Darren Kitchen is on the show today to talk about the latest frightening Heartbleed attack on VPN, and just how scared we all should appropriately be. Also a listener suggests using our hearts as passwords, thus making heartbleed possible IRL. Plus Len Peralta illustrates the show!

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests:  Darren Kitchen of hak5.org and Len Peralta of the art world. 

Headlines

The Next Web reports Facebook has made the first major update to its “Paper” app, the alternative way to access Facebook posts on a mobile device. Paper now has notifications for birthdays and events, the ability to add photos in comments, unread counts to groups, as well as nine new article covers for Bloomberg News, Mashable, FT, kottke, Fox News, Popular Science, The Hollywood Reporter, Vanity Fair, and Hacker News.Still no word on availabilty on Android or anywhere outside the US. 

Ars Technica reports security firm Mandiant says they found an attacker using the Heartbleed vulnerability to subvert a client’s VPN concentrator. Yeah you heard that, somebody used Heartbleed to bust into a VPN. The attacker used multiple attempts to gain active session tokens, meaning they could appear to be authenticated users, thus bypassing any authentication methods including multifactor. Once inside the attacker proceeded to attemtp to gain additional control over the network. In addition to patching systems as soon as possible, Manidant recommends companies implement network intrusion detection and historical reviews of logs. Attackers will send hundreds of attempts since Heartbleed only leaks 64KB of data at a time, and once in a VPN will appear alongside valid users from significantly different IP ranges and geographical locations.

The Next Web reports that Samsung’s free ‘Milk Music’ service might soon include ads, and charge $3.99 a month for a premium ad-free version. The information appeared in an infographic about Milk published by Samsung. Milk Music launched in March and is only available to US-based users. 

Android Headlines passes along that HTC’s head of imaging Symon Whiteburn told Vodafone DSLR-like optical zoom lens may begin to be common in smartphones within the next 18 months to 2 years.

Geekwire reports Uber sent an email to its Seattle UberX drivers that a “Safe Rides Fee” of one dollar will be added to fares starting today. And yes the fee will be paid by riders. The fee applies nationwide and will help pay the cost of background checks on drivers as well as insurance, education and safety monitoring. Uber will give drivers a dollar per trip until August 31st to ease the transition. However in the cities where the company reduced the cut they take of fares to 5%, they’re raising it back up to 20% starting April 23.

The Next Web reports Microsoft announced it has sold more than 5 million Xbox Ones compared to Sony’s 7 million. The PlayStation 4 is on sale in 72 countries and regions the Xbox One in 13. Even with the console lagging behind, Microsoft’s Titanfall took the top spot in games sales last month according to the NPD group.

Ars Technica reports DARPA is researching robotic pods that sit on the ocean floor and can release flying and floating drones to the surface to attack on command. In fact, DARPA has requested bids this week for the final two phases of its Upward Falling Payloads (UFP) program. Phase 2 will consist of the development of prototype systems testing and demonstrations at sea in 2015 and 2016. Phase three would test multiple distributed modules at full depth in spring 2017. 

News From You

the_corley sent in the Verge article about HTC hiring Samsung’s former Chief Marketing Officer, Paul Golden. Golden created and launched the Galxy brand and was in charge during the successful Samsung “Next Big Thing” ad campaigns. Golden is said to have been hired on a three-month contract at first, reporting directly to chairperson Cher Wang. 

gullwingdmc submitted the Apple Insider story that Amazon confirmed Fire TV will add unified voice search for Hulu Plus, Crackle, Vevo and Showtime apps sometime this summer. Currently the voice search only displays options from Amazon.
(the_corley submitted a similar link)

metalfreak posted the OS News article that Judge Claudia Wilken has ruled that Rockstar, the patent holding company of which Apple is majority shareholder, must conduct its suit against Google in California. Rockstart had filed the suit in the patent friendly Eastern District of Texas. Goolge had moved to have the suit in California because of Apple’s involvement and the fact that both companies are headquartered there. Judge Wilkens agreed.

rtwalz let us know about the CNET story that NASA has confirmed for the first time the existence of an Earth-sized planet that ALSO could hold liquid water. Kepler-186f was observed by NASA’s Kepler telescope circling in the habitable zone of the M-dwarf star Kepler-186. No, that does not make it an “M-Class planet” like in Star Trek.

Discussion Section Links: 

http://arstechnica.com/security/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/

http://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

http://arstechnica.com/security/2014/04/now-theres-an-easy-way-to-flag-sites-vulnerable-to-heartbleed/

http://www.wired.com/2014/04/https/

http://www.netcraft.com/about-netcraft/privacy-statement/

http://spectrum.ieee.org/riskfactor/computing/it/heartbleed-bug-bit-before-patches-were-put-in-place

Pick of the Day:

Monday’s guest: Iyaz Akhtar, of cnet.com

Andrea Smith joins us to talk about Facebook’s new Nearby Friends feature, and how social networks like Instagram and Twitter are leading to marriage.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guest:  Andrea Smith, technology journalist and executive producer and host of CE Week TV

Headlines

Facebook announced a new feature called Nearby Friends, that shares your general location with others and vice versa. The feature is opt-in, and both friends have to approve before locations will be shared. You can control what level of friends see your location too and choose to temporarily share precise locations with individuals. Notifications will use logic to take into account people you are always nearby so you don’t get barraged with notifications for every co-worker or family member. You can also turn it off anytime. Facebook will roll the feature out slowly in the US over the next several weeks.

The Next Web reports Twitter is beta-testing a new post format that features a prominent app download button. The format leverages both promoted Tweets and Twitter cards to make the so-called “rich native ad unit”. Twitter also announced advertisers can now set up campaigns on ad.twitter.com that run across the entire Twitter Publisher Network, not just Twitter itself. That includes thousands of apps and more than 1 billion devices covered by the Twitter-owned MoPub ad exchange. 

Reuters reports Nokia has suspended sales of the Lumia 2520 tablet in parts of Europe, in order to fix a fault in the charger. The plastic cover of certain AC-300 chargers run the risk of coming loose exposing internal components that could cause an electric shock. Consumers in Austria, Denmark, Finland, Germany, Russia, Switzerland and UK are strongly advised to suspend use of the charger until further notice as are users of the travel charger. No incidents related to the fault have been reported. 

The BBC reports Mathias Dopfner, chief executive of German company Axel Springer wrote an open letter to Google in Germany’s Frankfurter Allgemeine Zeitung newspaper. Dopfner writes that he and his company fear Google and asks if they plan to create a superstate where anti-trust and privacy laws don’t apply. He also called the compromise Google reached with the European Commission, similar to extortion, and compared technology platforms to biological viruses. The column comes in response to a column in the same paper by Google Chairman Eric Schmidt mentioned Axel Springer and Google had “walked down the aisle” and signed a multi-year advertising deal. 

The Verge reports SD-card maker EyeFi is launching a service to backup all photos you take to the cloud whether you take them with a phone or a camera. Eye-Fi Cloud offers unlimited photo uploads for $49 per year, and works with all of the company’s existing WiFi-enabled Eye-Fi Mobi cards. New customers will get 90 days of free cloud backup. Apps are available for Android and iOS. The service does not work with desktops or laptops or the company’s older X2 Pro cards.

VentureBeat reports Tactus will partner Taiwanese device manufacturer Wistron to create its touchscreen with buttons that appear and disappear as needed. Tactus showed off the morphing keyboard technology at CES. It works by using a small reservoir of liquid to raise buttons on a screen and then smooth them away without affecting screen resolution.The company says it will release an iPad Mini accessory similar to a screen protector later this year and a full tablet afterwards, likely early 2015.

News From You

Kylde posted the Ars Technica story that the Heartbleed bug has been found to affect OpenVPN. Fredrik Strömberg, the operator of a Sweden-based VPN service, sucessfully extracted encryption keys from a test server multiple times. A slight bit of good news here, Strömberg notes the exploits aren’t as easy to develop as attacks against Web servers because OpenVPN encrypts traffic inside of an OpenVPN-specific container. Strömberg, like the OpenVPN officials, said the risk to users of the OpenVPN Connect Clients is minimal.

KAPT_Kipper posted the 9to5 Mac story that Apple will build Shazam’s song-recognition capability into iOS according to Bloomberg. The assumption is it would then link to iTunes Radio and the Music store.

And Richardya posted the ReCode’s sources say Yahoo is aiming to convince Apple to change its default search from Google to Yahoo on the Safari browser. Yahoo has developed a pitch including slides and mockups but has yet to pitch it to Apple execs. Google reportedly pays Apple $1 billion a year for the Safari search, while Bing powers Siri.

Discussion Section Links: Love and Friends in the Digital Age

http://thenextweb.com/facebook/2014/04/17/facebook-launches-optional-nearby-friends-feature-android-ios/?utm_source=social&utm_medium=feed&utm_campaign=profeed&utm_reader=feedly

http://techcrunch.com/2014/04/17/facebook-nearby-friends/

http://blog.theknot.com/2014/01/28/couples-fell-in-love-social-media/

Pick of the Day: ProCam2 app via Brian Gnuse

Friday’s guests: Darren Kitchen of hak5.org and Len Peralta of the arts.

Danny Sullivan joins us today to talk about Google’ earnings potential as well as Bing’s integration with Cortana and why it got Danny to switch his default search engine!

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes
Today’s guest:  Danny Sullivan, founding editor Search Engine Land

Headlines

Senior vice president of Samsung’s product strategy, Yoon Han-kil told Reuters Samsung’s first phone running the Tizen OS will launch around the end of the second quarter. That high-end smartphone will be followed by a more middle-market version. The second version of the Gear smartwatch released last week, runs Tizen. Although Samsung plans to release an Android-based smartwatch laster this year. Soon also said Samsung plans to launch a new version of the Galaxy Note with a new form factor in the second half of this year.

The New York Times’ Farhad Manjoo talked with Facebook CEO Mark Zuckerberg about the future of the social network, and it may not be what you expected. Facebook aims to become a suite of apps providing services, and not all of them will come with Facebook branding. Facebook’s Creative Labs is an attempt to create the startup mentality within the more established company. Their app Paper is an example of what they want to do, although it hasn’t met with instant success. The approach also explains the acquisitions of companies like Instagram and What’s App which have largely been left to continue their business as they did before Facebook acquired them.

VentureBeat reports on iFixIt’s teardown of a Google Project Tango prototype. Tango is the project that uses multipls cameras on a mobile device to make 3D maps of your surroundings. Inside iFixit found a Snapdragon 800 quad core CPU running up to 2.3 GHz per core, 2GB of memory, an expandable 64GB of internal storage, and a nine axis accelerometer/gyroscope/compass. There’s also Mini-USB, Micro-USB, and USB 3.0. The key piece is an infrared projector with a series of infrared LEDs. When turned on, it projects a grid of dots that create a depth map similar to Microsoft Kinect.

The CTIA, the industry association for mobile phone makers, announced its “Smartphone Anti-Theft Voluntary Commitment” program Tuesday in the US. It makes a “baseline anti-theft tool” available, either preloaded or by download” on all smartphones sold by participating vendors. The CTIA has been resisting legislation requiring kill-switches being championed by the attorneys general of New York in San Francisco. While the Attorneys welcomed the program they still don’t think it goes far enough saying, “We strongly urge CTIA and its members to make their antitheft features enabled by default on all devices, rather than relying on consumers to opt-in.”

The Verge received the first image of a retail box for LG’s next flagship Android smartphone which will apparently be called the LG G3. That’s the phone codenamed the B2. Not a good name if you don’t want a phone to bomb. The box is gold giving more credence to the idea that the phone will be released with a gold color. LG declined to comment but did confirm its next phone will feature a 2560 x 1440 screen resolution.

Reuters reports Canadian police have arrested a 19-year-old man and charged him in connection with the attack on the Canadian Revenue Agency website. That was the attack that exploited the Heartbleed bug. Stephen Solis-Reyes, was arrested at his home in London, Ontario on Wednesday and faces criminal charges of unauthorized use of computer and mischief in relation to data.

News From You

KAPT_Kipper sent us the CNET story about Corning’s new USB 3.0 cable that delivers 5 gigabits-per-second speed over a maximum length of 30 meters. The optical cables are thinner and lighter than comparable copper cables. Pricing starts at $110 for the 10-meter version.

the_Corley let us know about the GigaOm story that SpaceX has agreed to operate and pay for Pad 39A at NASA’s Kennedy Flight Center for the next 20 years. The pad has some history as it got its first use launching Apollo 11 to the moon. That would be kind of like American Airlines contracting to use gates and runways the Wright Brothers first used.

AND tekkyn00b submitted the Verge article about Mt. Gox giving up its attempt to restructure the business under bankruptcy protection. The Wall Street Journal says the company has asked a court for permission to liquidate. So any of you with deposits are pretty much assured of getting less back than you had in there.

Discussion Section Links: Google gets back to basics?

http://recode.net/2014/04/16/bye-bye-moto-google-gets-back-to-basics-today-in-q1-report/

http://blogs.wsj.com/digits/2014/04/16/google-earnings-what-to-watch-4/?mod=rss_Technology

http://searchengineland.com/microsofts-cortana-bing-189229

http://www.bing.com/blogs/site_blogs/b/search/archive/2014/04/16/bing-com-gets-more-personal.aspx

Pick of the Day: Google Authenticator via Justin Barnard

I want to suggest Google Authenticator for a Pick, A great little app for working with two factor authentication logins. [Jennie says this is an Android app that generates 2-step verification codes on your phone and even works in airplane mode]

Thursday’s guest: Andrea Smith, technology journalist and executive producer and host of CE Week TV

Nicole Lee is on the show today and we’ll talk about what Twitter is up to with the back-to-back acquisitions of Cover and Gnip.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guest:  Nicole Lee, senior editor, Engadget

Headlines

Twitter announced today it has agreed to acquire Gnip, a company that filters and sells structured datasets, culled from the so-called Twitter firehose of data. Gnip also packages data from other social networks like Tumblr and Disqus, and sells managed API access to services like Facebook. Twitter intends to continue to make data available to Gnip’s current customers and will leave the team in its location in Boulder, Colorado.

CNET reports Google’s Paul Eremenko told an audience the first Ara developer’s conference today that the first of the modular smartphones will go on sale in January 2015 for around $50. It will come in one color, gray. Hopefully some modular components will be available at that time too to spice up the color AND the functionality. Two more developer’s conferences are scheduled for July and September. Power bus support is coming in May, with system-level functions expected in September.

The Verge reports Google just added a new photo attachment option to Gmail, that lets you bring in photos straight from your Google + library. You can attache whole albums and resize images inline. Of course you have to be storing photos in Google + AND use Gmail for any of this to matter to you.

Ars Technica reports that researchers at Germany’s Security Research Labs were able to bypass the Samsung Galaxy S5’s fingerprint sensor to gain access to a linked PayPal account. Researchers took camera-phone photo of print smudge on a phone’s screen and created a wood glue spoof of the print. It’s a similar method used to defeat the iPhone TouchID in September.

PC World passes along the Toshiba announcement that the first 4K laptop, the Satellite P55t will hit US store shelves April 22nd starting at $1500. It’s a 15.6-inch laptop with a quad-core Intel Core i7 processor, up to 16GB RAM, an AMD Radeon R9 M265X discrete graphics card with 2GB RAM, and a 1TB hard drive. Oh and an Ultra HD 3840-by-2160 display with 282 pixels per inch of resolution.

News From You

TVsEgon posted the Boy Genius Report article with exclusive photos of an alleged prototype Amazon phone. The device in the images is covered in a protective shell meant to obscure its design and BGR says it blocked or obscured some other parts of the phto. But what can seen is— a black— square. With a screen. And a headphone jack. BGR reasserts information from sources who say the phone’s big feature will be a 3D display that thanks to multiple cameras that track your eyes, will not require glasses.

AllanAV posted the Reuters story that Google has changed its terms of service for Gmail to alert you that yes, indeed, Google scans your email and analyzes it to make targeted ads, both when they are stored and when they are in transit. Google has been accused of violating federal and state wiretapping laws in the US due to the policy.

And metalfreak submitted the threatpost article on iSEC Partners audit of TrueCrypt. The Open Crypto Audit Project contracted iSEC to examine the software for possible backdoors. The first phase of the audit is done and found fewer than a dozen vulnerabilities, none of which indicated any kind of surreptitious backdoor and none of which were considered immediate exploitation vectors. The first phase included the bootloader and Windows kernerl driver as well as pen testing and code review. The second phase will look at encryption cipher suites, random number generators and key algorithms.

Discussion Section Links: Twitter buys Gnip

http://techcrunch.com/2014/04/15/twitter-acquires-longtime-partner-and-social-data-analytics-provider-gnip/

http://recode.net/2014/04/15/with-gnip-buy-twitter-starts-taking-its-data-business-seriously/

http://recode.net/2014/04/15/twitter-exec-says-its-almost-a-mobile-only-company-these-days/

http://www.engadget.com/2014/04/08/twitter-cover-android/

http://recode.net/2014/04/15/twitter-taps-google-maps-director-daniel-graf-for-product-vp-role/

Pick of the Day: Amazon Cloud Player and Rdio

Wednesday’s guest: Danny Sullivan, Search Engine Land