 All right, here we go The Daily Tech news show with Tom Merritt is funded by patrons like you and me each month I pledge one dollar being British I had no idea what a dollar was so I stayed up for hours Researching and discovered that it is about 62 pence to pledge 62p or perhaps even more go to patreon.com slash ace detect This is the Daily Tech news for Friday May 29, 2015. I'm Tom Merritt joining me today Darren kitchen founder of hack 5.org How are you DK? It's just so good to be here Tom. I'm very excited about today's show and it's cool to be using technology again Yeah, you spent a week at a camp Detox digitally detoxing you are you are mellowed out man. I am I am and now I miss my Apple Newton I feel like I need to remember me to program of getting back in the groove So maybe I find my old palm pilot HP I pack one by one that you might want to start with Windows 286 and some DOS just Yeah, DOS shell is so you don't have the digital bends You know lens here as well. Yeah, let's brought us here. He has not been detoxing digitally. How's it going Len Peralta? Oh, I've um, I am I'm doing well. Go cabs Yeah, but yes, yeah, you're wearing a baseball. I know and they're calling me right now about that. I yeah the Sir, you're not representing us properly wearing an Indian shirt. Don't do that So Len's gonna be illustrating the show as he always does Well, they're gonna be talking a little bit about a former North Korean computer science professor who has defected to South Korea And is now warning us that 6,000 North Korean hackers could destroy a whole city Darren and I will evaluate those claims after the headlines Apple posted its recommended workaround for the iPhone messages bug according to the verge the support document directs iPhone users to reply To any malicious messages using Siri Apple's also working on a fix Bug is also affecting iOS users of Twitter and Snapchat who have notifications on for those services with Twitter It just crashes your phone doesn't cause any lasting damage with Snapchat It makes the chat history with the sender and accessible seemingly permanently I'm sure somebody will figure out a workaround to that it doesn't affect the rest of snapchat though You just it's kind of a joke on the person who sent it because you can no longer communicate with that person You know, I'm what a most disappointed And I actually I must say I must give credit to Apple first and that I love their workaround It's like oh, yeah You just have to use Siri and and coax it into you know doing this thing and reading this message for you It's almost the you're holding it wrong. I love it But I'm really disappointed that the unicode characters that create this are not the table flip guy And I feel like that's a lost opportunity. It really is although The fact is that it as far as I understand it Darren I know you researched this for ThreatWire. So maybe you know a little more about it. I don't know It's it's the fact that there are too many Unusual characters for the notifications Process to handle them which causes the problems So could you just do a whole lot of table flip guys and get the same effect, you know, you might be able to It comes down to cortex is the engine that actually parses those and creates the lines and paragraphs and I guess it's actually used by Not just the iPhone, but the iPad the Apple watch as well as even OS 10 But only in the terminal and so it's the way that it's implemented Specifically on the iPhone to the notification So if you don't have home screen notifications or I guess lock screen notifications turned on you'll never have this experience So that's a good work around for right now until Apple does issue a fix and it yeah It does make you wonder like, you know, what other characters? Could you spam to the notification area where it would know how to handle them? Yeah, I mean enough table flip guys will make anybody upset PC world reports on Google's announcement that Levi's yeah The gene makers are the first partner for a smart fabric called project Jaquard Spelled GAACQ UARD the experiment weaves electronics into cloth to create the equivalent of Touchscreen controls so the demos they're doing at Google I O show fabric that Manipulates a 3d image on a display changes the songs on a phone You know skips forward etc and even controls the lights you can turn your lights off and on It's think of it like a mouse in your pants wait. Yeah No, I love it. I mean, you know, it's a great thing that Google is really partnered with a true innovator in the pants arena I mean Levi's Strauss really innovated denim jeans As far back as 1853 sure rivets were known for their their massive innovation and using rivets They're used to in fact be a rivet in the crotch area, which has since been removed because that thankfully under sat a little too close to a Campfire and turns out those things get hot But yeah, no, so this is another such innovation So I mean it may have been you know 150 years coming, but I'm looking forward to the next big thing from Levi's Reuters reports path sold some of its apps to South Korea's Dom Kakao They are the makers of kakao talk if you're making the remark who uses path anymore you sir or madam Just gave yourself away as not being Indonesian Instant data mining know who you are now in any case the makers of kakao talk didn't get all of path Just the social network and path messenger path places, which a lot of people liked And enabled connections between customers and businesses like restaurants stayed with path Though it has been disabled for the time being and path says they don't have a way to