a feature, but just the realities of RF, which is you're going to hit the unlock button and sometimes it's not going to be in range, sometimes your car's not going to hear it, it's not going to work, it's no big deal so it's just trying to make that work for when it doesn't hear those things. There's obvious fixes for this which would require actual challenges and responses, but for the time being this kind of attack is successful against Nissan's and Cadillacs, Ford's, Toyota's, Lotus, Volkswagen's, Chrysler's, as well as by alarm systems from the likes of Viper and Genie and Lyftmaster garage and more openers, so there's a huge swath of, and to get back to the same thing I said, my car is vulnerable but we're not going to fix these things, of course, until we know these things and actually this is building on some previous research from another security researcher last year, but this is really just making it a lot easier, so what happens is I think this is a really good example of this isn't a vulnerability necessarily, this is someone figuring out hey the way the system is set up doesn't, you know, you didn't think it, but guess what? I figured out a way to get around it, so you need to make it vulnerable. That's what we call vulnerability, Tom. So I mean, it absolutely is. I guess when I say that, I mean a lot of people think, oh, sloppy code, not sloppy code, the system works fine, somebody figured out that since you didn't secure it well enough I figured out a way around your system. Right, there's sloppy code and then there's bad design and then there's combinations therein, and so this is really just bad design, which was fine in a world where we didn't have software to find radios and things of that nature that would make it very easy to perform these attacks, and so really it's all about mitigating risk, because you're not going to be able to prevent every single hack, what you're trying to do is make it so that it's not ridiculously easy for everybody to pull off all the latest and greatest hack source. That's why you want these to be discovered and presented at conferences so that the car companies know, okay, we've got to figure out how to fix that. Right, and so now that it's easy, all of the companies that are involved here have to fix their stuff and make it more secure, and ultimately we all get better products for that, it's just a little bit more difficult when we talk about the internet of things and the meat space stuff, where it's like well, I'm sorry about your 97 Civic is not going to get patched. It's just not, it's end of life. I mean it's a really cool car, you should just keep driving it. Yeah, figured out another way to secure it, you know? Maybe get a physical key in there, you can do it. You know, some other stuff that basically lowering the barrier to entry when it comes to hacking is GPS hacking was big at DEF CON this year. So yeah, you're talking about software to find radio just now, that's one of the keys to be able to spoof GPS which was nigh upon unspoofable previously. Right, Lin Heng was the first Chinese woman to present here at DEF CON and demonstrated a GPS spoofing attack that had previously required GPS emulators which would cost thousands of dollars but now that you can pick up a say open hardware hack RF for like 300 bucks and use some, you know as she did open source software from GitHub and some open source software to find radio tools, she was able to basically emulate GPS signals at a higher, at a stronger amplitude than that of the actual GPS satellites convincing a smart phone, a car, whatever have you into thinking that it was somewhere other than where it was, which is really there's like a lot of implications I mean not just the annoyance factor of like, you know we've all had it where our GPS like doesn't get a lock and it says you're in the middle of the Pacific but this has some major implications, there's rumors in 2011 of an Iranian hacking team that supposedly diverted and landed a stealth US drone from Lockheed Martin by spoofing GPS. There's, when you put all of your trust into a system that you're like well you know the system is going to work because we built it and obscure and only we have the technology, well that's only going to work until suddenly everyone has the technology. So this is a really fascinating one because it's not very easy to go ahead and solve this as far as like the infrastructure because it is so complex the way that GPS works and short of replacing all of the GPS constellation which would be ridiculously expensive with a system that uses like what challenging responses the thing about GPS is it's totally passive your phone doesn't transmit anything when you're on a plane. That's why you still use GPS even when your maps are offline. Yeah, which is why you can turn on GPS when you're on an airplane and it's really fun to see you're going 400 miles an hour. But this is going to be a tough one to patch and I really think that it's one of those things where you have to just say like okay you can't just trust every piece of data coming in. So if my device is relying on GPS it can't only rely on GPS you have to also augment it with whatever other data you have be it accelerometers or gyroscopes or things of that nature you know. The lesson is not like hey this isn't scary this is scary. That's