Tech News: Hackers and Vulnerabilities and APIs, Oh My!

app in question is round cubes webmail application. Many organizations, like a lot of universities, rely upon round cube and they reskin it as a different email service, but they use that for their staff and students. It's real least under the GNU or GANW General Public License. It's available

for anyone to download, deploy, and distribute. But it turns out that until very recently it had a vulnerability in cross site scripting that gives hackers the chance to actually compromise email servers and user computers and then intercept communications sent across that machine's email. So the attack is pretty insidious. The hackers hide the attack inside an email. The only thing that the victim has to do in order for the attack to launch is to view the email. They

don't have to click on any links. This isn't like a phishing attack, or at least not your traditional kind. Just opening the email will do it because it initiates a pretty diabolical sequence of events. So the hackers create an attack encoded in JavaScript, and that attack is triggered if the target computer detects and error. So you might think, well,

if there's no error detected, then this attack goes untriggered. However, the tag itself in the email contains an error, so viewing the email creates the error report, which then initiates the actual attack included within the coding of that email, and the attack is invisible to the victim. It results in the hackers gaining access essentially to the victim's emails. The hacker group responsible for exploiting this vulnerability is called

Winter Vivern. In the past, they've mostly focused on targeting government officials in the United States, particularly government officials who showed support for Ukraine, which again points to this being a Russian backed hacker attack. Fortunately, the security firm e Set detected the attacks a day after they had first started to launch and then immediately reached out to the developers over a Roundcube. So three days after the attacks began,

Roundcube issued a patch. Now, the patch does require server admins to install it, or for end users who are using round Cube based webmail to run, make sure that the software running is a patched version of that software, or else you run the risk of becoming one of the targets. Over on the Apple side, Ours Technica has another article. Ours Technica is just a great site, y'all. Again, I have no connection to ours Technica. They just do

great work anyway. They have another article titled hackers can force iOS and macOS browsers to divulge passwords and much more so. Unlike the first story, today, as far as we know, this particular exploit has not been used in the wild. Instead, some security researchers discovered it on iOS and macOS devices that are running on hardware that has Apple's A or M series CPUs in them, so it doesn't affect every Apple product, just Apple products that have

a A or M series CPU. They have called their exploit eye Leakage, in a cute little nod to Apples naming conventions. Now, according to ours technica. This attack is not a simple one. It actually requires a fairly significant familiarity with an understanding of Apple hardware in order to pull it off. But the attack targets what is called a side channel, and you can kind of think of as a side channel as sort of you're looking not at the data itself, instead you're looking at evidence that

data was there. So I'm talking about stuff like electromagnetic emanations things like that. You know, it's like seeing evidence that something has been there and then reverse engineering it.

So it is really complicated stuff. But the researcher showed that through a process that's called speculative to execution, which has been at the root of a lot of exploits in the last few years, and by using a malicious website, the researchers could execute a JavaScript application that would then give them the ability to open a new window that was running on the target device and be able to

access stuff as if they were the user. So, for example, let's say that I use this attack, I exploited your Apple device, and then it would open up a window on my screen where I could say, navigate to YouTube and look at your YouTube view history, or I could navigate to a login page, and if you had enabled auto complete or autofill passwords or whatever, I could get

access to your account through that. Potentially I could even do things like figure out what your password was and then maybe change it so that then I control whatever account I was snooping on. So yeah, it's a pretty serious vulnerable ability here. But again it is a very sophisticated and difficult attack, So it's not something that is, as far as we know, readily active out in the wild. Apple has said that they are aware of the vulnerability,

they're working on addressing it. And because there's no known actual live attacks using this method, because there's such a high learning curve as to how to use it. For the meantime, Apple users don't necessarily have anything to worry about. Obviously. You always have to worry about the types of websites you visit. That's just a given, like you should not just be going willy nilly to websites you don't know

if you can manage that. But apart from that, it's not likely to be an active attack in Apple, as I said, is aware of it and attempting to mitigate the problem. I mentioned in an earlier news episode that hackers gained access to user data on twenty three and meters, the genetic testing service, and the company maintains that the hackers didn't get access on the corporate side, like they didn't get access into twenty three and me's systems through

some sort of breach attack. Instead, they say that the hackers essentially they just used usernames and passwords from other data leaks and then tried them to access twenty three and meters and sometimes it worked, which again reminds us that we need to have unique passwords for every service we use, even though that's a pain in the tukis. Anyway, I mentioned in that news item that there were rumors the hackers were targeting specific ethnic groups, particularly Jewish people.

