 Coming up on DTNS who might have conducted the social engineering attack on Twitter knock knock who's there not security and happy world emoji day This is the Daily Tech news for Friday July 17th, 2020 in Los Angeles. I'm Tom Merritt and from studio Redwood. I'm Sarah Lane From hot and humid Columbus, Ohio on Rob Dunwood draw on the tops tech stories from Cleveland, Ohio I'm Len Peralta Sitting in the background. I'm the shows producer Rogers. Ah, we were just talking about how Henry Cavill not so mainstream folks You want to find out that discussion? Go head over to good day internet get it by becoming a member at patreon.com DTNS let's start with a few tech things you should know Reuters reports that some k-pop stars accounts have been blocked on Daoyin, which is tiktops app in China South Korea's communications regulator find tiktok 186 million won. That's about 154,000 US dollars on Wednesday for collecting personal information of children under 14 Without consent from guardians and not disclosing or notifying users of their personal information was sent overseas Some people drew a correlation between these two events a tiktok spokesperson said that the accounts in question We're working normally on tiktok and the Daoyin operates independently Microsoft announced it ended production of the Xbox one X and the Xbox one S all digital edition consoles as it ramps up production on the upcoming Xbox series X The company said the standard Xbox one S will continue to be manufactured and sold globally Apple updated its style guide in an effort to remove non-inclusive language across Xcode platform API's documentation and its open source projects Company said developer APIs with exclusionary terms will be deprecated as Apple introduces replacements Apple did provide an exemption for use of the words blacklist and whitelist if either are used in code that's being documented that can't be changed In that instance developers just show code samples to illustrate what users need to enter and then in the description can use alternatives like allow list deny list etc On July 16th the U.S. cybersecurity and infrastructure agency issued an emergency order giving federal agencies 24 hours to patch windows servers used for a domain name system purposes or apply another mitigation Others have until July 24th Microsoft issued a patch for a workable windows domain name system server vulnerability on Tuesday Apple trade tension in China story alert Luxure precision industry is acquiring Taiwan based Winston Corp's iPhone production business in China and a $472 million deal Winston is a contract manufacturer for Apple's iPhones and said of the deal it agreed to sell two subsidiaries in eastern China for $3.3 billion yuan to Luxure And going along with that Apple assembly partner Pegatron is readying its first plan in India back in June the Indian government announced $6.6 billion plan to bring more smart phone manufacturers into the country Foxconn and Wistron already have plans to manufacture iPhone handsets in southern India so that's happening more and more IBM's X-Force iris security team obtained 40 gigabytes of data as it was being uploaded to a server hosting domains known to be used by Iranian group IRG 18 The data included training videos showing how to compromise accounts and managed compromised accounts in Zimbabwe Zimbabwe, ah Zimbabwe, forgot about you. The data also included online personas and phone numbers used by group members Alright, let's get you updated on what's going on with the Twitter social engineering attack Twitter announced quote we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident So it sounds like they figured out which accounts were accessed in their admin tool Twitter goes on to say for a small subset of these accounts the attackers were able to gain control of the accounts and then send tweets from those accounts We gave you an example yesterday of at six not letting someone tweet because they gained control back so that could explain why there's a subset here Twitter has not determined if direct messages were accessed they're still working on that Brian Krebs has an in depth look at what we know about the attack itself over at Krebs on security SIM swappers which are a community that try to gain access to phones by getting the accounts swapped into new SIM cards It's a social engineering attack to call the phone company and convince them to swap service to a different SIM card That community exists and in that community there are folks who prize getting control with that method of what they call an OG account That's usually indicated by short profile names because those are accounts that were there from the beginning Days before the Bitcoin post appeared on Twitter Wednesday a post in the OG users section of an account hijacking forum was offering access to either change the email address tied to any Twitter account for 250 bucks or to give direct access to a Twitter account for between $2,000 and $3,000 This jives with what we mentioned yesterday about the account at six getting a password reset confirmation code hours before the Bitcoin post began to appear Krebs adds that lucky 225 who controls at six had disabled SMS for 2FA He got the password reset confirmation to the phone number because the attackers had changed the email address and disabled 2FA So that alerted him something was wrong and he was able to get his account access back quickly Krebs also does some sleuthing noting the similarity in a profile pic and a pool shown in a profile background shot to a known SIM swapper who goes by plug walk Joe who is thought to be involved in the SIM swap that gained access to Twitter CEO Jack Dorsey's account last year Now, if you're wondering why President Trump's account was not affected on Wednesday The New York Times is reporting that after past incidents presumably the one that involved an accidental suspension of the account for 11 hours on November 2nd 2017 The president's account was given extra protections. In fact, the Wall Street Journal reported back in 2017 that Twitter said it had limited the number of employees who could manage the president's account So even if they had access to this admin tool that may not have given them the additional access to the president's account So that may be why the president's account was unaffected Reuters reports that Twitter has been without a chief information security officer or CISO since December Something they probably wished they had right now Some applicants are like, could have done this from home Yeah, this is a tough one. Rob, what do you make of this story? I know you weren't with us when we kind of went through it yesterday, but the details keep coming out You guys covered this in detail yesterday and I said a little earlier that these are the most underachieving hackers I've seen in a long time The level of access that they had. Now, don't get me wrong. I'm not rooting for them to have done more than they did. That's not what I'm saying But I mean, when you're talking about the accounts they had, Joe Biden, Barack Obama, Bill Gates, Kanye The accounts that they had, they really could have wreaked havoc and done a lot of harm and a lot of damage So to only get away with what they got away with is kind of underwhelming But as far as the security aspect of this is that Twitter is going to have to make some significant changes in this It can't be a person or two with social engineered, which is the story that's going now It can't just be a couple of people that that happens to and you are hacking former presidents, people running for president, Bill Gates, Apple It should not be that easy to get a hold of these accounts So I think you're going to see a lot more post-mortem going on and there's going to be a lot, you know, some jobs are going to change Some teams are going to be added, things are going to be switched around. This is a major, major security breach for Twitter And it does strike me as 63% chance this was folks trying to make a rep for themselves So that is very common as we talked about in the OG users scene and being able to go in and make some cash selling these until they got noticed by some of the accounts like at six And then realized, well, this is going to get noticed soon. Let's go out in a blaze of glory. Let's post to every account, the highest profiles account we can get access to Try to collect some Bitcoin on the way out the door. That does strike me as the most likely explanation here If that is the case, they still might have grabbed some DM information and downloaded it and we will see that pedaled at some point if that's true Well, we mentioned yesterday that Netflix named Ted Serandos co-CEO along with current CEO Reed Hastings and that the company gained 10.1 million subscribers worldwide in its last quarter Which is almost as much as all of 2019 pushing its total number to 193 million. Those sound like good numbers, right? Well, there is some bad news because earnings per share for the quarter were $1.59, which is quite a bit lower than the $1.81 expected Also, Netflix says it expects to add 2.5 million subscribers in Q3 and the straight says, well, we expected 5.27 million subscribers. So that's also way lower by about half In its earning letter, Netflix wrote, quote, growth is slowing as consumers get through its initial shock of COVID and social restrictions are paid net additions for the month of June also included the subscriptions that we cancelled for the small percentage of members who had not used the service recently Yeah, that story comes back up again. Yeah, I don't think that's going to make a huge number but I think what Netflix is pointing out here is there's still an economic hit that's going to tighten some belts and we're ready for that People are going to cancel accounts because of that and places are opening up more more places around the world are opening up not the United States at the moment but but other places are and that means people are going to be going back outside They're not going to need Netflix as much and so they expect to see more people cancel plus they got ahead of themselves a bunch of people who may have subscribed later finally got around to it got around to it faster And so you know this this 10 million that they added this last quarter is is a few people that that would have added later and so they're they're banking folks ahead of time I think those three things are why Netflix is saying don't expect a great quarter next quarter because this this isn't going to last forever Yeah, there's a lot of people who have a lot of stuff that's not Netflix to watch you know TV online as well I mean you know Netflix was the big dog and they are the big dog but there is a tremendous amount of competition out there for them as well so people just have other options Peacock just launched a couple days ago you know I don't think it's going to really compete with Netflix at least not you know not yet but it's something else that people yeah this is free let me go check this out So you know I'm not terribly shocked you know by the numbers I think a big part of this is that they really crush Q1 and that's kind of really skew things and it's you know Q1 was was great but now we're in a pandemic things are going to look different Yeah Q1 and Q2 both were great and they're what they're saying is Q3 don't they're getting ahead of it which is good to them like don't get too excited about Q3 right? Yeah I mean I think it's it's you know a combination of like you said Tom you know people you know their daily habits have changed quite a bit from what everyone was doing six months ago that definitely factors into it and Rob to your