Tech News Today 518
Recorded: June 8, 2012
Published: June 8, 2012
Tech News Today 518: Crack-smoking Utopia of Security Bliss
Flame is the cleverest malware, Intel wants to change television, iOS 6 is real, and more.
Submit and vote on story coverage at technewstoday.reddit.com
- Tom Merritt ( )
- Sarah Lane ( )
- Iyaz Akhtar ( )
- Jason Howell ( )
- Denise Howell
- Enough with the rumours, here's a fact. MacStories spotted banners being put up in the Moscone Convention Center that say iOS6. Moscone is where the WWDC will take place starting Monday. Granted, it could mean anything but... no it couldn't. Monday we get iOS6. More facts coming later in the show!!
- FB wants to help you find third-party mobile and Web apps...as long as they integrate with FB. The Facebook App Center has launched with about 600 apps. Though FB only points to apps rather than selling directly, it gives personalized app recommendations and which apps are popular with friends. Users can toggle between Web or mobile apps.
- Epic Games showed off its Unreal Engine 4 and it can handle lighting at a higher speeds than previous versions. So instead of a developer having to tweak the lighting for weeks, Unreal Engine 4 will take care of that. If you're thinking, "Great, who cares about light?" You should care! Lighting is what makes scenes seem real! The engine does more work so programmers can work on other things.
- Symantec reports that one of their honeypot servers that was intentionally allowed to be infected with the Flame malware experienced an interesting event. Flame removed itself. The command located every Flame file sitting on a PC, removed it and then overwrote memory locations with gibberish to thwart forensic examination. Symantec says the cleanup routine seems to have been written in early May.
- The United Nations is weighing the benefits of a new Internet tax on big web providers like Google, Facebook, Apple, and Netflix. The European proposal was debated in December of a U.N. agency called the International Telecommunication Union, & according to leaked docs, would amend an existing telecommunications treaty by imposing heavy costs on big Web sites and their network providers to serve non-U.S. users.
- Google Street View should continue to be available in Switzerland. A Swiss Court said Google does not have to blur all faces and number plates before publishing images to Street View. However, around "sensitive facilities" like schools and prisons, plates and faces must be blurred before put online. A lower court had previously ruled that Google would be required to blur each and every face and plate to which Google said it would remove the Street View feature from the country if the ruling wasn't overturned.
- Oh, look there's a skirmish on the internet playground. First, Jeffrey Katz, CEO of price comparison site Nextag, published an op-ed piece in the WSJ criticizing Google for favoring its own products and services and called Google a "brand killer" because it controls which sites get exposure. Then Google's Senior VP of Engineering Amit Singhal wrote a response tearing apart Katz's piece saying that Google's search results are built to help users find relevant results and are not built to favor any site.
- We can put a man on the Moon but we can't get rid of the blind spot in our car's side mirrors? Well reverse that folks. We haven't been able to put a man on the Moon in around 30 years but R. Andrew Hicks from Drexel University has finally cracked the blind spot issue. He created a mirror that controls the light bouncing off a slightly curved mirror, resulting in a field of view of around 45 degrees, rather than the standard 15 to 17. The patent was just awarded but in the US curved mirrors are not allowed on the driver's side... yet.
- Apple must pay a $2.25M settlement over marketing new iPads as 4G in Australia. The courts called it false advertising, because though the new iPad does support 4G wireless data networks in the U.S. and Canada, those frequencies aren’t offered by cell carriers in Australia and other countries. see you in bankruptcy court, apple!
- Get ready for Apple to allow clones. I know, but one of those kind of unthinkable things happened yesterday. Microsoft revealed that its Azure cloud computing service is extending support to Linux. And Ubuntu fans should sit down if they haven't heard this already, Ubuntu founder Mark Shuttleworth announced that Canonical is working with Microsoft to support Ubuntu Linux on the Azure platform. Also cats and dogs sleeping together.
- Facebook's App Center aims to make discovering third-party apps easier
- Facebook’s Dilemma With Native iOS Apps: Relevance or Revenues
- FB drove people to Apple’s App Store 83 million times last month. sent people back to iOS apps they had already downloaded 134 million times.
- Facebook baked into 7 of the top 10 grossing iOS apps and 6 of the top 10 Android apps.
- what happened to HTML5 and FB's commitment? No fragmented market for devs.
- HTML5 limited on popular apps: latency issues with games. video & photo apps need to hook into the camera so they need to go native.
- Not getting a cut of the 30% rev share Apple/Android takes
- Apple gives 5% to referrers of iTunes purchases, but that's likely not a big cash cow for FB
- future: fb os? native apps? back to html5 once devs get on board?
- iOS 6 announcement confirmed by conference center banner
- Retina-ready apps begin to appear in Apple’s Mac App Store ahead of WWDC
- WWDC setup pictures
- iOS 6 announcement. retina coming to os x app store/mbp. refreshed mac pro line.
- last chance for predictions: 3d mapping. updates to mountain lion. siri comes to ipad.
- Crypto breakthrough shows Flame was designed by world-class scientists
- Flame espionage malware issues self-destruct command
- You think the Suicide capability of Flame we told you about earlier was sophisticated? Check this.
- "Flame uses an MD5 chosen-prefix collision attack," Marc Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Weger, of the Technische Universiteit Eindhoven wrote in an e-mail posted to a cryptography discussion group earlier this week.
- "Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized.
- In 2008 it was demonstrated by using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems.
- Flame didn't use the published chosen-prefix collision attack, but an entirely new and unknown variant.
- This was done by mathematicians doing new science
- The usual attack scenario goes like this:
- I create two different documents A and B, that have an identical hash value (collision).
- I then send the first document to Sarah, who digitally signs it and sends it back to me..
- I then copy Sarah's signature to a second document. I send that document to Iyaz, claiming it's digitally signed by Sarah.
- Insight: Intel's plans for virtual TV come into focus
- Intel Can’t Break TV’s Bundles
- Intel Seeking Media Rights to Start Online Pay-TV System (original report, Mar. 13)
- Dish chief defends commercial-skipping feature, calling it a 'necessary' response to online TV
- Original report was back in March by Bloomberg saying Intel was "considering creating an online pay-television service that works on TV sets."
- Reuters has an update today saying Intel's plan is meeting resistance because content providers don't want to unbundle and license specific networks at a discount compared to what cable and satellite pay
- So what would Intel's system be like?
- STB with facial recognition tech for targeted ads
- Intel claims that the new interactive features in its set-top box would add greater value to TV advertising and help offset reduced revenue from licensing fees for network owners. Execs aren't sold on the idea.
- Intel aimed for a November launch
- Intel wants to keep its costs down by licensing smaller packages of TV networks instead of replicating the basic cable TV bundle of more than 100 channels. But network owners won't agree to smaller bundles without being paid a premium for the channels they choose to license.
- Talking to WSJ: Dish Chairman CHarlie Ergen says Auto Hop was a "competitively necessary" response to cheap online video,
- Mr. Ergen aims to force the networks to develop "more meaningful" ads, using, for example, demographic targeting of viewers.
- Dish is currently being sued by broadcast networks over the auto hop feature for copyright violations
- Google's Monopoly and Internet Freedom
- Setting the record straight, compeition in search
- Given Nextag’s Lack Of Transparency, Its WSJ Opinion Piece Asking For Google Transparency Isn’t Wise
- Joaquín Almunia, vice president of the European Commission responsible for Competition Policy, who recently called on Google to change parts of its business by July 2 in order to avoid antitrust action.
- Google under the gun for lack of transparency in an op-ed piece in WSJ from Nextag CEO Jeffrey Katz
- Katz complains that Google stacks the deck against its competitors. Danny Sullivan points out Katz has testified that 65% of their traffic came form Google last year
- "the most prominent results are displayed because companies paid Google for that privilege." Sullivan thinks Katz means the new shopping engine, but I think he means the top result which is an ad.
- Google should disclose, clearly and in plain English, when advertisers receive better placement in search results and when a result is a Google-owned property. And when a competitor’s service is the best response for the user, Google should highlight it instead of its own service.
- FTC guidelines created in 2002 say that search engines should ensure “the use of paid inclusion is clearly and conspicuously explained and disclosed”
- Amit Singhal, senior vice president of engineering at Google: "It's understandable that every website believes that it is the best, and wants to rank at the top of Google results," Singal said. "The great thing about the openness of the Internet is that if users don't find our results relevant and useful, they can easily navigate to Nextag, Amazon, Yelp, Bing or any other website."
- Bing introduces New Britannica Online Encyclopedia Answers
- Bing result for "michelangelo"
- Google result
- Bing announced a partnership with Encyclopedia Britannica to include Britannica Online answers directly in the Bing results page.
- Unlike Knowledge Graph, the Britannica entries appear as a slightly expanded search result with a thumbnail.
- People are comparing this to Google's Knowledge Graph, what do we think of Bing's partnership with Britannica?
- Does it differentiate them from Google?
- What about the presentation? It appears more like a regular search result compared to Google's side panel.
- What would it take for someone to switch away from Google?
- Will we get a .lol or .google? ICANN's answer due June 13. Internet Corporation for Assigned Named and Numbers will hold a press conference next week to unveil the generic top-level domains that companies and organizations have applied for. the agency received over 1,900 applications before it closed registration on May 30.
- Samsung Exhilarate's existence, coming to ATT on sunday june 10 for $50
- also coming to ATT on sunday is HTC One X!
- Don't forget our live coverage of WWDC Monday morning starting at 9:30 AM PAcific, event begins at 10 AM Pacific
"Hey TNT crew,
I work as a lead developer an a number of properties that have an online login / user account functions. All of these sites used the latest best-practices for password hashing when they were launched.
Whereas you are correct that changing legacy code to new methods would not be terribly expensive from either a developer cost or system resources function, the big problem is the impact to the user base. Since a hash is only a fingerprint of a password, and we cannot recover the original password, any change in hashing methods would invalidate all existing passwords.
From a business standpoint this is a huge issue. While many users will respond to on-screen instructions or an email requesting they change their password there are many who will simply balk and walk away. In my experience this has always been the biggest barrier in updating hashing techniques.
Love the show,
Bill from Jacobstown, NJ"
"Dear TnT Crew:
In light of all the hacking about that has been happening concerning passwords, I am left with just one question: "Why don't these services use the Google Authenticator API?"
I am assuming there is such an API since I have linked my LastPass account to it. Wouldn't this be a quick and easy way for all of these sites to provide two-part authentication for their users? Perhaps I am just dreaming of a crack-smoking utopia of security bliss but why aren't there more services offering mobile device based two part authentication? I am assuming that my bank takes security measures seriously, but until I have this feature I will continue to feel as if my Gmail and WoW accounts are more secure and what is in my toon's bank is safer than what is in mine.
Thanks for the show.
Curt Moreno The Kung Fu Drafter"
"Hey guys, following up on my Twitter conversation with Tom and Sarah:
In regards to the numbers showing developers still develop for iOS first (70% to 30%), there are a couple things to consider. If you are a smaller developer and have to choose one platform simply due to cost and time constraints, then the higher revenue possibility from iOS could be determinative.
As someone with a foot in both camps (iPad and Android phones), I can honestly say that there is not a single iOS app that I actually use or want that is not out on Android.
My ultimate point is that the “app gap” is, for all practical purposes, closed.
With one exception: High end gaming. All the major casual games are on both platforms, but I believe there are some big name games on iOS not yet on Android. All my gaming is casual, so I would not be able to speak to this.
What is actually interesting about that those numbers to me is that 30% or so are actually developing Android first! Who would have thought that two years ago?
- ad times: :53-1:07 and 22:39-24:50
- Edited by: Jason
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|