good. We need to know about scary things that are possible so that we can figure out how to mitigate them by either looking for data sources that can augment the signal or the harder project of getting people to figure out some kind of workable challenge response system for GPS. The joke on all of these things Darren is that you know if this and this doesn't happen you'll get killed. That's not funny but in some cases like GPS yeah you know if you drove you off a cliff that's dangerous what I think is in some ways funny unless it happens to you is when you get killed but remain alive. Yes see that can absolutely happen and it would probably be even more so annoying than having your GPS take you to in and out when you were actually trying to go to Whole Foods. Yeah this is actually a response to what happened in 2014 when a Melbourne hospital accidentally killed off like 200 people and so it led to all these security I mean the people were still alive mind you. Oh yes we should probably preface this by saying they were legally dead but they were still walking around they were zombies. They were illegally alive. There was a conflict here yes Chris Rock is a security researcher out of Australia and he noticed this he was like well how easy is it to go ahead and report a death certificate because it used to be a number and stuff but as governments you want to streamline things cut costs things of that nature the implemented online systems that well as he found out were not very secure and essentially all it requires to proclaim somebody dead at least here in the United States is that you have that you register with a government website as a doctor and then you have to also do the same thing again as a funeral director and you can do both of those things very easily because as a doctor all you need to do is find a doctor that hasn't already registered on the system and you just need their name and address and their medical license which are totally publicly available to do the funeral director Chris Rock had just set up a fake funeral website and submitted himself and then he got an automated call from the system a week later saying cool you look legit and then once you have those credentials you can go log into the website and say like yeah Tom Merritt died from bacon overdose it happened. Yeah it happens to people and then I go to try to get my driver's license renewed and they're like oh no sir you're dead which by the way has happened like there are stories out there of people who try to renew paperwork and get told that they are legally dead and then they have to figure out how to prove that they're not and undo that so that's no joking matter if it happens to someone but what is in some manner of fashion laughable is that to issue a death certificate you just need to give people information like that's a pretty bad vulnerability You know and the more that I talk to security researchers that dig into the healthcare field this is the norm because doctors are busy and you don't want to bog them down with a bunch of like multi factor crypto stuff they just want to save people right I would hope and this is unfortunate that a lot of medical devices are inherently flawed a lot of the practices and the processes are inherently flawed and they don't get the attention they deserve and the security researchers that do do it are very lightly because in this case thankfully we're only talking about pronouncing people legally dead but there's also a lot of research in pacemakers and other medical devices that are just sorely lacking any sort of security where you can't easily report this stuff the same way that you would like a website vulnerability or stage fright in android because there's people's lives on the line which is again in the end I feel like this is a positive story still because it means that now people are aware that this system is not secure and we have a better chance of it being mended and people realizing issue a death certificate online we really should ask for a little more private information or have some other way of authenticating people that make sure that it's actually those people on the other end and all of this sounds scary because it exists but what's actually scarier are the things that are vulnerabilities that we don't know exist because the ones we know exist are having a much better chance of being fixed then that's what DEF CON is really all about and that's what security researchers over American they are about is bringing to light these things so that we can fix them it's the black hats that aren't talking about the zero days that you don't hear about for obvious reasons he doesn't mean the black hat conference which is actually a lot of white hat and grey hats a lot of suits actually but yes a lot of shiny shoes and we love them dearly and I should say another positive spin on this is aside from having to call up the dead to verify are you actually dead there's good things to come out of this exact security research in that Chris Rock found that it is ridiculously easy to birth someone it doesn't even take 9 months you can just go ahead and create a new baby you can create life and then you can have a baby shower like that so you register on Amazon people have to see the baby you just like point and say oh she's sleeping or actually you grab baby photos because don't they all look the same but when they come to the baby shower Rogers looks unique but otherwise look anything like either of his parents baby showers well thank you for sharing all of that and that's awesome go check out hack5.org if you like to learn more about these types of topics we have an episode going up today where we talk to some security researchers on hacking IBM mainframes as well as doing some in the middle of tax using usb injection to install certificates and windows lots of fun all good stuff our pick of the day comes from patron james burns who writes hello from beautiful south lake not surprisingly given where I live I do a lot of hiking and mountain biking I also do search and rescue for El Dorado county the one app that I use for all of these activities is back I'm a tree navigator speaking of GPS the app allows you to download topo maps from multiple sources that cover the US and several other countries including maps from openandromaps.org you can record your track and waypoints imported track or waypoint measure point to point distances and get detailed info about your travel including distance time elevation and pace my one concern when I started using this was battery life however using the app on my galaxy s4 with the phone on airplane mode I've been out for more than 8 hours without running out of battery the app does have a bit of a learning curve and the website is not the most user friendly but the app is invaluable for what I do so most of us are not going to be near the GPS hack demonstrated by Ms. Lynn earlier in the episode so go check this out it sounds like a pretty good app called backcountry navigator from james burns recommended by james burns I should say send your pics to feedback at dailytechnewshow.com you can find my pics at dailytechnewshow.com slash pics alright few messages before we get out of here eric from probably hot tulsa but I'm currently in definitely hot Dallas for the slot car national championships wow that's an email in itself just tell us where it is anyway you touched on it but I find the Samsung pay simulated swipe gimmick too little too late because of chip and pin payment is my American express card and a few months ago they sent me a new one with the chip but I continued to use it as normal until recently target one of the stores I frequent and also the reason I had to get a new credit card number a year and a half ago has had me start using the chip reader function on cards that have it this is ahead of the supported transition for all credit cards in October Samsung promoting a feature that will only work on a few phones for a couple of months seems silly also looks silly just my two cents support in October is true although not every merchant is going to be converting it just switches the liability to them at that point but thank you Eric for this email because yeah Samsung pay is great because it emulates magnetic swipe but with chip and pin coming it makes it a little less useful in the fact that it's now limited to Samsung still it starts to make me wonder if it is as big of an advantage as it sounded like to me I don't know payment systems payment options longer the days where it just used to be what checks credit cards and yeah yeah yaru from I miss Wisconsin which is Malaysia says up until a year ago I studied in the states for a few years there was this one time in summer of 2011 where I left Malaysia and almost nobody had tablets in public when I came back in summer of 2012 everybody and their brother had them I've seen them being used on TV which was never a thing before it just exploded during the nine months absence of mine this is just anecdotal evidence you guys already have the stats mentioned but just an interesting story that relates to the topic it was something that was very noticeable so yeah just you know over a couple of years suddenly everybody had tablets kind of like waking up from a long nap when you're away from a country like that and you go back and like whoa everybody's on tablets now so thank you for that yaru yeah I was looking back at some of the like season one stuff as we just you know celebrated 10 year anniversary and I'm like wow iPhones didn't exist tablets didn't exist right like yeah I mean we I remember helping you make a joke about putting Verizon on an iPhone because that's a big deal yeah yeah yeah so much so if you did just woken up from that you'd be very confused well yeah hey what who is Samsung no you do Samsung they made they made the flip phones are you right they made the flip phones William Madison wrote it and said he thinks the restriction of Google is exactly what is Rebecca is exactly what is recommended when setting up an asset protection plan and that does jive with one of some of the things they're saying he says in real estate investing and business development the best recommended structure is to set up an umbrella management holding company you then set up management agreements with each corporate entity below that managing company this structure greatly reduces both the piercing of the corporate veil and protects personal assets and wealth from legal actions although I think they've already done that part of it even before forming alphabet anyway William says this restructure protects each entity from being dragged into legal action