|TITLE: SSL Flatlines With Heartbleed * 981||GUEST CO-ANCHOR: Natali Morris|
|This is Tech News Today for Tuesday, April 8, 2014!|
|This episode of Tech News Today is brought to you by ShareFile. Enhance your workflow - send files of almost any size easily and securely with ShareFile, by Citrix. Try ShareFile today! For a 30 Day Free Trial, go to ShareFile.com, click the microphone and enter TNT!|
|And by...Squarespace, the all-in-one platform that makes it fast and easy to create your own professional website or online portfolio. For a free 2 week trial and 10% off, go to squarespace.com, and use offer code TNT|
|Welcome to Tech News Today, I'm Mike Elgan - I'm Jason Howell.|
|Tech News Today explores the big stories of the day in conversation with some of the world's best journalists.|
|Our guest co-anchor this week is Natali Morris, a contributor to NBC and cofounder of ReadQuick, a speed reading app for iOS.||Natali Morris|
Contributor, NBC, CBS, CNBC @natalimorris
|XPocalypse Now - Support for Windows XP ends today||http://bridgeurl.com/tnt981/all|
|A widely distributed flaw in OpenSSL called “Heartbleed” potentially exposes millions of users to being monitored as they interact with web sites.||http://heartbleed.com/||http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html|
|Joining us to explain it all is Steve Gibson, a security researcher, founder of Gibson Research Corporation and co-host of TWiT’s Security Now. |
Q: First of all, can you tell us what OpenSSL is and how widely it’s deployed.
Q: So what is Heartbleed?
Founder, Gibson Research Corporation @SGgrc
|* several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. |
Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.
* flaw introduced December 2011
* Fixed in OpenSSL 1.0.1g, released on Monday
* If exploited, the flaw could allow attackers to monitor all information passed between a user and a Web service or even decrypt past traffic they’ve collected.
* “This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” the researchers wrote.
* The bug found by Codenomicon, a computer security company, and Neel Mehta, who works on security for Google.
* The scope of the problem is vast, as many modern operating systems are suspected as having an affected OpenSSL version.
* Operating systems that may have a vulnerable version of OpenSSL include Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2, they wrote.
* The “oldstable” versions of Debian Squeeze and Suse Linux Enterprise Server are not vulnerable.
* allows attackers to obtain the private keys used to encrypt traffic
* attackers can only access 64K of memory during one iteration of the attack, but the attackers can “keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed
|Steve * grc.com * @SGgrc|
|An Indian startup called Ineda Systems has developed a chip for wearable computers that can run for 30 days without recharging. The company emerged from stealth mode today. And they’ve got some big backers, including Samsung and Qualcomm.||http://blogs.wsj.com/digits/2014/04/08/wearable-chip-maker-emerges-in-india-with-big-backers/|
Technology writer, The Wall Street Journal
Q: Can you tell us about Ineda Systems?
Technology writer, The Wall Street Journal
|* Called the Dhanush |
* Ineda: Dhanush
* or smartphones, enabling 30 days of always-on battery life.
* The Dhanush will come in four tiers, from the “Nano” to the “Advanced,” customized for simple fitness trackers up to high-end smart watches.
* Hyderabad in India; more than 180 engineers.
* chairman is Sanjay Jha, who led Motorola Mobility until its sale to Google; worked at Qualcomm
* Chips will operate up to 30 days without a charge in an always-on mode
* Ineda stresses a “hierarchical” computing architecture
Ineda’s chips = three different classes of cores. One extremely low-power block of circuitry remains on and exists mainly to talk to sensing devices, which will signal when to wake other parts of the chip up. Another core is designed to run simple apps and the third is a full-on application processor, able to run mobile-style apps, the company says.
|Don * wsj.com * @donal888|
|Sujit * timesofindia.indiatimes.com * @sujitjohn|
|AD 1: ShareFile||http://sharefile.com|
|Comcast made its case today for why regulators should let the company buy Time Warner Cable in a $45 billion transaction. Comcast’s 180-page filing to regulators today said that Time Warner Cable is not a competitor, but that Google, Apple and Facebook are.||http://corporate.comcast.com/comcast-voices/comcast-and-time-warner-cable-file-applications-and-public-interest-statement-with-fcc||http://recode.net/2014/04/08/comcast-no-competitive-threats-here-move-along/|
|* Summarized in a blog post by Comcast executive vice president David Cohen |
* Mostly about why Comcast isn’t dominant
* Comcast: plenty of local high-speed broadband providers and its merger wouldn’t decrease competition
* Broadband service is sold on a local basis, and there’s plenty of choice
* Comcast blog post: “Netflix now has over 33 million customers in the United States alone, with another 11 million international customers; Google’s video websites now attract over 157 million unique viewers each month who watch nearly 13 billion videos; Apple iTunes viewers purchase over 800,000 TV episodes and over 350,000 movies per day”
* Problem is that customers need Internet connections, and little choice there
* Review of Comcast’s deal is only beginning. Tomorrow, a Senate panel will examine the deal in some detail and provide a sense of whether lawmakers may support it or pressure FCC officials to either reject the deal or impose strict conditions on it.