point there are just there's just more competition if you pay for Netflix and you have a couple other services that maybe have that one or maybe even two shows or movies or you know library whatever it is that you like you're not going to pay for all of it and you know with more options that's great for consumers but it's not necessarily great for Netflix Yeah The Intercept reported an internal bulletin from the US Department of Homeland Security drafted in conjunction with other US federal agencies that discusses the potential impacts that widespread use of protective masks could have on security operations that incorporate facial recognition systems to monitor public spaces during the ongoing COVID-19 public health emergency and in the months after the pandemic's excites. Facial recognition systems affected include video cameras image processing hardware and software and image recognition algorithms and it basically you know the Homeland Security is basically worried that protesters might wear cloth masks to evade detection while acknowledging that it really has no specific information that violent extremists or other criminals in the United States are using protective face coverings to conduct attacks several cities including Boston Oakland and San Francisco have stopped the use of facial recognition by law enforcement and a law to prohibit its use by federal agencies was introduced in the US House last month Me personally I'm not concerned that Homeland is concerned about this I mean I understand that they are but I'm not concerned because one of the reasons that these big cities are banning it in their cities and we're looking to potentially get this banned across the country is because facial recognition is not 100% and specifically speaking of people of color it's not very good at all when you know and even more so women of color it is quite horrible so you know these companies need to do better and you know I've been a proponent of look at the irises of people when you look at the eyes don't change on people and unless you're putting context in which the system should be able to detect that so you know I think that they need to get a lot better before we start using them for law enforcement because there's just so many false positives particularly for minorities you know in this country so I'm not concerned that they're concerned I just hope that you know that organizations just get better at what they do and start looking to people's eyes That's really interesting about the eyes right because what this story when I first read this story I thought well then they should back off on facial recognition because you know people need to wear masks right now that is the health guidance and they may or may not but a lot of people are so it's another reason why facial recognition just is even less effective and of course we had the recent stories as you alluded to of two black men in Detroit getting falsely arrested turns out they weren't the person but facial recognition and indicated maybe they were so my first reaction was well this is another reason to back off facial recognition but I like your take of this is a reason to focus on recognizing the eyes recognizing the part that is visible and work on on making that work better and be equitable right Absolutely Yeah I think that's I'm curious if we'll see companies start to pitch solutions for that they might not because this is just such a hot button issue and we've seen IBM and others just back away entirely saying you know what we're just not going to market this for law enforcement uses yet but I'm going to keep my eye out No pun intended And we're not the only countries working on this I mean they're using this in Asia as well and Max are a thing in Asia I mean it's been this way for years so they are focusing on eyes there just because so many people just as a matter of fashion at this point wear masks all the time So facial recognition simply just would not work in extremely large countries that are far east of here so this is you know like I said it's it is a concern but I'm not that concerned because you need to get a lot of things right before you start using this stuff anyway Well if you're not familiar with knock codes it's a method to provide hard to crack passwords that are easy to remember usually used as phone pins providing a two by two grid that you knock in a pattern they're harder for somebody to see over your shoulder since they can be entered on a black screen And they should be harder to guess since people don't or shouldn't anyway use patterns like birthdays or other easy to guess numbers LG markets it as an advantage for its phones and around 2.5 million people in the US use knock codes on their phone So folks at the New Jersey Institute of Technology at the George Washington University and we're University bottom studied how much better knock codes are than other passwords and it turns out not really all that much better 18% of all knock codes and use are for four different password sequences the 30 most popular codes make up 42% because people tend to start in the upper left and take similar roots it's just human nature Oddly making the grid 2 by 2 made passwords easier to guess 2 by 3 rather also 20% of participants in the study couldn't remember their pattern 10 minutes later Yeah This is a classic example of humans are often the weakest part of any security scheme because on paper knock codes should be better than a birthday right a birthday can be discovered and found out but a knock code What do you how do you going to know what knock code the person created right it's it's going to be easy to remember well first of all it's not easy to remember of 20% of the participants can't remember 10 minutes later And and also if everybody's doing the same patterns you know 40 what was it 42% worth 30 codes that's pretty easy to brute force Yeah extremely easy to brute force and it's like you know 42% you're going to get a lot of them right on the first try or two So yeah this is you use a use a passcode use a password You know I understand that they want to make these things more secure but this is one of those things to where I just you're probably doing too much with knock code this is something a little bit Idea that should have worked right like it's on paper it should be more secure and it's easier for people right then having to remember except it's not like we thought it would be but it's not because well I mean Especially because you know 40% of us are like this is probably a really good code Yeah just happens to be the same one that everybody else Going to go up in the top right and then down and then back and then down So many people are using the same ones it's like did you like to look dude this code nobody's ever going to figure it out watch You're showing your code to someone else because that is a staggering number that more than four out of 10 are using one of 30 different things that you can put in here that's that's that's not secure at all This is another argument for having a password manager pick your password because you are a human you think as like other humans even though you may think you're unique And and if you have a password manager pick a random password it's going to pick a stronger password than you will pick if you pick it yourself Absolutely Hey folks if you want to get all the tech headlines each day in about five minutes please go subscribe to dailytechheadlines.com It is world emoji day and we thought you know what it's been a hard week of news it's just been a hard week in general it's 2020 so let's celebrate emojis Google and Apple revealed their versions of the 117 new emoji coming later this year as part of the emoji update to Unicode 13.0 You'll find bison beaver polar bear tamales boba tea a teapot a slightly smiling face if you never thought the faces smiled the exact amount you wanted this might help Two people hugging a man in a veil a woman in a tuxedo a person feeding a baby Sarah what's your favorite of the 117 new emoji Oh man emoji I am not the biggest emoji user but I did have to laugh when we were having our pre-show meeting earlier I was like well I'm super glad that we have a lung emoji now and everyone was like what do you mean What do you mean I was like you know the lung emoji like a picture of lungs inside a human body I never was like oh Right right no it's because I hadn't realized there was a lung emoji coming I'm very glad now Well it's like it's so easy to be like that's so silly like what's the point but like this is a way that people legitimately communicate Even though I you know I I am less of an emoji user in a sequence maybe than the next person The lung emoji is not just about you know my lung health but like I don't know I went on a run or it's a way to express yourself in a creative way That I think you know is cool and the more we have I know people are actually enthusiastic about this and it's not whimsical it's it's real communication In many ways it actually kind of reminds me of like a modern-day hieroglyphics but because of it's all simple based You can actually communicate with someone who you might not be able to speak to them in their native language and they may not be able to speak in yours But if you give a thumbs up generally that's a universal sign of hey things are good or you did a good job or some sort of positive interaction You know in the same way that when you go to the airport a lot of the symbology is very similar for the restroom for the taxi or whatever So if you don't speak English and you're in an English speaking airport you know where to go if you need to use the restroom or to catch a taxi You just made a point that actually is a really good one I have quite a few friends that are Russian so often times I will see in their Facebook feed where they're talking in Russian And I just I can't follow that I don't speak it I don't read it I don't write it But there will be times when there will be a bunch of Russian but then there also be a bunch of emojis and I can kind of figure out from the emo Okay, I know what you're talking about and I will reply back and then oh my bad Rob let me write it in English so you'll know the whole story But that is actually happened to me relatively recently so that's a good point that emojis do allow you to communicate across language barriers Did y'all know that emoji date back to 1862 The the next web notes the first emoticon a smiley was printed on August 6th 1862 in a transcribed copy of a speech by President Lincoln Everyone's pretty certain it was a typo, but it is there the first intentional known use still dates back to the 19th century March 30th 1881 When the satirical magazine puck published a piece on typographical art emoticons were devised for joy melancholy indifference and astonishment They weren't called emoticons but you can look at them there you know colons and parentheses and all the kinds of things you would look at and understand The modern emoticon arose September 19 1982 in a posting made at 1144 a.m. by Professor Scott Fulman who proposed using the character colon dash end parent to indicate jokes on a computer science department bulletin board at Carnegie Mellon University He also in the same post suggested the colon dash open parentheses for frowny So that that's really when the modern emoji was born the emoticon of course the the predecessor of the emoji Unicode first added characters from zapped dingbats in June 1993 which were kind of emoji like AOL Insta messenger added buddy icons on May 1 1997 also kind of emoji like But the actual emoji Japanese artist Shigeita Kurita created a set of 176 of them to convey information on the