WEBVTT - Tech News: Reddit Takes Misinformation Seriously 0:00:04.400 --> 0:00:07.800 Welcome to tech Stuff, a production from I Heart Radio. 0:00:12.119 --> 0:00:14.960 Hey there, and welcome to tech Stuff. I'm your host, 0:00:15.120 --> 0:00:18.280 Jonathan Strickland. I'm an executive producer with I Heart Radio 0:00:18.480 --> 0:00:20.680 and I love all things tech. And this is the 0:00:20.720 --> 0:00:24.959 tech news for Thursday, September second, two thousand twenty one. 0:00:25.960 --> 0:00:30.000 Earlier this week, I talked about how thousands of subreddits 0:00:30.040 --> 0:00:33.600 on the site Reddit are calling on Reddit to crack 0:00:33.680 --> 0:00:38.440 down on COVID nineteen misinformation and disinformation that is otherwise 0:00:38.479 --> 0:00:43.560 proliferating across the site. Reddit had quarantined a subreddit called 0:00:43.760 --> 0:00:48.440 our slash No New Normal, meaning Reddit had effectively cut 0:00:48.440 --> 0:00:51.599 off access to the subreddit for new users, but had 0:00:51.600 --> 0:00:55.120 not actually shut it down. But now that's changed. Reddit 0:00:55.200 --> 0:00:59.560 has subsequently banned the No New Normal subreddit completely, and 0:00:59.600 --> 0:01:03.440 as warantined, more than fifty other subreddits also found to 0:01:03.480 --> 0:01:07.480 have spread and promoted COVID misinformation. So it looks like 0:01:07.520 --> 0:01:10.640 Reddit is making a shift, at least when it comes 0:01:10.640 --> 0:01:13.639 to matters of public health. As I said earlier this week, 0:01:14.000 --> 0:01:17.280 the official stance of the company had been let's just 0:01:17.360 --> 0:01:19.919 let the users kind of hash out what to believe, 0:01:20.400 --> 0:01:24.839 very similar to what Mark Zuckerberg said about content on Facebook. 0:01:25.319 --> 0:01:28.080 And you know that can be fine if you're talking 0:01:28.080 --> 0:01:31.800 about different points of view that have validity to them. Right, 0:01:32.000 --> 0:01:34.880 If you have two people who disagree about something, but 0:01:35.040 --> 0:01:38.839 they have valid reasons for that disagreement, letting them hash 0:01:38.880 --> 0:01:41.120 it out, that makes sense and not taking sides until 0:01:41.160 --> 0:01:44.319 we get that. But when it comes to truth versus misinformation, 0:01:44.720 --> 0:01:47.160 it's a different matter entirely. Anyway, I'm not going to 0:01:47.240 --> 0:01:49.080 go down that rabbit hole again. You already heard me 0:01:49.160 --> 0:01:52.240 say that earlier this week. Instead, I'll say that Reddit 0:01:52.320 --> 0:01:56.680 won't allow posts that promote quote falsifiable health information that 0:01:56.800 --> 0:02:00.280 encourages or poses a significant risk of physical arm to 0:02:00.320 --> 0:02:04.120 the reader end quote. I think that's the ethical choice here, 0:02:04.360 --> 0:02:07.160 as this is not, you know, a case of the 0:02:07.280 --> 0:02:10.200 dresses blue and black. No, you're an idiot, The dress 0:02:10.280 --> 0:02:13.560 is white and gold. This is really about people spreading 0:02:13.680 --> 0:02:18.639 narratives that have potentially tragic consequences, with more people getting sick, 0:02:18.880 --> 0:02:23.280 hospitals becoming overwhelmed, and ultimately more people dying as a result. 0:02:23.639 --> 0:02:26.800 I think Reddit's response is a good one. I also 0:02:26.840 --> 0:02:30.640 think it was a necessary response, not just because it 0:02:30.720 --> 0:02:33.160 was the right thing to do, as I believe it was, 0:02:33.720 --> 0:02:36.840 but also because the subredits that were protesting all this 0:02:36.960 --> 0:02:39.520 misinformation in the first place, We're starting to use some 0:02:39.600 --> 0:02:43.320 pretty guerrilla warfare tactics to disrupt the subredits that we're 0:02:43.360 --> 0:02:46.720 spreading misinformation going in there and like posting not safe 0:02:46.760 --> 0:02:49.799 for work content and such in order to necessitate a 0:02:49.880 --> 0:02:53.240 change in that subreddit status. And if Reddit had not 0:02:53.360 --> 0:02:56.120 stepped in, the whole platform could have descended into a 0:02:56.200 --> 0:03:01.280 chaotic mess. Samsung has entered used a new sensor for 0:03:01.360 --> 0:03:06.160 mobile devices that has a resolution of two hundred megapixels. 