Gadgetory

good morning on Monday May 15th and you are just in time for you another edition of the 359 podcast is episode 227 on BVG and in the house we have Joanie salesman and Roger Chang good morning everybody morning the crack security experts are here to talk about ransomware security crack actually Alfred egg is our normal security expert but he's out at TechCrunch Disrupt this morning so we're gonna try to fill the shoes or to talk about want to cry we're gonna pretend to be experts to try to get some questions answered and we also want to know if you guys were affected by this and then we'll talk about Maggie weird story she interviewed the senator from Hawaii Brian Schatz who is vowing to be neutrality news champion so we'll talk a little bit about that and as always give any questions live in the comments section Ryan will pick out the best we'll get to them in three minutes to 59 seconds from sorry I'm a leakage s is still sorry guys all right buckle up we'll be back to join in the chat in just a few minutes sent here we go in three two welcome to the Church of 9 I'm Roger Chang I'm Jonas Osman by now I'm sure you've heard about wanna cry the ransomware that's disrupted more than 100,000 organizations in at least 150 countries we first heard about these attacks for the hospitals of UK but it's really got blown up it's a much much too much huger thing the hackers may actually end up making more than a billion dollars once all the ransoms are collected Joan questions thoughts this is insane right like this is and it feels like it's getting worse well talk to me about this at least temporary solution that yes that only cost like 10 dollars and 96 cents yeah this is kind of amazing just like a sort of random developer was looking at the code to try to see what he could do and and try to montt trying to monitor the actual attacks he went and he bought this really obscure domain name and by activating the domain that was actually the kill switch to him to the wanna cry they had actually rendered the code that if this domain goes live everything just dies and so he actually temporarily disrupted this huge attack on Friday unfortunately there is a new version of patch that came out for one a cry so there is no kill switch anymore like it's now it's invulnerable who patched it the the assuming the the hacker hackers first developed ransomware yeah um yeah just sort of this weird thing bought the domain for about ten bucks and sixty two I think was the exact amount and then they totally disrupted this this massive multi-billion dollar scheme this evil plot to take away but it's back up and running so we're all screwed but yeah it's just it's kind of crazy that it's really ultimately like this attack so this targets computers that are slightly old they run an older version of Windows right so it's like XP on XP really computers that have those vulnerabilities that can't be patched that's we're screwed and this this attack really shows like how much of our infrastructure still runs on older software right right like I don't know about you but every time I go to a doctor's office they're running XP they're not running anything newer I asked about that I got upgrade what about with them so Microsoft was at a legal executive um that came out and was criticizing government institutions I mean speaking of yeah of organizations that run usually on outdated software um so Microsoft came out basically you know they they chastised the government for these especially CIA for basically stockpiling or figure out what these loopholes were and not telling anybody right that's how they were able to use these loopholes to spy on well other folks or us I don't know uh but we're not running Windows XP right but the fact that you know see the CIA knew about this for a long time and did tell Microsoft so they compassion time right definitely led to problems like want to cry and I wasn't that was their big issue yep all right next up net neutrality is still an issue the FCC while the FCC is still looking to dismantle the existing rules our own Maggie we interviewed Brian Schatz a senator from Hawaii who is the leading Democrat on the subcommittee overseeing the FCC and he in his interview with Maggie's her vow to take up the fight for net neutrality keep those extreme in place yeah he also sorry he also brought up um given that there's just so much craziness going on because of the Trump administration because it's such a you know break down the barn doors yep disrupt everything whether or not net neutrality something that's going to sort of become part of the noise lost yeah I mean I think that's one of the risks is that because there's just there's a new controversy bubbling up every day that net neutrality does get lost I think there are there are enough people out there you know tech companies consumer advocate groups who who have been in this fight for a while so they'll probably stick with it one of the interesting things the you know the John Oliver segment from last week shortly after the FCC site went down the FCC said it wasn't John Oliver was actually botnets brian schatz actually isn't sure about that he's actually questioning he actually wants data for the FCC to prove that that's great so kind of interesting yeah it's definitely it's because it's one of the many partisan issues that are out there right now but will will continue to cover it so for more of these swords checks on CNN Roger Tsien I'm Jerry Salzmann thanks for listening all right jumping right into the chat first and foremost let's go ahead and petition out to our listeners who out there is still on XP who is still in the vulnerable area not but I have this ancient computer um that I need to get rid of and the only reason I haven't gotten rid of it that's on Windows and I think it might be XP and I'm pretty sure it is the only reason I keep us cuz all of my speaking of mp3s earlier before we got on to this all of my old old mp3 libraries on there