Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

Mar 1, 2019

Browsers are being Attacked.  Just this week we are hearing about another attack against the browsers we use daily listen in for more details.

We have all seen reviews online. But can they be trusted?  Turns out --- maybe not....

New research is being done on Swine diseases in China. These diseases are rampant and now the Chinese are running full force to technology for answers.

Android is trying to up their Security.  Listen in to find out what they are doing.

The FTC has just issued a ruling on TokTok.  I'll be talking about that today too.

Health records are now a big business. I'll tell you why so many of the big tech players are trying to get into the game.

We will also talk about the MOMO challenge.  

There's lots to talk about tech this week.  So grab a seat and join me. 

For more tech tips, news, and updates visit - CraigPeterson.com

---

Transcript:

Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/02/2019

Researchers Our Smart Home Be Big Brother - Health Records On Smart Phones - New Browser Attacks - Momo Challenge

Craig Peterson: 0:00
Hey. Hi everybody. Craig Peterson here, it's time for our weekly radio show. A lot to cover as always, it has been a very fun week. For me. I have really been enjoying this as we've been doing more and more content for our Insider's site, and the people who signed up for this master course. And welcome aboard. Thanks, everybody, for being with us. You are, I'm sure going to continue to love it. We've had great feedback, more and more people giving us just, you know, a little bit of encouragement, which I always, always appreciate. Let me tell you, it is difficult to put some of this stuff together and to do it. Yeah, you know, so I appreciate the appreciate should including here on the radio show. So welcome to everybody.

I had a couple of conversations last week about some of the browser hacks that are going on so we're going to cover that again there's a new browser attack a whole new type the to really just kind of an old browser hack that is back again. Some very troubling news coming out of Hawaii and some scientists over there we're going to talk about and no, it's not about the volcano or global warming. It's about Alexa and what they're proposing trusting online reviews. This is a biggie, biggie, biggie, can you really trust them? And you know you go to a site like Amazon or eBay. And what do you see on there? You see people saying, Oh, this is the greatest thing ever. I love it. It's too big. And sometimes, oh, no, it's too small. It's never worked for me. How legitimate are those we rely on and those don't we know. We're going to talk a little bit about that China, they are doing some interesting things with pigs over there. you know, about the tracking that the law enforcement doing here to try and catch bad guys. And that makes sense, right? We want the bad guys caught on and off the street in London, the most surveilled city in the world, at least, it used to be, it's probably Shanghai nowadays. But in London, you can't go anywhere and not be caught on one of these closed-circuit cameras. Well they're doing
the same thing now and trying and with pigs. And we'll talk about why Android it kind of, you know, kudos to them. They've had all kinds of security issues they now have part of what's called Fido available on their devices is a fast identity thing, we'll talk about that and its use. We're just not gonna have enough time today, the Federal Trade Commission is ruling is find here a $5.7 million to a company that has an app called TikTok. And this is under the law that was passe, man it's been a few years now, I can't remember. I'm kind of looking through the article to see if it says when it came up at the COPA regulations, and it went beyond the statutory limits as to say that story. And storing health records now is a big business and Apple's trying to get into the game as, as Google and of course, many others, because there's so much money in it. But how about the privacy side of it is Apple going to continue to keep your data private. and in this case your medical data private.

We've got a note to this week, from one of the listeners to the podcast, he texted me and he was asking about this Momo challenge, then. So I want to bring that up as well. So a very busy day. Today, I'm going to try and keep these things short. But you know me I'll just have to explain them in a little bit to detail. So here we go.

Now, you've been online, I'm sure you've been to YouTube. This even made it onto most of the news sites is 24/7 news cycle that we have nowadays. But that bucket challenge writes the Ice Bucket Challenge. It was phenomenal. From a fundraising standpoint, it really helped to raise some funds for a very good cause. And the whole idea was, Hey, I'm going to get a bucket of water, I'm going to fill it with ice. And I'm going to dump it over my head. And it's part of a fundraising campaign where people would donate, you know, and if you do it I'll give you 10 bucks, or I'll donate 10 bucks to it. And so they did it, which is really kind of cool. I'm glad they did all of that.

Well, there's an internet home that's been around for a while now it is a hoax. But there is a problem with this as well. And it's called the Momo challenge. It's been spread by users on Facebook has been talked about in the media and different channels. And the whole idea behind this reporting is that children and teens are getting enticed by this username Momo, to ultimately commit suicide. And the whole concept is you start out small, you do some  you know, almost innocuous things, and then it gets keeps getting more and more violent. There's attacks and then eventually suicide. And it really reached worldwide proportions last summer, in July 2018, and the number of actual complaints was actually quite small. And there's no police force that is out there right now that I could find that reported that anybody was ever harmed as a result of this phenomena. no direct result, right? There could be other things and there's a great by the way page about this up on Wikipedia that you might want to check out.

