Tech News Today 518

From The Official TWiT Wiki
Jump to: navigation, search
Tech News Today
Episode 518

Tech News Today 518: Crack-smoking Utopia of Security Bliss

Flame is the cleverest malware, Intel wants to change television, iOS 6 is real, and more.

Submit and vote on story coverage at


News Fuse

Discussion Stories

  • Facebook's App Center aims to make discovering third-party apps easier
  • Facebook’s Dilemma With Native iOS Apps: Relevance or Revenues
    • FB drove people to Apple’s App Store 83 million times last month. sent people back to iOS apps they had already downloaded 134 million times.
    • Facebook baked into 7 of the top 10 grossing iOS apps and 6 of the top 10 Android apps.
    • what happened to HTML5 and FB's commitment? No fragmented market for devs.
    • HTML5 limited on popular apps: latency issues with games. video & photo apps need to hook into the camera so they need to go native.
    • Not getting a cut of the 30% rev share Apple/Android takes
    • Apple gives 5% to referrers of iTunes purchases, but that's likely not a big cash cow for FB
    • future: fb os? native apps? back to html5 once devs get on board?
  • Crypto breakthrough shows Flame was designed by world-class scientists
  • Flame espionage malware issues self-destruct command
  • You think the Suicide capability of Flame we told you about earlier was sophisticated? Check this.
    • "Flame uses an MD5 chosen-prefix collision attack," Marc Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Weger, of the Technische Universiteit Eindhoven wrote in an e-mail posted to a cryptography discussion group earlier this week.
    • "Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized.
    • In 2008 it was demonstrated by using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems.
    • Flame didn't use the published chosen-prefix collision attack, but an entirely new and unknown variant.
    • This was done by mathematicians doing new science
    • The usual attack scenario goes like this:
      • I create two different documents A and B, that have an identical hash value (collision).
      • I then send the first document to Sarah, who digitally signs it and sends it back to me..
      • I then copy Sarah's signature to a second document. I send that document to Iyaz, claiming it's digitally signed by Sarah.
  • Insight: Intel's plans for virtual TV come into focus
  • Intel Can’t Break TV’s Bundles
  • Intel Seeking Media Rights to Start Online Pay-TV System (original report, Mar. 13)
  • Dish chief defends commercial-skipping feature, calling it a 'necessary' response to online TV
    • Original report was back in March by Bloomberg saying Intel was "considering creating an online pay-television service that works on TV sets."
    • Reuters has an update today saying Intel's plan is meeting resistance because content providers don't want to unbundle and license specific networks at a discount compared to what cable and satellite pay
    • So what would Intel's system be like?
    • STB with facial recognition tech for targeted ads
    • Intel claims that the new interactive features in its set-top box would add greater value to TV advertising and help offset reduced revenue from licensing fees for network owners. Execs aren't sold on the idea.
    • Intel aimed for a November launch
    • Intel wants to keep its costs down by licensing smaller packages of TV networks instead of replicating the basic cable TV bundle of more than 100 channels. But network owners won't agree to smaller bundles without being paid a premium for the channels they choose to license.
    • Talking to WSJ: Dish Chairman CHarlie Ergen says Auto Hop was a "competitively necessary" response to cheap online video,
    • Mr. Ergen aims to force the networks to develop "more meaningful" ads, using, for example, demographic targeting of viewers.
    • Dish is currently being sued by broadcast networks over the auto hop feature for copyright violations
  • Google's Monopoly and Internet Freedom
  • Setting the record straight, compeition in search
  • Given Nextag’s Lack Of Transparency, Its WSJ Opinion Piece Asking For Google Transparency Isn’t Wise
    • Joaquín Almunia, vice president of the European Commission responsible for Competition Policy, who recently called on Google to change parts of its business by July 2 in order to avoid antitrust action.
    • Google under the gun for lack of transparency in an op-ed piece in WSJ from Nextag CEO Jeffrey Katz
    • Katz complains that Google stacks the deck against its competitors. Danny Sullivan points out Katz has testified that 65% of their traffic came form Google last year
    • "the most prominent results are displayed because companies paid Google for that privilege." Sullivan thinks Katz means the new shopping engine, but I think he means the top result which is an ad.
    • Google should disclose, clearly and in plain English, when advertisers receive better placement in search results and when a result is a Google-owned property. And when a competitor’s service is the best response for the user, Google should highlight it instead of its own service.
    • FTC guidelines created in 2002 say that search engines should ensure “the use of paid inclusion is clearly and conspicuously explained and disclosed”
    • Amit Singhal, senior vice president of engineering at Google: "It's understandable that every website believes that it is the best, and wants to rank at the top of Google results," Singal said. "The great thing about the openness of the Internet is that if users don't find our results relevant and useful, they can easily navigate to Nextag, Amazon, Yelp, Bing or any other website."
  • People are comparing this to Google's Knowledge Graph, what do we think of Bing's partnership with Britannica?
    • Does it differentiate them from Google?
    • What about the presentation? It appears more like a regular search result compared to Google's side panel.
    • What would it take for someone to switch away from Google?





"Hey TNT crew,

I work as a lead developer an a number of properties that have an online login / user account functions. All of these sites used the latest best-practices for password hashing when they were launched.

Whereas you are correct that changing legacy code to new methods would not be terribly expensive from either a developer cost or system resources function, the big problem is the impact to the user base. Since a hash is only a fingerprint of a password, and we cannot recover the original password, any change in hashing methods would invalidate all existing passwords.

From a business standpoint this is a huge issue. While many users will respond to on-screen instructions or an email requesting they change their password there are many who will simply balk and walk away. In my experience this has always been the biggest barrier in updating hashing techniques.

Love the show,

Bill from Jacobstown, NJ"

"Dear TnT Crew:

In light of all the hacking about that has been happening concerning passwords, I am left with just one question: "Why don't these services use the Google Authenticator API?"

I am assuming there is such an API since I have linked my LastPass account to it. Wouldn't this be a quick and easy way for all of these sites to provide two-part authentication for their users? Perhaps I am just dreaming of a crack-smoking utopia of security bliss but why aren't there more services offering mobile device based two part authentication? I am assuming that my bank takes security measures seriously, but until I have this feature I will continue to feel as if my Gmail and WoW accounts are more secure and what is in my toon's bank is safer than what is in mine.

Thanks for the show.

Curt Moreno The Kung Fu Drafter"

"Hey guys, following up on my Twitter conversation with Tom and Sarah:

In regards to the numbers showing developers still develop for iOS first (70% to 30%), there are a couple things to consider. If you are a smaller developer and have to choose one platform simply due to cost and time constraints, then the higher revenue possibility from iOS could be determinative.

As someone with a foot in both camps (iPad and Android phones), I can honestly say that there is not a single iOS app that I actually use or want that is not out on Android.

My ultimate point is that the “app gap” is, for all practical purposes, closed.

With one exception: High end gaming. All the major casual games are on both platforms, but I believe there are some big name games on iOS not yet on Android. All my gaming is casual, so I would not be able to speak to this.

What is actually interesting about that those numbers to me is that 30% or so are actually developing Android first! Who would have thought that two years ago?

- Vance"



  • ad times: :53-1:07 and 22:39-24:50

Production Information

  • Edited by: Jason
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.