invest in a new app for it to live In path has also been developing non path branded apps like gif creation app Kong I'm just wondering like where do where do social networks go to die Indonesia Well That's what the reason kakao because kakao talk is the biggest messenger in South Korea The reason kakao bought path is they wanted to get into the Indonesian market and apparently path is huge in Indonesia That's cool. Yeah a Report from the Washington Post cites a new report from the United Nations office of the High Commissioner for Human Rights That says digital security is essential freedom of is essential for freedom of expression and warns that weakening encryption in some Countries could undermine that freedom worldwide the report was written by special Rapporteur David Kay. He's also the director of the international justice clinic at the University of California Irvine Kay wrote that governments quote should avoid all measures that weaken the security that individuals may enjoy online Such as backdoors weak encryption standards and key escrows because it results in weaker security for everyone This is epic. I I love this I I love this as much as I love all of the other amazing things that are written out in the United Nations Universal Declaration of Human Rights It really speaks to me as a as a human and I think that you know We would all say like yes This is a good thing and it's it's really upsetting when you see all of the amazing stuff That is said by the United Nations all of the you know these proposals and all of these, you know papers and and and Then you see what actually happens and it's like that discrepancy. That's really heartbreaking So I hope that this Unfortunately, it doesn't have any teeth, but I hope it can be used to you know wave the flag And maybe get something that does have teeth. It is a it's a very well-written reasoning of why weakening encryption even with escrow keys Is a bad idea and and you may still be for it I know there are some people who are but I would highly encourage you to read this even if you are for it because this may help You come up with better arguments of why it is important to weaken encryption I personally don't think that we should weaken encryption and my reasons run right alongside of this I think what's impressive about it is this person is a legal scholar an international law scholar and yet You know, I'm no surprise that legal scholars are good at arguing But was able to really show that he understood the nature of encryption as well Which is a really difficult topic that even security researchers can get wrong sometimes Well, it's just nice that we'll be able to have like, you know, such a representative source to site You know in that argument that you know, it's not a good idea to weaken encryption You know, you got to take the good with the bad to move forward TechCrunch reports that Apple acquired augmented reality star up Mateo on May 22nd It's M-e-t-a-i-o Company launched back in 2003 is an offshoot of a project of Volkswagen of all places Nine-Fine Max Mark Gurman who has good sources believes that Apple is working on an augmented reality feature for its maps app And this would bear out that they're at least working on augmented reality for something And of course, there's that VR headset that Apple patented earlier this year Of course, they patent a lot of things that don't end up turning into products But there's definitely seems like Apple's trying to get into either AR VR or both in some way down the road Yeah, I would be surprised if they weren't Yeah, kind of like make sense that they would The Verge reports the welcome news that you can finally use GIFs on Facebook Mostly if you drop a link to a GIF which has already been uploaded elsewhere on the internet The GIF will appear uploading a GIF directly to Facebook doesn't seem to work just yet Yeah, we we may know someone actually that might have made this happen Is that right? It's actually really cool that the technology that works on the back end The reason why it's such a long time coming is because GIFs are inherently Terrible at data compressions and some GIFs will actually be they're just massive in size for what they're actually animating So on the back end what will happen is it'll ingest the GIF and then create a version of the GIF That's actually using HTML 5 to play it back But if you still want to you can right-click and save it and then it will serve up the actual GIF So you can save that gift to your desktop and so the whole trick because I know there's probably some some old-school folks Are like you just show the image right what's so hard Facebook? Yeah What you're saying is they're trying to make sure that they use the same compression that keeps their service light Especially on mobile for people and and this has has been able to not lose an animated GIF because if you if you Anim if you compress it wrong you lose the animation So yeah, that that is a nifty trick there. That's really great And it's really weird that when you think about what's happened is there's a massive Technological workaround being done to use the latest and greatest video compression technologies for One of the oldest on the internet because we just can't let it go I think it says a lot about the culture of the internet Yeah, so I think that the GIF is just an amazing thing in that right and gadget reports The Google is broadening out its Google sign-in feature with smart lock for passwords and a Google developers blog posts Smart lock for passwords is described as a frictionless method for users to sign into apps on Android and on