mobile platform you worked on on February 22 1999 customers of NTT docomo The mobile operator the NTT group and partner company NTT data started being able to send those digital icons as part of text messages through mobile communications Gmail brought them along October 23 2008 IOS added them for soft bank users in Japan November 21 2008 that's when I got him because there were a lot of workarounds to make him show up in IOS even if you weren't a soft bank user And then October 12 2010 emoji were officially accepted into the Unicode standard 6.0 And then to your point Roger February 19 2013 Moby Dick was translated into emoji Was it was it a very long read it's still a long read and not quite as different. Yeah, just different quite a bit different Yeah, I mean you know I I I still use like ASCII you know emojis old school stuff you know for fun And that's part of the vernacular in its own way but you know the the idea that this all started a lot longer ago than many people realize you know it's not just about like cute hearts and you know winky faces and stuff like that It was really a way to convey an emotion that would otherwise require a sentence maybe two kind of thing and that is that's where I think that you know sometimes you can get caught up in like the cuteness aspect of this and it really is a way to communicate You can put a variety of emoji and order and convey lots of things sentences emotions what you're going to do tomorrow you know the whole thing How do you say world emoji day in emoji globe I don't know what the emoji for emoji is I know that's where I got hooked up to that's a good one It would be a calendar entry for day that's a very good question Rob I don't know what you got I'm just going to say the world a bunch of random emojis than the calendar emoji for day maybe I don't know Maybe yeah right Well everybody if you like stories about emoji and any other story that we talk about on the show and off the show you can join in our conversation in our discord which you can join by linking to a patreon account at patreon.com You can type in just emojis there if you want We'll just decipher it Phil wrote in and said following up on new ways to check out of stores and the handheld scanners in UK supermarkets over the last 10 years that was one of our mailbag entries from a couple of days ago Phil says more recently is something I've only seen so far in Decathlon which is a French sports store with outlets all over Europe The first time I went to a new outlet near me in Stockholm Sweden I spent 30 seconds looking for the barcode reader to scan my items at the self checkout before realizing that everything in my basket had already appeared on the checkout screen Rather than barcodes they have RFID chips in every label or every item So when you place anything in your basket next to the till it scans everything and immediately comes up with a list and cost of everything in the basket Whether items are obscured or on top of each other inside each other it works well I was very impressed with the speed and ease of use and you can just walk on immediately after pain without scanning a thing So you know Sounds like a good life The new Amazon cart works better than RFID because RFID could have scanning errors you know it's all about bringing the errors down but it points out that this technology is not new the idea behind it is certainly not new Shout out to patrons at our master and grand master levels including Phillip Lass, Fred R. Kubner and James P. Callison Let's check in with Len Peralta who has been busy illustrating today's show what have you drawn for us today Len? Well you know it is world emoji day and it has been quite a week as you mentioned things going on in the Twitterverse and everything else And here is an emoji that possibly could be added to that 117 new emojis for in a couple months maybe make it 118 Yeah this is how this is called artist rendering of the Twitter hack of 71520 It's a little bit if I'm going to be descriptive a little violent maybe possibly inside Probably how a lot of Twitter employees felt on Wednesday to be honest Yeah possibly yeah so yeah I don't you know I don't really necessarily see this as an emoji but maybe take it under take it under advisement in the future It could become an emoji for like I had a very bad day I had a like sweater Wednesday account I got it I got it Exactly Yeah if you want to see this right now it's at my patreon patreon.com forward slash Len you can actually download it it's it's available right now Or if you're like to go the old fashioned way you can just buy it at my store at LenPeraltaStore.com Very cool thank you Len also thanks to Rob Dunwood so glad to have you back on the show Rob I know it's hot and humid where you are but what else is going on in your world Not a whole lot going on other than moving college graduates into their new home but you know you guys can check me out over at the SMR podcast And I am at Rob Dunwood pretty much everywhere Twitter Instagram Facebook at Rob Dunwood Hey if you're going to be in an enclosed space with a bunch of other people who might be infected with COVID-19 You might want to wear a mask or even bring some for the other folks and we have them available if you'd like one with a DTS logo on it You can find it at dailytechnewshow.com slash store I'm wearing one right now You are and you look very dapper and you also look like you're smiling which is important everybody should smile at each other more Hey our email address is feedback at dailytechnewshow.com And if you'd like to join us live guess what we're live Monday through Friday at 4 30 p.m. Eastern that's 20 30 UTC And you can find out more at dailytechnewshow.com slash live See you Monday This show is part of the Frog Pants Network Get more at frogpants.com Timing Club hopes you have enjoyed this brover