SolarWinds - The Gift That Keeps On Giving - DTNS 3943


This is the daily tech news for friday january. Eighth twenty twenty. One in los angeles on tom. Merit and from studio redwood on sarah lane from studio colorado. I'm shannon morris drawn the top tech stories in cleveland. I'm lynn per nine. Amazon has discontinued its prime pantry. Grocery and household item service products previously available in pantry will now be available like any other products on amazon. So it's not going away to gather but the service itself prime pantry launched in twenty fourteen offering reduced shipping on up to forty five pounds of household goods for a monthly fee. Amazon node vied prime pant pantry subscribers about the closure in december and then issued refunds the. Uk's competition and markets authority launched an investigation into google's privacy sandbox. That would block third party. Cookies in chrome regulator received complaints from the marketers for an open web coalition saying the plan would abuse google's dominant position in online advertising. So the investigations going to evaluate. If the privacy sandbox changes would concentrate advertising spending market share with google samsung launched the galaxy chromebook to a cheaper version of the galaxy chromebook at launched last year so instead of four k it has a ten eighty p lcd screen with less storage fewer cameras less ram. It's also heavier and thicker overall but it also now starts at five hundred forty nine dollars instead of one thousand dollars. That has a thirteen point. Three inch nineteen twenty by ten eight hundred sixteen nine. Lcd touchscreen with the dual core intel seller on five twenty five you upgradable to an intel core. I three ten ten eleven ten one. one zero. You eight gigs. Ram and one hundred twenty five gigs of storage for six hundred ninety nine dollars a shortage of semiconductors affecting automakers. Volkswagen said last month that they needed to adjust first-quarter manufacturing plans around the globe because of the shortage. Now honda says it will cut domestic output by about four thousand cars this month at one of its factories in japan nissan is adjusting production numbers for its note hatchback model and ford has moved up previously planned downtime at a kentucky plant for its sport utility vehicle factory to the jin chips all right. Well we're talking about cars. Let's talk about the the apple car. Yeah a lot of rumors as of late will really over the last few years. But but but the rumors had resurfaced recently and hyundais. Now talking to apple about kerr's so says the company hyundai representative told cnbc quotes. We understand that apple isn't discussion with a variety of global automakers including hyundai motor as the discussion is at its early stage. Nothing has been decided. Korean economic daily said that apple suggested the arrangements and hundred was reviewing the terms that involved e production and also battery development hyundai has had his own battery platform called e. g. m. p. going into production later this year. So might be saying what you're doing. Reuters sources say that apple would like to produce a passenger vehicle by twenty twenty four however might not be that date bloomberg's mark gurman reports in thomas e. v. from apple is five to seven years away and michio recently said he wouldn't be surprised if it takes until twenty twenty eight. Yes what's probably going on. Here is apple and i think this significant part has decided to start investigating how they would build. Whatever it is. They're going to build whether it's a whole car or an integrated platform and they're going to different manufacturers and parts suppliers and folks like magna including hyundai. And saying what are you got. How can you help us with this. And is a great company for this because they make parts they make systems. They make full cars. There's all kinds of services in the conday company that could play a part with apple so it may not be. That apple knows what they want from hyundai. It may just be that they're going and saying hey let's talk. You do a lot of the kinds of things that we think we're going to need. I'm pretty excited about this. I just got my first hyundai ever this year and my perception of this story was weight but hyundai currently uses android auto and a lot of their their cars. So i would love to see. How apple would integrate Hyundai's current technologies into something that is very useful for that apple ecosystem not just looking at e itself but also the The the systems inside of it the controls in how they would manage that four a driver and a passenger in the car. Yeah i mean. I think that's one of the big questions that i have is okay. Let's say let's say it's hyundai that that applet ended up working with with clearly not set in stone at least from what we know at this point. But let's say it's the companies for kicks. Let's imagine that that's what it is. Yeah it is. It is an apple car that hyundai produces a lot of parts for the way that works with lots of other companies to produce other hardware for apple. I mean that that's the loftiest kind of goal that we're looking at and maybe that would take till twenty twenty eight at you know if if apple was lucky. I think it probably has more to do with like you said shannon not that you know android auto wouldn't still be prevalent in a lot of passenger vehicles but maybe at some sort of it's a special relationship. It's it's a special kind of os inside a car that is supposed to you. Know i don't know move some merch because What apple is providing on the software side is is. Is that much more interesting. I really don't know if you look at that. Bloomberg article mark gurman sources are saying that Tesla people that apple has hired are working on things like interior exterior. Drive train stereo. Desist the kinds of things. You need when you're building a car not carting a software platform so then the question becomes is it the apple car period. Maybe hendaye makes it. Maybe somebody else makes it. And you know they'll figure out how to distribute it or is it the apple car by sunday and you go to hyundai dealership to buy it the way you went to an. At and t. store to an apple iphone but it's really apples car in cooperation with sunday. Are there multiple partners. I mean that's all the kind of stuff we're waiting to see but it really does feel like we have gotten to the