Gadgetory

good morning on Tuesday December 5th it's episode 327 of the 359 podcast on BVG and your host today are Alfred Inge and Roger Chang good morning guys morning morning so we're gonna be talking about if we're getting to the end of the years so we wanted to sort of take a look back at some of the big trends of 2017 Oh first off we'll be talking on security and how it just sir sucked yeah 2017 was not a good year yeah looking ahead at 2018 surprise surprise things are gonna get any mores will off-road some tips and suggestions on what to do both this year and next year and then we're gonna be talking about Google Facebook and Twitter and how this is kind of year we're like everyone sort of turned on them it felt like I know you're already kind of not in the pro goal Facebook Twitter camp but like this year everyone just decided these guys 2017 was a major he'll turn o as always if you have any questions live in the comments section Brian will pick out the best we will try to answer them in three minutes in 59 seconds from 3 to welcome to the 359 I'm Roger Jane I'm Alfred ring we're getting to the end of the year which gives us a chance to reflect on 2017 and Wow where things bad from a security front we saw a big security breach or hack in every month through November and our own Laura Hatala predicts things would get even worse in 2018 Albert do you wrote the big kind of piece looking back at 2017 where were some of the big low lights for you well this one just sticks out in particular to me just because it's so fresh but Apple with its root issue yeah where you could type in root as a username and not require a password they've since patched it but there's also been a lot of reports about how the patch doesn't entirely work but that to me is a major low point for security only because of such a high-profile issue right that had like it was so exploitable though so stupid you physically had to be free yeah yeah I'm surprised you didn't mention Equifax for me yeah that would that would be the other one losing your social information is yeah and just the issue with that though in terms of security was that you know this was taken bought based off the Apache struts exploit which had been warned the Equifax had been warned about in March and they were supposed to patch it I think that's the crux of a lot of security issues that you see from the past year human error essentially yeah nobody is patching these things or people are making these like very small mistakes you look at wanna cry another security low point that had happened that had also been patched by Microsoft but it also targeted really old computer systems that you found in hospitals universities and ATM machines that just never updated so yeah you can you can attribute a lot of that to just lack of patching sadly it's not really the computer that are failing us it's it's us that's family families to update the computer yeah and so I mean what are some of the tips and advice that you'd offer to our viewers or listeners on how to protectors well taking a look at you know all the points that I just made I think the biggest issue that you want to take here is to patch your system as soon as they're available I know a lot of people often look at updates and don't know what they're for or anything like that to be fair it's not explicitly stated in these updates but most of the times they're to fix security issues and you should you know handle that right as soon as you can you know kind of avoid suspicious looking emails a tip that I had heard essentially it's don't click on Lincoln's links and emails and just kind of go to the website yourself right other people for for security breaches like if they lose your birthday or if they lose like your address or anything like that they've suggested you know putting a fake birthdate unlike Facebook or anything ready to to kind of prevent that it's really to test my real friends yeah that well beyond some of the other Laura had a couple good tips for I use two-factor authentication this is really dumb but backup your information backup your photos then don't just rely on passwords and just generally use common sense right yep essentially all right so continue with our retrospective theme we wanted to talk about rich Nieves look back at Google Facebook and Twitter this year it's really 2017 was a year that I think a lot of people kind of turned on these companies you know there's sort of hold up as the bastion of our our future our potential right Silicon Valley it says this great thing and really over the last couple of months I mean it's been taking a pounding right yeah I mean for a while it had exclusively been Twitter like Twitter had been kind of the the pinata of yeah and a lot of people were harping on Twitter and then it had come out that you know the this kind of abuse was also happening on Google and Facebook particularly with Google on YouTube and this isn't even you know international espionage stuff it's more like there was the child abuse platform right that was going on on YouTube and all these issues and the idea is like these platforms have gotten so large that they can't police themselves to this degree anymore right and I mean look we didn't bring up Russia which I mean they'd spent hours testifying before Congress is trying to explain themselves and really not really doing a great job of it yeah I mean a lot of it like I said it because like they've grown like way too big to you know manage everything on their platform yeah all right for those stories and more check us out seen it I'm Roger Cheng I'm Alfred hang thanks for listening so I always follow that rule about checking are not clicking the link in that you know that's I don't know that always seemed like common sense to me thanks everybody that's a conclusion of the recording of the podcast I'm gonna go ahead and start digging back through the chat and find good questions and commentary in the meantime what are let's give everybody three great tips for not getting hacked in 2018 yeah we're like the three like really usually when I think of tips I think do this I don't you think that like anybody can do I mean if you want like advanced if you know no no no VPN bori chips that everyone any you should yeah it's like these are tips that I think are like as easy as like flipping a switch on or something like that so like using two-factor authentication if it allows for it imager had gotten hacked recently and I got particularly annoyed because they don't allow for two-factor authentication so I just changed my password on it but it's still frustrating that's like the guys that do that it's good thing is a lot of services bigger services do yeah yeah essentially use a password manager if you can LastPass offers like a free service for that kind of stuff you don't have to be bogged down remembering your passwords and it