Tech News Today 516

Tech News Today Episode 516

"All hash, no salt"Hosts: Tom Merritt, Sarah Lane, Iyaz Akhtar, Chad Johnson, Rene Ritchie Recorded: June 6, 2012 Published: June 6, 2012 Duration: 42:47 Transcript Previous episode – Next episode

Contents 1 Tech News Today 516: All hash, no salt 1.1 Hosts 1.2 News Fuse 1.3 Discussion Stories 1.4 Randomizer 1.5 Calendar 1.6 Obit 2 INCOMING 2.1 Email 3 Sponsors 3.1 Squarespace 4 Production Information

Tech News Today 516: All hash, no salt

LinkedIn has a horrible day, will Facebook disappear? IPv6 rends the Internet in twain, and more.

Submit and vote on story coverage at technewstoday.reddit.com

Hosts

• Tom Merritt (@acedtect)
  • TomMerritt.com
• Sarah Lane (@SarahLane)
  • SarahLane.com
• Iyaz Akhtar (@Iyaz)
• Chad Johnson (@omgchad)
• Rene Ritchie
  • imore.com

News Fuse

• A document containing 6,458,020 unsalted SHA-1 hashed passwords was uploaded to a Russian forum and said to be from LinkedIn user accounts. LinkedIn posted that some of the passwords corresponded to LinkedIn accounts. The company has reset those passwords and sent emails to those accounts. Unless your password is a dictionary word or very obvious, it would take some time to crack, but the safest policy is to change it anyway. In other LinkedIn problems, the company has changed the way it's smartphone shares data from your calendar with LinkedIn servers.
  • mobile-calendar-feature

• The World IPv6 Launch effort has begun with big companies like Google, Facebook, Bing all offering the next-gen technology. Internet Protocol version 6 solves the issue of IPv4 running out of networking addresses by offering exponentially more. Estimates see IPv6 delivering up to 10-15% of all data within the year.

• Good news for Windows Phone fans, market-research firm IDC believes Windows Phone will capture 19.2 percent of the market by 2016, putting it in second place. They also see iPhone falling to a close third at 19 percent and Android continuing to dominate with a slightly reduced 52.9 percent. Growth in key emerging markets will provide the biggest boost to Windows phone, according to IDC.

• At a press event in SF today, Google announced Street View Trekker for Google Maps. Google staffers will start photographing the spots only accessible by foot- ski slopes, canyons, & more. Need to access the info while you're offline? You're in luck if you use Android- offline Google Maps are coming to the mobile OS in a few weeks. You have to select the regions before you're offline & download for offline use later.

• Windows 7 has ensured the continuing dominance of Microsoft on the desktoo. Speakign at computex, Steve Guggenheimer announced the company has sold over 600 million Windows licenses for Windows 7, which runs on more than 39 percent of Internet-connected devices.

• Pandora just wants the same rights as broadcast radio & is lobbying Congress to establish fair royalty rates. According to co-founder Tim Westergren who's speaking at a House subcommittee this week, Pandora paid more than 50% of its revenue to recording artists and labels last year because of royalties, but satellite radio company Sirius/XM paid only 7.5%, & broadcast radio stations paid nothing.

• Twitter's got a new logo, though you may not notice how new it is at first glance. The bird is made from three overlapping circles, with sharper more aerodynamic feathers, an upturned beak looking skyward rather than just forward, and no tuft of feathers on the head. No revision of the fail whale was announced.

• Apple's complaining...to the US International Trade Commission. Bloomberg reports the company wants HTC devices running Android to be banned from entering the US, and for those devices already in the US that violate a previously issued exclusion order to be pulled from store shelves.

• AMD was showing off a Windows 8 tablet from Compal at Computex. According to The Verge, the 11.6-inch prototype featured a detachable keyboard dock and was running a 17W AMD Trinity BGA APU. It also comes with a kickstand for when you don't have it docked but need to prop it up.

• A web page called “Take My Money, HBO!” aims to convince the company to offer alacarte access via the Internet from those who think cable packages prices are excessive by tweeting how much they'd pay per month. in response HBO's twitter account linked to a story about how HBO needs cable subscriber #s & that online subs won't cover it, adding that the article's author is right, for now.

Discussion Stories

• Millions of LinkedIn passwords reportedly leaked online
• An Update on LinkedIn Member Passwords Compromised
• LinkedIn Twitter Account: We see no security breach... so far... but here's how to change your password just in case
• Updating Your Password on LinkedIn and Other Account Security Best Practices
  • Norweigan IT website Dagens IT reports 6.5 million encrypted LinkedIn passwords posted to a Russian hacker site. Security researcher Per Thorsheim posted to Twitter that the attackers have posted the encrypted passwords to get help with cracking
  • LinkedIn posted on Twitter: "Our team is currently looking into reports of stolen passwords. Stay tuned for more."
  • twitter user: "after getting the list of @LinkedIn hashes and hashing my old pwd with no salt there is a match for the hash in the list." (other ppl claim the same) LinkedIn on Twitter: "Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here."
  • LinkedIn unsalted hashes use SHA-1 encryption.
  • 150M LinkedIn users, 300k decrypted p/ws as of midday, small # of users but still big breach
  • UPDATE LinkedIn official confirmed that "some of the passwords that were compromised correspond to LinkedIn accounts" and said an investigation is continuing. The company has begun notifying users known to be affected and has also implemented enhanced security measures that include hashing and salting current password databases.
  • linkedin: Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  • These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

• LinkedIn’s iOS app collects and transmits names, emails and notes from your calendar, in plain text
• Your iPhone calendar isn't private—at least if you use the LinkedIn app
  • LinkedIn iOS app collects full meeting notes and details from your device’s calendar and sends them back to the company in plain text, without permission from user, although calendar sharing is opt-in
  • discovered by Skycure Security researchers Yair Amit and Adi Sharabani
  • once enabled the app reads the data from user’s calendars, notes, details, 5 days out when you open the app.
  • LinkedIn response: ""we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles" - Joff Redfern, Mobile Product Head.
  • Android app already updated with better explanation of how they use data (We do not store any calendar information on our servers)
  • Android & iOS apps to no longer send calendar meeting notes back to its servers when calendar integration is enabled

• Internet lights up with new IPv6 connections
• IPv6 Day: Only the Biggest Change to the Internet Since Its Inception
• IPv6: Trillions of new net addresses now possible
• What to Expect for IPv6 Launch Day
• Many major ISPs and Internet companies permanently turned on IPv6 today.
• So what?
  • IPv4 doesn't go away. It will operate in parallel for the foreseeable future.
  • IPv4's 4.3 billion addresses are almost all gone though. IPv6 expands the limit to 2^128 addresses—more than 340 trillion, trillion, trillion.
  • IPv6-enabled systems quadrupled over the past three years.
  • ISPs including AT&T, Comcast, Time Warner Cable, Free Tellecom, KDDI (Japan), Free Telecom (France), Internode, and XS4ALL (Netherlands) will turn on IPv6, and more importantly, leave it on
  • If you have an IPv6-enabled machine, no more tunelling. You'll get native IPv6 addressing.
  • Networking vendors such as Cisco and D-Link will enable IPv6 by default for their home network devices.
  • Google, Microsoft, Facebook, and Yahoo will turn on IPv6 for their main sites and keep it on.
  • Go to http://test-ipv6.com/ if you want to test your readiness

• Google Maps go off-road and offline
• Google Earth to get radically better 3D images, new UI on iOS and Android
• Google gets the jump on better 3D maps with a "fleet of planes"
• Google Street View cars have driven 5 million unique miles, collected 20 petabytes of images
• Hands-on with Google's Tracker Street View backpack
• Brian McClendon, VP of Google Maps
  • Google has announced its plans to improve 3D maps. It’s using "automated technology to extract 3D from aerial images."
  • To make the images, Google uses planes to take images at 45-degrees from four different angles — flying them in a tightly-controlled pattern with plenty of overlap. Then uses stereo photogrammetry.
  • May be able to provide vertical location info at some point
  • Street View Trekker, street view gear in a backpack, goes offroad
  • Will soon launch offline maps for Android. you navigate to the place you plan to visit and select “make available offline.” When you select an area, it will estimate the file size of the map depending on the size of the area you choose.
  • Street-View vehicles have driven a total of 5 million unique miles and collected 20 petabytes of imagery