0:03:06.200 --> 0:03:10.760 That's pretty incredible stuff, but let's break down what that means. 0:03:10.800 --> 0:03:15.680 Super Fast digital images when you zoom way way way in, 0:03:16.200 --> 0:03:20.280 are made up of tiny little points of light called pixels, 0:03:20.520 --> 0:03:24.080 and collectively, these pixels appear to us as you know, 0:03:24.120 --> 0:03:26.960 photographs and videos and stuff when we're looking at them 0:03:26.960 --> 0:03:30.600 on screens, and generally speaking, the more pixels you can 0:03:30.680 --> 0:03:35.960 cram into a certain size frame, the more detail you 0:03:36.000 --> 0:03:39.320 can capture in that image. Now, once you get beyond 0:03:39.320 --> 0:03:41.600 a certain resolution, the human eye is going to have 0:03:41.600 --> 0:03:45.280 a lot of trouble picking out any extra detail. So 0:03:46.160 --> 0:03:48.360 if you're just looking at a full size image, you're 0:03:48.400 --> 0:03:51.920 not likely to see the difference. So megapixels and cameras 0:03:51.920 --> 0:03:55.920 really only matter up to a point unless you're looking 0:03:56.200 --> 0:04:00.000 for a specific use case. So, for example, let's say 0:04:00.400 --> 0:04:03.000 that you're a photographer and you want to take photos 0:04:03.000 --> 0:04:06.320 of stuff that you later intend to enlarge so that 0:04:06.400 --> 0:04:10.000 you can make movie poster sized print outs of it. Well, 0:04:10.040 --> 0:04:12.440 in that case, you want a camera that has sensors 0:04:12.440 --> 0:04:15.520 that can, yeah, you know, capture a lot of megapixels, 0:04:15.960 --> 0:04:18.800 because otherwise, as you enlarge the image, you start to 0:04:18.839 --> 0:04:22.520 lose that detail. If you've got, you know, are very 0:04:22.600 --> 0:04:26.279 high megapixel camera, you can enlarge an image to a 0:04:26.520 --> 0:04:30.520 pretty impressive degree and not lose any noticeable detail as 0:04:30.560 --> 0:04:34.400 a result. So this means that in the future, if 0:04:34.440 --> 0:04:36.560 you happen to buy one of these phones that's going 0:04:36.600 --> 0:04:39.400 to have a two D megapixel image sensor, you could 0:04:39.440 --> 0:04:42.520 theoretically snap a photo with your phone and then later 0:04:42.600 --> 0:04:45.560 you could digitally zoom way, way way in on the 0:04:45.600 --> 0:04:48.200 image to look at something specific, and you could even 0:04:48.240 --> 0:04:51.120 crop the photo and have it take you know, a 0:04:51.120 --> 0:04:54.080 full size photo as if you were you know, right 0:04:54.160 --> 0:04:57.240 up on something as opposed to really far back from it, 0:04:57.520 --> 0:05:00.280 and you don't lose any detail. In the image. That's 0:05:00.320 --> 0:05:02.320 pretty cool, especially if you want to take photos of 0:05:02.360 --> 0:05:05.120 stuff that you cannot get close to. Let's say like 0:05:05.440 --> 0:05:08.640 you're taking a picture of a historic building and there's 0:05:08.800 --> 0:05:11.640 a barrier where you're not supposed to cross, and you 0:05:11.680 --> 0:05:14.599 want to get really fine detail on a specific part. 0:05:14.920 --> 0:05:17.360 You can only zoom in so much with most digital cameras, 0:05:17.400 --> 0:05:19.920 if especially if you don't have a telephoto lens. So 0:05:20.000 --> 0:05:22.479 this is something that can help you with that, where 0:05:23.000 --> 0:05:26.520 that pixel density can allow you to capture detail that 0:05:26.720 --> 0:05:30.039 otherwise you might lose. Something else. The sensor does that 0:05:30.040 --> 0:05:32.480 I think is really neat is it adapts to take 0:05:32.520 --> 0:05:35.880 images in low light situations. So camera sensors are all 0:05:35.920 --> 0:05:38.680 about capturing light when you get down to it, and 0:05:38.839 --> 0:05:42.560 some digital cameras, whether they're in smartphones or otherwise, have 0:05:42.720 --> 0:05:46.520 some trouble in dim light situations and they produce grainy 0:05:46.600 --> 0:05:50.000 images as a result. The Samsung sensor will have blocks 0:05:50.080 --> 0:05:54.120 of sixteen pixels essentially teaming up