so whenever I want to burn a CD which is like maybe once a year for a friend I have to like pull that thing out of the closet and I did that this weekend so the one weekend where there's like if you're running a really old Windows PC you are exposed to like having your computer locked out but the good thing is I'd be like you know what take them what is it I won't pay there is a laptop connected though to the Internet yeah yeah II just oh it C you actually it's an all-in-one it's not even a lot of it so it's cuter but like you could just shut off the internet access like that once that's one way to avoid all this stuff right that's Joe yeah basically take out the Ethernet port yeah and just run it is sort of hooked up so I haven't as far as I know I haven't been hit by this thing you would know I was yeah your computer would be locked up so just to be clear like ransomware doesn't take your information right it just locks up your computer basically you get a little note saying like if you want your computer be unlocked please saying $300 in bitcoins so our viewers on one of the stories that we had I don't know if it showed what the like message looks like that you get when you're I guess neither of the stories that we have up let me see if I can find guy but there's like the picture that like there was a screen grab that Alfred use in one of his stories of the picture that you get um I said I can send it to you Brian oh yeah it's actually it's uh this this picture ransomware wanna cry Killswitch Engage but I as a story yeah um but the top of the message is Boop's your files have been encrypted exclamation point it's so an oculus ha ha ha it's like oopsy and there's like a fact like what happened to my computer oh wow that's really yeah there may be said this and they and they release this patch so that there they're ransomware can continue to function like patches or something they're just so like mundane that like Microsoft has every however many times a second video right there yeah I think it's uh no all right guys started this is really visually interesting for now I'm trying to find it here I think that one right no it's a video sorry headlines ransomware Wanaka there's the image right yes the image all right let's bring it on your board an encrypted John I'm gonna sorry on your microphone so yeah you're right about the innocuous message yeah oh my God look if there's a warning if it says payment will be raised in and there's a countdown timer yeah I didn't realize that was that element to it like it gets more expensive with time so let's try to dole out some advice about what to do in this situation it can have been affected so you expand it on how this is how the ransomware really works it's just going to lock you up and it's literally demanding a ransom to get your functionality back well the thing of it is is if you're especially I mean this is for businesses this is mostly organizations that got that affected but if you're like an individual that gets hit by ransomware they add and they ask you for like three hundred dollars in Bitcoin like the normal person is not going to be able like go down the street be like I'll take $300 of bitcoins please like that's actually a rather complicated scenario like I don't know how to pay like I would even know how to pay the ransom yeah what let's talk about Windows 7 we've already covered xp to a certain extent will Windows 7 get support or patches against this malware just wants to know that's a really good question I don't know I mean eventually they're going to have to but as of right now we don't have any specific information coming out of Microsoft if that's on the docket and everything as long as it's unset well actually I I would say highly unlikely since they've sunsetted like basically all the older versions of Windows they don't support them anymore so I don't know if those patches are around Microsoft's suggestion would be to get on a new version of Windows not stay on Windows 7 right and then exactly how does the infection take place it's all through email right uh yeah there's a believe it's not entirely sure how it like worms its way to your computer but believe email is one of them let's see that's kind of a clear war how it actually works keep in mind we are not the security experts now we're once again let's repeat that we're really just working off of Alfred's coverage at this point and then let's expand up pet up PETA I apologize if I'm mispronouncing your name is asking if Windows 10 is also vulnerable to this I don't they patch this vulnerability up I think a couple of months ago they were alert to it patched it so I mean if you're if you if you're running an older or newer version of Windows you should be fine so is this Windows and themselves and acting ransom enticing you to get anywhere operating that is a conspiracy theory I don't want to gauge it it's something we're thinking about okay well you find out like the next quarterly earnings Microsoft just miraculously has got extra billion dollars I throw in there whoops all right so then let's do a little a little advice you know it's very obvious that you will know when this has affected you as you'll get this lovely will be able usually message yeah yeah message it tells you how to pay up so outside of paying up what do you do a to recover and B to possibly protect against if you get hit it's really hard actually I believe even authorities will recommend that you pay up the ransom where which is kind of weird you know usually even like the government you know the government user says you don't negotiate with terrorists exactly except when it comes to ransomware because it's just it's too much oh yeah exactly but in terms of like how you could avoid this the first place it is just it's as simple as updating to the newest version of Windows or just make sure you're you you're up-to-date with Patch Tuesday you know actually constantly that's really all you could do outside of hope very