Welcome to Tech Stuff, a production from iHeartRadio. Hey thereon Welcome to Tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeartRadio. And how the tech are you. I am still in Las Vegas, Nevada. You can probably tell that my voice is going. I did a lot of talking yesterday. I had to do some recordings of the Restless Ones podcast, and I did a lot of chatting with other folks, and yeah, I don't know if I'm coming down with anything. I sure hope I'm not.
I've been masking every time I can, whenever I'm going out in public, and I recommend that y'all who have to go out in public do the same if you can, because obviously COVID is having another surge, and I want folks to be safe. And hopefully all I have is just like wear and tear on the old vocal cords and that's it. We'll obviously be very careful and keep checking. But in the meantime, we have some tech news to
get to, so let's talk about that. Officials here in the United States, as well as some in Japan, have announced the discovery of a Chinese hacker attack that is infiltrating organizations by compromising older routers. You can read up on this in Ours Technica. There's an article by Dan Gooden. The article is titled Backdoored firmware lets China State hackers control routers with magic packets. The article goes into a
lot of technical detail. I'm not going to bother doing that here because this is really just a news item. But essentially this hacker group, which has lots of different names, I'll just choose one of them, which is black Tech. First, they have to get access to a system. Now how they do that doesn't really matter. It's just they need to get access. First, administrative access, like administrator level access
to be specific. They might get that through some compromise login credentials, perhaps from another hacker group, maybe they use social engineering, but whatever. First they get that access. With that administrator level access to the system, they then push an older version of firmware to certain routers, older routers that don't have a protection against this kind of attack. And typically they're targeting routers that are on the edge
of networks. So for example, they might target a branch office of a larger company, partly because they're less likely to be noticed, and that security won't be quite as robust as it would be if it were at HQ. Now, because these routers have a trusted relationship with all the other computer systems that are connected to that company, the hackers are then able to get widespread access to the
full organization. They target the edge routers, they infect those, and then they snoop around Good and explains in his piece that the more recent router hardware that has come out over the last couple of years includes protections against this type of attack, But obviously most organizations aren't updating their routers regularly. They do so when they need to, and determining if your system has been affected it seems like it's not very easy or straightforward, particularly if the
hackers are actually being really careful. So it's another example of how cyberwar is a real ongoing thing and that state backed hackers continue to infiltrate both companies and public organizations. As for the magic packets, those are little small packets of data that the hackers are using essentially to open or close backdoor access into these systems, and typically the magic packets kind of blend in with overall network traffic
so that's kind of why they were called that. Back in July, word got out that hackers had leveraged a stolen Microsoft certificate to gain access to the email systems belonging to really large organizations, including the United States State Department. Now, the New York Times report that the hackers stole around sixty thousand emails, primarily from ten email accounts. Further, nine of those ten accounts belong to members of the State
Department who are working on projects that involve East Asian affairs. Now, the State Department has not formally accused China of being behind the attacks, but that seems to be the implication here. The hack has sparked conversations within the US government on how to harden systems against hacker attacks, including the possibility of moving away from single vendor solutions like using Microsoft.
And while there's an element of closing the barn door after the horse has already escaped going on here, I do think putting all your trust in a single vendor can lead to massive problems down the line. But honestly, there aren't really any easy, fully reliable solutions here. Security researchers revealed that all modern GPUs, that is graphics processing units have their own way to compress data. But even though they're each using a different method, that method can
be exploited to steal pixels from a website. Which sounds weird, right, but essentially here's how it works. You get hackers and they create a malicious website that has the same name but a different domain as their target. So let's say they've identified a target website that they don't have access to directly, maybe it's behind some sort of protective measure, So they create a different website has the same name but a different domain, so instead of dot com, maybe
it's dot biz. Now in this malicious version of the website, they include an iframe. The iframe serves as a spot where you can embed other content into your website. So one common use for iframes is to embed ads in them, and that allows the site to swap ads out dynamically and the iframe kind of holds its place. They then rely on the GPU's data compression scheme to pull pixels into a side channel, and they pull it from the target website. You reconstruct what appears on your target site.
So you might have a corporate website that's usually behind protection and the hackers create a malicious site named the same thing, but on a different domain, and by stealing pixels, they can recreate what was on that target website, potentially gaining access to sensitive data, including things like you know, log in credentials. The researchers were mostly showing that this
is possible. They didn't indicate that it's an active concern, Like, they didn't say that this is something that they're seeing actively deployed out there, but that in fact the hardware across all GPU manufacturers allows for this, and since it is possible, sooner or later someone will do it. Right, So there are ways to block pixels stealing. Most of
those involve website administrators being proactive on the matter. They can build stuff into the header of a web page that will protect against that kind of thing, but that's a lot of work. It is also probably, you know, it's likely, I think that we're going to see companies that make web browsers that facilitate this kind of attack
to address that in the future. The European Union issued a report stating that after analyzing various social network platforms out there, one in particular stands out when it comes to the proliferation of disinformation. Do you have any guesses?
If you said X marks the spot, meaning the platform formerly known as Twitter, you win a prize a virtual donut enjoy Anyway, the EU previously established a voluntary code of practice on disinformation, and tons of platforms signed to pledge and that they would follow this voluntary code, so that includes Google and YouTube, meta primarily Facebook and LinkedIn. They all signed it, along with like forty other platforms.
It also used to include X, but at last May Elon Musk decided that X was going to peace out of that voluntary code. Now, researchers in the EU say that disinformation is spreading like wildfire on X and that the problem is only getting worse. Also, X has recently disabled a feature that used to allow users to report
cases of misinformation about elections. So this means, assuming those EU researchers are right that X is not just the worst when it comes to preventing misinformation and disinformation from propagating across their system, they are actively turning off features that would do anything about it, which is a big old yikes. An article in the LGBTQ Nation reveals that TikTok is working with the government of Kenya to restrict
and remove LGBTQ plus content from the platform within Kenya's borders. Now. This is because Kenya's government has banned same sex sexual relationships, and currently the government is also considering an additional law that would hunish homosexuality with a lifetime prison sentence. TikTok has already deplatformed and demonetized TikTok users in Kenya who,
according to the country's laws, have posted restricted content. Apparently, TikTok CEO has committed to not only being more active to remove LGBTQ plus content from the platform within Kenya, but to also launch a campaign to urge users to instead post quote unquote positive content, which sounds disturbingly close to conversion therapy. In my opinion, it's really ugly stuff and my heart goes out to the people of Kenya.
This week, Meta announced an update to its line of smart glasses, previously known as Stories, but to be really formal about they are now known as ray Ban Meta smart Glasses. The glasses have a pair of cameras in them when at the top of each corner of the frames, and they contain five microphones that are meant to provide better sound pickup when you use your glasses, you know,
take a phone call or something. They also have speakers that the company says will make it easy for the wearer to hear what's playing on their glasses, but it won't, you know, irritate the living heck out of everybody else who happens to be nearby. The glasses can take about five hundred photos at twelve megapixel resolution or around one hundred and thirty second long video clips at ten ADP before you end up using up all the storage on
the device and it's time to offload stuff. The battery reportedly is good for like four to six hours of use, and they come in a case that can also serve as a charger, and the case itself can hold enough battery juice to recharge the glasses several times before the case itself needs to be recharged. You can also live
stream while wearing these glasses too. The controls include both a touch system and the stems of the eyeglasses and voice commands, and essentially these things do some of, but not all, of the stuff that Google Glass did years ago, but they do look a lot better. They do not as far as I can tell, create any sort of ar view of the world around you, which Google Glass could sort of do. And already folks are worried about
privacy issues with these glasses. They're concerned that you could be on video or have someone snapping pictures of you without your knowledge or consent. Now I get that concern. It's a legit concern, don't get me wrong, But y'all, that's already happening. There are so many cameras out there, whether they're in phones or in security systems like in door bells or in cars, So I pretty much guarantee
that you're on camera frequently throughout an average day. But I do understand how it gets creepy when you're talking about someone wearing the camera on their face. Anyway, Meta is taking pre orders on these things, which start at around two hundred and ninety nine US dollars, and they'll start shipping in mid October. So maybe your Halloween costume can be invasive surveillance. That's a fun one. All right, We're gonna take a quick break and we're gonna come
back with more news in just a moment. We're back. Reddit indicated this week that it will remove the opt out feature for personalized ads, or at least some Reddit users around the world. So the new policy says that Reddit will take your activity on the platform and then use that to decide which ads to display to you. So let's say you spend a lot of time on subreddits that are dedicated to gaming, Well, then you're more likely to see ads related to gaming while on Reddit. Right.
