Episode 613 – Aussie Tech Heads Shownotes

posted in: Show Notes | 0

Microsoft surpasses Apple in market capitalisation

Microsoft has ended the week as the most valuable publicly traded company in the US.

 

Microsoft’s market capitalisation stood at US$851.22 billion based on its closing stock price on Friday. Apple’s market cap ended at US$847.43 billion.

 

Microsoft’s market capitalisation stood at US$851.22 billion based on its closing stock price on Friday. Apple’s market cap ended at US$847.43 billion.

 

Up to 500 million customers affected by Marriott breach

Marriott International has revealed hackers accessed up to 500 million customer records in its Starwood Hotels reservation system in an attack that began four years ago, exposing data including passport numbers and payment cards.

The hack, one of the largest in history, which prompted regulators in Britain and at least five U.S. states to launch investigations.

The FBI said it was looking into the attack on Starwood, whose brands include Sheraton, St. Regis, W and Westin hotels. It advised affected customers to check for identity fraud and report it to the bureau’s Internet Crime Complaint Center.

The hack began in 2014, a year before Marriott offered to buy Starwood to create the world’s largest hotel operator. The US$13.6 billion deal closed in September 2016.

Some 327 million customer records containing information including passport details, birthdates, addresses, phone numbers and email addresses were exposed, according to the company.

Nine Entertainment turns to cloud to stabilise its live streams

Nine Entertainment has switched out parts of its live streaming infrastructure using AWS cloud-based services to improve the stability of the platform.

 

Digital development director Kunaal Ramchandani told AWS re:Invent 2018 last week that the company had seen sizabe growth in its live streams since launching channels at the start of 2016.

 

“At the start [January 2016] we were only doing a few thousand streams per month, and then we had a peak of 5 million a few months ago [June 2018] and the last few months we’ve been averaging about 4 million,” Ramchandani said.

 

TPG’s $20 “prepayment” for extras lands it in hot water

Court proceedings filed.

TPG is set to face federal court proceedings over a $20 “prepayment” it takes from customers to cover costs incurred – but not included – in telecommunications plans, such as overseas calls.

 

The Australian Competition and Consumer Commission (ACCC) said it had filed suit against TPG alleging “misleading conduct” over the prepayment and other contract terms.

 

The ACCC alleged that TPG said the prepayment credit “could be used for excluded telecommunications services before the consumer cancelled their plan.”

“However, the prepayment operates as a non-refundable fee and TPG retains at least $10 of the prepayment when a customer cancels their plan,” the ACCC alleged.

 

The ACCC also raised concerns that when the prepayment balance dipped below $10, an automatic top-up was triggered “to return the prepayment balance to $20”.

“This means that customers can’t use at least $10 of the prepayment for telecommunications services when they cancel their plan, which is not disclosed,” the ACCC said.

“Since March 2013, the ACCC estimates that TPG is likely to have retained millions of dollars paid by consumers in prepayments that were forfeited,” Rickard said.

The ACCC said it is seeking undisclosed “penalties and compensation for consumers”.

 

China’s bold mission to land a probe on the dark side of the Moon

 

China’s National Space Administration is believed to be targeting the robotic lander at the Von Karaman crater, near the Moon’s south pole. It’s judged to be the oldest impact crater in the entire Solar System, making it an ideal collecting ground for water ice and a rare hydrogen isotope carried on the Solar wind

 

If launched this weekend, Chang’e-4 will likely touch down on the Moon’s surface on December 31.

China has focused its space efforts on the Moon since its space program was initiated in 2004. Two probes have been put in Lunar orbit, Chang’e-1 and 2. The Chang’e-3 lunar lander was the first since 1976.

 

PAUL

Microsoft is reportedly ditching Edge on Windows 10 for a Chrome-based browser.

https://9to5google.com/2018/12/03/microsoft-chrome-based-browser/

 

Huawei’s global CFO arrested for allegedly violating US sanctions on Iran.

https://amp-news-com-au.cdn.ampproject.org/v/s/amp.news.com.au/technology/gadgets/mobile-phones/huaweis-global-cfo-arrested-for-allegedly-violating-us-sanctions-on-iran-reports/news-story/3b21232a660689aa53cf5da737e4865f?amp_js_v=a2&amp_gsa=1#referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fwww.news.com.au%2Ftechnology%2Fgadgets%2Fmobile-phones%2Fhuaweis-global-cfo-arrested-for-allegedly-violating-us-sanctions-on-iran-reports%2Fnews-story%2F3b21232a660689aa53cf5da737e4865f

 

Joes Podcast Notes

06/12/2018

 

Quora says hackers stole up to 100 million users’ data

https://www.theverge.com/2018/12/3/18124849/quora-100-million-user-hack-name-email-messages

i

 

  • Quora said it discovered last week that hackers broke into thier systems and were able to make off with data from just under 100 million of its users.
  • That data could have included a user’s name, thier email address, and an encrypted version of their password……  If a user imported data from another social network like facebook, twitter etc, it’s possible that their contacts or demographic information, that could have been taken too.
  • Some private actions on the site may have been taken as well. That includes requests for answers, downvotes, and direct messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable information for those posts.
  • Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, it’s only revealing that a “a malicious third party” was able to gain “unauthorized access to one of our systems” and that it discovered the breach on Friday.