to act like a 0:05:54.160 --> 0:05:58.600 single pixel. So in this case, the overall image would 0:05:58.600 --> 0:06:02.120 get reduced to twelve point five megapixels instead of two 0:06:02.200 --> 0:06:05.840 hundred because those blocks of sixteen would be acting as 0:06:05.920 --> 0:06:09.279 one reducing it down to twelve point five megapixels, but 0:06:09.360 --> 0:06:12.240 that those sixteen pixels will be able to more effectively 0:06:12.320 --> 0:06:15.640 capture the light that's in the scene and thus produce 0:06:15.720 --> 0:06:18.120 better low light photos as a result. So, yeah, there'll 0:06:18.160 --> 0:06:20.440 be fewer megapixels, you won't be able to zoom in 0:06:20.600 --> 0:06:23.760 as far without losing detail, but you'll be able to 0:06:23.839 --> 0:06:27.040 get a better image out of a low light situation. Now, 0:06:27.120 --> 0:06:29.120 there's no word yet on when we might expect to 0:06:29.120 --> 0:06:32.120 see phones that actually have these sensors in them. I 0:06:32.120 --> 0:06:35.360 imagine they'll be popping up after a generation or two 0:06:35.760 --> 0:06:38.560 of new devices, So we're probably looking at you know, 0:06:38.720 --> 0:06:43.159 not maybe not by early next year, but maybe mid 0:06:43.240 --> 0:06:46.600 to late next year, maybe we start seeing devices that 0:06:46.680 --> 0:06:49.080 have these kind of sensors in it. I think that's 0:06:49.080 --> 0:06:53.839 pretty neat. You know. I've talked a lot this year 0:06:53.880 --> 0:06:57.760 about data breaches and hackers in ransomware. I wish I 0:06:57.800 --> 0:07:00.560 didn't have to talk about it so much, but it's 0:07:00.560 --> 0:07:03.520 been happening a lot. Well, we're gonna get to some 0:07:03.600 --> 0:07:08.240 similar stuff right now. Bleeping Computer, it's a website, has 0:07:08.279 --> 0:07:11.880 a piece that says the ransomware hacker group lock Bit 0:07:12.080 --> 0:07:15.720 two point oh is actively trying to recruit folks who 0:07:15.720 --> 0:07:19.760 work inside large corporations and the whole purpose is to 0:07:19.840 --> 0:07:23.960 try and help this ransomware group plant malware on corporate 0:07:24.080 --> 0:07:27.239 machines to kind of act as like an in road 0:07:27.520 --> 0:07:30.880 for the hackers. See, when we think about hackers and malware, 0:07:30.960 --> 0:07:33.680 we often think about someone finding like, you know, a 0:07:33.800 --> 0:07:38.280 technical backdoor vulnerability. They're on their computer, they're typing quickly, 0:07:38.600 --> 0:07:41.040 you know, they type in a password a couple of 0:07:41.040 --> 0:07:43.480 times to get access to a system. Or maybe we 0:07:43.560 --> 0:07:47.600 think about someone using social engineering to convince a person 0:07:48.120 --> 0:07:51.440 who is authorized to access systems to hand over that 0:07:51.520 --> 0:07:55.080 access by tricking them. This is the classic. Hey, I'm 0:07:55.120 --> 0:07:56.960 from I T and I need to install some new 0:07:57.000 --> 0:07:58.720 software in your machine and it should only take a 0:07:58.720 --> 0:07:59.920 few minutes if you want to go in, you know, 0:08:00.040 --> 0:08:04.720 take a coffee break. That is more common than you 0:08:04.800 --> 0:08:09.640 might think. But sometimes the malware is coming from inside 0:08:09.640 --> 0:08:14.000 the house. Sometimes employees of these companies can be convinced 0:08:14.280 --> 0:08:18.960 to turn on their employers and help out a ransomware group. Now, 0:08:19.040 --> 0:08:22.760 ransomware gangs typically demand some pretty high prices to return 0:08:22.800 --> 0:08:25.640 systems to their rightful owners. And in case you're not 0:08:25.760 --> 0:08:29.720 really familiar with what ransomware is. It's usually some software 0:08:29.920 --> 0:08:33.840 that will encrypt data on a computer system or a 0:08:33.880 --> 0:08:38.040 full computer network so that that data becomes inaccessible unless 0:08:38.080 --> 0:08:40.320 you happen to have the decryption key, and then the 0:08:40.400 --> 0:08:44.959 ransomware group demands a ransom be paid in order for 0:08:45.000 --> 0:08:47.520 them to turn over that decryption key, and so a 0:08:47.559 --> 0:08:51.120 lot bit two