that now have to be directed at a specific entity and not Google as a whole that all makes perfect sense William thanks for sharing your expertise and I think it does shine a little more insight on to some of the side effects of what they're doing although most of the legal action is pointed at Google and most of that legal action is still going to be pointed at Google but it does have the effect of shielding X lab nest etc from any legal action that is pointed at Google at that point right and this is exactly why hack five is owned by the shine heart wig company I love the shine heart wig company one of my favorites newly minted patron west writes I've been an electrician for over a decade and in my work I've often been amazed by how far behind residential wiring and appliances are compared to their commercial industrial counterparts many of the concepts you guys are talking about like greater automation predictive computing have been present in industrial wiring for years I know that part of the problem has been the cost of implementing various technologies on a mass scale but I'm so excited to see the continued progress of mixing technology in our homes in a functional rather than just an entertainment way I think we're just barely touching the way smart homes can enrich our lives by assisting the elderly or disabled providing after school care for kids health care monitoring possibilities seem almost limitless not how it typically happens though you know it starts off like big engineering stuff and then trickles down yeah it's worth both micro-sized is that the opposite of super-sized I guess anyway I'll go with that I always love it when we get somebody who's got a specialty like Wes who's an electrician who can share that perspective like yeah man I've been seeing this stuff and I've been waiting for it to come to the home so I'm really excited that it's finally starting to make its way over it's fantastic and fantastic to have you back Darren my apologies that I'm going to be gone next week but the least we've got one weekend in August and folks again if you want to know anything about the hacking world you have to check out hack5.org right there's ten years of shows to catch up on yeah get to work you've got a lot of watching and listening to do and HAK5.org is not just the place for hack5 but Threatwire, Metasploit Minute, Techthing so much good stuff there yes and you can find in fact we've got a new video series on the Land Turtle which we just released which is kind of a companion device for any sort of systems administrator or penetration test or just overall geek that wants to have remote access to a network anywhere it's a surreptitious little ethernet USB dongle that does all sorts of fun VPN and SSH goodness so check that out HAK5.org it's a great way to learn Darren, Len has been hard at work on something that has you in a top hat it's a black hat I love that oh I get it now so dumb you've got to keep Tom in it this is this piece is actually called Darren Does Def Con and there's a lot of text here which I will read it says, founded Def Con Black Hat this tiny device has the ability to right all social wrongs predict the winner of the 2016 presidential election solve world hunger prevent massive global financial chaos in Stopland all the time can also virtually kill or birth anyone so there's that too but all anyone wants to do is use it to remotely cut their neighbor's lawn and I spelled out nice to hear so this is an interesting one because Darren is wearing the black hat there's the Def Con thing but this marks the occasion where I'm thinking I'm going to introduce Angry Tom a new character why am I so angry oh because I don't have to be frightened anymore well he's angry because people are only using it to cut their lawns right my sense of self-righteousness has been fronted I got to say drawing Angry Tom it makes me feel bad because that's not really you Tom but it's like bizarro Tom deep in my black little heart that's what I really like he's captured my soul he's definitely captured me I've got the device that cures world hunger in a three pack you wear a black hat like that man that top hat looks good on you it looks good it's very stylized Darren this time well you know it was actually that's very much so in the theme of this year's Def Con which was Noir oh I did not know that wow you just tapped right into that actually I did know that I had to work that in of course so lennproaltestore.com if you want to take a look at it folks on the audio podcast you got to check this out you can buy a copy of it there but you can also get the digital versions of these automatically if you back lenn on Patreon yes patreon.com forward slash lenn l-e-n and that's it for us thank you to everyone who supports the show if you're in a row of six people look to your left and look to your right and one of those people in the row maybe it's you supporting the show and they're paying the way for everybody else so I understand not everybody has the means or even the ways to support the show whether it be by Patreon or PayPal or even the store but you can tell somebody about it so go tell folks about Daily Tech News show if you enjoy it and spread the word so that more people can enjoy the show as I mentioned I'm out next week for the shooting of the last episodes of the