Now NBC reports that some hackers have published a database on dark web forums that lists one person shy of one million people, so nine hundred nine, nine hundred ninety nine people who share an Ashkenazi heritage, so Ashkenazi Jews, and considering historical threats of anti Semitism in general, and that there's been a rise in those kinds of sentiments across the world recently, this is a pretty alarming incident.

You know whether the hacker or hackers actually harbor antisemitic views themselves, or they just callously wish to profit off others who do have those feelings. I don't know the answer to that, but it is generally a very bad thing whenever anyone starts to make long lists of people who share a particular background. Also, I should add that I believe this to be true no matter what the background.

I try to use critical thinking and compassion as by guiding principles in general, and as such I object to violence acted out against innocent people, innocent civilians, no matter

what their ethnicity, nationality, or religion happens to be. I also know I am vastly under educated in things like Middle Eastern culture and politics, and that of Israel and Palestine, so I know I am not qualified to make any sort of judgment about what is going on beyond the need to end attacks against civilians, whether in Israel or Gaza or beyond that, I think is just true as a blanket statement. But beyond that, I admit I am too ignorant to weigh in on anything more substantive than that.

But I think it's our darn good start to stop attacks on innocent civilians. All right, I need to preface this next story with a content warning. I'm about to talk about how people are using generative AI to create images depicting sexual violence against children, which is obviously a deeply disturbing topic, and I wanted to give you listeners the opportunity to skip ahead or to stop listening. I think it's something we can't ignore, but I also think

that your mental health is important. So if you feel the need to just nope out of this next story, no judgment here, I totally understand. The Guardian posted a story about how the Internet Watch Foundation or IWF in the UK found almost three thousand instances of AI generated child abuse images, at least according to this group, So the organization says that such material is poised to quote

overwhelm the Internet end quote. I don't know how true that is, but if in fact it is easy to produce such content, then it does stand to reason that we're going to encounter more of it in the future. So, according to the group, people who are using AI to make these terrible images are an indication that the AI models in question must have had real life images of abuse to use as training material. Because generative AI can't make stuff out of a vacuum. It has to be

trained first, and that's also really disturbing. The organization also said that people were using this technology to take pictures of clothed children and then alter those pictures to try and show what those children might look like without clothing.

So it's truly abhorrent stuff. And while the threat of a flood of AI generated abuse material is already horrifying, the IWF worries that this is going to make real world instances of abuse harder to detect and thus make it more difficult to rescue child victims from abusive situations. The IWF specifically identified a generative AI tool that's called stable Diffusion from the company stability AI as the tool

that these folks were using to create the images. Stability AI had a representative that told The Guardian the company quote prohibits any missus for illegal or immoral purposes across our platforms, and our policies are clear that this includes ce sam end quote SEESAM, by the way, stands for

child sexual abuse material. It is unclear to me if this means Stability AI has actually built in guardrails and those guardrails have somehow failed, or if the company is just attempting to distance itself from the ways its customers are using its products. Okay, We're going to now take a quick break to think our sponsors. We'll be back with some more tech news in a moment. We're back

so here. In the United States, a collection of more than thirty attorneys general across the nation have filed a lawsuit against the company Meta aka the former Facebook. The attorneys general argue that the company has no implemented harmful features, including ones meant to addict users to staying with the product for as long as possible, and that the company

has targeted young people, including children, in these efforts. The attorney's general argue that the company's practices have led to harm by promoting material by algorithm, and that some of this material contributes to mental health issues and other problems like eating disorders. The lawsuits argue that Meta has encouraged and profited off of hurting young people and contributing to

a decline in mental health. Andy Stone, whom I think of as the mouth of Meta, said, we're disappointed that, instead of working productively with companies across the industry, to create clear, age appropriate standards for the many apps teens use. The Attorneys general have chosen this path, and I imagine Meta is very disappointed now, y'all. I have been extremely critical of Meta as well as platforms, and I do believe these companies profit off of misery in lots of