point oh is saying that insiders stand 0:08:51.160 --> 0:08:54.320 to earn quote millions of dollars end quote if they 0:08:54.360 --> 0:08:56.880 go along with it. But let me say a couple 0:08:56.880 --> 0:08:58.679 of things before some of you all decide that you're 0:08:58.679 --> 0:09:01.000 going to stick it to the man and and become 0:09:01.040 --> 0:09:05.560 the infection vector for malware to hit your company's systems. First, 0:09:06.120 --> 0:09:09.640 the general advice that companies receive whenever they're hit with 0:09:09.760 --> 0:09:13.320 ransomware is that they should not pay the ransom because one, 0:09:13.360 --> 0:09:18.120 there's no guarantee that they will have control returned to them. 0:09:18.200 --> 0:09:21.439 And to every single payout is a message that goes 0:09:21.480 --> 0:09:24.560 out to the hacking community that says ransomware is a 0:09:24.559 --> 0:09:27.520 good way to make money. So, in other words, paying 0:09:27.640 --> 0:09:31.120 ransoms encourages future attacks, So that could mean you could 0:09:31.120 --> 0:09:34.520 go through the trouble of performing a criminal act on 0:09:34.559 --> 0:09:38.080 behalf of this ransomware group, putting yourself at risk and 0:09:38.240 --> 0:09:41.360 your company at risk, and your company might never pay 0:09:41.400 --> 0:09:45.040 out that ransom, so you end up making nothing for 0:09:45.120 --> 0:09:48.319 that anyway, which means you've got a very high risk 0:09:49.200 --> 0:09:51.600 in other words. But another reason not to do it 0:09:51.640 --> 0:09:53.840 is that, let's say that the group is ready to 0:09:53.880 --> 0:09:57.000 commit a crime and extort money out of a target, Well, 0:09:57.000 --> 0:09:59.560 then what's to stop that same group from screwing over 0:09:59.600 --> 0:10:01.880 the person and who gave them access in the first place. 0:10:02.160 --> 0:10:04.880 I mean, it's not like you could come forward and say, hey, 0:10:05.760 --> 0:10:08.439 those hackers that attack the systems, they promised to give 0:10:08.440 --> 0:10:10.800 me money if I gave them access, and now they 0:10:10.880 --> 0:10:14.000 stiffed me. You can't do that. It would be admitting 0:10:14.040 --> 0:10:18.120 that you were part of the attack. So there's no 0:10:18.200 --> 0:10:21.200 guarantee you would even get paid out. You know, don't 0:10:21.200 --> 0:10:24.640 he help out ransomware gangs. And you know what, even 0:10:24.679 --> 0:10:27.360 if they did pay you out, even if you did 0:10:27.480 --> 0:10:30.760 get millions of dollars, you don't have to figure out 0:10:30.760 --> 0:10:34.359 how to hide all that cash because trust me, organizations 0:10:34.440 --> 0:10:37.160 like the I r S and law enforcement are really 0:10:37.160 --> 0:10:39.800 gonna wonder how you got so flush with cash out 0:10:39.880 --> 0:10:45.199 of nowhere. So long story short, don't pay ransoms and companies, 0:10:45.720 --> 0:10:48.640 don't burn your employees and make them resent you, because 0:10:48.679 --> 0:10:52.439 that's really what makes these sorts of schemes tempting. In fact, 0:10:52.600 --> 0:10:55.679 we'll talk about more of along those lines in just 0:10:55.760 --> 0:10:58.360 a moment, but before we get to that, let's take 0:10:58.480 --> 0:11:09.560 a quick break. Okay, before the break, I was talking 0:11:09.600 --> 0:11:12.280 about how companies need to be careful because if they 0:11:12.360 --> 0:11:14.800 burn their employees, then they can create the sort of 0:11:14.880 --> 0:11:19.080 environment where those employees would say, yeah, why don't I 0:11:19.120 --> 0:11:22.600 screw over the company because they're screwing me over and 0:11:22.840 --> 0:11:26.440 you don't want that. Well, let's talk about the story 0:11:26.520 --> 0:11:30.760 of Julianna Barile, who recently pled guilty to charges that 0:11:30.800 --> 0:11:33.840 she illegally accessed the computer systems of a New York 0:11:33.840 --> 0:11:38.839 credit union and subsequently deleted more than twenty gigabytes of data. 0:11:39.280 --> 0:11:42.559 So Bill was once an employee of this credit union 0:11:42.559 --> 0:11:45.800 in New York, but she found her employment terminated this 0:11:45.920 --> 0:11:49.080 