sites in Chrome smart lock works a bit like a password locker Once a user saves a password to smart lock They can then skip entering those credentials on any Authenticated instance of Chrome or Android devices for instance Netflix is a partner in this So if I sign into Netflix on my Chrome browser save that Login that authentication to smart lock then I could go to Android TV where I'm logged in as with my Google account Launch Netflix and it would say oh, okay You're you're logged in already and I don't have to go through all that on-screen mess to log in again Well, it sounds like it makes life really Convenient and from what I understand about security and convenience is that they're not always hand-in-hand Is they're usually pretty innovative when it comes to security, you know being one of the first to roll out Two-factor authentication and things of that nature, but I don't know I must I gotta ask you Tom Do you use a password manager? I do yes, okay, do you would you use a Google password manager? No, I don't know I might for something like this look I'm sure that Google is going to great let going to go going to go to great lengths to Demonstrate to people how secure this is I wouldn't storm the passwords from a bank in there. I'm just saying my Netflix account May I might that might be an acceptable risk? Mm-hmm, okay Yeah, I just I just can't you now I'm starting to just you just your tone of voice is making me rethink my position on that like okay, what well There's not a wrong opinion Tom. Yeah, I know I know Everyone else's and then yours is that? Yeah, so so you're just like no, I wouldn't I would never give my data I don't use any password manager So and that's because you believe that password manager gives you a single point of failure And if somebody hacks into that you lose everything, right? Exactly, so what so what's the solution for somebody who's like I am not going to try to remember all my passwords. Oh Well Unfortunately password reset functions are so terribly Built that it all really just hinges on your email anyway So when you think of it that way, right? if I can just Using Netflix as an example if ultimately if I want to reset your Netflix and get you know I guess not get your password but change your Netflix password so I can you know log in and see your movies and find out your Closet brony or whatever I can just do that by hacking your email Right, and then resetting your Netflix password and the same goes for most other services They fall back on your email So when you've already accepted the fact that the single point of failure is Already your email and a lot of people use Google gmail as their inbox Then I guess it's not too much of a stretch to say well, I'm already in that boat But I guess I'm just not ready to commit all the way to that But what do you do to manage your passwords then? Oh, I just remember a different password and if I forget it I just reset it. You just reset it. Okay. Yeah, I use a lot of My secret is the who is Record database for done it. There's unique information in each of these which can be used as a seed and sometimes Depending on the level of stuff. You may have to run it through an MD5 to get a check So I'm gonna use an offset anyway There's there's a lot of tricks where you can come up with a memorable or not memorable. I'm sorry a Non-memorable but very easily Remembered The problem the problem I have with that the thing I worry about with that is If somebody gets a couple of my passwords, right? And this is an edge case I'll admit yes, but if somebody were to get a couple of my passwords, they might be able to figure out my method Sure. No, if there's a pattern, absolutely, you're right And you know, I don't have a good defense against that except for the fact that the pattern seems very Random considering I use like hashing algorithms and seed data sure from static sources That's all about speed bumps, right? You're throwing a lot of speed bumps in the way of somebody who really wants to get at it I'm not low hanging fruit. Well, yeah, honestly, the thing is get rid of passwords Exactly, I think they're terrible. I don't I'm not saying that I know what the better solution is But they are pretty terrible and Google has a lot going on at IO about Replacements for passwords and things like that. They're part of the fight. Oh, you know, I don't think that the first solution We're gonna see is the best and I think we're gonna see a lot of solutions offered from a lot of big companies But you know, regardless the big takeaway there is that this is on our minds. It's something that we've all acknowledged is a terrible You know part of the web and unlike Jeff's it should die All right, what should not die is your participation in the subreddit Thank you to everybody, especially the moderators But everybody who participates and helps us put the show together by doing that if you yes There are people who you know the money men the money men and women get to be co-executive producers because they pledge on the patron at A certain level that's what that that's what that title means That means the people who gave the money to make the thing happen But then there's the actual like line producers You can call yourself a line producer of daily tech news show if you're in there in the subreddit Helping us figure out what to talk about every day Captain Kipper is a line producer He sent us this torn freak story that Ola VPN sells users bandwidth to others through a service called Luminati This has come to light even though it was already in the light apparently because an eight-chan message board