point where this is no longer just yeah. They're working on project titan. They don't know what they're gonna do to. They have an idea. It's more than just software and they're working out the details. Maybe they don't even know that yet. Well i'm interested to see what happens but we also have some other news. Security among the systems impacted by the solar winds attack is the electron filing system. Used by the us federal courts at investigation is underway to determine if confidentiality of documents filed with the courts was breached and as a result starting wednesday confidential documents filed with the courts will be stored on standalone systems. Not uploaded big difference so these are documents sealed from public access because they contain sensitive information like investigative techniques identities of informants and a lot more other. Us federal agencies affected included the justice department the state treasury and energy departments as well solar winds has engaged. The krebs stay most security consulting group to help deal with this attack. That firm was formed by alex. Stamos the former chief security officer at yahoo and facebook and chris krebs the former director of the us cybersecurity and infrastructure security agency or sisa. So krebs was fired last month. By the president after finding no evidence of with voting systems in the twenty twenty election. Yeah stamos first of all brilliant for those two to team up and smart for solar winds to engage them for what they say is Helping with transparency with companies that are affected But this we we are not done finding out how bad this is. There are reports that there may have been other ways that this whoever is behind this intruded beyond just solar winds. They're finding evidence of that. They have not been able to root out the people that got into this vulnerability from all systems yet. They're still in there in a lot of cases. And you know this. This kind of confidential information is exactly the kind of thing you fear that someone would get intruding into a government system informants investigative techniques that you can now learn from to evade being prosecuted or caught yourself. That's that's crown jewel type stuff it's it's very interesting. In fact krebs spoke on record saying that it could potentially take years to figure out how deep the solar winds attack actually went and how many different kinds of infrastructure. You know brands and everything that it might have affected so this is not something. That's going to die anytime soon. I'm glad that they are reaching out. Craig's and stay most though because that i agree with you tom. It's excellent. excellent team roku made a few interesting announcements roku says. Npd data shows that the roku s was the top selling smarter operating system in the us and canada in two thousand twenty thirty one percent market share in canada. Thirty eight percent in the united states That's pushed the samsung's tizen number two. At least we don't actually know samsung's ties and was number. One in two thousand nineteen also announced a wireless soundbar reference design that uses wifi for its roku. Tv ready program remember. Last year roku announced the program which had a designed for wired. Sound bars. The program includes tcl. Pokemon on an element has just announced. They'll join as well with two point. Two point one ready sound bars roku tv ready to expand internationally later this year as well. But here's the big roku news roku has agreed to acquire exclusive global distribution rights to more than seventy five Shows documentaries some of which had not been released before qube shutdown. So there'll be some new stuff that nobody's ever seen after their exclusivity deal expires. That'll happen in a bit more than a year. Depending on the show roku will still have the rights to show the content just not exclusively until thousand twenty seven the content will have to be presented in original increments of ten minutes or less. The deal doesn't let them stitch it altogether. The content will be added to the more than forty thousand movies and tv shows already available. In the roku channel shows include from Be anyway punked. Murder house. Flip and dummy which stars anna kendrick. I never watched the new punk. I heard had its moments. The whole qube thing. It's really interesting to me because it was sort of like. It crashed and burned so quickly. And there's a lotta shot and friday around folks in the industry about it. And i think that's not because qube was doing things wrong. It was because the company had raised so much money time. Because you know. They had meg whitman. Jeffrey katzenberg who are you know. Heavy hitters and there was a little bit of like you are being to embassies and therefore you shall fail. The company did fail and the idea that some creators will have a new life on another platform shows. That just don't even saw but people still worked on. And maybe you're really good. I think this this makes a lotta sense and good for roku to get exclusivity for at least a few years so does roku have to wait at all in order to start showing this content or can happen immediately. I don't know when the start date. Whenever the deal is you know goes into effect. Then they'll immediately be able to to show it so you know within a month or so it would be my guess anyway but no they. They don't have once. The deal is actually in effect. They don't have to wait. What's going on here. is that the baby. Production companies own the rights to their own stuff but they have a two year exclusive for each one of their shows with qube and those two year exclusives are now being transferred to roku so roka will be able to have the exclusive for the remainder of whatever. The period was with quick. That's why it's more a year. Exclusively goes away then they still have the right to show it until twenty twenty seven but the production companies that made it can now start shopping at around to other places as well so the production companies do hold the content and remember this is just the content. Qube is still in a over. Its turnstile technology which is holding it up from selling its technology and i would expect once it resolves that lawsuit should resolve it in a way that they still hold their technology. They'll sell that to so this isn't the last you're going to hear could be selling off a part of it. I would imagine. Gotcha yeah