Peter Wells joins the show to talk about the TweetDeck XSS attack, DDoS attacks agains Evernote and Feedly, and why the Internet seems to be falling apart lately.
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
A special thanks to all our Patreon supporters–without you, none of this would be possible.
If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!
Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit
Show Notes
Today’s guests: Peter Wells, editor of Reckoner, Australia
Headlines
Yo! This isn’t safe! The Internet was shaken today when Tweetdeck users everywhere began retweeting javascript code, most often involving a heart symbol. It was not love they were spreading, but a cross-site scripting attack. It also manifested as popups with various messages like “yo” and “XSS” in Tweetdeck. Twitter fixed the vulnerability, but then shut down Tweetdeck services for an hour to confirm the fix. It affected users of Tweetdeck in Chrome and reportedly users of the Windows app. Hat tip to melchizedek74 who submitted this on the subreddit.
Stabler, I need a search warrant: The Washington Post reports Microsoft is contesting a search warrant issued by a judge in New York compelling the company to turn over customer data stored in a server located overseas. The emails in question are on a server in Ireland and connected to a drug-trafficking investigation. Verizon filed a friend of the court brief supporting Microsoft. Microsoft believes U.S. investigators should file the request with an Irish district court judge. The U.S. government believes the location of the records is irrelevant, only the location of the company matters.
People are uber mad at Uber: Reuters reports taxi drivers slowed traffic in London, Paris, Berlin, Madrid and Barcelona in protest against Uber, a U.S. company that allows users to summon cars for rides via an app. Taxi drivers across Europe say Uber breaks local taxi rules, violates licensing and safety regulations and its drivers fail to comply with local insurance rules. Uber says its drivers comply with all local regulations.
Because we need to spend more time on Pinterest: TechCrunch reports Pinterest launched “Guided Search” on its mobile apps, which surfaces related terms at the top of the screen as you enter a keyword in the search box. The search bar is also much more prominent on the site now. The change is rolling out to English-speaking users over the next few weeks with more languages to follow.
Super cheap smartphones: CNET reports the $25 Firefox Phone is coming to India. Intex and Spice, will build Firefox OS phones based on a processor from Chinese company Spreadtrum and sell them for around Rs 1,500 in the next few months. Mozilla also announced Chunghwa Telecom, the largest mobile network operator in Taiwan, has signed up with Firefox OS. ZTE’s Open II and Alcatel’s One Touch Fire E are still scheduled to go on sale this summer.
These are definitely the drones you’re looking for: TechCrunch reports Parrot, the popularizer of the quadcopter drone has some price and release dates for its latest creations shown off at CES earlier this year. The Jumping Sumo, which rolls around on the ground on two wheels, squeeze through small places, and well, jumps, has a 20-minute battery life and will be available in August for $160. The Rolling Spider is a quadcopter that can also work with two optional wheel attachments allowing it to scale walls and ceilings with an 8-minute battery life. Yeah. It will arrive in August for $100. As a sidenote, the U.S. FAA approved the first drone for commercial use Tuesday. AeroVironment will fly unmanned Puma aircrafts over Prudhoe Bay in Alaska to survey oil pipelines, roads, and equipment for BP.
News From You
KAPT_Kipper has our top story on the subreddit, The Seattle Post-Intelligencer reports Comcast has turned on the first 50,000 of its residential hotspots in Houston, to use WiFi routers in homes to provide wider WiFi service for Comcast customers. The routers separate access from the home users network and offer it with the SSID xfinitywifi. Comcast says it shouldn’t impact home service since public hotspot users are provided through a separate channel on the modem called a “service flow.” Controversially the service is turned on by default without the subscriber’s consent. Customers have to log into their Comcast account and turn the service off themselves.
metalfreak pointed out the TechGage post about Civilization V coming to Linux via Steam OS. It’s also on sale to boot. That addition helped the number of unique Linux titles at Steam to pass the 500 landmark. Currently, TechGage counts 516 Steam games available for Linux.
spsheridan posted the Ars Technica story that US FCC Chairman Tom Wheeler wrote a blog post titled “Removing Barriers to Competitive Community Broadband” shortly after meeting with Mayor Andy Berke of Chattanooga, Tennessee. Wheeler wrote, I believe that it is in the best interests of consumers and competition that the FCC exercises its power to preempt state laws that ban or restrict competition from community broadband.” Wheeler has said similar things before but the FCC has no stated plans to act on the statements.
And supey777 pointed out the Sydney Morning Herald article that ISP iiNet’s regulatory officer Steve Dalby is encouraging customers to write letters expressing opposition to the government’s piracy crackdown. Attorney-General George Brandis made statements that he was considering a scheme of piracy notices and requiring blocks for certain websites. Mr. Dalby believes the graduated response proposal would incur costs with ISPs and have no effect.
Discussion Section Links:
http://techcrunch.com/2014/06/11/tweetdeck-fixes-xss-vulnerability/
http://hiddentext.wordpress.com/2014/06/11/xss-and-tweetdeck-and-the-person-behind-the-discovery/
http://www.f-secure.com/weblog/archives/00002167.html
http://dc406.com/component/content/article/643-tweetdeck-chrome-extension-xss-vulnerability.html
http://techcrunch.com/2014/06/11/feedly-evernote-and-others-become-latest-victims-of-ddos-attacks/
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16232&view=map
http://www.theverge.com/2014/6/11/5800634/p-f-changs-investigating-possible-credit-card-hack
Pick of the day: Bialetti.com via Peter Wells
Thursday’s Guest: Patrick Beja of L’Ordre du français philosophes Technologie
And just because, here’s the full text of the email we got defending the future of Steam…very well written!
“Hey Tom! Travis from Quaint Bristol Tennessee.
Comcast turned on the xfinitywifi SSID on my wireless gateway in Murfreesboro Tennessee a little over a month ago. I have been trying to get them to turn it off ever since. Comcast sent a letter saying I could opt out but after many hours on twitter, chat secessions, and the the phone I have yet to get it turned off. The option for me to turn it off is not on the account website as the instructions indicate and it seems that most of the comcast support people do not understand what xfinitywif is. This leads to repeated forwarding from one department to another. Each department promises they will leave a note on the account so I will not have to explain the issue to the next person. When the next person comes on line they claim they can’t read notes from another department. In the never ending farce of comcast support, most of them claim I don’t even have a wireless gateway. One person managed to deprovision my modem trying to turn it off. One did manage to turn it off but it returned within 24 hours. The common tactic of getting me off chat is for them to reboot my gateway which kills the chat session despite the fact they say it won’t and I insist it will.
Despite what comcast says the xfinity wifi will impact your performance. The wireless gateways only have one radio so xfinitywifi is piggybacking off my personal wireless. Devices connecting with a weak signal like those in neighboring houses or the creep parked in my driveway trying to get wireless will cause slower performance for all wireless users. The normal method of preventing this is to tell the wireless access point to ignore signals below a certain threshold but I have yet to find that setting in my gateway.
My only option (other than ditching Comcast completely ) seems to be disabling wireless and installing my own wireless access point. The only reason i have a Comcast gateway is for the phone service which they claim they can’t deliver on customer owned equipment.
Regarding the ‘Hey Siri’ issue of requiring it to be plugged in, I suspect that is a hardware issue.
The Moto X supports ‘OK Google’ because it has a dedicated extremely low voltage co-processor in its custom SoC (X8) that handles natural language processing. Basically it’s job is to listen for a command, wake up the rest of the SoC, and route the initial command to it for processing.
Apple’s current processing family does not have any such co-processor, so it would need to keep at least one standard CPU core always running in order to process voice commands. That of course would prove to be a battery nightmare.
Given that they’ve added this feature to iOS, I think it is highly likely Apple will include some similar hardware into iPhone 6, especially since they already have experience in this domain. The A7 chipset used in iPhone 5s, iPad Air, and iPad Retina Mini has a motion co-processor (M7). And similar to the Moto X natural language processor, it is an extremely low voltage chip that runs at all times, constantly recording motion data for fitness apps, etc. Similar concept.