* Justice Department officials looking at competitive threats
* FCC looking at whether the deal is in the “public interest”
|Peter * recode.net * @pkafka|
|The FTC says a Massachusetts-based website called Jerk.com and its owner, Napster cofounder John Fanning, deceived more than 73 million users by harvesting personal information from their Facebook profiles.||http://www.bloomberg.com/news/2014-04-07/jerk-com-napster-co-founder-misused-facebook-profiles-ftc-says.html|
|* Ranked users as either a “jerk” or “not a jerk.”|
* FTC: website falsely claimed that people could pay $30 to revise their online profiles
* FTC: Jerk.com misled people when it claimed the content on Jerk.com had been created by other users of the site, when in fact most of the site’s content was harvested from Facebook.
* many believed that someone they knew had created their Jerk.com profile”; actually info from FB
|Six major Hollywood studios are suing Megaupload for copyright violation.||http://www.nytimes.com/2014/04/08/business/media/studios-file-new-lawsuit-against-megaupload-and-its-founder.html|
|* MPAA: Paid users based on how many times the content was downloaded by others – and didn't pay at all until that infringing content was downloaded 10,000 times.|
* Six major film studios—Twentieth Century Fox, Disney, Paramount, Universal, Columbia and Warner Bros
* Suit: Megaupload was “encouraging and profiting” from copyright violations
* Kim Dotcom denied similar charges; New Zealand to stand trial over charges of mass copyright infringement.
* Shut down by U.S. regulators in 2012
* Accused of allowing copyright-holders to lose more than $500m in revenue.
* Motion Picture Association of America (MPAA): because site paid its users to upload TV and movies, it was not just a file-sharing site
MPAA: Not “a cloud storage service at all, it was an unlawful hub for mass distribution”
|Netflix started streaming 4K TV today. The second season of House of Cards and some nature documentaries are available in 4K/Ultra HD format, and not much else yet.||http://www.cnet.com/news/netflix-begins-4k-streams/|
|* The bitrate is just 15 Mbps -- picture superior to the HD movies you can stream from Netflix, but it's inferior to less compressed approaches to 4K. |
* Even some Blu-ray movies will probably look better.
* 4K streams from Amazon, Comcast, Fox and others this year
|AD 2: SquareSpace||http://squarespace.com|
|Social or email feedback|
|(OPEN LINK) - We told you April 3 about ZunZuneo, a Cuban social network created by the US government. The story was an exclusive by the Associated Press, and they characterized the program as a covert operation designed to undermine the Cuban government and harvest the personal data of Cubans. |
Yesterday, the agency responsible for the program, the U.S. Agency for International Development, responded to the article in a blog post, saying the AP story was riddled with inaccuracies and false conclusions.
|We told you recently about Twitter’s flirtation with a redesign that would make it look more like Facebook. Well this morning, they announced it. And the examples they showed look more Facebook like even than the tests. |
They also announced that tweets that get more engagement will be larger. You’ll be able to pin tweets to the top of your page, filter tweets and have other custom viewing options.
The new profile setup is available today to what Twitter says is a small group of users and will be rolled out to all over the next few weeks.
|The Chinese government has approved Microsoft's acquisition of Nokia's mobile phone products and services business, erasing the last credible threat to the $7.2 billion deal.|
Nokia today repeated its prediction that the deal will close this month.
|IN OTHER NEWS||SHOW||LINKS|
|THANK GUEST CO-ANCHOR|
|Subscribe to Tech News Today at twit.tv/tnt|
|Send us an email at email@example.com|
|Leave us voicemail by calling 260-TNT-show|
|Also: Don’t miss our evening newscast, Tech News Tonight, at 4pm Pacific.|
|* * * FIN * * *|
|A software flaw called Heartbleed could expose your web traffic -- even if it's encrypted!|
|Comcast says it's an underdog surrounded by strong competitors like Apple, Google and Facebok and should be allowed to buy Time Warner Cable.|
|And the FTC says the people behind the social site Jerk.com are, well, a bunch of jerks.|
|* * * END PROMPTER COPY * * *|