Andrew Zarian of the GFQ Network is on the show and they kick around some Heartbleed news to scare the SSL out of you, plus what the government's doing to help patch software. And Jessica Dolcourt from helps us decide if Windows Phone’s Cortana will inspire us to ditch Siri or Google Now.

Daily Tech news Show - Apr

Daily Tech news Show - Apr. 14, 2014


Or you can download the MP3 version here.


  • TechCrunch reports Windows Phone 8.1 arrived today for developers as a developer preview. While the OS is not finished, pretty much anybody can get it by signing up for a free Microsoft developer account and starting a project. Of course you voice your warranty and you can’t roll back to Windows Phone 8, so it may not be for everyone. Reviews of the OS came out today too with many people raving about Microsoft’s voice-activated assistant Cortana. That feature is only available in the US.
  • Engadget posted Google has agreed to buy Titan Aerospace, makers of solar powered drones. You may recall Facebook was in talk with Titan Aerospace a few months ago. Facebook bought a different company called Ascenta. The WSJ says Google intends to use the drones as part of its Project Loon attempt to broadcast the Internet from floating weather balloons.

Heart Monitor (Heartbleed update)Edit

Friday we told you Cloudflare had opened a server to be hacked, to see if private keys really could be extracted from a server by exploiting the Heartbleed vulnerability.It took 9 hours for someone to do so. Ars Technica reports software engineer Fedor Indutny and Ilkka Mattila at NCSC-FI obtained the keys. As of Saturday, CloudFlare had confirmed four “winners”, the other two being Rubin Xu, a PhD student in the Security group of Cambridge University and security researcher Ben Murphy.
A more worrisome exploitation of Heartbleed came from the Canada Revenue Agency which reported 900 Social Insurance Numbers stolen by someone taking advantage of Heartbleed. The CBC reports the theft was discovered by admins who were patching the CRA’s servers. The agency is still examining the breach to see if data related to businesses had been removed as well. The agency did not describe how the attackers used Heartbleed to gather the numbers. Anyone affected will be provided with free credit protection.
Of course patching the bug is not simple as Akamai has learned the hard way. PC World reports Akamai is reissuing all SSL certificates and security keys used to encrypt connections between its customers websites and visitors. Akamai THOUGHT its customers were less vulnerable to Heartbleed because of custom code related to how the keys were stored. Akamai released that code Friday to help out other researchers. As if to demonstrate the value of open source, researcher Willem Pinckaers found defects in the code Sunday. Akamai’s code left three of six critical values of an RSA key unprotected allowing an attacker to calculate the rest of the key.
Of course maybe all this could have been fixed years ago if the US NSA had let companies know about Heartbleed. Bloomberg reported Friday that two sources told them the NSA knew about Heartbleed for two years. A statement from the Office of the Director of National Intelligence said, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong.”
Of course that doesn’t mean the US government agencies don’t find out about flaws and keep it to themselves sometimes. The New York Times reports the White House response to allegations the NSA knew about Heartbleed was to issue a statement saying there is now a “bias toward responsibly disclosing such vulnerabilities.” The exception of course is when there is “a clear national security or law enforcement need.”

News From YouEdit

Discussion Section Links:Edit

Windows Phone 8.1Edit

When to see the lunar eclipse!Edit

Pick of the Day:Edit

Hitbliss via Mike!

<< Prev Episode Next Episode >>