Gadgetory

welcome to the 359 I'm Roger Chang I'm Ben Fox ribbon I'm alpha rang Facebook disclosed a breach that affected 50 million people on Friday this comes after the Cambridge analytical breach after what's going on here why is this such a big deal so Facebook announced this on Friday hackers had stolen access to security tokens or access tokens using Facebook's view as feature which I don't know if you've ever seen this when you go to your own profile you can view it as someone else's profile so through that feature they were able to get access tokens for other people's accounts and they were able to scale it up in a way that it you know they did it for 50 million accounts on Facebook this was done through a vulnerability on Facebook's like they changed how you could post birthday videos back in July so it was like three different sets of vulnerabilities like the view as the birthday pose and like video stuff and look the security tokens so it was like these three coming together so that they could take these access tokens which aren't your password but they might as well be when you log into Facebook you basically don't have to like enter your password every time right that's because after the first time you log in you get an access token and you use that and that's basically Facebook saying like oh we recognize this device we've recognized this login we trust this and we'll give it access so bottom line like what what makes this a big deal why is this worse than all the other breaches that we hear so this is different than Cambridge analyticals breach because when Cambridge analytic O's breach happened they they took that was data abuse they took data that was public and took it without your permission so things like your birthday where you work where you live your photos things like that's already on your public profile with access tokens you have complete access to a person's account like they could look through messages like private account information and things like that and they could post stuff if they wanted to yeah and as well as you know you're using these access tokens Facebook has access tokens that work across everything that Facebook is connected to so if you have your Spotify account or your an Instagram that's linked to these access tokens they would have the ability to log into that using the exact same thing so it spreads throughout like just beyond Facebook Oh scary stuff alright the sec has slapped Elon Musk down hard over the weekend as you see anyone must have come to a settlement for as much as forty million dollars Ben what what are the details here what what happened so Elon Musk fairly recently tweeted out that he had funding secured to take Tesla private for foreign her $420 a share that ended up being a farce and he had to agree to pay twenty million dollars himself and twenty million dollars from Tesla he also decided he agreed to step down as chairman this could be seen as a good thing for Elon because he's kind of spinning out of control he could potentially use the additional help the thing is is that Tesla is a very insular company and so the chances are that Elon will install a chairman or chairwoman that he very much trusts and will still be able to tell what to do specifically and he remains as CEO he remains as a director so I don't know how much this is really gonna change Tesla's direction right I'm curious if this will be like the most expensive tweet ever it because that one tweak basically costs him twenty million dollars forty million total if you include yeah totally I would say that it's very much well up there so for sure alright so lastly this is a win for net neutrality advocates California Governor Jerry Brown last night signed in the strictest energy laws in California it also sparked this Justice Department lawsuit they're suing California arguing that this is an interstate issue not a state one so really this I mean this is a win for net neutrality advocates but also this kind of clouds the whole scene right we don't know what's going on now well we don't know what's gonna happen with this Justice Department suit and I think it's ridiculous to see so many different lawsuits all these disagreements net neutrality has just turned into this ongoing legal escapades for fires there's another lawsuit there's a broader lawsuit now against the FCC in terms of trying to reverse the the rollback of those of those Obama era rules so lots of lawsuits lots of unclarity or lots of just confusion over what's going on for more of the stories check us haven't seen it I'm Roger Chang I'm Ben Fox Ruben I'm Alpha ranked thanks listening and that's a wrap on the recording of the audio podcast which you can subscribe to and the links down below thanks everybody for joining us we're gonna jump into the chat now where we spend literally 90% of the show that's supposed to be four minutes long diddling around and trying to answer questions so that's the that's the premise at this point if you got questions about what's gonna happen to Tesla about what's going on with poor ol muskie or if you have a problem not bored that's extremely true or if you have any inquiries about what the hell's going on with Facebook this time we'll be happy to floor them to start off let's take a couple comments from mark Sam Ricky and Lloyd mark says lol after this I didn't trust them before Samuel says Facebook cannot be trusted with protecting user privacy user information is money Ricky B says I deleted my facebook years ago and I don't miss it and Tom says Facebook is the new myspace it's ironic that that's coming from a guy named Tom that's actually MySpace Tom like on a beachside okay nice to have Noah's Friendster what is Friendster wait what is Friendster no was there a guy on Frenchmen well that was like the guy that no that's myspace Tom dude oh no no no there was a guy in French tur as well I never looked this is yeah I can't okay so jumping off of those comments what I wanted to ask you Alfred wise is this even like incrementally an improvement from Cambridge analytic in that Facebook was the one that came out and said we had a data breach they actually found it of the Cambridge analytic aware there was a whistle blower that came out and said hey this this really looked like the whistle blower like went to press about it right like yes so the New York Times had this story out like maybe 10 minutes before Facebook came out with it so I think this