But reports about this and the awareness of the digital challenge rose again this month after police in Northern Ireland posted a public warning on Facebook. And that's a problem it keeps popping up. As you know, we're actually concerned parents concerned police departments are trying to say hey, listen, everybody, keep an eye on what your kids are doing online because it could be very dangerous, which is very, very true. It could be. Let's see Momo WhatsApp messages apparently are being used to try and convince people to contact them and their cell phone there are some other ones out there known as blue whale where players quote unquote players are instructed to perform a succession of tasks and refusing to do so gets met with threats.

So, the messages are often accompanied by frightening or gory pictures. It really does appear to be a hoax. I've got a country by country breakdown where they have looked at this and the problems Quebec the police forces of the Longueuil, Sherbrooke, and Gatineau have indicated that people in their jurisdiction have been approached to participate in the Momo challenge. But there are no reports of any victims. They're asking people not to use a phone number provided in the WhatsApp messages to send screen captures and images of the of the phone to police authorities. Bottom line the phone numbers that have been used in these hoaxes just don't work. It goes through Columbia, Europe, Brazil, France, Germany, Luxembourg, India, Mexicoso pretty extensive run down and you'll find that online as well. Just look up Momo challenge over on Wikipedia. And thanks to the listener that sent in that question. It's a good question and good concerns. And it's hit the news cycle again, because of these police in Northern Ireland.

So next up here, let's talk about this new browser attack that has been hitting people.

Now one of the most interesting parts of this to me is it's not really a new attack. This particular type of attack was first documented in a research paper back in 2007, this new attack is called MarioNet. And what it does is it is opening the door for creating huge bought net and button that's are used to do a lot of things. They're used to attack businesses, somebody they don't like for their political opinion might be attacked with a botnet and the botnet then ends up sending just malicious data, basically, to whoever the intended victim is. So their website goes down, and they can no longer really conduct business at all. That's what a botnet that is there. They're also used for other types of attacks. And now the real big thing for botnets is called cryptojacking. And what cryptojacking does is it allows the bad guys to use your browser your machine in order to earn Bitcoin for themselves. And just oversimplifying it dramatically. Now, previous versions of this allowed you when you shut off your web browser, or close the window, get what it's no longer running. So the bad guys, we're not using your computer any longer. However, there is a new feature that has been added to the modern web browsers, it's using an API called service workers. And this allows the website to isolate the operation of the service worker from a web page. And the idea is that the web page UI isn't going to freeze up when it's processing a lot of data.

So you could go and this is there are legitimate purposes for this, you go to a website, and you wanted to have a look at something that a history of 23andMe type of site, for instance, I might do real-time live analysis, which 23andMe does not do, by the way, I don't want you to think poorly about them for that. But the service workers really are an update to an older API. But now this MarioNet, which is actually supposed to be pronounced to marionette, but it's spelled MarioNet, it's taken advantage of these things. It's a very silent attack, it doesn't require any user interaction at all the browsers on going to alert you about it, they're not going to ask for permission before registering your service worker. everything's happening under the browser's hood as the user waits for the website to load. And about, the only thing you're going to notice is that if it's used for cryptomining is that your machine is going to slow down, slow down a lot. But let some place malicious code on your high traffic websites gain a huge user base, it's it's a very scary thing. And there's not a whole lot that you can do about it, unfortunately. So the research is going on, it's been discovered. So, expect patches from all of the major vendors out there. And they will be hoping, hoping to have them fix this. Some vendors are course better at patching than others. And you already know who I think are some of the better ones. If you want privacy then the Epic browsers. Fantastic. The Google Chrome browser is the industry standard browser, frankly, very good browser. And Safari is very good. Dead last one you should never use is Microsoft Internet Explorer. They have their new Edge browser, which is nowhere near as bad as Internet Explorer. But Microsoft has come to realize that all other browsers are terrible. So Microsoft is switching over to Google Chrome. So in the future, the little IE button is going to launch the new Edge browser, which is not really IE Internet Explorer, nor is it edge it is actually Google Chrome. So how's that for a good time for all but at least Microsoft is finally realizing that they have no idea how to make a good web browser, right.

So let's talk a little bit here about your health record,

Great article that NPR has up, on their website about storing health records. I saw a lot of mentions of this all over the internet. So I had to have a look at it myself. And he, Well, he would back up a little bit. The author of this is Laura Sidell, and it's talking about Sam Cavalier, he's a San Diego tech worker. And he is using Apple's Health app. And a lot of us are, particularly people who have the Apple Watch, who might have some concerns about their cardiac rhythms. All of that stuff can be tracked now on your Apple device. So he's using the Apple Health app in order to keep track of his weight to his exercise routines, how many steps he takes a day find that really too when I'm going out and I'm walking, how far have I walked, where did I go, and I'll do the walk around the mall in the walk around the blocks. And it's really kind of nice to be able to see that and have that all tracked.