creates a difficult and unique password for a lot of websites to develop and yeah avoiding phishing emails I would say that's where maybe like 95% of attacks are coming from so you essentially just want to keep a careful eye on those things there are a lot out there that are so difficult that sometimes even you know experts they can't like tell the difference between what's legitimate snot that there's it's yeah the the clicking like just going straight to the website itself as opposed to clicking on the link is a pretty useful tip for that so that you know even if it looks exactly like something you think you would receive you're still not like falling for it like through your email oh yeah what about being a Nokia 3310 because there is a sentient nope Nokia 3310 in the chat that says I can't be hacked I'm sure I can I mean you can but it's not really worth yeah unless you're talking about like physically do somebody psyche score I think it's indestructible though so if somebody tried like a hacking at it with like an axe or something I think the axe would think it's destructible but yeah it definitely would it'll it'll last longer and drop testing I mean nothing's indestructible on a literal and figurative speech there's consideration but what about big servers Pele says won't quantum computers take care of security soon making big servers they're nearly unhackable and I don't know if he's being sarcastic or not I also don't know nothing I don't know computing that's really a specialty for colleague Stephen Shanklin who would probably be able to answer that I would say no matter how fast or how powerful these computers are I don't think anything is yeah that's the other thing too I also a lot of you know hackers they're not targeting this like the hardware itself they're kind of targeting dumb people yeah you know like if you if you have a quantum computer and you're using Gmail on it and you click on a link with malware on it it's not exactly they get the malware on your computer it's more than you type your password in and then there it's not like there you need to be on your computer to get to your email address right there I mean they're basically going after the weakest link I think that's what happened with the HBO hack right like it was like HBO's internal systems were like like low-level staffers exactly yep a lot of chatter going on about password managers in the chat right now Michael Brown does say that's kind of a bare minimum that's a no-brainer absolutely thank you for that Michael let's recommend a couple I use LastPass yeah yes I only I recommend LastPass just cuz it's free yeah right yeah I don't I don't feel like paying for it Roger any others I use LastPass as well yeah I think a lot of us here in in the CNET office do so that's not a full endorsement by any means necessarily we're just fans and yeah it's gonna collect my check but you just said nothing is indestructible Mathew catch I just liked this comment and - always a highlight in the chat we might as well just start walking around naked considering how much information the hackers already have about us I already do you know by the way don't tune in tomorrow all right Mohammed can someone eventually hack blockchain that's a little over my pay grade yeah same here already put you on the spot is a good question though I'm you might not have that's a very like vague question that's like that you know it's like kind of like I was gonna can somebody hack math it's hard to like Berkeley I don't know what you mean I mean I guess like if you're talking about like Bitcoin then yes because that's already happened right and there's been there's like a lot of malware out there now that's like targeted toward like Bitcoin wallets and you know basically setting up so that your computer is mining Bitcoin for them and things like that so if you're talking about like using blockchain and like malware then yeah that's that's happened yes Michael Brown also says don't click on ads a lot of heads can be harmful oh yeah definitely also just don't click on ads in general yes there are cnet.com where we just quick just gone on website right now and just click on like several ads in ten but yeah I I don't I've never clicked on an ad on like a website I mean like I've clicked on referral link ads like Google yeah like from like see not exactly yeah but banner ads I'm not a big fan unless I'm like the only time I click on a banner ad is like I did it by accident like we're gonna link I somehow hit the stupid banner ad I've seen ads and I've like oh cool hot singles in my area let me like google it I don't like click on it I mean I got these really cool tool bars installed me find things and get the weather so I don't know what you're all complaining about yeah there's a little purple gorilla just pops up on my desktop yo let's talk about that I missed that dude that was fun back in the day I know it was a danger zone but when I was like 14 years old I did not know that but that thing was fine I remember seeing it on my like aunts computer or something whoa that's hella cool how do I get that on my computer so I google it I put on my computer like oh listen album that was arguably the smartest malware ever because it totally it was like clearly words it was like putting bleach in a candy dispenser getting kids to just chug it like that was the best oh that's so stupid Christopher Osborn this is a great question do you think there should be some sort of legislation that requires companies to have a certain level of security in place depending on the type of information they collect from customers yeah there's there's actually legislation being proposed for that right now there is a secure iot bill from Senator Mark Warner of Virginia it's also co-sponsored by Senator Ron Wyden of Oregon and Senator Maggie Hassan from New Hampshire essentially it's requiring a baseline level of security for devices that IOT devices that the federal government buys and you might think oh well what how does that affect like me if I go buy like a smart camera from from Best Buy or something like that the idea is I like the federal government actually uses like a ton of IOT devices when they're like collecting data from like street lights the ocean and like research and things like that the the premise is basically like because the federal government purchases so many IOT devices that its event it's like eventually gonna influence like the market to like just create you know secure IOT devices in general so everybody like would have to buy secure stuff so there's that bill there there was another bill that was proposed I think sometime last week essentially requiring jail time for company like CEOs if they like don't disclose really yeah yeah this was this bill would like suggest jail time for them Wow Wow my favorite I can imagine yeah yeah while we're on the topic