was also prompted by I see what they found I mean they were pretty quick to disclose this one like Cambridge analytical they had known about it what like four years right or something like that so this one they found this breach on Tuesday fixed it on three they then announced it on Friday okay that does seem like a bit of an improvement but I'm not saying much because of GDP are this is the first breach for Facebook to happen post GDP are and there's a 72 hour breach notification law under that okay so they might have actually yeah legally obligated yeah yeah GDP our meanwhile is the new EU regulations for general zealots on the Internet yeah general data protection regulation nice there you go legally obligated is really the only reason any of these guys do anything good for the greater populace hey here's one from Matthew dacher thanks to C net for informing me of this breach should I be worried thankfully I've never used Facebook for authentication now I remember hearing over the weekend that your account would have been logged out if they suspected yeah yeah so expand on that yeah so if your account was logged out over the last three days or so you were potentially affected by this breach or you were one of the 40 million people that Facebook logged out as a precaution method the reason why is because when you log out of your account your access token resets itself to begin with that's why when I was talking about earlier on the podcast any time you log in to facebook from a new device you know how sometimes you're getting an email saying like hey did you like really log in from this device you don't get that when you log in from your normal devices because it has the access tokens already sure it's these other devices that don't have it so Facebook like I don't know if I really tell the system they're like this is a trusted yes or profiler yeah so if Facebook didn't log you out there's nothing that you need to do okay you don't need to worry about it no yeah you but you're still using Facebook which means you're playing with fire yeah pretty much yeah I mean to be fair though you any platform that you're using you're playing with fire so let's keep that in mind that this is I mean this is a massive platform that I mean look there's the Cambridge analytical stuff which is a different kind of breach but in terms of like this kind of traditional bridges I mean it's been a Facebook has had it coming in a while right since they've had any kind of breach like this really had I mean I mean they are very hesitant to say this is the largest breach that's ever happened to them like on a press call on Friday a lot of reporters are basically asking them is this the largest breach that's ever happened to you and they wouldn't say they basically you know just kind of said the investigation still we don't know that much about it but I would like the argument it's not like any other companies like not as hackable or something like that I I think with Facebook in this specific scenario because Facebook is such a large platform and because they have so many different elements that they need to try and protect like I said like this breach happened through three very obscure like methods put together like the view as section a birthday video thing that got like changed in July and like access tokens it's like three very like small parts that like you would have never realized would come together in this way like like just came to like blow up in their face and respect to the hackers so Tiger like you don't really expect it to happen and then it just does I'm impressed they figured that out then but that is kind of what hackers do and that's what they try to figure out shifting gears over to muskie boy tom lloyd says one point six billion dollar fine how much did they earn stealing probably billions just shut them down somehow oh come on I mean they've had their problems and they are paying the price this time around but shutting down Tesla's to me sounds a little overblown yeah keep in mind if you do that you're also costing people lots of jobs that's a job and it looks like the investment community likes the fact that musk took this deal and decided to step down basically like it's a pretty good deal aside from like paying twenty million dollars he didn't really lose anything it doesn't seem that way and so yeah now all of a sudden test stock his way up today it's up around sixteen percent roughly so it's gonna balance out when you look at how much is no it's still it's still below when this whole you know craziness ended up happening I think it was it's at around three hundred right now okay and I think it was in the higher threes before all this craziness happened so musk continues to be a billionaire and hopefully somebody like you bad for the guy yeah hopefully the new chairperson ends up helping restrain him hopefully the two new independent directors will help promotion I have is he gonna continue he's crazy tweet rants apparently his communications will also be monitored I don't actually know what that will be in practice but because his tweets are very often perceived as you know official trends material yeah material and official comments about Tesla there there is gonna be a little bit more monitoring to that and you know one to him if he were ever to attempt doing something like this I think that you know the penalties would be far more significant so I think he's gonna have to find his way to be a little bit more careful and hopefully not fly off the handle and you know just say random disparaging you do you yeah tweet more you forget to forget the sec you just tweet whatever the hell you want I'm all for it yeah okay Alfred Gillette was named as an independent director people control you know he talking to us it's impressive that just literally just happened so now it's it's just interesting that you know he was for a long time sort of like applauded for being that kind of like being out there being trying to totally transparent on Twitter and kind of connecting with people almost as like this prototype for how a CEO like a modern CEO should act on social and now it's like completely yeah you live by the tweet you die by the tweet man there you go it's true it's a publicly traded company and at some point you're gonna get you know hemmed in and restrain there's a reason that a lot of these longer term CEOs hedge a lot of what they just don't say anything yeah or don't