Well since March last year. So about a year now, Apple's had a feature that allows people to store their medical records as part of the Health app information. Then the University of California, San Diego health where this guy, the same guy goes to get his medical checkups, etc. But UC San Diego is one or more than 200 healthcare providers in the US who are using this new health records feature. He travels a lot for work, he likes to keep track, that was blood pressure. And he has a special confidence link to his health app. And he likes the convenience of having that app and really having all those records there with them. If you travel a lot, it's can be phenomenal to have all of your health records with you in case something were to happen, right? Doesn't that make sense? And then the doctor can also look at it and see what the trends are, and analyze where they're not, there might be some sort of a real problem with the guy's health that they may be want to have a look at.

Well, the global health industry is expected to reach $10 trillion by 2022, which is absolutely phenomenal. Just health alone is bigger than any economy of any country other than the US and China. And I mentioned earlier, we've got Apple who's in the foray, Google is in it. And so is Amazon and Microsoft, trying to get a piece of the medical pie in retail pharmacies, artificial intelligence for disease detection, and healthy living apps. And we've seen some of these apps, we've seen already that some of these computer programs are better at spotting skin cancer than even a cancer doctor is, that's actually pretty cool when you get right down to it. And they let you take a picture of moles, and they track the moles over time. And they look at the edges of the moles to see if they are real little rough, they look like there might be precancerous, etc. So the AI part of it, at least machine learning is really going to go a long way. And Apple has invested a lot in machine learning. If you have one of the newer iPhone models, it has a machine learning chip dedicated to machine learning built right into it kind of makes me wonder if maybe that's part of Apple's goal. That's why they put it in there. And part of the reason I should mention too is Apple tries not to send any data up to the cloud that it doesn't absolutely have to send up to the cloud. Which also means makes a ton of sense to me anyways. It's not like Google or Amazon that basically send everything up to the cloud for processing. Apple tries to process it locally, which is really good from a security standpoint.

So where are things going? I read a really great article about Apple and their direction just yesterday because a lot of people are saying, Hey, listen, iPhone sales are slowing down. Is this the end of apple? What should we be worrying about it? What should we be doing? And it turned out that no, no, no, none of those things were true. Apple is looking to get into the service areas. And one of them, of course, is health care.

Now, having privacy as a key like Apple does, and has done for quite a while is a big, big, big win for our friends over at Apple, because people are now used to expecting maybe that's even a better way to put it. People are expecting Apple to keep their data safe. And frankly, I think they will. Their CEO, Tim Cook's been very vocal about privacy rights. He also is really ticked off at Google and Facebook for making money off of user data, which is I know, I go back and forth on that.

But they certainly do keep it private. So how about you? What do you want to do? Do you want to give your medical data to any of these big companies, Facebook, or Amazon, Google, Microsoft or Apple, there are pros and cons to all of it. And the whole HIPAA regulations, that whole thing was supposed to make it so that our information would be digitized. And we could take it with us as we moved around the country or change doctors. But somehow that really hasn't come into fruition. Frankly, I don't know that it will, hey, I want to talk about this other thing right out of the universities. This is the University of Bergen. And we're going to talk about this conference over in Hawaii, and how this could have a huge, huge impact on our privacy.

There was a conference in Hawaii here recently. And they were talking about our fish, artificial listening devices. And we have those all over the place, we just found out that if you have a certain smart thermostat that's been on the market for a while that built into it was a microphone people had no idea it was there. And I personally don't like that idea, right. So it had a built-in microphone that was kind of hidden. Frankly, there's no mention of it in the marketing materials in the owner's manual, nothing. And then the company decided just about two weeks ago, hey, we're going to turn on that microphone so that you can ask questions and get things done. And it's a piece of hardware that Amazon had picked up through one of its acquisitions. So we have these we have the Amazon Alexa is we have our series, we have our Google Homes, and there will be many others, of course, coming over the years, I'm sure, but one of those three is probably going to be the winner. So we have these in our homes. We've already talked on the show about police departments who have since subpoenas to get the audio from these devices. And frankly, those subpoenas don't really go very far. Because they don't really have the audio from the devices, all they'll have is the audio for about 30 seconds after you give it the wake word whatever your wake word is. So in other words, you might wake it up by calling a computer or whatever might be, and it responds, it listens for up to 30 seconds, sends out audio up to the cloud words process tries to figure out what you're talking about. And then and then goes ahead and processes.

And I should mention too, that on that exact same front, a lot of people are upset with Apple, and how Siri just doesn't perform as well as Alexa does, for instance, or as Google Home does. And I want to remind everyone, again, it's a trade-off on privacy in the apple space. It's trying to do as much of the processing locally as it can. And so it doesn't have all the benefits of all of the cloud data that has been collected and stored and analyzed by the other competitors out there. So Apple, Apple is in a bit of a disadvantage because of their privacy stuff.

Anyhow, the devices are listening. So these scientists over at the University of Bergen decided, hey, let's do a little bit of study on these devices. Can we turn these into monitors for the home? And what they are suggesting is that these smart devices should have built into them in the future what they're calling a moral artificial intelligence so they're sitting there listening to what's going on they should be able to say wait a minute and it sounds like somebody's getting a beating, somebody's a whooping. Okay. And whooping weapon me not a great idea, right? But is frankly, the device really shouldn't be responsible to try and decide whether or not it should call the police on your behalf. I get it if you tell it if you wake it up and say you know, call the police it should right but if it's just listening does not sound like 1984 is in that very Orwellian where it's listening and it tries to make decisions based on all of this, right? It's, it's an interesting problem. If you ask me.

The University of Cambridge has stepped in and made their little comment saying humans and human situations are far messier than what the scientists over there from Norway, University of Bergen has been really saying and contemplating. Because you think about family and family dynamics, and there can be some pretty heated arguments, but that doesn't mean that there's a crime committed or someone was particularly harmed and when we see some agencies being very, very ready to just grab children and run away and then investigate later is is it something that's legitimate, something we should be doing? We had in the UK in April 2018, the House of Lords artificial intelligence committee said that ethics need to be put at the center of the development of AI so there you go. And Britain they're poised to become a world leader in the controversial technology field of you guessed it moral artificial intelligence. And remember, I said the Londoners are some of the most surveilled people in the world. It's very, very interesting. Also, in the UK, they are European actually parliament, they are looking at creating a legal status for robots. And it goes on and on. We have a lot of things we've got it assigned on over the next few years when it comes to artificial intelligence tracking us. And this whole concept of moral artificial intelligence, which frankly, really kind of scares me.

Well, I don't want this article to just go away. We have a couple of minutes left here. And today's show. So let's talk about this. This is called Fido, it's been around a little while. If you use your key or some of these other hardware tokens, many of them tie into Fido. And the idea behind Fido is to have a mechanism that gets rid of a password. That's the bottom line here, password list web. And that's the goal. So if you go on to the Internet, and you go to a particular website, the idea is that you can use this Fido certification to figure out if it's really the person that says it is right. So automated Google Play Services update is going to push that to your device. If you have that turned on. You can this is for Android, obviously they can log in with other forms of authentication compatible with final to spec like the yubi keys are or Google Titan. Titan was an internal project at Google, they use it for life getting into all of their devices. And now they are marketing that it's available for purchase. So have a look at that as well. We're helping a lot of businesses move over to start using hardware keys, particularly in the medical and legal realms, where access to information is severely limited on the legal side, right.

So let's see final two supports can allow Android to accept secure web logins using these devices including Bluetooth by the way so you can use your smartphone as part of your identifier Google's anticipating fingerprint nothing authentication will be the easiest way just like to become the users preferred method and in this case it doesn't send your fingerprint to the website the fingerprint is analyzed locally and then there is a cryptographically secure handshake that occurs between the website and your final compatible device anyways, there's a lot there. Naked Security blog had a very good article on this if you're interested. It's up on my website as well. http://CraigPeterson.com.

But that's it for now. I had a couple of really great webinars this week. I want to mention one for the FBI Infragard. This is their National Cyber camp program and it's really really kind of cool so I did a whole webinar on that for the leaders in all of the 80 Plus Local in for guard chapters. But as you're thinking about summer and summer programs and camps, have a look at that if you are an InfraGard member and if you're not, check it out Infragard.org. You'll find out more there, about what they're doing with this whole FBI related program. So, that's it for this week. Have a great week. And we'll be chatting again soon. You've been listening to Craig Peterson and all of this can be found at http://CraigPeterson.com. Bye-bye.

--- 

Related articles:

New Browser Attack Lets Hackers Run Bad Code Even After Users Leave A Web Page

Alexa, Call The Police! Smart Assistants Should Come With A ‘Moral Ai’ To Decide Whether To Report Their Owners For Breaking The Law, Experts Say

Can You Trust Online Reviews? Here’s How To Find The Fakes

China’s Tech Firms Are Mapping Pig Faces

FTC Ruling Sees Musical.Ly (Tiktok) Fined $5.7m For Violating Children’s Privacy Law, App Updated With Age Gate

Storing Health Records On Your Phone: Can Apple Live Up To Its Privacy Values?

Android Nudges Passwords Closer To The Cliff Edge With Fido2 Support

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553