Episode 2216 – Sporglebörk

Darren Kitchen is on the show today to talk about the latest frightening Heartbleed attack on VPN, and just how scared we all should appropriately be. Also a listener suggests using our hearts as passwords, thus making heartbleed possible IRL. Plus Len Peralta illustrates the show!



Or you can download the MP3 version here.

Headlines

 * Let the updates begin: The Next Web reports Facebook has made the first major update to its “Paper” app, the alternative way to access Facebook posts on a mobile device. Paper now has notifications for birthdays and events, the ability to add photos in comments, unread counts to groups, as well as nine new article covers for Bloomberg News, Mashable, FT, kottke, Fox News, Popular Science, The Hollywood Reporter, Vanity Fair, and Hacker News. Still no word on availability on Android or anywhere outside the U.S.


 * Start thinking of new passwords, people: Ars Technica reports security firm Mandiant says they found an attacker using the Heartbleed vulnerability to subvert a client’s VPN concentrator. Yeah you heard that, somebody used Heartbleed to bust into a VPN. The attacker used multiple attempts to gain active session tokens, meaning they could appear to be authenticated users, thus bypassing any authentication methods including multifactor. Once inside the attacker proceeded to attemtp to gain additional control over the network. In addition to patching systems as soon as possible, Manidant recommends companies implement network intrusion detection and historical reviews of logs. Attackers will send hundreds of attempts since Heartbleed only leaks 64KB of data at a time, and once in a VPN will appear alongside valid users from significantly different IP ranges and geographical locations.


 * Why pay for the cow when the milk is … $3.99? The Next Web reports that Samsung’s free ‘Milk Music’ service might soon include ads, and charge $3.99 a month for a premium ad-free version. The information appeared in an infographic about Milk published by Samsung. Milk Music launched in March and is only available to U.S.-based users.


 * Zoom zoom: Android Headlines passes along that HTC’s head of imaging Symon Whiteburn told Vodafone DSLR-like optical zoom lens may begin to be common in smartphones within the next 18 months to 2 years.


 * You get what you pay for: Geekwire reports Uber sent an email to its Seattle UberX drivers that a “Safe Rides Fee” of one dollar will be added to fares starting today. And yes, the fee will be paid by riders. The fee applies nationwide and will help pay the cost of background checks on drivers as well as insurance, education and safety monitoring. Uber will give drivers a dollar per trip until August 31st to ease the transition. However, in the cities where the company reduced the cut they take of fares to 5%, they’re raising it back up to 20% starting April 23.


 * PlayStation 4 for the win: The Next Web reports Microsoft announced it has sold more than 5 million Xbox Ones compared to Sony’s 7 million. The PlayStation 4 is on sale in 72 countries and regions; the Xbox One in 13. Even with the console lagging behind, Microsoft’s Titanfall took the top spot in games sales last month according to the NPD group.


 * Skynet. Is. Aware. Ars Technica reports DARPA is researching robotic pods that sit on the ocean floor and can release flying and floating drones to the surface to attack on command. In fact, DARPA has requested bids this week for the final two phases of its Upward Falling Payloads (UFP) program. Phase 2 will consist of the development of prototype systems testing and demonstrations at sea in 2015 and 2016. Phase three would test multiple distributed modules at full depth in spring 2017.

News From You

 * the_corley sent in the Verge article about HTC hiring Samsung’s former Chief Marketing Officer, Paul Golden. Golden created and launched the Galxy brand and was in charge during the successful Samsung “Next Big Thing” ad campaigns. Golden is said to have been hired on a three-month contract at first, reporting directly to chairperson Cher Wang.


 * gullwingdmc submitted the Apple Insider story that Amazon confirmed Fire TV will add unified voice search for Hulu Plus, Crackle, Vevo and Showtime apps sometime this summer. Currently the voice search only displays options from Amazon.  (the_corley submitted a similar link)


 * metalfreak posted the OS News article that Judge Claudia Wilken has ruled that Rockstar, the patent holding company of which Apple is majority shareholder, must conduct its suit against Google in California. Rockstart had filed the suit in the patent friendly Eastern District of Texas. Goolge had moved to have the suit in California because of Apple’s involvement and the fact that both companies are headquartered there. Judge Wilkens agreed.


 * rtwalz let us know about the CNET story that NASA has confirmed for the first time the existence of an Earth-sized planet that ALSO could hold liquid water. Kepler-186f was observed by NASA’s Kepler telescope circling in the habitable zone of the M-dwarf star Kepler-186. No, that does not make it an “M-Class planet” like in Star Trek.

Discussion Section Links

 * http://arstechnica.com/security/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/
 * http://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/
 * http://arstechnica.com/security/2014/04/now-theres-an-easy-way-to-flag-sites-vulnerable-to-heartbleed/
 * http://www.wired.com/2014/04/https/
 * http://www.netcraft.com/about-netcraft/privacy-statement/
 * http://spectrum.ieee.org/riskfactor/computing/it/heartbleed-bug-bit-before-patches-were-put-in-place

Pick of the Day

 * SimpleNote