say anything we find it frustrating as reporters but at the same time you avoid getting in this type of trouble Twitter the get off my lawn social network from Mike Shaw US Congress really needs laws that punish data breaches what is the incentive for companies to care Equifax Facebook targets so many more if it's my data they should pay me for being careless with it I don't like that idea so that is actually a movement that's been going on in in the tech industry not from any of these big companies that make money off of you but there are a few startups that have been doing this this story came out over the weekend I don't know if it was like some kind of publicity stunt or if it's an actual model that they're going with but there's a coffee shop near Brown University right now where you can get a free coffee if you go and you just give them your personal data so you're given your name email address and like your birthday and all this stuff and you get a free coffee you do that every time well that's part of the deal you get that but like I think that's the point of this model though there's another startup that's been doing this in Mexico where they'll take your personal data off your phone and things like that but they pay your phone bill at the end so you don't like it's a free like page you are you're getting a direct yeah for your data as opposed to like what Google and Facebook are doing well they just take your data and not give you well they give you that coffee shop in turns around I don't know what they're doing with it yet I think as far as the first point about how there needs to be a law to regulate privacy and things like on your data and things like that well there is the gdpr that's been trying to do that in the European Union and there has been a big push for a federal privacy and like data protection law in the US like I know there's at least three Congress members that are working on that in the meantime there are like different state laws like the California net neutrality law there is also a California consumer privacy act that passed in June which is about as strict as the EU standard is but a lot of these companies like Google and Amazon and Facebook have been fighting against it saying that you know if California does this then you know there's one in Vermont too if like biometric data Vermont has the breach notification law okay that happened which like they have to tell us within 72 hours that happened after Equifax then there's one in Illinois with a facial recognition or like biometric privacy stuff and but if you've got all these kind of piecemeal laws yeah different like how does the cow is a company suppose is the idea that like the hope is that company will have to follow all these different regulations does they kind of slightly create a unified yeah the idea is like you just take the strictest one and then just fall apply that to the entire it kind of like what happened with the GDP are that only applies to the European Union but but they have to do it pretty much every because so much of their customers is like well we'll just do this for everybody yeah so that is what the so these companies though basically don't want like what you're talking about like Oh like it's different in like New York versus different California so they want a federal law to follow for everything here's the catch on that though because they have the most influence in like DC versus influence in like individual states like they're not gonna send a lobbyist to every state to tell them like hey you should do the law this way if there is a federal law that's passed it would probably have much less teeth than something on gdpr or something in California would have another thing about GDP are so Facebook's of for mercy is other information security officer just tweeted this out talking about the data that had come out from Facebook announcing its breach because of this new like requirement for 72 hours to notify you don't get that much details about it so like when Equifax had their breach they waited like two months to breach to inform people about but they had all these details like here's how it happened you know here's how many people are affected etc etc but they had like a whole month to like compile all that data when you're there's 72 hours because the GDP our folks in Ireland the data protection Commission for them who they have all this information from Facebook they've been complaining about like this is very surface level stuff and we don't really know anything but the thing is like Facebook doesn't really know anything they had to tell everybody that this happened within like three days so mmm so I would say erring on the side of transparency and disclosures yeah not a terrible thing yeah yeah alright well so we got Brent well staying on topic for the late comers let's kind of just do a quick recap of what happened to Facebook and what you should do if you were affected bruce says wait what happened my facebook logged me out over the weekend uh-huh what should you do um that's practice really just log back in because they don't have any past nothing is stolen in your passwords or anything like that but I would say that you know even though Facebook logs you out all of your connected apps with Facebook did not do that so so you've got basically reset yeah you should do the exact same thing you should log out of all your accounts that are connected to Facebook and then just log back in so they've locked you out you've logged back in do hackers still have access then because the access token is reset after that yeah because like all access tokens are only like temporary they don't like last forever but you don't have to change your past or anything if you really wanna be extra cautious you can because that resets your access token again okay but yeah yeah they don't have access to your passwords or anything like that but like I said these access tokens do have access to all these like other accounts that you're using okay from Jerrod if Alon is no longer chairman of the board wouldn't that allow the board to make whatever changed to the company they see fit absolutely not well I mean he's also director - he's a director's guy he has directors on his side as well so you have to keep in mind like how much influence will have on the board going for an enormous amount of influence yeah he's he's still a director and a lot of the directors he had already installed or you know either financially or familiarly connected to elan directly so even if he's not gonna have the chairmanship I think whatever chair ends up coming in is gonna be deferring or looking to him he owns 22% of the company so I have a hard time believing that this is really gonna change much with him except he might not fly off the handle as much on Twitter we should absolutely do whatever you'd like on social media it doesn't matter at all there are no consequences there are no consequences despite the $40 a day no hypothesis or Elon Musk tweeting whatever you want so it gives us something to talk about besides Apple let's Charles sure Oh seed now you had to mention it yeah I'm just pointing out the facts guys the messenger what do you what do you think of the s or sorry I keep getting that wrong the tags the 10 s max give me give me I don't talk about I don't want to talk about it we moved on all right so what do you think of net neutrality Ben I what do I think about it I'm usually I'm usually happy when Rogers on the show because I can just defer very quickly to him zero rating oh yeah sure I know what that I knew troll on this guy one more question about musky boy any buds on Elon Musk getting a criminal charge since this was not a part of the I don't think that's kind of done I don't know what a criminal charge that would actually look like so it doesn't here the government's going after him for that specifically so I think if there were criminal charges the SEC probably would have I mean they're the ones that would have done it right I know the SEC only does civil suits one of the other issues too is I mentioned this with like the the scuba diver in Thailand another you know overhang for him is that issue where he you know accused accused the scuba diver of being like quote unquote pedo guy so that's a civil suit that I think was filed fairly recently and we're also waiting to see that so that's yet another reason why musk should be extremely careful with what he tweets but he still hasn't yeah that could take over this record as like the most expensive test true yes yeah he gonna have the first and second place most expensive I'm hoping he goes for the trifecta yeah speaking of I'm a little strapped for cash this month so if anybody wants to buy my data taking offers are gonna start the bids at 50 bucks nice Wow really why would they want to buy it though Facebook and Google already own it it's like a fire sale no reason for me to try to out load it myself they're just gonna pick it up on the street from the second-hand mm-hmm would you guys sell your data for a price what's your price I mean no one would want to buy specifically my data though usually they buy it like in bulk yeah oh yeah it's like buy one sheet of remember do you remember off the top of your head what Facebook wasn't there like some study that said this is how much your specific data is worth the Facebook I remember that but I don't know the price okay we'll have to look that up at some point what like Facebook also it doesn't sell data oh no they don't they don't they that's the fact they do not sell the data specifically they sell access to you through advertising but they don't sell your data but they use your data to do the able yes yeah yeah they're not selling your day our data that's kind of semantics right they are using your data to sell you to that advertiser yeah they're selling access to use to advertise but they're not surrounding behind keep defending Facebook whatever I'm defending accuracy if anything here before we wrap it up we have our resident conspiracy theorist sir enjoy noticed Hey yeah nice little factoid about the the Musk debacle did you guys notice that sec News tweeted about Ilan's fraud charges at 4:20 no Elena teal on statement of stock price of 420 and 420 in general I did not notice believe you sir enjoy so we got a check that we should vet that yes the SEC social media manager arrays here that's amazing if true we have no reason to enjoy no he's really usually knows more than all three of us but yeah no it's nice to see that the FCC or the SEC has a sense of humor about these things and you know a very early dig or they're completely oblivious definitely not twenty is not an oblivious time to release something take it from a guy that tweets exactly at 3:59 sometimes for the three like that's a deliberate move yeah have you confirmed I'm looking for okay all right stand by we gotta we gotta find this everybody be quiet for the next two minutes we're gonna find out we're gonna get to the bottom of the syringe or what in the meantime what else we got Brian that's kind of it for now again maybe just refresh people for still kind of trickling late if your facebook was logged out over the weekend the security breach and what the steps would take would be log back in just log back in you don't have to change your password right yeah I mean it's it was it was relatively fine it was a breach of 50 million accounts where they took your access to but if you log back in then the access tokens game site yeah see we we were less you learn we learn thank you alpha I haven't seen what no I'm not seeing any for pointing 520 I got oh you found it yeah hang on I'm bringing it up now and there it is Elon Musk settles SEC fraud charges testa charged with and resolved securities law charge posted at 4:20 p.m. 18 very good fine right now it says five money online maybe your time zones uh maybe different I mean I'm in East we're set to Easter and all of them yeah we have the same I'll send this tweet to you maybe your your time zones are different but I mean I think your clock and your computer might just be off but for those of us in the eastern time zone and everything here in the control room I have set to Eastern obviously so yeah that's that was 4/20 good catch to enjoy nice job holy cow that's priceless should we that's forty forty million that's the price of it that's yes but that's it for the day that was a good show guys that was fun yeah thanks everybody for chiming in special thanks to syringe Oi for always keeping this show above the fold we'll be back tomorrow it's gonna be a packed week and yeah thanks everyone for joining us who wants to take us out today I guess I should the 3:59 is available in iTunes tune in stitcher feedburner google play music google podcast the amazon echo of course sina.com we'll see you all tomorrow bye folks take care bye thanks you