that whole. The whole technology part of qube was again was an ambitious thing that was released at a very inopportune time in twenty twenty when everyone was like. We're just sitting at home like we don't need this like mobile phone technology. It's like cool that you can shifted around but you can't even cast thing. I mean the company did fix that pretty soon after allow about she was just. I mean it's just did. The timing couldn't be worse but that technology when you think of it in a variety of other form factors such as monitors that swivel talked about some of those yesterday. I don't know that qube or tiktok or snapchat or all of the stuff where we're like. Oh yeah that's the. That's the portrait view. Rather than landscape view. That works for certain apps is is is all that this is four. I think there's more to it So we'll see what happens and there's patents and things that are always valuable because you can use those to extract some concessions and money and stuff. So yeah expect that all to come join the conversation in our discord which you can join by linking to a patriotic. Can't get in there and talk about your favourite qube shows with all the other discord folks. Just lincoln to your patriotic out at patriotair dot com slash. Dpd s all right shannon. How do you clone a security key. Well i i will say please do not stop using your security keys because of this story i will explain it. Researchers from ninja lab published a paper on thursday showing how you could clone a google tightened security gate this is a two factor authentication key which is very similar to a you. Be key that you have to plug in or tap in order to access an account after putting in your username or your password credentials. Were both so in order to pull off the clone. You would need physical access to the key for about ten hours. Sometimes a minimum of ten hours just kind of depends on how good you are at this. About twelve thousand dollars worth of equipment physical equipment and custom software and some advanced skills in electrical engineering and cryptography as well. So you have to remove the chip and then take measurements of it at a being registered on each account that you went to attack the measurements observe electro magnetic radiation as the chip generates digital signatures that let the attacker slowly deduced the private key so measurements take about six hours per account. That's not including taking apart. The original tighten security key putting it back together. Then you need to seal the chip back into its case. You also need the targets password in order for this to work. So the reason it works is because of vulnerability in the security hardware chip residing within the google titan key and that is called an eighty seven hundred x by this company called. Xp if it's exploited in attacker could grab the elliptic curve cryptographic private key for the account and the same chip is actually found in other two factor. Authentication physical tokens as well like There's a ubiquity that it's found in but chances of attack or very very minimal given the scope of the attack so if you do all of this without the target ever noticing then they would never duplicated key but again given the scope given how much it costs and everything behind the scenes probably when it happened to normal user. The point of these security keys being the best way to use For two factor. Is that you can't even get at your private key right you. Nobody has to be able to get in there like the chip. Just doesn't make it available so the fact that they were able to get in there and get it is huge. You know the fact that they were able to do this is significant. But i mean if you're not a target of an advanced persistent threat. You don't need to worry about this. No one's going to go to the trouble to do this. And even if you're a target. I would guess shannon that most of them probably would be able to notice if someone took their key for ten hours or more you. You likely likely would especially since a lot of people with hardware tokens like google titan will stick them on a on their keychain for example like with their house keys or whatever wherever they keep all those personal physical devices that they don't want lost or stolen they keep them all on engaging so if somebody was to take one of these out of your purse out of your gym locker wherever it might be and remove it for like ten hour street minimum. You would likely know that this would have happened. the neat thing about these chips inside of these. Google tightened security keys. And any other cryptographic hardware tokens like these is that. Even the manufacturer doesn't know the private key so the fact that they were able to find vulnerability on these specific chipsets is really interesting. And i think that's the important bit of that. Is is even though the google titan like the end all be all of really excellent. Two factor authentication. There's always. The potential that vulnerabilities can be found. So i'm happy that this research came out. It's so fascinating and it's so interesting in this means that an x. p. and other security chipset manufacturers that sell these teeny tiny chips to google or whoever the company might be They can build on this. They can research and figure out what the next version of their chipset needs to entail in order to not be vulnerable to this again in the future. Yeah i mean this is really a good security story right. We finally figured out because there's always a way right. We finally figured out the way you get the private key out of a security key and guess what it's really hard takes a long time and now that we know it we can make it even harder and hopefully you know push that barrier out even further and even if somebody did have time to do this and you didn't notice i was reading the paper because i'm a huge nerd and they go as far as using fuming fuming nitric acid in order to get like melt the epoxy off of the original google titan. How are you going to put that back together. In order for somebody to not notice like there's a lot of intricacies with this attack in order for it to actually be pulled off so chances are very very slim that somebody would be able to pull off so again as i said at the very beginning. Don't stop using your google tightened security key if you have one keep using it because chances are you would never be attacked with this. Just just know if you haven't seen it in ten hours look together strange. This is going to be in a movie though. I'm calling that shot right now. We're gonna we're gonna see this movie. Where like i hope so. Somebody goes into surgery and they take his key and they go out and do all this and they slip it back in because ten hours later. He wakes up from anesthesia on something like that. I just hope they talked to the researchers so they actually show it off right. Yeah Sony tv and audio announcements Starting with details for its own tv lineup. Sticking with lead ravi x four k and k. Tv's will support four k at one hundred twenty hertz variable refresh rate vr as well as a l l m low latency mode and e arc. These are all things that are important. If you've got a ps five now you've got sony. Tv they can go. That sony also has an improved a chip that is going to improve the picture and sound positioning. So it aligns with what you see on the screen. Sony's master series. Tv's will come with a sensor that adjusts white balanced immense. Your ambiente color temp. You don't have to do anything they'll just do it. Also an aluminum heat shield. That will make for brighter. All the sets will support. Hdmi two point one. Another big one for ps five dolby vision hdr angle tv. Sony also announced. It's three hundred sixty reality audio platform if you're not familiar with three hundred sixty degree audio places instruments and vocals in a virtual sound field around your head but using just the one speaker so you can do this in an amazon echo or google. Home sony will start streaming video with three sixty audio later this year. Starting with concert from zara larsson on january eleventh. And somebody's gonna make speakers that support this. It'll be may supported by other speakers as well. But sony is going to put out the are five thousand and three thousand They've got that dark cloth. Surface that all these speakers seem to have these days with either bronze or silver accents. Work with google and amazon assistance and can connect to select sony abroad via. Tv's as well as supporting wi fi bluetooth. Spotify connect in google cast. The speakers do automated calibration to the room. They're in donut. The press a button for that. Either and we'll simulate three hundred sixty degree audio for stereo tracks as well. The five thousand cost five hundred pounds or five hundred ninety nine euros no. Us price yet on the three thousand two hundred eighty pounds. Three hundred fifty nine euros. This seems this. Seems like it's shaping up to be one of the trends. Is this the sort of three hundred sixty degree audio while you're listening to your black bank and it's just one speaker or potentially a couple of speakers ativan. Maybe yeah yeah already supported. Yeah there's less of kind of like What do i have to do. Five point one surround or at least get a couple of speakers and make them a stereo pair type thing. I really haven't heard this in. I don't know. I used to hang out at magnolia at best. Buy all the time. And just like geek out on stuff like this. of course. this technology wasn't around at the time. But it's really come on. Let's turn on some stuff and see the speakers. Do it works well. Then that's awesome my first reaction because i got rid of my kind of pants speakers some years ago because friend of mine needed them more than i did and i didn't have room in my apartment but i miss that i'm also an a. A permanent now that's smaller and kind of has a lot of weird angles and i find audio bounces off walls in wiz. That wouldn't if it was more of a square box broom So i'm not sure that i'm the perfect target market for this. You're the you're the one puts this through its paces and sees if it really works. Yeah if i could actually work as advertised again with some funny angles in a big old frame. Then i'm i'm really into this and i've always been. I don't have a sony. Tv currently sorry zony. But i was abroad. Bravi a person for years. Nears i think what the new bravi line is coming out with. Looks really nice. And i mean not totally in the market for a new tv. But i like the fact that i might get a new sony again paired up with a sony speaker. You got three six. Yeah already got all this stuff. It's going to be a messed anyway. You slice it. But i like. I like this to be sixty reality audio platform. What would you have set up in your house. I was straight up going to mention sonos because if if it doesn't have the connectability to be able to work with all of my other platforms that currently have invested in. Then chances are i wouldn't buy it. So i do have sono says in my house and i do have some issues connecting those with other speakers in the household to like like my google hub for example so the fact that this works with google and amazon assistant the speaker specifically The audio speakers. I think that's pretty cool. I like that. They are bringing that in and i am interested because i do live in a household. That has very high ceilings. How this would work in that kind of environment. So yeah. I'm very interested in the audio aspect. Well you might also be interested in what colour has come out. Oh yes the folks who make things like toilets and and sinks and lots of appliances however. Been a real. Cas mainstay for the last few years for some cool innovations and this year is no different. Even though we're not in vegas koehler has a new smart bathtub called the stillness bath. That lets you use an app or use your voice using google or amazon's assistance to fill up the water or perhaps set the mood by changing the color of the lights around the tab or even add some fog. You know you wanna kind of pretend like you're in the then present routines also turn on features in a certain orders if you wanna get kind of creative. that's cool. Yeah the certain amount of limitations with the base model and the base model is not cheap so temperature and depth control models alone will cost around eight thousand six hundred ninety eight dollars. That's right it's almost nine thousand dollar bathtub. If you want the experience tower that lets you activate fog and aromatherapy. That will run you just over ten thousand dollars. Both models are available in july. There are real things and if you want the version with lights and floor grades for overflow fifteen thousand nine hundred ninety eight dollars available. This october signed me off. I won't be buying those. 