operator named Frederick Brennan claimed that Luminati was used to attack his website Ola doesn't deny that in fact They don't deny any of it Ola says it has in fact suspended the user that misused its service And it would cooperate with any law enforcement activity related to the attacks. They're they're sorry about it They they there's like look any VPN provider could be used to do this We were sorry it happened to him, but we've stopped that account from using our service Ola's fact also makes it clear that it does use bandwidth from Ola's customers When they are sitting idle and the company defines idle is meaning the device is connected to power not on battery There is no mouse or keyboard activity If the device is connected to an actual local network or Wi-Fi not on cellular data And they say any user who isn't comfortable with this Can buy Ola for five dollars a month But if you listen to Threat Wire as Darren kitchen pointed out this morning Botnet could be another word for how this activity could be used Right. Yeah, we did go into this a little bit more in Threat Wire So check that out. It's another one of the shows we do at the hack 5 warehouse, but Yeah, the interesting thing about this is there's a lot of money to be made in Botnets and This is a really interesting Quasi lawful way to go about it by providing a service and just having it parts of terms of service And we've talked about this a bit before about how it's really interesting the juxtaposition between being a citizen Under the law versus being a user under the terms of service and how corporations can kind of like, you know Come up with whatever they want as far as their rules and it's and it's you know fair It's their playground, but in this case the playground is a lot different than you might expect if you're just Installing this very simple Chrome extension so that you can watch a geofenced football game where you otherwise wouldn't be able to use You know the the BBC I player is the go-to example of like oh well if you look like you're in Britain Then you can watch the BBC And so you know it's great that because of VPN or sorry because of geofencing that more people have clued into VPNs and VPNs can do a lot to protect people's privacy So I guess that's the silver lining that it's good But in this case hola is a pretty terrible company when you look at the Luminati brand that they run Which resells your bandwidth resources when your computer is idle? What it does is allows someone to pay money to use the the aggregated user base of a law to send HTTP posts to a single source That's how they describe it that a really pretty infographic that shows like your data Everybody's all these users one target and there's there's a term for that on the internet And it's called a distributed denial of service attack. In fact, they they Basically only allow you to do HTTP posts. So it only has one use case and that's DDoS There's really not another use case for this service So they claim that this is spelled out in their FAQ which it is now But many have pointed out that FAQ was recently updated How recently was it just as soon as you know the the 8chan DDoS got attention by the media? so Yeah, although the other takeaway that I see here is wow what an interesting service It's kind of like Tor in that, you know, everybody's sharing bandwidth and you're becoming a You're becoming an exit node by default Which means other people's traffic is passing through you There's another security risk in this that you're probably not considering We're typically a VPN if you trust your VPN provider You're securing your traffic between you and it and then it goes out from their servers, right? And as long as you trust their servers, then you're good But with their distributed free DNS VPN solution all of your traffic is going through some random guys Connection so as the security researcher, I'm kind of like wow I'm gonna spin up a few of these and some virtual machines and just sniff all the insecure traffic coming out of them. Yeah Well, there's two points here one is Let's leave the Luminati service and the questions about its legitimacy aside This is a really interesting technology if it is above board and if you do Say folks, you need to be aware of a security issue here, but in that case, it's kind of a peer-to-peer Geolocation fuzzer, right and maybe that's Not gonna be something that the governments are going to want to allow or not But it's a really interesting way to do this It is not a secure way to do this at all and it is not the kind of VPN that you should be using if you Want to secure your traffic in a virtual private network So any VPN service you buy you need to make sure that you know That the cost that the company running it is trustworthy and has a good track record, right? If I would feel very different about this service if there wasn't the Luminati DDoS selling botnet aspect of it And you're right security notwithstanding because you're not going to have that when you're Aggregating your internet traffic through a network like that I mean you don't have that through Tor if you run a Tor exit node you see people's traffic, but not everybody does that And the people that do are a lot more privacy conscious. I would consider I would feel very different if this service something as easy to set up as this It's like two clicks to get going were like an open-source project or something like that And I feel like it's very much needed in this day and age because unfortunately Geofencing is being used more and more and it's not really The internet wasn't built to prop up business models that rely on borders. So similar to how we saw in New Zealand a few weeks back the laws about you know the the lawsuit with the ISP there and Netflix and saying like whoa you're offering a service that's going to allow people to pose as they're coming out from a different Country than New Zealand and we want to be able to restrict who gets what where and I would love to see something like this Used massively to the point where geofencing geolocation IP data is completely useless propping up these models You know the internet doesn't work the way a lot of people think it works When they want to make money off of it for instance Cairo five and seven six So that's the cult of Mac report that more than half of the founding artists of JZ's title music streaming service May have to pull their music from the site Because title has failed to reach a music licensing agreement with Sony Among the artists affected our Taylor Swift's man Calvin Harris Alicia Keys Daft Punk Usher and Founder Jay Z's wife Beyonce Jay Z was apparently hoping a deal with sprint was going to cover the cost of Sony's licensing terms But sprint has apparently decided that they are not in a quote financial investment a situation So yeah, I Don't want to get too much shouting Freud out of this because I thought it was a good thing to have title In the in there despite the miscue of promoting themselves as give the artists the money when they're all Incredibly successful artists more competition is better to me. However It's a lot more of a morass of licensing out there than you would think and that's what title is learning right now And that's a look at the headlines All right, let's talk about professor Kim Hong-kwang and apologies for my Korean pronunciation He defected from the PDK or the PDR K. Yeah, the People's Democratic Republic of Korea North Korea in 2004 he taught computer science at Ham Hong Computer Technology University for 20 years and Says that many of his students went on to the infamous Bureau 121 which is allegedly a Segment of hackers from North Korea who operate around the world including out of the basement of a Korean restaurant in China or possibly a hotel in Shenyang There's also the number 91 office in North Korea, which is hackers Anyway, he claims to still be in contact with several influential people in North Korea with knowledge of cyber operations Says there are around 6,000 hackers in the Bureau 121 now Estimates the 10 to 20 percent of military budget spending in North Korea is done on online operations and Warrants that their cyber attacks could have similar impacts as military attacks killing people and destroying cities Those are his words killing people and destroying cities He says quote a Stuxnet style attack designed to destroy a city has been prepared by North Korea and is a feasible threat Now I'll give the BBC props for quoting journalist Martin Williams who said quote I think it's important to underline that this is theoretical and possible from non North Korean hackers, too Then professor Kim went on to call for ICANN the the folks who handled the domain name system among other things to ban North Korea if they are found guilty of this and ICANN responded ICANN does not have the power nor remit to ban countries from having a presence or access to the internet This is from Duncan Burns its head of communications Meanwhile, if you want to get the North Korea Internet offline and go to China Unicom and convince them to cut them off because that's the one connection that North Korea has to the internet Wow, that's a lot. Yeah, there's a lot. There's a lot going on there. So first of all this idea Let's let's let's let's go with the could North Korean hackers destroy a city Well, I mean it depends on your concept of destroy I mean I feel like you know in this ever-connected global economy kind of you know world that we live in War is very expensive. There's a lot of deterrence to destroying cities In that you may not be around to see that the next sunrise and so if What you're trying to achieve? Can be done in a different means that doesn't necessarily mean, you know blowing up cities then Cyber is probably your best way to go. I'd say bang for dollar, you know, you bang for buck a cyber army is You know leaps and bounds more effective than bombs and guns So it would make sense to put your money there if you're North Korea But They can do some damage, but what kind of damage can they do? Okay, so We saw some kind of like hints to what can actually be done in the real world as everything is connected to a computer in one way or another with Stuxnet the Worm that was supposedly co-created between us and in Iran and I'm sorry the Israelis and we used it to destroy the PLC's that do the centrifuges that enrich uranium right and It's because those programmable logic controllers They you know monitor equipment and they execute commands telling them how to spin and whatnot and it was a very specialized worm specifically Designed to to destroy this piece of equipment by telling it to spin in a certain way that the new would damage it But it was passed by that USB stick, right? It was it was not that these things were networks, but but there were some insecure USB sticks that this Delivery means we're interesting. Yes something that I'm actually very familiar with with USB switch blades and USB rubber duckies and things of that nature, but You know the delivery mechanisms notwithstanding was was interesting here is it was overriding the firmware on these On these very specialized pieces of equipment telling them hey go do something that we know it's going to break you But don't tell anyone don't set off those alarms, but they destroy a city Yes, so think about that as it applies to all of the other things that manage you know our water lines and our gas lines and our electrical grid and and and you know as You know we think about it as consumers like oh smart meters But we don't think about the back end which is like making all of this happen And so if the firmware of a lot of these you know devices can be Overwritten in such a way that'll cause harm and at the same time not Alert that there's anything happening by the time you do find out that something went wrong it might be a little too late and You know I don't feel like you're gonna see like buildings blowing up and action heroes jumping out of windows and over helicopters What you'll end up with is like power outages and water not flowing the way it needs to and maybe Gas lines doing what gas lines do when things go wrong? Yeah, and Martin waves makes a good point It's not like a hacker from North Korea has is the only person in the world who can do this so If you had to just guess and it's an it's an unedged. It's an educated guess, but it's it's an unscientific guess What do you think the likelihood is the North Korea could or would pull off something like that? I think I personally think it's rather low You think it's rather what low okay? Um, I think that's on theoretically a lot of those, you know, there's the possibility to wreak some havoc with computers Yes, I Think that if there's any nation-state, I would put my money that I would rank North Korea number one as far as having the motive And you know a technical skill can be learned by pretty much anyone. I mean it's an equal playing field when it comes to this It's not like, you know nuclear proliferation it's there's not United Nations councils, you know that are tasked with Controlling the export and stuff and controlling the use of different technologies when it comes to this you can do the same with a Netbook that you can with you know to this to similar effect of like, you know giant workstations and servers, so The sort of thing has been possible for a long time, I guess is my point and we don't see it happening every day It probably would have already yeah on the other end of it Asking I can to ban North Korea Shows a definite misunderstanding of how the internet works by professor Kim because I can't manage his domain name and sure you can Get rid of North Korea's domain name that does not take them off the internet Yeah, that's the beautiful thing about the internet is there's no centralized authority that are like, oh, yeah We're the internet company. Oh turn off the internet sure. Let me press a big red. You didn't pay your internet bill We're turning your internet off. It doesn't work that way and it's great that it's decentralized in that nature It's what makes it so beautiful. I mean when you think I mean the internet is Just a network of networks, right? Yeah, and so whether your network is connected. I mean, they're not all connected You know, sometimes there's just not a route, right? But the idea that I can which just manages domain names could say turn off a country is kind of it's a little crazy Because the domain name has nothing to do with their connection to the internet That's why Duncan Byrd said we don't have the power like we can't turn we can't do that We we can turn off their domain name. He's like we don't have the remit to do that either We don't have the authorization, right? It's not our job to decide who gets to have a domain name or not That's that's a bigger question, but he's also like even if we took away their domain name It doesn't keep them off the internet in any way China Unicom has the one pipe that connects North Korea to the rest of this interconnected network of networks that Darren's talking about So really if anybody has the has the ability to take North Korea off the internet, it would be them Right, and that's the idea is you had your bets and you have multiple connections And you know as servers go down as servers are wanting to do you who have a backup? So yeah, if you have a single point of failure, there you go But I don't think I mean, yes, it's not I can's decision Who gets to be on the internet any more than it is I can's decision who gets to be on the planet, right? You remove the internet from the equation and really what we're talking about is connecting people, right? Unfortunately when you're talking about North Korea, it's it's questionable. How many people actually benefit from those connections? So I would I would hope that the universal declaration of human rights applies to the citizens of North Korea But I unfortunately know otherwise yeah our pick of the day I'll cheer us up though Joe the uber DTNS nickel backer He writes for a long time I have drooled from afar at the world of home automation as the solutions were either too expensive or too complex for the whole family Then I saw this on the shelf for 24 bucks Link starter pack by GE comes with a wink-based hub 260 watt equivalent dimmable LED bulbs I found it to be a great way to test out new tech trends without getting too invested because it's only $24 and if I do decide to go further There's a bunch of compatible products. That's cool. He's got a link to it If you're interested it is a bargain price that they're offering there first something like this And and it's I think he's got the right approach Which is hey something for me to play around with a couple of LED bulbs See if I like it because you don't want to go too far in investing in this sort of thing When we really don't know what the standard is gonna end up being right and you know what you're gonna Want to do when you get that is get yourself like an x-stick or another USB adapter that speaks Zigbee because one of the reasons these are so cheap is because they speak that very lightweight protocol Zigbee is it doesn't get enough attention really, but it's basically like, you know bluetooth and Wi-Fi on a different frequency So seems kind of hackable and for 25 bucks I might have to pick up a set of these and start hacking on them because it's a fun protocol Thanks for the pick Jill send your picks to feedback at daily tech news show comm folks I want to hear from you you can find my picks at daily tech news show comm slash picks We'll get you through a few of these emails here Toby Atticus Fraley Let us know that his Kickstarter has succeeded at the Pittsburgh International Airport Well, he wants to put a robot repair shop in the Pittsburgh International Airport And he got funded so it'll be opening this September as far as Toby knows This is the first time a public art installation for the airport has been crowdsourced and there will be a robot repair shop If you're flying through Pittsburgh kind of cool Co-executive producer Damien from gloomy outside my hospital window Maitland, Australia. I hope you get well soon then Damien said when I heard about testing of Google tone I immediately cringed at the thought of the security implications. Did you hear about did you read about Google tone? Darren. Oh, that must have been when it was off grid. Oh, no, I left the world changed It's not new. Well, it's new from Google, but other people have done it before you basically if you're at a website And I always I always try to do this with daily tech news show comm if you're at a website you you can press this Chrome extension It makes a tone and then if you have another logged in instance of that same browser It will pop up. I'll give you a pop-up saying would you like to open that link? So Damien said you made an offhand comment about malware bridging the air air gap and moved on But I'm astounded that no one else seems to have made any other comments about the potential risks Associated with the technology designed to bypass one of the fundamental security concepts that a standalone unconnected computer is unhackable I realized that it is an optional extension The user has to click to confirm the link being sent, but we know how easy it is to convince people to click on links that they shouldn't Okay. Yes. No all very good stuff. We actually used a very similar Technology in an air gap situation as kind of a thought exercise really and that was to transfer data over Acoustics just free open in the air very similar to the way that a modem works but you know at a much lower baud rate something like 300 symbols per second is What you can realistically achieve in a room with some, you know regular room noise and It's pretty cool. I didn't realize that there was an extension to do this But that's what it is It's just making tones that the other computer can recognize and what it relies on is software on the other device in this case a smartphone Constantly listening for those tones and accepting them and processing that data So if your air gap to machine isn't listening all the time for stuff, then you're probably fine I would say that the best air gap to machines Very much a limit their input output I would say limit your output to only the monitor and limit your input to only the keyboard and mouse So that means, you know, don't have speakers and Wi-Fi and Bluetooth and all of those are the things that typically, you know Air gap machines are used to hold sensitive data Don't use anything That would allow on sensitive stuff to leave or is sensitive stuff to leave. I also if I understand the Chrome extension correctly You you really have to have it installed On your browser and be logged in to Google So I think you're at risk from a lot more things than somebody Playing a tone that tricks your computer into giving a pop-up that you don't pay attention to and accidentally click and install malware It's a fair point. Don't get me wrong. I'm not disparaging that I think it's a little lower on the totem pole. And so if you're worried about it Just don't use this extension at all. Yeah, good stuff Dave from too damn sunny and not enough rainy Los Angeles is an avid photographer and pointed out that in Google's new photos app When he turned down the new feature to upload all his photos the option for storage was high quality unlimited storage great quality at reduced file size and Original which was full resolution that counted against your quota. So if you're excited about that unlimited It's not gonna be full quality He says my deduction from these descriptions is that unlimited storage will still be compressing your file is to be smaller And then Ted who's a Lumia 1020 user which supports raw photo backups did a little research himself and went And said I went directly to Flickr and Google neither one supports raw at this time Google limits your uploads to 75 megabytes per photo or 10 gigabytes per video They also limit the resolution as well as does Flickr. So If you're a serious photographer who shoots in raw or high resolution You need to read the fine print on Google photos. If you're just an amateur guy like me. It doesn't care. Then yeah, it's unlimited It's good stuff and Dwayne here from somewhere in the desert, which I cannot wait to leave Says you said you have never seen the sharing of photos with the link I don't know if I said I'd never seen the sharing of photos with the link I thought what I said was I'm excited to see Microsoft doing with this a link because we don't see it very often But let's let's say I said I never did his point is Microsoft has been doing this for years Microsoft has some good features like giving the sender rights to allow the receiver to just view download or edit Timespan that they have access and it's all built into Outlook and OneDrive. So thanks for the tip good stuff And thank you Darren kitchen for joining us as always my friend. It's great to have you back We missed you and we're very excited about what's going on with hack5.org as I've mentioned I'm a big fan of ThreatWire, which you know, I don't like to brag but Darren personally delivered today's episode to me So I could watch it. Yes It's a it's a new you know option that we're thinking about Implementing for our special patrons at a certain level hand delivery. It's something you just won't find you know These are handcrafted podcasts and you know, most of them are are free range and fair trade Keep them organic when possible Yeah, we appreciate you can find all of these free range podcasts at HAK the number 5.org And that's where you'll find ThreatWire on security privacy and internet freedom Metasolite minute if you're interested in learning some of the best hacking frameworks hack tip with Shannon Which goes into the basics of hacking as well as tech thing with Shannon Morse and Patrick Norton It's your more general tech show of course hack5 it's been around for 10 years now and we're just you know kicking it old-school and Yeah, and we got an awesome show this week all about 3d mapping using drones So with just a GoPro and a drone you can create 3d models of things on the ground So we went out to the high seas and took photographs of Interesting installations in the bay. They go for all your small batch artisan podcast needs Head to HAK5 Org Len Peralta is an artisan Yes, didn't have real sense He makes art if I work on an artisanal, you know, you know background here, and this is what I do No, this is this is today's image the the image for today was I was kind of taken by the fact that Hackers could kill you Which I thought you know you talked about it and and Darren said that he doesn't think that it's gonna be like You know guys fighting and stuff like that But I like to think that it's going to be guys fighting. So here's an image of but what if it was guys fight What if it was? I think it would look a little like this No, it's a the image today is of a Korean hacker who looks a little bit like Sub-zero From from Mortal Kombat battling our very own Darren kitchen with you looking on in fear in the background, of course And it just I wish I wasn't petrified Darren. I'd help you out You've got my back Literally that's all I have Tom is that not the expression you're making in most of Len's art Kind of the expression of making a most of my life. I'll be honest It's you know, it's you know, maybe next I should have had you I should have had you fiddling him too Tom I didn't think the problem is Len's going off photos of me and all I ever do in a selfie photo that anyone makes me take is that face so It should be your new avatar No, this is fantastic. I I think Darren is going to prevail I think we're seeing you know that point in the fight where it looks like our hero cannot win But don't forget Darren's gripping a pineapple here. That's gonna play into the next move I I think what I'm gonna go for is is the medical device hacks because that's that's where you can actually kill people You know like turn off the oh Yeah, that's where they guys got is a USB drive Darren's not gonna pull like that and I don't know Pineapple versus USB drive. I mean well, you know, well the USB drive is is a little skull So, who knows What's gonna make the skull drive? So where can I find this fine art Len Peralta? Well, you can go to Len Peralta store.com You can purchase it right now. I just put up a new banner today I've got some great prints in there some great geeky pin-ups including a mash-up of Immortan Joe and Beetlejuice called Beetle Joe, which is right there on the front page I got some great prints of Black Widow of Imperio imperio furiosa, I keep on forgetting imperio to Imperator Imperator there you go Furiosa got a whole bunch of stuff there plus if you want to get each one of these images As a digital file high-res digital file to put on your phone or maybe your background go to my patreon patreon.com Ford slash Len back the DTNS lover level you'll get each and every one of these as high-res files Keeps it's environmentally friendly keeps me from having to print them out and you save a little bit too You'll get you get a better deal. I think yeah, so don't go back that Len you never cease to amaze me Thank you so much. Thank you Tom and thank you to our patrons 5049 people who are back in the show Every month they're like look I get enough value out of the show. I'm gonna give you at least a dollar So I'm giving more you guys are the best and so is everybody who backs the show in any way that they can or want to daily Tech news show comm slash support for all those ways you can even find a DTNS mug there Drink some tasty coffee out of it daily tech news show comm slash store our email address is feedback at daily tech news show comm and give us call 51259 daily listen to the show live at alphageek radio comm visit our website daily tech news show comm and Then come back Monday when we'll have Veronica Belmont on the show talk to you then The show is part of the frog pants network get more at frog pants comm