connected tech series but you'll be in good hands with our contributors our email address is feedback our phone number is 51259daily that's 5932459 listen to the show live Monday through Friday at 4.30pm eastern at alphakeakradio.com and visit our website dailytechnewshow.com Veronica Belmont hosting the show Monday she'll talk to you then this show is part of the Frogpants Network get more at frogpants.com time and club hope you have enjoyed this brover well played what should we call that um the best show ever robots get on my lawn silver blade get on my lawn I think there's only one possible title which is robots get on my lawn you know what that would have been perfect if we could have gotten a picture of who's that old codger that's always on twit uh... who's that yeah John Dvorak's name I I've talked to the guy like six months ago I spaced on it oh please you've known him for ten years more I've known of him for ten years no he needs to be on a riding lawn mower jumping trying to jump over lawns someone said this should be your twitter avatar well you know what's going to be interesting previously with iRobots we had cats riding on them the Roombas what's going to ride on the lawn mowers well dogs finally have their day I don't think dogs like that you don't think so you don't think dogs like riding on robots in the lawn I mean dogs love backyards and lawns don't they yeah but they like running on them they're not cats well I'm making a series of videos of dogs getting into heated debates with said lawn mowers well it seems like a bad idea to have any animal or baby riding on something with automated blades but call me crazy mm you know what in California that may not even be an issue because people are going to have to convert to uh... non high water demand full foliage you know maybe they'll have for the California market a modified robotic lawn mower that instead of cutting the grass spray paints it green you're going to need some big dog type machine that can climb up all the rocks in the zero scape lawns and trim the little sage brush and switch grass they can make one with a camera on it and a little lidar so you can do like a perimeter security own like a warehouse or something there's just having cameras everywhere uh... oh and then we could attach some guns to it like that guy with the quadcopter did a few weeks ago and we could send it down the DMZ of North Korea wait I think they already did that what? no I'm just you know you just need a little sentry robot that's it can I go are you still there? well I do believe you should have a speaker on it so you can talk through it are you still there? daddy is that you? this bell show got weird fast yeah it did what happens when you have the perfect title right out of the gate I mean robots get on my lawn is obviously the title so we're left to our own devices you know it's interesting I just thought of it this is totally random for anyone who wasn't here at the beginning of the show but ties and kiss and drones and that's the movie Run Away starring Tom Selleck and Gene Simmons and he uses these floating and it's kind of cool because it's one of the first movies where I've seen kind of the small personalized drone being used as a special effect and it's these basically single rotor drones that come in and they spray gas or they're used by the police as remote operations vehicles that go into a house or something and just go put out without having to send someone in it's a really interesting movie it's based on a Michael Crichton book I think it's also titled Run Away as is all of our life I just need there to be a movie of demon now and then I can die a happy man well or you could not really good about movies based on all of Michael's these days however loosely oh you know what you should watch are butts in the movie draft do you like horror movies Darren or not really no I absolutely do not watch horror movies because I would suggest Demon Seed for you have you seen that movie uh... Len no I have not ah it's great it's very 70's it's very 70's it sounds like something else I recommend Demon Seed anyway no no because it's basically a computer a household computer that controls at home that this guy built and installs a prototype in his house that he wants to sell and it basically takes over the house takes his wife hostage to use her as a receptacle to grow a body so he can be human and then he fakes the fact that the wife is sick because he's on a business trip so anyone who comes to the door you know there's a little screen says oh I can't come because I'm sick it's really interesting totally reminds me of a lot of the stuff 1977 Demon Seed I am alive Dean Coons wrote the novel oh ok that makes sense then from Flight of the Intruder to that I read a Dean Coons novel once Flight of the Intruder no that's the only one I remember Regina Preciado made me read it uh was it punishment no she's like I think it's really good you should read it I haven't talked to her in ages me either ages I mean like 8 years we're talking about somebody that nobody else knows that's always a good discussion I'm sorry I started it, my own fault hey so how about Mike Zimmerman my childhood friend from kindergarten anybody's seen him lately I know him but not him isn't he the kid that smelled like potato soup no no no that was a different kid Mike