different ways. I would suggest that the extent to which these companies actually cause misery is not fully known or understood. I'm not sure that we can draw firm conclusions between correlation and causation here. So I've said this before. There's sometimes a tendency to say that people encounter problems with

mental health after they spend increasingly long hours on social media. However, it could be that people who already have mental health issues are more prone to being active on social media for longer hours, rather than the other way around. I don't know where the truth lies. I'm sure it's somewhere in the middle. I doubt it's as easy as one extreme or the other. But my point is this is a really tricky issue. You know, clearly, we do have

an obligation to protect you generations. That is important. We should be prioritizing the health and wellness of people in general. But we also need to make sure whatever measures we take to do that actually addresses the issue and not just a symptom. And I am not sure that we've identified the issue right. I mean, the symptom is clearly there. It is undeniable to say that metas algorithms have promoted things that are not healthy to various users. I've seen

it myself. For me, I have seen when logging into Facebook, promotions of stuff that is clearly not healthy. Uh. And so that's obvious. But whether that's actually contributing to harm, that's harder to say. I'm not saying that it doesn't exist, but that we kind of need more information about it before we can make definitive conclusions. If it does mean that we cut back on the harmful stuff or the stuff that scams or are promoting things that are bad, I'm all for it. I would like to see less

of that anyway. I just don't know that you can justify it as someone needs to protect the children. It's a complicated issue, and I normally keep article recommendations for the end of episodes, but in this case, I actually have one that is relevant to this story. I think it's by Caitlin Vogus of the Freedom of the Press Foundation. So clearly there is a particular perspective being brought here. And the article is titled Kids Online Safety Act will

censor the News. So this piece is all about how a particular piece of legislation could have a chilling effect on speech in general, even in ways that go beyond the intended purpose of the law. And again, I think

this is a really complicated issue. It's one that is highly charged emotionally because child safety is a factor, right, and that's obviously important, but it's also important to consider all the factors and consequences of our response to problems, because we may just exacerbate problems or create all new ones in the process. So, yeah, an important read. I think. I don't think it's the definitive answer either. I just think it's something that has to be brought into consideration.

And I can't pretend that I have the answer. I certainly don't. I just think it's really important to consider different perspectives before you make any conclusion. Now we move on to X the service formerly known as Twitter. Just a couple of little stories to talk about today, So I'm not gonna do my normal Twitter dump. So first up, X is rolling out new features on the platform that support audio and video calls, so before I started recording, I checked to see if the rollout had reached me,

but no dice. However, I think this particular feature may only be applicable for people who are using the X app on their phones. I don't do that. I installed Twitter Ages ago and I never put it on when it became X, so I don't have the app. I only check the service if I use the web browser version. So I suspect that I wouldn't have access to this one way or the other because I think it only goes to people who have the app version. But other people report that upon opening their app they see a

notification announcing the arrival of audio and video calls. These work within the Direct Messages system, so if you open a DM with a user, you can select a little phone icon to try and initiate a call with that person, but you can't just call anyone, which I think must be a huge relief to a lot of the folks who are still using X. So the feature first requires that users turn it on with a toggle in the settings for Twitter or X in this case, so you

would be prompted to go into your settings and toggle on on the support for audio and video calls. Then you can also choose the types of users that you will engage in calls with, so that might just be people who are on your contact list, it might be people that you follow, or it might only be verified users,

or some combination of the three. And I'm very relieved to hear that, because I'm sure there's no shortage of folks who still use that service who otherwise would be flooded with call requests whenever they open the app, and that would be miserable. According to the Verge, it is not yet clear if any x user will be able to access this feature once it is fully rolled out, or if this will be kept just for those who subscribe to the premium service. If I had to guess,

I'd say it was the second category. I think Musk has been pushing really hard to create features for premium users to encourage more adoption of subscribers. Don't know how

well it's going, but I suspect that's the case. Also, this is related to X. Slack has sunset its integration with that platform, so once upon a time, Slack users could incorporate Twitter and then later X into their workspace and be able to access features of Twitter through Slack, But due to changes in x's Application Programming Interface or API, Slack has chosen to end that support. The company has also announced it is retiring its status account on X,

so it's closing out its own Twitter profile. So it sounds like Slack and X are kind of going their separate ways. In a previous News episode, I talked about how there's a growing concern among US lawmakers that algorithmically driven systems that set things like housing rental prices can lead to an anti competitive situation, one in which landlords are effectively engaging in collusion, even if they're doing so unknowingly by relying on this app to help them set