past May. Now, someone in the I T department was 0:11:49.160 --> 0:11:53.600 supposed to revoke her access to the credit union's computer systems, 0:11:53.880 --> 0:11:57.600 which is pretty standard operating procedure when someone leaves a company, 0:11:57.600 --> 0:12:01.640 whether it's through termination, or residue nation or retirement or 0:12:01.679 --> 0:12:05.840 whatever it might be. It's just good info sec practice 0:12:05.960 --> 0:12:10.120 to revoke system access when someone is no longer employed 0:12:10.160 --> 0:12:13.160 by the company. But yeah, that didn't happen. And when 0:12:13.160 --> 0:12:15.839 Barrill found out that she could still access the credit 0:12:15.920 --> 0:12:20.480 Union system, she did, and then she started deleting stuff, 0:12:20.880 --> 0:12:24.720 and that included like loan application folders and such. And 0:12:24.760 --> 0:12:26.960 as someone who not too long ago went through the 0:12:27.000 --> 0:12:29.800 process of applying for a loan, I could tell you 0:12:29.840 --> 0:12:34.560 that any hiccup along the way is stressful and it's frustrating, 0:12:34.880 --> 0:12:37.720 but having the whole thing wiped out by a disgruntled 0:12:37.840 --> 0:12:42.280 former credit Union employee would make things way worse. According 0:12:42.320 --> 0:12:45.880 to court documents, Burrile deleted some twenty thousand files and 0:12:45.920 --> 0:12:50.160 more than three thousand directories in about forty minutes. The 0:12:50.240 --> 0:12:53.480 credit Union has been able to restore some files from 0:12:53.480 --> 0:12:56.559 backup and estimates that the cost for recovery has been 0:12:56.600 --> 0:12:59.240 more than ten thousand dollars. And here's an example of 0:12:59.280 --> 0:13:01.400 the sort of thing groups like lock a bit two 0:13:01.440 --> 0:13:04.240 point oh that I talked about before the break. This 0:13:04.320 --> 0:13:06.440 is what they're on the lookout for. People who have 0:13:06.559 --> 0:13:09.600 access to a system and an ax to grind against 0:13:09.640 --> 0:13:14.959 their company. What Brill did was wrong. She probably caused 0:13:14.960 --> 0:13:17.480 more harm to the end the customers of the Create 0:13:17.559 --> 0:13:20.920 Union than the Create Union itself, like all those people 0:13:20.960 --> 0:13:25.600 who had loans in process. It's incredibly disruptive. Now. I 0:13:25.679 --> 0:13:29.000 don't have the details around her termination, like why she 0:13:29.160 --> 0:13:32.440 was let go, but obviously whether the reasons for that 0:13:32.520 --> 0:13:36.960 termination were justified or not, we can all say that 0:13:37.000 --> 0:13:40.360 the credit union really should have revoked her access straight away. 0:13:40.440 --> 0:13:43.280 As soon as she was terminated, that access should have 0:13:43.280 --> 0:13:47.199 been shut down. So there are you know, she's at fault, 0:13:47.240 --> 0:13:49.960 certainly because she's the one who did the crime, but 0:13:50.040 --> 0:13:52.760 the CREB union also bears some responsibility. I would not 0:13:52.800 --> 0:13:56.680 be surprised if some credit Union customers sought action against 0:13:56.679 --> 0:13:59.840 the Create Union for failing to protect their you know, 0:14:00.040 --> 0:14:04.520 their information and their assets. Speaking of cybersecurity, let's talk 0:14:04.600 --> 0:14:07.600 about cables for a second. Now. I think a lot 0:14:07.600 --> 0:14:11.040 of people don't consider cables as you know, a cybersecurity 0:14:11.040 --> 0:14:14.040 element that they need to worry about, particularly when you've 0:14:14.040 --> 0:14:17.600 got tons of people connecting to public WiFi without running 0:14:17.600 --> 0:14:21.280 a VPN or anything like that. But yeah, cables can 0:14:21.280 --> 0:14:26.200 trip you up and uh, I don't just mean literally, 0:14:26.280 --> 0:14:29.160 although they can do that too. Happens to be pretty 0:14:29.200 --> 0:14:32.560 much once a day, but no. A cybersecurity researcher who 0:14:32.640 --> 0:14:36.880 uses the handle MG has been creating cables that hide 0:14:37.040 --> 0:14:40.160 sneaky hardware inside them for a while now, and he 0:14:40.240 --> 0:14:45.040 calls them, oh MG cables cute, right, And he's recently 0:14:45.080 --> 0:14:48.920 unveiled a new one that uses the USBC form factor, 0:14:49.280 --> 0:14:51.360 which was something a lot of people thought wouldn't be 0:14:51.400 --> 0:14:53.640 possible because if you look at one of those cables, 0:14:54.280 --> 0:14:56.960 it has a very small plug at the end of it, 0:14:57.360 --> 0:14:58.800 and you would think there's not a whole lot of 0:14:58.880 --> 0:15:02.120 space for you to hide any secret tech in that 0:15:02.200 --> 0:15:06.160 form factor. And for this to work, for these cables 0:15:06.160 --> 0:15:08.960 to be a security threat, you have to be able 0:15:09.000 --> 0:15:13.160 to hide specialized chips inside that cable, and you have 0:15:13.200 --> 0:15:15.080 to do it effectively so that it doesn't look like 0:15:15.160 --> 0:15:18.120 it's out of place. So what is so special about 0:15:18.120 --> 0:15:21.360 these cables what makes them a security threat? Well, for 0:15:21.480 --> 0:15:26.440 one thing, MG has incorporated a WiFi transceiver chip inside 0:15:26.440 --> 0:15:29.320 the cable itself. So if you connect one of these 0:15:29.320 --> 0:15:33.760 cables to a device like your phone or a tablet 0:15:33.880 --> 0:15:37.320 or a computer, a remote hacker can see that WiFi 0:15:37.400 --> 0:15:41.600 spot because the cable will have activated the WiFi hot spot, 0:15:41.640 --> 0:15:45.400 it creates the power necessary to run it. The hacker 0:15:45.440 --> 0:15:49.240 can log in through that WiFi hot spot to gain 0:15:49.360 --> 0:15:53.680 access to the devices the cable connects to, and they 0:15:53.680 --> 0:15:57.080 can start deploying payloads like a keystroke logger, which will 0:15:57.160 --> 0:15:59.720 keep track of everything you type on that device, so 0:15:59.760 --> 0:16:02.400 if you're typing out like passwords and stuff, they can 0:16:02.440 --> 0:16:06.840 collect those passwords. The implications of this are pretty scary, 0:16:06.920 --> 0:16:09.000 and it really drives home the fact that you should 0:16:09.040 --> 0:16:13.160 not trust any cables that are not your own. Just 0:16:13.280 --> 0:16:17.640 imagine someone quote unquote testing these cables by leaving them 0:16:17.680 --> 0:16:21.880 in heavily trafficked areas like airport charging stations or a 0:16:21.880 --> 0:16:26.320 coffee shop or whatever. The variations on these cables include 0:16:26.400 --> 0:16:30.560 USBC two lightning connectors, which means you're not safe if 0:16:30.600 --> 0:16:33.480 you're on a PC, an Android device, or an iOS 0:16:33.560 --> 0:16:37.080 device if you are using one of these cables. And 0:16:37.120 --> 0:16:38.920 like I said, from the outside, they look like just 0:16:39.120 --> 0:16:43.880 normal USB or lightning cables. There's nothing about them that 0:16:44.000 --> 0:16:46.160 would set you off and make you think, oh, well, 0:16:46.160 --> 0:16:50.480 this is sus But they really are an incredibly effective 0:16:50.480 --> 0:16:53.600 security penetration tool if the right person is making use 0:16:53.600 --> 0:16:56.760 of them. The security company Hack five has partnered with 0:16:56.920 --> 0:16:59.560 MG to sell these cables, which are now in mass production, 0:17:00.000 --> 0:17:02.840 and the stated purpose. In fact, what hack five always 0:17:02.880 --> 0:17:06.440 says is that this is all to provide security researchers 0:17:06.480 --> 0:17:10.320 penetration testers with the tools they need to do various 0:17:10.359 --> 0:17:13.960 testing and security measures. And to be fair, if something 0:17:14.119 --> 0:17:17.040 is possible, even if you were to say, like, oh, 0:17:17.119 --> 0:17:19.680 but you're making cables that could cause an enormous amount 0:17:19.720 --> 0:17:22.360 of harm if they fell into the wrong hands, well, 0:17:22.400 --> 0:17:24.240 the fact that we know it's possible just means that 0:17:24.320 --> 0:17:26.840 someone sooner or later was going to make one for 0:17:27.160 --> 0:17:31.600 nefarious purposes. So while while you might like feel weird 0:17:31.840 --> 0:17:34.240 about the fact that a security researcher has creates something 0:17:34.280 --> 0:17:37.440 that's a real security threat, in another