DTNS 2254 – TweetWreck – Tom Merritt .com

Peter Wells joins the show to talk about the TweetDeck XSS attack, DDoS attacks agains Evernote and Feedly, and why the Internet seems to be falling apart lately.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests: Peter Wells, editor of Reckoner, Australia

Headlines

The Internet was shaken today when Tweetdeck users everywhere began retweeting javascript code most ofen involving a heart symbol. It was not love they were spreading, but a cross-site scripting attack. It also manifested as popups with avrious messages like yo and XSS in Tweetdeck. Twitter fixed the vulnerability but then shut down Tweetdeck services for an hour to confirm the fix. It affected users of Tweetdeck in Chrome and reportedly users of the Windows app. Hat tip to melchizedek74 who submitted this on the subreddit.

The Washington Post reports Microsoft is contesting a search warrant issued by a judge in New York compelling the company to turn over customer data stored in a server located overseas. The emails in question are on a server in Ireland and connected to a drug-trafficking investigation. Verizon filed a friend of the court brief supporting Microsoft. Microsoft believes US investigators should file the request with an Irish district court judge. The US government believes the location of the records is irrelevant, only the location of the company matters.

Reuters reports Taxi drivers slowed traffic in London, Paris, Berlin, Madrid and Barcelona in protest against Uber, a US company that allows users to summon cars for rides via an app. Taxi drivers across Europe say Uber breaks local taxi rules, violates licensing and safety regulations and its drivers fail to comply with local insurance rules. Uber says its drivers comply with all local regulations.

TechCrunch reports Pinterest launched “Guided Search” on its mobile apps which surfaces related terms at the top of the screen as enter a keyword in the search box. The search bar is also much more prominent on the site now. The change is rolling out to English-speaking users over the next few weeks with more languages to follow.

CNET reports the $25 Firefox Phone is coming to India. Intex and Spice, will build Firefox OS phones based on a processor from Chinese company Spreadtrum and sell them for around Rs 1,500 in the next few months. Mozilla also announced Chunghwa Telecom, the largest mobile network operator in Taiwan, has signed up with Firefox OS. ZTE’s Open II and Alcatel’s One Touch Fire E are still scheduled to go on sale this summer.

TechCrunch reports Parrot, the popularizer of the quadcopter drone has some price and release dates for its latest creations shown off at CES earlier this year. The Jumping Sumo, which rolls around on the ground on two wheels, squeeze through small places, and well, jump has a 20 minute battery life and will be available in August for $160. The Rolling Spider is a quadcopter that can also work with two optional wheel attachments allowing it to scale walls and ceilings with an 8 minute battery life. Yeah. . It will arrive in August for $100. As a sidenote the US FAA approved the first drone for commercial use Tuesday. AeroVironment will fly unmanned Puma aircrafts over Prudhoe Bay in Alaska to survey oil pipelines, roads, and equipment for BP.

News From You

KAPT_Kipper has our top story on the subreddit, The Seattle Post-Intelligencer reports Comcast has turned on the first 50,000 of its residential hotspots in Houston, to use WiFi routers in homes to provide wider WiFi service for Comcast customers. The routers separate access from the home users network and offer it with the SSID xfinitywifi. Comcast says it shouldn’t impact home service since public hotspot users are provided through a separate channel on the modem called a “service flow.” Controversially the service is turned on by default without the subscriber’s consent. Customers have to log into their Comcast account and turn the service off themselves.

metalfreak pointed out the TechGage post about Civilization V coming to Linux via Steam OS. It’s also on sale to boot. That addition helped the number of unique Linux titles at Steam to pass the 500 landmark. Currently, TechGage counts 516 Steam games available for Linux.

spsheridan posted the Ars Technica story that US FCC Chairman Tom Wheeler wrote a blog post titled “Removing Barriers to Competitive Community Broadband” shortly after meeting with Mayor Andy Berke of Chattanooga, Tennessee. Wheeler wrote, I believe that it is in the best interests of consumers and competition that the FCC exercises its power to preempt state laws that ban or restrict competition from community broadband.” Wheeler has said similar things before but the FCC has no stated plans to act on the statements.

And supey777 pointed out the Sydney Morning Herald article that ISP iiNet’s regulatory officer Steve Dalby is encouraging customers to write letters expressing opposition to the government’s piracy crackdown. Attorney-General George Brandis made statements that he was considering a scheme of piracy notices and requiring blocks for certain websites. Mr. Dalby believes the graduated response proposal would incur costs with ISPs and have no effect.

Discussion Section Links:

http://techcrunch.com/2014/06/11/tweetdeck-fixes-xss-vulnerability/

http://hiddentext.wordpress.com/2014/06/11/xss-and-tweetdeck-and-the-person-behind-the-discovery/

http://www.theverge.com/2014/6/11/5800370/tweetdeck-vulnerability-lets-attackers-execute-code-remotely

http://www.f-secure.com/weblog/archives/00002167.html

http://dc406.com/component/content/article/643-tweetdeck-chrome-extension-xss-vulnerability.html

http://www.electronista.com/articles/14/06/11/evernote.recovers.from.multi.hour.ddos.attack.feedly.continues.to.suffer/

http://techcrunch.com/2014/06/11/feedly-evernote-and-others-become-latest-victims-of-ddos-attacks/

http://www.scmagazine.com/online-gambling-site-hit-by-five-vector-ddos-attack-peaking-at-100gbps/article/355020/

http://techcrunch.com/2014/03/04/meetups-multi-day-outage-was-due-to-a-newer-more-powerful-type-of-ddos-attack/

http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16232&view=map

http://www.theverge.com/2014/6/11/5800634/p-f-changs-investigating-possible-credit-card-hack

Pick of the day: Bialetti.com via Peter Wells

Thursday’s Guest: Patrick Beja of L’Ordre du français philosophes Technologie

And just because, here’s the full text of the email we got defending the future of Steam…very well written!

“Hey Tom! Travis from Quaint Bristol Tennessee.

I really wanted to weigh in on the Steam discussions. I’d like to start by saying that I think a lot of folks are either under or over thinking all that Valve is doing with Steam. Steam has come a very long way since it’s early when I first remembering it as the only way to install Half Life 2.

Basically, we need to not think of Steam as simply a gaming platform anymore, even though that’s still what it is primarily. I think Valve is positioning Steam to become a central platform for consumers to consume digital content without having the overhead of a licensed operating system or proprietary equipment. What this ultimately give consumers is simple, options.

For example, in our household, we have several PCs, game consoles, tablets and a plethora of other digital devices. My primary PC is a very powerful gaming desktop but like a lot of folks these days, I don’t always want to sit there after a long day at work, I’d rather kick back on the couch and do something. I have been experimenting with the new beta versions of Steam and have implemented a few nifty systems. I now have SteamOS installed on an Intel NUC with a wireless Xbox controller and Logitech wireless keyboard. I can now sit back on my couch and stream Defiance from my PC to my NUC running SteamOS and it plays almost exactly like it would if I were running it on my Xbox or Playstation. Ultimately, I think this gives Valve the potential to centralize our platform for digital purchases and use that as leverage to negotiate for a platform agnostic ecosystem. This would give something like the nVidia Shield much better viability. This allows me to get much more value for my library of games and as a result, I don’t buy games now if I can’t get them on Steam.

Within the next few years, there is going to be a major shift to the cloud for all of our consumption and I think Valve is getting out ahead of it. I feel like the current and near future implementations SteamOS will serve to transition users to a new ecosystem where Valve can work with technologies like nVidia’s new stream servers to give options for Streaming or allow for local installs.

So in the end, if I want to sit at my desktop and play Watch Dogs, I can. If I want to instead sit on the couch and stream it to my NUC, I can. If I want to stream it to my Surface I can. If Valve gets deals worked out with the likes of Amazon or Roku to have a Steam app, you could have it there too. Plus, they are supposed to be working on deals with content providers to allow for streaming service on SteamOS.

So where does that leave Steam machines? Valve is playing the long game with this one. If they get the support from developers, think of what that means for our games. We no longer have to have Windows licensed to play games, we have an operating system that is designed for performance, less vulnerable to malware

and keeps the cost of a system down by at least $150. Is it required? No, but it may soon be preferred if Valve plays their cards right. Initially, like most tech, it will be primarily embraced by techheads, but so were smartphones, right?”