was the pig farmer I mean literally you know I've never known anyone to smell of a particular object until college and it was no this kid in high school man no it was a girl that smelled like potato soup oh really? yeah and then this other kid hey why are you looking for your friend Zimmerman look for my friend Mark Neid who I tore a tuft of hair out of his head what? Christian was like tell it anyway material I wasn't fighting him I was watching two people fight he was fighting my friend and I wanted to grab him off of my friend so I grabbed him by the head and pulled all this straw like hair and I remember looking at my hand going what is this and you were angry and wow you're a lot more vicious than I thought it was very no no no you know your emotions run high when you're 7 years old and your friend is getting beat up you want to protect him so weird I gotta go beat up some 7 year olds I will Darren no I do too I'm gonna do everything I can do to make the internet a better place good remember we have a free pack that will save the children at the hack shop I'm gonna log off too bye see you later we'll talk soon Jenny now I will bore you with stories of being at late night talk show taping so I was in line Tom have you done not to cut in your story but have you done the thing where last past automatically changes all your passwords no I do not trust that I'm sure it's fine it's just running things on my computer I was just doing it watching it and going this is terrifying I have a really bad I know it's probably totally unfounded but bad feeling about last pass or other password managers they'll build up such a critical user base at one point and then someone says you know what you want all your passwords you pay up well I already pay more now I mean it's an unfounded fear in that that's the same fear you should have about banks you keep your money in a bank and one day the bank just may go we're gonna keep your money and it's happened in history but it's not likely to happen and I don't think it's likely to happen last pass but there is something to the idea of like hey you're keeping all of your security in one place and it's not entirely under your control which is why I personally I don't personally memorize I know why Roger puts all his money in his mattress I don't use a mattress for that alright I use a combination of cement and brick yeah I mean we do all kinds of things that are horribly insecure like trust that pieces of paper will continue to accept this currency yeah in my mind it's just like passwords have reached such a they're just so many sites that we use now that there's just no other option like to me there's no other option I don't agree with that I actually don't I'm shocked Roger I'm shocked to like some level of my core that I don't even fully understand you tell us how you are shocked we disagree and are shocked I think that's just Tom projecting on to you no no I'm not conch what does everyone think I'm contrary I don't know Roger why would anyone think that you're conch you're the funniest contrarian I've ever met how's that you're a cheerful contrarian I'm not cynical I'm just saying like it's possible you know what I did eventually and I actually have to thank Robert for this when you have the ability especially on sites that allow you to use longer passwords I make up common phrases that are theme based for certain things for example if I'm buying something like sites like Amazon I have a certain theme for those passwords and then if it's something like finance or something those have a particular theme so every group has a particular theme with minor changes in them between them but they also get rotated out every six months fair enough that sounds like a lot of work and I think I'd rather have last person a lot of people would not be able to make that system work for themselves because they just couldn't remember it and so then they default to using the same password places and things that are less secure than a password manager it's all in that continuum of security right password managers are recommended by security professionals often because they're much more secure than what the person has been doing to that point doesn't make them the most secure thing you could possibly do yeah and I also trust them to be the people who are better at fixing it if it goes wrong than I ever would be if that makes sense but if you want to avoid any headaches never ever attach your bank account to any other system oh yeah well that again it goes back if you want to avoid any headaches don't keep your money in a bank there is a line you have to draw somewhere you're making my baby cry I know I'm sorry stop with your slippery slopes we should do a show where we talk about things like this we should we should do one before this month is over that is I agree hey you know what we're two months away from our 10 year east meets west anniversary wow you hear that our show is older than you older than you a lot of things are older than ellie there's not much that's younger than ellie a few things alright alright bye ellie do you need me to do anything out of the ordinary uh no I'll do the video I'll figure out a new way to do it okay I mean alright if you've got the time I wouldn't mind I got Matt here we're gonna go do errands okay yeah that's cool thanks everybody