way, you could 0:17:37.440 --> 0:17:40.000 say it's a good thing because now we know that 0:17:40.000 --> 0:17:42.560 this is possible, so we can be on the lookout 0:17:42.680 --> 0:17:46.399 for stuff when we encounter it. Um Still, you know, 0:17:46.520 --> 0:17:48.400 just knowing these things are out there kind of gives 0:17:48.400 --> 0:17:50.760 me the heavy GEVs. So maybe I will get Shannon 0:17:50.760 --> 0:17:54.160 Morris back on the show to talk about this, because 0:17:54.160 --> 0:17:58.080 it's pretty incredible stuff, And again, don't trust anyone's cables 0:17:58.119 --> 0:18:00.720 but your own, right unless you purchase stead and you 0:18:00.760 --> 0:18:04.639 feel pretty good about it, don't use some other cable. 0:18:04.920 --> 0:18:07.159 You never know what kind of tech it might be hiding. 0:18:07.440 --> 0:18:11.000 It's also possible to have chips that could deploy malware 0:18:11.040 --> 0:18:13.320 directly to a device if you plugged it in using 0:18:13.359 --> 0:18:17.720 that cable. So word to the wise, be careful. Now 0:18:17.800 --> 0:18:20.040 let's move over to India to talk about how that 0:18:20.080 --> 0:18:23.920 country continues to make moves that I think are fairly 0:18:23.960 --> 0:18:27.960 authoritarian when it comes to tech and digital information. I've 0:18:27.960 --> 0:18:31.240 already taught about how the country's government has pressured social 0:18:31.280 --> 0:18:35.720 networking platforms to either suppress messages that criticize the government 0:18:36.200 --> 0:18:40.120 or to step back from enforcing misinformation policies when government 0:18:40.160 --> 0:18:43.840 officials post stuff that appears to violate those policies. So, 0:18:43.880 --> 0:18:46.600 in other words, like if a politician were to post 0:18:46.640 --> 0:18:52.000 something that fact checkers thought was misleading or misinformation, then 0:18:52.119 --> 0:18:56.160 Twitter might tag that post with a label that says 0:18:56.200 --> 0:18:59.960 as much. And India has really objected to Twitter taking 0:19:00.080 --> 0:19:02.400 that step, in fact, catting to the point where they 0:19:02.440 --> 0:19:07.000 said we're shutting down Twitter in India. However, on top 0:19:07.040 --> 0:19:10.120 of all those things I have not taught about VPNs 0:19:10.280 --> 0:19:16.040 or virtual private networks, so vp ns are really legitimately useful. 0:19:16.760 --> 0:19:20.080 A good VPN protects you from folks snooping on your business. 0:19:20.480 --> 0:19:22.680 So you might use a vp N if you wanted 0:19:22.680 --> 0:19:25.119 to connect to stuff like say your bank account, or 0:19:25.240 --> 0:19:28.600 medical insurance, or any of a million things that are sensitive. 0:19:29.000 --> 0:19:32.600 So essentially, you log into a server that's acting as 0:19:32.680 --> 0:19:36.240 your virtual private network, and the server will then go 0:19:36.280 --> 0:19:39.600 on to fetch all the stuff that you're wanting to 0:19:39.680 --> 0:19:43.560 look at online and everything is encrypted. So let's say 0:19:43.600 --> 0:19:45.880 you wanted to look at your bank statement, you would 0:19:45.880 --> 0:19:49.480 send the command, it would go to the VPN first encrypted, 0:19:50.200 --> 0:19:53.200 and then the VPN would go and send the request 0:19:53.359 --> 0:19:56.879 to your bank, and the return would go through the 0:19:56.960 --> 0:19:59.959 VPN before it came back to you, and from an 0:20:00.080 --> 0:20:02.520 went outside, it would just look like all you were 0:20:02.560 --> 0:20:06.480 doing was communicating with this one VPN server, but they 0:20:06.520 --> 0:20:08.960 wouldn't be able to see what was happening. Beyond that point, 0:20:09.000 --> 0:20:11.720 they wouldn't know what you were really looking at. As 0:20:11.760 --> 0:20:13.600 long as the VPN is on the up and up, 0:20:14.520 --> 0:20:17.600 which is an important point, and as long as the 0:20:17.680 --> 0:20:21.800 VPN does you know good practices like purging user histories 0:20:22.160 --> 0:20:26.120 that things are relatively secure and private. By the way, 0:20:26.520 --> 0:20:29.280 you should be using a VPN pretty much any time 0:20:29.320 --> 0:20:32.480 you're not on your own network, and if you don't 0:20:32.520 --> 0:20:35.800 want your i sp knowing what you're looking at. For example, 0:20:36.119 --> 0:20:38.560 let's say that you're shopping around for different I s 0:20:38.640 --> 0:20:41.560 p s, Well, you might want to use a VPN 0:20:41.640 --> 0:20:45.720 even on your home network as well. But India's Parliamentary 0:20:45.760 --> 0:20:50.040 Standing Committee on Home Affairs wants a countrywide block on VPNs. 0:20:50.760 --> 0:20:55.200 Why Well, the committee claims that VPNs are facilitating piracy 0:20:55.640 --> 0:20:58.840 and illegal commerce and that it provides a haven for 0:20:58.920 --> 0:21:02.480 hackers so that they can attack targets without fear of 0:21:02.520 --> 0:21:05.199 being tracked down because all the attacks would seem to 0:21:05.200 --> 0:21:09.000 originate from the VPN, not the hacker. But India also 0:21:09.119 --> 0:21:13.560 recently liberalized VPNs. They noted that VPNs were really important 0:21:13.560 --> 0:21:15.880 for people to be able to work remotely and log 0:21:15.920 --> 0:21:18.920 into company systems. A lot of companies run their own 0:21:19.000 --> 0:21:23.800 VPNs because it is a good security measure. It helps 0:21:23.880 --> 0:21:30.600 protect proprietary or trade secret information from getting out into 0:21:30.680 --> 0:21:35.879 the world at large. So VPNs do play a valid 0:21:35.920 --> 0:21:41.720 and important role. So we have kind of a a 0:21:41.840 --> 0:21:44.920 disconnect here, right, we have another example of governments trying 0:21:44.960 --> 0:21:47.960 to get control of stuff that inherently is designed to 0:21:48.000 --> 0:21:50.880 resist that kind of intrusion. And we'll have to see 0:21:50.880 --> 0:21:53.760 how this one plays out. I've got a few more 0:21:53.800 --> 0:21:56.200 stories for us to cover before we get to that. 0:21:56.400 --> 0:22:07.120 Let's take another quick break. Okay, we're back and over 0:22:07.200 --> 0:22:11.200 here in the United States, the Government Accountability Office recently 0:22:11.280 --> 0:22:13.920 released a report, in fact, it was just last week 0:22:14.280 --> 0:22:18.639 that revealed numerous federal agencies continued to use and even 0:22:18.680 --> 0:22:24.600 plan on increasing the use of facial recognition technology. This 0:22:25.440 --> 0:22:29.280 is disturbing because, as I have reported several times, even 0:22:29.320 --> 0:22:33.280 if you're okay with the idea of this level of surveillance, 0:22:33.280 --> 0:22:38.000 in general, this technology is imperfect and frequently there is 0:22:38.080 --> 0:22:42.439 an inherent bias within the technology itself which leads to 0:22:42.520 --> 0:22:49.760 false positives and misidentifications, particularly among populations of non white people. So, 0:22:49.800 --> 0:22:52.920 in other words, this technology can lead to an increased 0:22:53.000 --> 0:22:58.080 discrimination against non white groups. And there have already been 0:22:58.119 --> 0:23:02.600 several cases in which, you know, law enforcement has relied 0:23:02.640 --> 0:23:06.080 upon facial recognition technology that was later found to have 0:23:06.240 --> 0:23:10.600 misidentified people of interest. And obviously, if the authorities have 0:23:10.680 --> 0:23:12.800 tagged you as being someone they want to talk to 0:23:12.880 --> 0:23:17.639 in connection with a crime that's pretty darn stressful and 0:23:17.680 --> 0:23:21.000 can be incredibly disruptive to your life. And when you 0:23:21.080 --> 0:23:23.800 have nothing to do with that crime, like you have 0:23:23.840 --> 0:23:26.520 no connection to it whatsoever. It's just that this technology 0:23:26.560 --> 0:23:30.439 has misidentified you, and then law enforcement is putting the 0:23:30.480 --> 0:23:33.199 burden on you to somehow prove you had nothing to 0:23:33.240 --> 0:23:36.760 do with a crime. Well, that's an injustice, and the 0:23:36.760 --> 0:23:40.000 potential for such injustices appears to be on the rise. 0:23:40.080 --> 0:23:43.880 According to this report, The g a O survey twenty 0:23:43.920 --> 0:23:47.640 four different federal agencies and departments and found that eighteen 0:23:47.720 --> 0:23:51.920