• Facebook Will Disappear in 5 to 8 Years: Analyst
• Facebook Seeks to Boost Revenue From Mobile Ads
  • "In 5-8 years they are going to disappear in the way that Yahoo has disappeared," Eric Jackson, founder of Ironfire Capital. **"Yahoo is still making money, it's still profitable, still has 13,000 employees working for it, but it's 10% of the value that it was at the height of 2000."
  • Jackson says FB is 2nd gen of web co. 1st gen was web portals (Yahoo, Google), 2nd gen is social web, 3rd gen is mobile platform
  • Jackson's theory, you can't make transition in generations, historically companies fail
  • marketers can now pay individually for "sponsored stories," the company's only mobile-ad product. With "sponsored stories," marketers pay Facebook to republish positive messages that users post about their brand.
  • Previously, mobile ads on the social network could only be purchased through a premium ad package that included mobile

• Why IDC Predicts Windows Phone Will Surpass iOS by 2016
• Android Expected to Reach Its Peak This Year as Mobile Phone Shipments Slow, According to IDC
• What do we think of this IDC report?
  • Nokia is championing Windows Phone devices, emerging markets like Asia, Latin America, and Africa will more likely gravitate to Windows Phones.
  • Ramon Llamas, senior research analyst with IDC’s Mobile Phone Technology and Trends team, told Wired: “What I see from Windows Phone so far is that they’re starting to roll out entry-level mass market smartphones,” Llamas said. “What’s iOS doing? They’re going to bring you an older iPhone for less expensive. Which one would you rather have: This year’s model or last year’s model?”

Randomizer

• There and Back Again: A Packet's Tale - How does the Internet work?

Calendar

• Verizon opens pre-orders for Galaxy S III, will ship 'by July 9th'
• AT&T Samsung Galaxy S III to start shipping on June 18th
• PSA: Get your Samsung Galaxy S III pre-orders right here
  • AT&T - (June 18th)
  • Verizon ("by" July 9th, make of that what you will)
  • Sprint (Officially set for June 21st)
  • T-Mobile (Officially set for June 21st)
  • US Cellular (pre-orders begin June 12th)
• Tomorrow 6/7 execs from Microsoft will hold a "meet windows azure" .. streaming live from SF at 1 pm PT

Obit

• R.I.P. Ray Bradbury: 1920-2012 - author of Martian Chronicles and Farenheit 4-5-1, among many other beloved works

INCOMING

Email

"Hey Tom, Iyaz, Sarah, Jason & Guest

Tom was discussing the limitations of Windows RT on ARM chips, but I have to point this out. Almost all the limitations of Windows RT are around the desktop. You've been able to buy x86 Windows tablets for years. So why haven't they sold if they're fully functioning tablets? Well, turns out, no one wants to use a desktop interface on a tablet. So while Windows RT can't run desktop apps, I don't think anyone cares at all.

Tom wasn't the only person to say this, though, which I think is interesting. Several tech news sites have made similar comments about not being able to fully utilize the desktop, even though for years they've criticized Windows tablets for using a desktop interface. Very interesting, if you ask me.

Love the show, Jacob"

"Panasonic is introducing a TOUGHPAD to go along with their TOUGHBOOK laptops. I've used the laptops and, while not the best performance, they are incredibly durable. Now they are going into the tablet business.

Our sales rep sent the attached as a PowerPoint and told me it is public information, so I'm not violating an NDA.

Obviously, this is for a niche but I thought you might want to check it out - ALibertarian"

Sponsors

Squarespace

• ad times: :52-1:06 and 6:12-7:32

Production Information

• Edited by: Jason
• Notes:

This area is for use by TWiT staff only. Please do not add or edit any content within this section.