of IOT devices you've done a lot of research and had a lot of experience with smart home devices and hacking potentials and we've seen a lot of that get to bunked and what what would be some good advice for people looking to protect themselves before legislation is there to protect you you should stick to like big name brand ones I know that it's very enticing to buy you know to get what you pay for situation yeah I know it's very enticing to get like a cheap like off-brand IOT I don't know like what light bulb or anything like that because it's like half the price but the idea is like the security really isn't there for that you I personally always wanna when I'm looking at IOT stuff like buy from a company that I know has a lot riding on its name that's like most of the IOT devices at home are like from Google or Amazon because like I said they have a lot riding on this and you know there was a lot more liable you know at risk for them to lose if they if they if they eventually do get hacked I think there's a pretty good reason why the like for the echo being as popular as it is and being out as long as it is that we haven't heard of any kind of like major vulnerabilities like happening with the Amazon I go it's a different story about the the smart key thing though but that that was like we had written a story about it McKee yes with the camera the smart doorbell where they were able to get it disconnected from the Wi-Fi briefly but once that happened it doesn't shut off it just leave screen for what it is so theoretically somebody in a demo'd attack they showed it where it's like they froze it and then they just open the door went in and stole something and I went back out it's like the digital equivalent of like putting a photo up like to the camera right yeah yeah needless to say the big concern with getting hacked is not somebody controlling your home devices in a gremlin desk type montage rather the loss of identity and therefore loss of a use basically yeah I know right I know that's like a major concern for a lot of like security researcher so that I've spoken with at least it's not the idea of them like just making things terrible for you it's more so just about like extortion see that's the kind of hacker I would be in a way I would just prank missing people yeah yeah so the idea is that like oh they're gonna turn off like they're gonna it's kinda like ransomware but for like the devices in your house right so instead of you not being able to use your computer it'd be like oh you have like $300 worth of like groceries in your refrigerator and we just shut it off you should pay us $200 to get it back online like what a bizarre thought of ransom is like it's good we're gonna turn off the lights and it'll be dark in your apartment until you give us a TV that's so annoying well she pay us 50 bucks but yeah I'm the node of like just like hacking just for like causing mischief I remember there was some like malware that you could download for like back in the day where it would like open and closed like your friends like floppy but not floppy does their CD drive and it would make a fart sound yeah for like I remember that yeah I did that I put it on like it was a friend's computer yeah it was not hard at all how bad she was it was really funny now I know though that's wrong and don't don't hack kids we should totally do like a PSA video with you like a hack McGruff the Crime Dog outfit don't hack the more you know anyways the point I was trying to get to earlier about I'm ecommerce and transactions is yeah what are some of the better online money handling portals out there I mean I use PayPal there's venmo of course where where are some of the most highly secured ones and I know that's kind of a gray yeah I mean I mostly I use venmo I don't use PayPal's often anymore but I tend to use banks I mean if you're trying to chase bank to bank yeah transfer your funds from if you're trying to be really secure I mean I hate to endorse it but just just use like a crypto currency if you're really worried about like people who want you to discuss Bitcoin detail and I think that's a topic for another day but yeah we're talking about like optimal security on something like that but yeah I just PayPal I basically I generally feel that any website that has HTTPS on it is essentially like secure enough for reviewing unless your device is already compromised like yeah if you're talking about you know oh like can they pick like my credit card out of it like either that website is like insecure or your devices and Scarah and I bet like 9 out of 10 times like if something was stolen from you it's your device yeah all right so we are almost out of time let's leave it with a great topic from Michael Brown again can we finally have a discussion about downloading apps and software from proprietary app stores chrome windows Apple instead of downloading apps and software from the web how much security really comes in play when you're going to a quote unquote trusted outlet I think with Apple they've done a really good job of preventing that I would say Google play's a little bit yeah standards are a lot lower but I still think it's much safer than downloading straight up from like a third-party provider I know that a lot of stories that I write about like scam like apps like the back-to-school story that I had written about like oh here's all these apps are supposed to be for like back-to-school help but it's actually malware the majority of them are from like third party like stores and the issue is that it's not so much a US issue whereas it is an international issue like if I'm on an Android phone and somewhere in Asia I mean the biggest thing is in China where the Google Play Store isn't available exactly yeah so that's where a lot of all these third-party app stores and thrive yeah and I also that's like when you were talking about like the banner ads with like all the toolbars and like bonzi body and all that's up if you had same if you had a Chromebook that doesn't allow for that only let you download from the Google like Web Store like you would never have any of that on your device yeah but there's enough mess on the Google store to still be at risk but it doesn't come from a banner head Touche like you have to seek it out directly yourself to do that gotcha yeah that is good advice and unfortunately we are out of time still more great questions maybe for another day we'll put this in the back of our heads definitely should read ress smart locks should talk about Google Wallet and yeah and Bitcoin yeah let's let's all pin these for another day in the meantime thanks everybody Roger you're gonna take us out yeah if you like to anything you saw over here check us out on CNET podcast is available on itunes tune in stitchers be Berner google play music and the amazon echo y'all tomorrow see you tomorrow folks