STOP TREATING THE INTERNET LIKE IT'S 1999- DTNS WEEKLY TECH UPDATE 03/09/2017
Added 2017-03-09 20:41:05 +0000 UTCHey all, thanks for reading! This is the weekly newsletter companion to Daily Tech News Show at http://dailytechnewsshow.com/
You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns
Thanks to the folks who responded to last week's column. Please spread the word that this exists for folks! This week I'm taking a closer look at a big change on the Internet we old-timers may not be fully recognizing. Plus a complete blow by blow of the Wikileaks CIA data dump and of course the rest of the news of the week!
CLOSER LOOK - THE INTERNET IS JUST THE WORLD NOW
Recently Simon Kemp at The Next Web wrote up a story about the incredible growth of the Internet over just the last five years. Internet users grew 82%, or almost 1.7 billion people, since January 2012. Kemp notes that about 1 million new users each day, or more than 10 new users each second.
The Internet got big while we weren't looking.
And that made me think, a lot of the problems we see on the Internet right now may be because of scale.
The other morning I realized that my approach to conversations on sites like Twitter is still guided by my 1997 mindset. Back then there was a group of people out there who used the Internet and we all got to talk to each other for the first time and that was cool. Sometimes people could be odd or even aggressive but we were all here for one common reason, which was to communicate in a way like never before.
Except that's not true anymore. The Internet isn't a hobby. A more representative sample of humanity is here. There's no self-selection of experimentalists and tech fans. There is no common gestalt of the Internet. It's just humanity now.
So if I post as if I'm talking to a clique of early adopters it includes a lot of assumptions. Remember netiquette? Yeah, there is no such thing anymore. This isn't a small community with a system of community standards. Instead, it's an interconnected network of communities each with their own standards in varying states of development.
Twitter worked well in 2007 wen the users were all from that early Internet mindset and generally followed its rules. Twitter developed its approach to users with that mindset as well, which is why it has always taken a hands off approach. It's acted more like usenet than, say, a chat room. But Twitter is now populated by a majority of people who didn't grow up on usenet and message boards. Twitter is no longer usenet, it's a public square.
And a public square needs different rules than the local pub. Sure anybody can go to the pub, but not everybody does. And when you enter the pub you play by the landlord's rules. That's Facebook. Although Facebook is certainly struggling on how and when its bouncer needs to step in. Everybody can pass through the public square. That means you need some policing. And Twitter is struggling to figure out how to do that policing.
All this is to say that the Internet is not a place anymore. There isn't "an Internet" not that there ever really was. Instead the Internet is just another way of viewing the entire world. That means my mindset has to change. We're no longer speaking to a small group inside a place most people don't go to. We're speaking out on a street where anyone can possibly wander by. And if we want to have a private conversation, we'll need to duck indoors. Oh look, Signal's right there. Let's go over there and talk.
What do you think? Has your mindset changed? Let me know in the Patreon comments!
WIKILEAKS BREAKDOWN
Thursday's show discussed whether we should care about Wikileaks, here's a little extra resource on everything that happened this week and what we know about it.
WHAT HAPPENED?
Tuesday Wikileaks released 8,761 documents claimed to be from inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. They call it “Vault 7” and claim it's 1% of what they have.
- Wikileaks redacted things like IP addresses of targets and tar and zip files. They only released directories of tools, not the tools themselves.
https://wikileaks.org/ciav7p1/
https://www.schneier.com/blog/archives/2017/03/wikileaks_relea.html
WHO TOOK IT AND WHEN?
- The cache appears to have been taken in February or March 2016 from a private Atalassian development coordination server.
- Bruce Schneier noted one document talked about Comodo versions 5.X and 6.X which were released in Feb. 2013 and April 2014, giving the cache a time window. (Wikileaks says 2013-2016)
- Schneier And cybersecurity expert James Lewis of the Center for Strategic and International Studies notes that the documents appear to be a few years old and detail nothing illegal, so likely to have been given to Wikileaks by an outsider.
- Reuters said two anonymous US officials say the CIA had been aware of leak since the end of last year and is investigating contractors as source. The New York TImes says it may have come from a server outside the CIA managed by a contractor.
http://www.reuters.com/article/us-cia-wikileaks-idUSKBN16F2AP
WHAT'S IN THERE?
- Among the many documents are a series of exploits that would allow an attacker to gain access to smartphone, computers, and routers etc.
- One called “Weeping Angel” could attack a Samsung F8000 TV but required physical access to the TV’s USB port. If implemented it could allow the attacker to monitor audio from the TV's mic while the TV appeared to be off.
- One document describes UMBRAGE as a project to maintain attack techniques that would appear to come from other states and misdirect attribution.
- Thursday Julian Assange said additional technical details would be given to tech companies so fixes can be developed.
- Apple said many have been patched. Google said many have been patched. Microsoft and Samsung said they are looking into the leaks. Linux Foundation said the open source nature of Linux means it rapidly issues patches and is continuously made more secure.
WHAT'S THE BIG DEAL? SPIES GONNA SPY RIGHT?
- If there is anything controversial about the leak, it’s that the CIA hoards vulnerabilities and uses them for offensive purposes, despite assurances it intends to work with companies to keep their products secure.
- Michael Daniel (special advisor on cybersecurity to President) told Wired in an interview in 2014 that the “vast majority” of zero-days the government learns about are disclosed.
What is the "Vulnerabilities Equities Process?"
- Under the VEP, the government will evaluate whether to disclose a vulnerability it has obtained or discovered—so that the software developer has a chance to fix the problem—or the government may choose to withhold the information to use it for purposes including law enforcement, intelligence gathering, and “offensive” exploitation.