 

———————————————–

 

Bluetooth Chip Flaws Expose Enterprises to Remote Attacks

https://www.securityweek.com/bluetooth-chip-flaws-expose-enterprises-remote-attacks

 

  • Millions of access points and other networking devices used by enterprises around the world may be exposed to remote attacks due to a couple of vulnerabilities discovered by researchers in Bluetooth Low Energy (BLE) chips made by Texas Instruments.
  • Bluetooth Low Energy, or Bluetooth 4.0, is designed for applications that do not require exchanging large amounts of data, such as smart homes, and also health and sporting devices.
  • BLE stays in sleep mode and is only activated when a connection is initiated, which results in low power consumption.
  • Bluetooth Low Energy chips work over distances of up to 100m but its data transfer rate is typically 1 Mbit/s, compared to 1-3 Mbit/sec in the case of normal Bluetooth.
  • Researchers at the IoT security company Armis, who discovered the Bluetooth vulnerabilities. These chips are used in access points and other enterprise networking devices like Cisco and HP-owned Aruba Networks.
  • Other such devices that are used can be in the healthcare sector, such as insulin pumps and pacemakers, they could use the affected BLE chips so they could be vulnerable to BLEEDINGBIT attacks as well.
  • The flaw, which is called the BLEEDINGBIT by Armis, can allow a remote and unauthenticated attacker to take complete control over the impacted devices and can gain access to the enterprise networks that they belong too.
  • If a Bluetooth Low Energy device is turned on and the device is actively scanning, a malicious hacker can send specially crafted packets in order to trigger a memory overflow and then execute arbitrary code.
  • The attacker can then install a backdoor on the chip and then gain complete control of the system in which the device works in. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.

 

  • The attacks can be conducted from up to 100 meters away, but the company did say that the distance can be doubled or even tripled if the attacker uses a directional antenna. Once the AP has been compromised, the attacker can create an outbound connection over the Internet and they no longer need to stay in range. The attacks can be carried out in 1-2 minutes.

 

——————————————–

 

USB-C was supposed to be a universal connector — but it still has a lot of problems

https://www.businessinsider.com.au/everything-wrong-usb-c-cables-explained-which-cable-2018-11

 

  • There’s been a lot of confusion over the USB-C cables used for smartphones and laptop users – two cables that look exactly the same can transfer data and power at different speeds. Not only that, but not all USB-C to headphone jack adapters are compatible as well.

 

  • The USB-C cable was supposed to be a universal connector, bridging together phones, computers, power supplies, and accessories. But there’s one big issue holding it back. The USB-C name refers to the physical shape of the connector, not the protocol it uses. Even though two cables can have the same physical connector, what’s happening on the inside of the cable can be very different.
  • The protocol, or specification the device uses, determines what the cable can transfer and how fast it can send it. A USB-C cable can be limited to either USB 3.1, 3.0, or 2.0 speeds. Some USB-C cables are even USB 3.1 Gen 2 cables. This means they can transfer an HD movie in about five seconds and at around 10 gigabits per second. But, you can also have a USB-C cable that is as slow as the old USB 2.0 spec. Transferring that same HD movie would take almost two minutes at a speed of 480 megabits per second.

 

  • Using the USB-C cable that charges your Android phone probably won’t be as fast as the one that came with your new external hard drive. To make things more confusing, some USB-C cables can be used with a second monitor, while others aren’t capable of sending a video signal at all. You could easily end up stranded if you mix up two different cables. And things can get even more complicated when you’re using adapters to change from USB-C to another connector, like the headphone jack. Not all adapters are created equal. A headphone adaptor that came with one phone isn’t guaranteed to work with a phone from a different company.
  • When it comes to power – Many smartphones and laptops can charge over USB-C, but the amount of power that these cables can deliver isn’t necessarily the same. In some cases, a laptop can require almost twice as much power as a smartphone. The consequences of using the wrong cable can be worse than a slower charge. If you happen to connect a USB-C device to your laptop that draws more power than the port can deliver, there’s a chance that port could stop working entirely.

USB-C cables are supposed to have safeguards put in place to prevent accidental damage. If they’re used on a device that doesn’t support their maximum power draw…. The cables are supposed to keep the device safe. But, sometimes manufacturers will cut corners to reduce costs. The cables that aren’t compliant with USB-C standards can seriously harm your device.

  • So, what can you do to prevent yourself from using the wrong cable? Always buy from trusted brands, fully read descriptions when buying the cable, and make sure other people that are using the cable for what it was designed for…..You can also label your cables to avoid mixing up two cables that look the same….. And  Finally, try to only use the cable that came with that device you bought in order to avoid any nasty surprises.

 

Liked it? Take a second to support Aussie Tech Heads Podcast on Patreon!