rental prices. Essentially, software that's intended to help landlords factor in how much they should set their rent based upon the competitive market, when it's distributed across enough landlords in a region, transforms into a price fixing scheme. Again, that

might be unintentional, but effectively that's what it's become. You get enough people using this tool, the tool starts to end up manipulating prices across the entire region, and next thing, you know, prices creep up, and you've got yourself in any competitive situation. So now the US Department of Justice has issued a notice of potential participation, which is a sort of preamble into a possible prosecution against the company that makes the software. It's called real Page, by the way,

and the filing states quote. The government has a particularly substantial interest in addressing the proper application of Section one of the Sherman Act fifteen USC. Section one to the use of algorithms by competitors to help set pricing. Company's use of algorithms in price setting, often in an effort to increase pricing, has become more prevalent in the modern economy. As a result, the issues involved in this case are of increasing significance to the application of antitrust laws across

the economy. End quote. Now, the DOJ plans to first observe how an ongoing civil case related to this matter plays out before it decides on making a move. So there's no guarantee yet that the US government will get more heavily involved in this matter, but it is a

distinct possibility. Last year, General Motors and Honda announced a project to create an EV platform that would ultimately lead to cheaper electric vehicles in markets like the United States, North America in general, South America, that kind of thing. But now that project is on the rocks. The companies have pulled out of it and stated, quote, after extensive studies and analysis, we have come to a mutual decision to discontinue the program. Each company remains committed to affordability

in the EV market end quote. So it appears that one of the major hurdles that faced the project has been in the field of battery production. GM developed a battery called Ultium, and this battery costs less to produce than other older types of EV batteries. However, GM ran into production bottlenecks all along the supply chain, and those bottlenecks meant that there were delays in manufacturing, which of course means that critically, there were delays in delivering vehicles

to customers, and that's a huge problem. Meanwhile, vehicles that were built using older, more expensive batteries didn't have these same production issues. They've got a production line that is mature, so that wasn't interrupted. The cheaper one was the one that just could not get established, and for those of US EV models that are say, within our price range, this is a pretty disappointing setback. All Right, we're gonna take another quick break. When we come back. I've got

a few more news items I want to cover. We're back, So Sarah Kay brent Is, one of the co founders of Google, has a big old airship that now has the green light to go fly In Brinn founded a company a few years back named LTA Research. LTA stands for Lighter than Air, so the goal was to build lighter than air airships that could transport stuff like cargo and supplies, specifically for humanitarian aid missions. The first of the company's airships is called the Pathfinder one, and now

it can start to have test flights. It has received clearance from the US Federal Aviation Administration or FAA, and the Pathfinder one is according to the I triple E I EEE or IE, as I used to say, it is the largest aircraft to fly since the Hindenberg. However, unlike that tragic dirigible, which famously caught fire and exploded, it does not rely upon hydrogen as a lifting gas. Instead, it relies on the non combustible gas helium to provide lift.

So again, the Hennenberg relied on hydrogen, which is highly combustible and explosive. You know, you get hydrogen and oxygen in an environment and you add a flame and you get a big flash. Don't do it, by the way, it's very dangerous. Helium, however, doesn't do this, And the reason why hydrogen was used was not because people just thought it would be okay. It's because hydrogen is a

better lifting gas. It's about eight percent more efficient to lift a weight using hydrogen than helium, at least according to one estimate I saw. It's capable of lifting more mass than helium is, so in order to lift the same structure with helium, you have to have much more

helium right now. To get around this deficit in lifting capacity, LTA Research relied heavily on using very lightweight materials like polymer tubes, reinforce with carbon fiber, and titanium in an effort to build out frames and an airship that was liftable through helium. A single pilot is all that's needed to control this airship. The company does plan to use two pilots for their tests. The control systems have redundancy, which is good. You always want redundant systems for safety.