- The VEP requires that each Department or Agency keep records sufficient to allow the Executive Secretariat to use them to compile an annual report on the implementation of the VEP.
- The Wikileaks dump doesn't prove they didn't of course, maybe they just hadn't finished their internal evaluation. But it certainly shows the CIA has a lot more exploits than they would have liked you to think.
https://epic.org/privacy/cybersecurity/vep/
NEWS RECAP
Wednesday Uber received a permit to test autonomous cars in California. Uber also announced Wednesday it will prohibit the use of its Greyball technology against regulators. Greyball is meant to block people attempting to game the Uber system, but had also been used to block official investigations of the company. http://fortune.com/2017/03/09/uber-greyball-dropping/
Fitbit announced the Alta HR fitness tracker an update to the original Alta that adds a heartrate monitor and improved sleep tracking. The internals are 25 percent smaller than the Fitbit Charge 2 and feature 7 day battery life. Alta HR will be available at the end of March for $150. https://arstechnica.com/gadgets/2017/03/fitbit-proves-heart-rate-monitors-can-be-slim-with-new-alta-hr/
A source told TechCrunch, Tinder operates a members-only version of its dating service, “for celebrities and people who do really well on Tinder,” called Tinder Select. Tinder invites select people who can nominate others for inclusion, but nominated people cannot themselves nominate people. The app has a different design including blue accents instead of orange and an S instead of the Tinder flame logo. https://techcrunch.com/2017/03/07/tinder-select-is-a-secret-members-only-version-of-the-app/
Facebook’s Messenger Day feature is rolling out worldwide on Android and iOS. Similar to Snapchat’s stories function, Messenger Day lets you add text, doodles, overlays and facial filters to photos or videos and add it to your “Day” bundle where friends can view it for 24 hours after its posted. http://www.theverge.com/2017/3/9/14867192/facebook-messenger-snapchat-stories-clone-day
Scientists at IBM have successfully stored one bit of data on a single atom of the element holmium. An average hard drive uses around 100,000 atoms to store a single bit. The researchers passed an electrical current through the holmium atom to flip its north and south poles. The poles stay flipped and can be measured to read data. http://fortune.com/2017/03/09/ibm-single-atom-data-storage/
Google made several announcements at its Cloud Next conference
- A 55-inch 4K touchscreen whiteboard will sell for $5,000 sometime this May.
- Third-party add-ons in Gmail, rather than as browser extensions, focused on enterprise customers and it won’t be an open marketplace.
- Enterprise-focused updates to Google Drive like “Team Drives” with better management of sharing, a Vault for administrators and migrations services from AppBridge which Google has acquired. And “early adopters” get “Drive File Stream” which tries to choose the files it knows you’ll need to be synced to your drive for offline access.
- Google Hangouts chat is differentiating itself from Google’s Allo messaging app, by becoming a business-oriented Slack competitor. Basically this adds a load of new features to group chats, including threaded messaging. integration with Google Docs and Sheets, search, rooms and app scripts for bots and integration with Hangouts Meet videoconferencing. It comes first to businesses in Google’s early adopter program and its unclear who will get it after that." http://www.theverge.com/2017/3/9/14863862/google-jamboard-4k-digital-whiteboard-price-release-date-announced
At the Open Compute Project Summit, Microsoft showed off a version of its Windows Server OS running on Qualcomm’s Centriq 2400, an ARM-based chip designed for cloud servers. The project is for Microsoft’s internal use on cloud services and there’s no word on when, or if, it would be available for others. It's not even running on any customer-facing Microsoft services yet, though the server design, called Project Olympus, is open source. https://www.bloomberg.com/news/articles/2017-03-08/microsoft-pledges-to-use-arm-server-chips-threatening-intel-s-dominance
Amazon no longer needs to resist handing over communication data from an Amazon Echo found at a suspected murder scene. The defendant, James Andrew Bates, who pleaded not guilty, agreed to let law enforcement review information contained on the Echo." http://www.theverge.com/2017/3/7/14839684/amazon-alexa-first-amendment-case
Facebook has started its program of alerting people to questionable news. Links in question show up as normal but underneath there will be a red alert icon and a note saying what fact-checking organizations dispute the story. To avoid false alerts stories reported by users or caught by a software algorithm are sent to multiple fact-checking organizations. A story must be disputed by two of the organizations for the alert label to be applied. http://www.recode.net/2017/3/4/14816254/facebook-fake-news-disputed-trump-snopes-politifact-seattle-tribune
Consumer Reports, Disconnect, Ranking Digital Rights, and The Cyber Independent Testing Lab, with assistance from Aspiration, have developed a methodology to assess product security. The standard includes best software security practices, information collection, and account data management Consumer Reports intends to gradually implement the methodologies in its product testing and ratings. A draft of the standard can be found at thedigitalstandard.org . http://www.reuters.com/article/us-cyber-consumerreports-idUSKBN16D0DN
Twitch launched Pulse, a way for streamers to post updates, clips, YouTube videos, links and photos to a newsfeed style stream. Pulse shows up on the Twitch home page, and displays posts from channels you follow in reverse chronological order. Pulse pulls from each person’s Channel Feed which is rolling out to all streamers mid-March. https://www.engadget.com/2017/03/06/twitch-pulse-social-network-facebook-news-feed/
Amazon says a typo in a command meant to take small number of the S3 billing servers offline last week ended up taking a much larger number of S3 servers offline. one of which was responsible for all metadata and location information in the Northern Virginia data centers. https://aws.amazon.com/message/41926/
Thanks for supporting us. Feel free to forward this newsletter to others and let them know how they can subscribe!