militantly watching over your email yeah but don't be a fool if you are going to stick to and don't click on weird emails that you know you don't recognize the address is for domains exactly but those are other the same contact tips that you would use to avoid phishing attacks or basically any other kind of security at right I don't know if anyone else out there got this but I got to sketch you one from 18t this weekend which is obvious BS look at a TP dot is or something I don't remember what the the domain attached to the address was but it looked exactly like a traditional account email letting me know that my accounts been updated like I haven't touched my account I know that nothing has happened there my Wireless has changed right now no not one iota so you know you just got to be on the lookout don't click gotcha we got to come up with like a good slogan like if the glove doesn't fit you must have quit what can we say don't if the deep cuts what farming it out to the chat what's a good come up with a rhyme it doesn't involve genitalia in some form I like that we have to uh we have to clearly pursue that yacht we have to have that suitable for work this is the internet so that has an interesting comment he says can't you run Hydra and do a dictionary attack on your own account to crack the password it might take a few days but at least you might not have to pay now that's interesting but you're taking a lot of risks into your own hands if you're going to go ahead and crack your own system temp yeah potentially opening up even further threats - well that is like I would hazard to guess 99% of people out there would not know how to do any of that right the people that are exposed yeah generally if you're not for the people who are using your P probably don't know how to do this yeah Touche however there are a number of us who'd like to stick to an older operating system I myself I'm sticking to an older iOS on a backup machine I have because of licensing and software and firmware not wanting to get stuck having to buy new licenses or software that I've grandfathered in so but that's the trade-off you have to make though we I've what's what's the greater risk we kind of joke about it we have our own eternal expense reporting system that requires us to use a you know an older version of software that would put us in you know would technically be put us make us vulnerable either to trade off its ID while your money or do you want security so a something everyone has to deal with Assad is asking how badly this can daisy-chain he says could anyone be affected if the virus sends from my friends email who is infected with the virus so how does it actually Trojan its way down not sure oh I'm not sure how it works that if it works that way that it like actually spreads out like a virus or if it's a directed attack again we are not the security expert so but um but if your friends who is expose send it to you and you're somebody on a Mac system then you're fine yes because it's not the same vulnerable you also have to write yeah you have to be vulnerable to begin so I don't know if that's how it works so like if your systems locked down like oh yeah emails can be sent out to other people to get locked down wait can you guys hear that here it's the crowd of Mac haters coming to beat down the door they have their own vulnerability absolutely everybody come on gotta run with a joke Oh imagine soggy wins the contest if it if it don't seem legit don't click I can go with that all right yeah I mean that's there's no genitalia references at all there it's it that that's the kind of thing like you can apply that so Rector actively down the line yeah like if you got a virus like are you a grandmother who just got your first Windows machine kind of like yeah yeah I feel bad for somebody who has been affected by this but I'm also like come on really you know we take for granted like certain best sort of best practices for security like people don't deploy those right yeah you know your passwords probably aren't as secure as you wanted to be like we all have our own vulnerabilities absolutely uh PETA is asking which security is better McAfee or Norton personally I have more experience with McAfee I know for a fact that us here as employees of CBS it is IT sanctioned that all of our systems are on McAfee um I don't even know that as a oh I'm kind of going with like well the corporate guys wouldn't take any risks I do trust our IT department as they do know more about security than I personally do so I'm going to favor McAfee in this one only from again personal experience I've actually attended to use Kaspersky a lot I don't know what that's all though Rob Miller has mentioned Kaspersky I've never used it what is your experience with it I think it's fine you slows down your computer like every other security software but exit uh worth it yeah it's generally good although they've run into controversy because they've got their base in Russia now our Congress is concerned that there are ties between the government and Kaspersky so really which they denied they've denied and there's no proof of it but there's actually big controversy about that so yikes go figure all right well that's probably a good place to land it for the day we wish I could give you a little more information but we're still kind of like riding along in this train with yeah there's just plenty of more stuff coming it will be talking about want to cry a lot this week there as we recover from yeah the the blast zone but of course later this week we've got Google i/o so we'll have a lot to talk about this way it's gonna be it's already shaping to be a pretty hectic crazy weeks and we look forward to having it along for the entire ride there you go all right it's called a day yep if you like atha you saw our herd here check us out on CNET our podcast is available on iTunes tune in sit your soundcloud feedburner and google play music sale tomorrow tomorrow you