The gondola attached to the airship was created by the Zeppelin Company. That's a throwback to the old dirigible days, right Zeppelin. The gondola can hold up to fourteen people, but LTA Research stresses that no passengers will actually be allowed on the test flights, only the pilots in order to maintain safety and to truly test the vehicle without putting people at risk unnecessarily. The airship measures one hundred

twenty four meters in length. That is a monster. It will initially conduct tests while remaining anchored to a point on the ground on a mast, essentially, so they're not going to be free flying the tests, at least not initially. LTA Research already has an even larger airship in production, which is called the Pathfinder three. When complete, it will

measure an incredible one hundred and eighty meters long. So the plan is to use these airships to deliver aid to remote locations that are difficult or impossible to access via land or sea. So I really like that it's not like meant to be some sort of billionaire pleasure craft where you can just casually fly across the region the country below you and enjoy, you know, expensive luxuries. That's not what this is intended to do. It's intended to get relief to places that otherwise would be very

hard to reach. I don't know if this is the most efficient way to do that. I don't know if it's a better alternative than other plans, which would include things like, you know, drones or whatever. But I like that that is the application for this technology. We'll have to wait and see if it turns out to be a practical one. It may not be, but I think it's cool to at least have the potential for darrigibles to take flight once again, more than just promotional purposes

at sporting events. Tech Radar reports that Microsoft is very hurt when new Windows users launch Microsoft Edge only to download the installer for Google Chrome, which of course is a rival web browser to Edge, and Microsoft is so hurt they want to know why you did it. Apparently, using Edge to download the installer for Google Chrome now prompts a pop up that contains a poll asking you

why are you doing this? So the reasons you can pick include I can't search Google easily, I can't access my Google documents, I don't have my favorites or passwords. Here too many ads and pop ups. I don't like the news feed, it's too slow. My websites don't work on Microsoft Edge, and my reason is not listed. I'm personally a little disappointed that they don't have It's not you, It's me, or I'm washing my hair. I think those

should have made the cut. Christina Terek at tech Radar points out that using Edge does mean that the user often has to deal with a lot of like pop ups and suggestions that primarily direct people to other Microsoft products. Same thing's true of Windows. Heck, this morning, when I was launching my computer, I got a whole bunch of suggestions for Windows related stuff that just popped up unprompted. Fun times. She also points out that Edge's newsfeed doesn't

have a really good reputation. A lot of people complain that the articles and elements included in the news feed are lower quality. They're not properly factual or useful. But Microsoft, you're coming across a little bit clingy, if you ask me.

Joe rosignol Over at mac rumors dot Com wrote a piece yesterday about an upcoming Apple Online event which is scheduled for this coming Monday, and the rumor is that this event will at least in some part focus on high end gaming on Apple devices, including on Mac computers. So Apple, of course has had a very long history with gaming, sometimes in a positive way, other times in

a negative way. Some of the earliest computer games I ever played were on an Apple to E computer, although technically I think my very first computer game was Hunt the Wumpus on the TI ninety nine for a home computer.

And then there was a time where game developers largely ignored Apple platforms because Apple had a fairly small percentage of the overall market share for desktop computers and it just didn't make sense to pour the resources into creating games for a platform that had very few people using it. So there was a reputation for a while that Apple computers just were not good for gaming, not because they weren't powerful enough, but because game developers weren't making stuff

for them. But if Rosignol is right, it seems as though Apple is now poised to really push Mac computers as a serious gaming platform, and that the Mac computer is the perfect machine to run triple A titles on high settings while incorporating features like ray tracing, for example, which deals with how a computer handles lighting in graphics. I'm sure I will report next week, which we'll actually

be on Thursday. Next week. We will not have a news episode on Tuesday because we have another Smart Talks with IBM episode scheduled for that day, but on Thursday I will try and follow up with this and see whether or not Apple really did emphasize gaming in that presentation on this upcoming Monday. Now, I previously mentioned one article recommendation earlier in this episode. Before I conclude, I do have one other recommendation. This is a piece that

is on BBC dot com. It's by Victoria Wollaston and it's titled the Surprisingly Subtle ways Microsoft word has changed the way we use language Now. I'm always fascinated at how we shape tech and how tech in turn shapes us. And sometimes these changes are not really happening consciously, Like it's not an intentional thing. It's just something that kind of happens through use and adoption, and it can lead to really unanticipated consequence. It's not necessarily bad ones, sometimes

just interesting ones. So I think this article is a great example of detailing how that happened with Microsoft Word. So check it out. And that's it for the news for today, Thursday, October twenty sixth, twenty twenty three. I hope you are all well and I will talk to you again really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows.