DTNS 2254 – TweetWreck

Logo by Mustafa Anabtawi thepolarcat.comPeter Wells joins the show to talk about the TweetDeck XSS attack, DDoS attacks agains Evernote and Feedly, and why the Internet seems to be falling apart lately.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests:  Peter Wells, editor of Reckoner, Australia

Headlines

Yo! This isn’t safe! The Internet was shaken today when Tweetdeck users everywhere began retweeting javascript code, most often involving a heart symbol. It was not love they were spreading, but a cross-site scripting attack. It also manifested as popups with various messages like  “yo” and “XSS” in Tweetdeck. Twitter fixed the vulnerability, but then shut down Tweetdeck services for an hour to confirm the fix. It affected users of Tweetdeck in Chrome and reportedly users of the Windows app. Hat tip to melchizedek74 who submitted this on the subreddit.

Stabler, I need a search warrant: The Washington Post reports Microsoft is contesting a search warrant issued by a judge in New York compelling the company to turn over customer data stored in a server located overseas. The emails in question are on a server in Ireland and connected to a drug-trafficking investigation. Verizon filed a friend of the court brief supporting Microsoft. Microsoft believes U.S. investigators should file the request with an Irish district court judge. The U.S. government believes the location of the records is irrelevant, only the location of the company matters.

People are uber mad at Uber: Reuters reports taxi drivers slowed traffic in London, Paris, Berlin, Madrid and Barcelona in protest against Uber, a U.S. company that allows users to summon cars for rides via an app. Taxi drivers across Europe say Uber breaks local taxi rules, violates licensing and safety regulations and its drivers fail to comply with local insurance rules. Uber says its drivers comply with all local regulations.

Because we need to spend more time on Pinterest: TechCrunch reports Pinterest launched “Guided Search” on its mobile apps, which surfaces related terms at the top of the screen as you enter a keyword in the search box. The search bar is also much more prominent on the site now. The change is rolling out to English-speaking users over the next few weeks with more languages to follow.

Super cheap smartphones: CNET reports the $25 Firefox Phone is coming to India. Intex and Spice, will build Firefox OS phones based on a processor from Chinese company Spreadtrum and sell them for around Rs 1,500 in the next few months. Mozilla also announced Chunghwa Telecom, the largest mobile network operator in Taiwan, has signed up with Firefox OS. ZTE’s Open II and Alcatel’s One Touch Fire E are still scheduled to go on sale this summer.

These are definitely the drones you’re looking for: TechCrunch reports Parrot, the popularizer of the quadcopter drone has some price and release dates for its latest creations shown off at CES earlier this year. The Jumping Sumo, which rolls around on the ground on two wheels, squeeze through small places, and well, jumps, has a 20-minute battery life and will be available in August for $160. The Rolling Spider is a quadcopter that can also work with two optional wheel attachments allowing it to scale walls and ceilings with an 8-minute battery life. Yeah. It will arrive in August for $100. As a sidenote, the U.S. FAA approved the first drone for commercial use Tuesday. AeroVironment will fly unmanned Puma aircrafts over Prudhoe Bay in Alaska to survey oil pipelines, roads, and equipment for BP.

News From You

KAPT_Kipper has our top story on the subreddit, The Seattle Post-Intelligencer reports Comcast has turned on the first 50,000 of its residential hotspots in Houston, to use WiFi routers in homes to provide wider WiFi service for Comcast customers. The routers separate access from the home users network and offer it with the SSID xfinitywifi. Comcast says it shouldn’t impact home service since public hotspot users are provided through a separate channel on the modem called a “service flow.” Controversially the service is turned on by default without the subscriber’s consent. Customers have to log into their Comcast account and turn the service off themselves. 

metalfreak pointed out the TechGage post about Civilization V coming to Linux via Steam OS. It’s also on sale to boot. That addition helped the number of unique Linux titles at Steam to pass the 500 landmark. Currently, TechGage counts 516 Steam games available for Linux.

spsheridan posted the Ars Technica story that US FCC Chairman Tom Wheeler wrote a blog post titled “Removing Barriers to Competitive Community Broadband” shortly after meeting with Mayor Andy Berke of Chattanooga, Tennessee. Wheeler wrote, I believe that it is in the best interests of consumers and competition that the FCC exercises its power to preempt state laws that ban or restrict competition from community broadband.” Wheeler has said similar things before but the FCC has no stated plans to act on the statements.

And supey777 pointed out the Sydney Morning Herald article that ISP iiNet’s regulatory officer Steve Dalby is encouraging customers to write letters expressing opposition to the government’s piracy crackdown. Attorney-General George Brandis made statements that he was considering a scheme of piracy notices and requiring blocks for certain websites. Mr. Dalby believes the graduated response proposal would incur costs with ISPs and have no effect. 

Discussion Section Links: 

http://techcrunch.com/2014/06/11/tweetdeck-fixes-xss-vulnerability/

http://hiddentext.wordpress.com/2014/06/11/xss-and-tweetdeck-and-the-person-behind-the-discovery/

http://www.theverge.com/2014/6/11/5800370/tweetdeck-vulnerability-lets-attackers-execute-code-remotely

http://www.f-secure.com/weblog/archives/00002167.html

http://dc406.com/component/content/article/643-tweetdeck-chrome-extension-xss-vulnerability.html

http://www.electronista.com/articles/14/06/11/evernote.recovers.from.multi.hour.ddos.attack.feedly.continues.to.suffer/

http://techcrunch.com/2014/06/11/feedly-evernote-and-others-become-latest-victims-of-ddos-attacks/

http://www.scmagazine.com/online-gambling-site-hit-by-five-vector-ddos-attack-peaking-at-100gbps/article/355020/

http://techcrunch.com/2014/03/04/meetups-multi-day-outage-was-due-to-a-newer-more-powerful-type-of-ddos-attack/

http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16232&view=map

http://www.theverge.com/2014/6/11/5800634/p-f-changs-investigating-possible-credit-card-hack

Pick of the day:  Bialetti.com  via Peter Wells

Thursday’s Guest:  Patrick Beja of L’Ordre du français philosophes Technologie 

And just because, here’s the full text of the email we got defending the future of Steam…very well written!

“Hey Tom!  Travis from Quaint Bristol Tennessee.

I really wanted to weigh in on the Steam discussions.  I’d like to start by saying that I think a lot of folks are either under or over thinking all that Valve is doing with Steam.  Steam has come a very long way since it’s early when I first remembering it as the only way to install Half Life 2.
Basically, we need to not think of Steam as simply a gaming platform anymore, even though that’s still what it is primarily.  I think Valve is positioning Steam to become a central platform for consumers to consume digital content without having the overhead of a licensed operating system or proprietary equipment.  What this ultimately give consumers is simple, options.
For example, in our household, we have several PCs, game consoles, tablets and a plethora of other digital devices.  My primary PC is a very powerful gaming desktop but like a lot of folks these days, I don’t always want to sit there after a long day at work, I’d rather kick back on the couch and do something.  I have been experimenting with the new beta versions of Steam and have implemented a few nifty systems.  I now have SteamOS installed on an Intel NUC with a wireless Xbox controller and Logitech wireless keyboard.  I can now sit back on my couch and stream Defiance from my PC to my NUC running SteamOS and it plays almost exactly like it would if I were running it on my Xbox or Playstation.  Ultimately, I think this gives Valve the potential to centralize our platform for digital purchases and use that as leverage to negotiate for a platform agnostic ecosystem.  This would give something like the nVidia Shield much better viability.  This allows me to get much more value for my library of games and as a result, I don’t buy games now if I can’t get them on Steam.
Within the next few years, there is going to be a major shift to the cloud for all of our consumption and I think Valve is getting out ahead of it.  I feel like the current and near future implementations SteamOS will serve to transition users to a new ecosystem where Valve can work with technologies like nVidia’s new stream servers to give options for Streaming or allow for local installs.
So in the end, if I want to sit at my desktop and play Watch Dogs, I can.  If I want to instead sit on the couch and stream it to my NUC, I can.  If I want to stream it to my Surface I can.  If Valve gets deals worked out with the likes of Amazon or Roku to have a Steam app, you could have it there too.  Plus, they are supposed to be working on deals with content providers to allow for streaming service on SteamOS.
So where does that leave Steam machines?  Valve is playing the long game with this one.  If they get the support from developers, think of what that means for our games.  We no longer have to have Windows licensed to play games, we have an operating system that is designed for performance, less vulnerable to malware
and keeps the cost of a system down by at least $150.  Is it required? No, but it may soon be preferred if Valve plays their cards right.  Initially, like most tech, it will be primarily embraced by techheads, but so were smartphones, right?”

2 thoughts on “DTNS 2254 – TweetWreck

  1. Comcast turned on the xfinitywifi SSID on my wireless gateway in Murfreesboro Tennessee a little over a month ago. I have been trying to get them to turn it off ever since. Comcast sent a letter saying I could opt out but after many hours on twitter, chat secessions, and the the phone I have yet to get it turned off. The option for me to turn it off is not on the account website as the instructions indicate and it seems that most of the comcast support people do not understand what xfinitywif is. This leads to repeated forwarding from one department to another. Each department promises they will leave a note on the account so I will not have to explain the issue to the next person. When the next person comes on line they claim they can’t read notes from another department. In the never ending farce of comcast support, most of them claim I don’t even have a wireless gateway. One person managed to deprovision my modem trying to turn it off. One did manage to turn it off but it returned within 24 hours. The common tactic of getting me off chat is for them to reboot my gateway which kills the chat session despite the fact they say it won’t and I insist it will.

    Despite what comcast says the xfinity wifi will impact your performance. The wireless gateways only have one radio so xfinitywifi is piggybacking off my personal wireless. Devices connecting with a weak signal like those in neighboring houses or the creep parked in my driveway trying to get wireless will cause slower performance for all wireless users. The normal method of preventing this is to tell the wireless access point to ignore signals below a certain threshold but I have yet to find that setting in my gateway.

    My only option (other than ditching Comcast completely ) seems to be disabling wireless and installing my own wireless access point. The only reason i have a Comcast gateway is for the phone service which they claim they can’t deliver on customer owned equipment.

  2. Regarding the ‘Hey Siri’ issue of requiring it to be plugged in, I suspect that is a hardware issue.

    The Moto X supports ‘OK Google’ because it has a dedicated extremely low voltage co-processor in its custom SoC (X8) that handles natural language processing. Basically it’s job is to listen for a command, wake up the rest of the SoC, and route the initial command to it for processing.

    Apple’s current processing family does not have any such co-processor, so it would need to keep at least one standard CPU core always running in order to process voice commands. That of course would prove to be a battery nightmare.

    Given that they’ve added this feature to iOS, I think it is highly likely Apple will include some similar hardware into iPhone 6, especially since they already have experience in this domain. The A7 chipset used in iPhone 5s, iPad Air, and iPad Retina Mini has a motion co-processor (M7). And similar to the Moto X natural language processor, it is an extremely low voltage chip that runs at all times, constantly recording motion data for fitness apps, etc. Similar concept.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d