It says this is for your benefit, But there are a lot of users who are upset because the message that they're picking up on is Reddit is determined to track their behavior across the site and there's no way to tell Reddit to knock it off. And while Reddit says users all around the world will be able to opt out of personalized advertising based off of quote unquote information and activity from our partners, only users in select locations will actually be able to opt out of personalized
ads based off their activity on Reddit itself. I'm guessing those select locations will be places like the European Union, which has some pretty strict rules in place when it comes to user privacy, and any place that doesn't have those kind of rules, Redd, it's going to be tracking you like crazy. And now, the latest in the long
arduous story of Microsoft's plan to acquire Activision Blizzard. When last we left our tail, Microsoft was working hard to convince regulators in the UK that the deal would not result in an anti competitive situation within the world of console gaming in general and cloud based streaming gaming in particular. Well last week that regulatory agency gave provisional approval to
the acquisition, so that roadblock was removed. But now the United States Federal Trade Commission has once again objected to this deal. Now, they previously attempted to secure an injunction against the deal closing, but a US District Court judge denied that request and said that the FTC had failed to produce evidence that this deal would actually be harmful
toward competition. The FTC then appealed that ruling, but then withdrew the complaint not that long afterward, and it turns out that was temporary because now they have submitted the appeal again to the Ninth Circuit Court of Appeals. Once the regulators in the UK gave their provisional approval, and then once the court actually gives a decision one way or the other, the FTC plans on an evidentiary hearing
on the matter. Now This on the surface sounds bad for Microsoft and Activision Blizzard, but they could still go through with their deal because there's no injunction against it, and that deal is scheduled to close on October eighteenth. Then once the deal is closed, they can worry about any ongoing legal issues they might face after the fact, but by then the deal will already be done. So what I'm seeing is that most analysts think this deal will finally close next month, and now for a few
AI stories, it's always going to be that. In a tech Stuff News episode, an SEO consultant named Gagan Gotra brought some concerning information about Google Bard conversations. So it turns out if someone has a conversation with google Bard, which I'm just going to remind you that's Google's AI
powered chatbot. It's similar to Open AI's chat GPT, specifically, as it is integrated with bing, well, if you then share a link of that conversation with someone else, then Google will actually index that conversation, which means that conversation with google Bard can pop up in future search results. So let's say that you and a coworker are using google Bard to help develop a business plan and this is something that you do not want to share outside
of your organization. When you share that conversational link to your coworker, the link itself becomes indexable, and then Google's web craller will index the conversation, and if someone else uses the right search query, that conversation can potentially pop up in those search results, and the information that you intended to be private has now been made public. Now, obviously there are all sorts of situations where indexing the barred conversation could turn out to be a really bad thing.
It's not that different from when open Ai had an issue with chat GPT, where the chatbot would occasionally give users access to other users chat histories with the chatbot. Now, in the Google case, we're not talking about a bug, we're talking about a feature. Because Gotra had an exchange with Google research scientist Peter Lieu, and Peter pointed out that the search engine will only end conversations if someone has clicked on the share button, and Goscher's reply was
the same one I would have made. Namely, I think most users would just assume that share just means you've elected to share that conversation with someone in particular not the whole world in general, but that appears to be the case. Once upon a time, when chat GPT first splashed on the scene, the chatbot could only draw information from before September twenty twenty one. It didn't have access to the real time web. It could not crawl the
web for current information. So you could not ask it about breaking news or anything like that because it literally just could not access those information sources. Now, back in July of this year, OpenAI created a subscription based tier of service that would let users rely on chat GPT through bing searches to access current information. But that feature
soon went away. Why because users figured out that they could use this particular feature to bypass paywalls and get to content that normally you would have to pay a subscription to access. That's not exactly something that either open ai or Microsoft wants to deal with, so the feature went offline. But now it's come back. OpenAI announced yesterday that through bing, it will let users access real time information using the chatbot, and it calls this authoritative. Now.
I personally find that designation questionable given how chatbots like chat GPT are prone to producing hallucinations or confabulations, which just means sometimes they make stuff up. So I'm not sure how authoritative you can actually claim to be. If you've been following the union strikes in Hollywood, you likely know that the Writer's Guild of America or WGA, has reached a provisional agreement with the Alliance of Motion Pictures
and Television Producers aka the AMPTP. A lot of the WGA's concerns relate to tech, ranging from how streaming companies determine payouts like residuals, to the role of artificial intelligence should play in film and television. The agreement, which WGA members will have to ratify in a vote, essentially says that the studios will not be able to compel writers to use AI, that any content that does involve generative AI has to be labeled as such, and that AI
is not eligible to get a writing credit. Now that's important when it comes to things like payments and residuals and so on, Considering the US courts have recently found that AI generated material is not eligible for copyright, I think these changes are ultimately of benefit to both the writers and the producers. Meanwhile, the actor strike still goes on. Okay, that's it for the news for today Thursday, September twenty eighth, twenty twenty three. Next week, I'll be back in Atlanta
and episodes will return as normal. They'll probably sound more like the older episodes and not weird because I'm recording in some hotel room in Las Vegas. So I hope you are all well, and I'll talk to you again really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows.