Tech Brew Ride Home - Mon. 05/11 – Why Call it “Thunderspy” and not “Thunderstruck” or “Thunderstorm?”

Episode Date: May 11, 2020

A flaw in Thunderbolt basically means no computers are secure. Qualcomm’s new flagship chip. Eric Schmidt has finally left the Googleplex. Detecting malware via grayscale images. Apple is reopening ...stores, and we might have a new tech IPO as soon as next month. Sponsors: Tinycapital.com Links: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (Wired) Qualcomm's latest mobile gaming chip packs faster graphics and global 5G (Engadget) Eric Schmidt, who led Google's transformation into a tech giant, has left the company (CNET) Microsoft and Intel project converts malware into images before analyzing it (ZDNET) Microsoft adds protection against Reply-All email storms in Office 365 (ZDNET) Apple plans gradual reopening of US retail stores beginning next week (9to5Mac) Apple to reopen stores in US starting next week (CNBC) Online Car Seller Vroom Files Confidentially for IPO (WSJ) Book mentioned: Atrocities by Matthew White Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the TechMeme right home from Monday, May 11th, 2020. I'm Brian McCullough today. A flaw in Thunderbolt basically means no computers are secure. Qualcomm's new flagship chip. Eric Schmidt has finally left the Googleplex detecting malware via grayscale images. Apple is reopening stores, and we might have a new tech IPO as soon as next month. Here's what you missed today in the world of tech. A researcher says that Thunderbolt ports have an unpatchable flaw that could allow us.
Starting point is 00:01:07 hackers with physical access to the port to have the ability to circumvent data safeguards. This so-called Thunder Spy attack takes less than five minutes to pull off and it affects any PC manufactured before 2019. So some new PCs are not affected. And actually, I've seen some reports that AMD chips might not be affected, but quoting from Wired. On Sunday, Eindhoven University of Technology researcher Bjorn Reuttenberg revealed the detail of a new attack method he's calling ThunderSpy. On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer and even its hard-disc encryption to gain full access to the computer's data. And while his
Starting point is 00:01:56 attack in many cases requires opening a Target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. That opens a new avenue to what the security industry calls an evil-made attack, the threat of any hacker who can get a lone time with a computer in, say, a hotel room. Ratenberg says there's no easy software fix, only disabling the Thunderbolt port altogether will work. Quote, all the evil-made needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, re-attach the backplate, and the evil maid gets full access to the laptop, says Reitenberg, who plans to present his Thunder Spy research at the Black Hat Security Conference this summer,
Starting point is 00:02:40 or the virtual conference that may replace it. Quote, again, all of this can be done in under five minutes, end quote. Security researchers have long been wary of Intel's Thunderbolt interface as a potential security issue. It offers faster speeds of data transfer to external devices, in part by allowing more direct access to a computer's memory than other ports, which can lead to security vulnerabilities. A collection of flaws in Thunderbolt components known as ThunderClap, revealed by a group of researchers last year, for instance, showed that
Starting point is 00:03:10 plugging a malicious device into a computer's Thunderbolt port can quickly bypass all of its security measures. As a remedy, those researchers recommended that users take advantage of a Thunderbolt feature known as security levels, disallowing access to untrusted devices or even turning off Thunderbolt altogether in the operating system settings. That would turn the vulnerable port into a mirror USB and display port. But Reitenberg's new technique allows an attacker to bypass even those security settings, altering the firmware of the internal chip responsible for the Thunderbolt port, and changing its security settings to allow access to any device.
Starting point is 00:03:45 It does so without creating any evidence of that change visible to the computer's operating system, end quote. So can I just underline again what this all means. If your computer has a Thunderbolt port, an attacker who gets even brief access to it could read and copy all of your data even if your drive is encrypted and even if your computer is locked or set to sleep. So not good. As Caitlin Chippenow tweeted, quote, Thunder Spy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with secure boot, strong BIOS and operating system account passwords,
Starting point is 00:04:25 and enabled full disk encryption, end quote. While Nicholas Magand tweeted, quote, Say what you will about the VGA port, but it had never let us down like this. Thunderbolt, more like Thunderdolt, end quote. Qualcomm has officially unveiled the Snapdragon 768G processor with faster graphics performance and global 5G support. By faster performance, let me be specific.
Starting point is 00:04:57 Apparently 25% faster CPU and GPU and. GPU performance compared to the Snapdragon 765G, MMWave, and also sub-6 gigahertz 5G with 120 hertz at 1080P resolution. This is from Engadget. The 2.8 gigahertz cryo-475 CPU is estimated to run about 15% faster than the 2.4 gigahertz part in the 765G, while the Adrino 620 graphics promise a similar performance boost, including 120 hertz support at 1080p. This is also the first Snapdragon 700 series chip to support upgradable GPU drivers, letting you fine-tune the visual performance, almost like you would with a gaming PC. Network speed matters as well, of course. The 768G is part of Qualcomm's second wave of 5G-capable systems on a chip, and that means
Starting point is 00:05:54 global 5G with both millimeter wave and sub-6 gigahertz frequencies for, quote, all key regions. You can expect speeds of up to 3.7 G. BPS downstream and 1.6 GbPS upstream, although that likely means getting very, very close to an MM wave 5G site, end quote. Sources are reporting that Eric Schmidt has left his role as technical advisor to alphabet. In fact, he reportedly left in February, thereby ending his 19-year tenure at Google. Quoting CNET, Schmitt's role at Google had gradually diminished after he stepped down as CEO in 2011. Still, his ties to the company have spurred blowback as Schmidt increased his work on U.S. military initiatives. Schmidt chairs the Defense Innovation Board, an advisory group aimed at bringing new technology to the Pentagon,
Starting point is 00:06:52 including advancements in machine learning. He's also chairman of the National Security Commission on Artificial Intelligence, which advises Congress on AI for defense. Critics, though, worry Schmidt could unfairly push Google's financial interests when it comes to his work with the military. Earlier this week, New York Governor Andrew Cuomo said Schmidt would serve as chair of a commission that will be tasked with updating that state's technological infrastructure and practices during and after the coronavirus pandemic. The group will tackle subjects including telehealth, internet broadband, and remote learning, Schmidt said.
Starting point is 00:07:27 The appointment also prompted concerns about the influence of big tech in the public sector, especially given Google's past data privacy scandals. Schmidt 65 joined Google after serving as CEO of Software Maker Novell. He was introduced to Google founders, Page and Bryn by two of Google's most prominent backers at that time, venture capitalist John Doer of Kleiner Perkins and Mike Moritz of Sequoia Capital. During Schmidt's tenure, the company expanded beyond its roots as a search engine, to tackle other technologies including mobile phones and online video. It also adopted a corporate structure that reflected its growing financial success.
Starting point is 00:08:03 Schmidt helped take the company public in 2004, a stock market debut that made him a billionaire. Schmidt still holds about $5.3 billion in the company's stock, end quote. A couple of cool solutions to tell you about today. First, Microsoft and Intel have developed an approach to detecting malware that this is clever. involves first converting its binary form into a gray scale image and then applying deep learning methods to analyze the image, which is pretty wild, right? Quoting ZDNet. The Intel Microsoft research team said the entire process followed a few simple steps. The first consisted of taking an input file and converting its binary form into a stream of raw pixel data. Researchers then took
Starting point is 00:08:54 this one-dimensional pixel stream and converted it into a 2D photo so that, no, normal image analysis algorithms can analyze it. The width of the image was selected based on the input files size. The height was dynamic and resulted from dividing the raw pixel stream by the chosen width value. After assembling the raw pixel stream into a normal looking 2D image, researchers then resize the resulting photo to a smaller dimension. The Intel and Microsoft teams said that resizing the raw image did not, quote, negatively impact the classification result, and this was a necessary step so that the computational resources won't have to work with images consisting of billions of pixels, which would most likely slow down processing. The resized images were then fed into a pre-trained deep neural network that scanned the image, 2D representation of the malware strain, and classified it as clean or infected.
Starting point is 00:09:48 Microsoft says it provided a sample of 2.2 million infected portable, executable file hashes to serve as a base for the research. researchers use 60% of the known malware samples to train the original DNN algorithm, 20% of the files to validate the DNN, and the other 20% for the actual testing process. The research team said, Stamina achieved an accuracy of 99.07% in identifying and classifying malware samples with a false positive rate of just 2.58%. Microsoft is also rolling out something that it has tested internally. something called a reply-all storm protection feature for Office 365 customers.
Starting point is 00:10:37 Once you hear what this does, you can see why this might be more than welcome. In essence, this tool will let IT staff detect and head off one of those horrible situations when someone at your company replies all to everyone in your entire company, and well, you know how that goes. Aside from it being annoying, something like that can actually cause company email servers to go down. This even happened recently at Microsoft in January of last year and, in fact, just last month, clogging that company's internal communications for hours. Quoting once more from ZDNet, the feature started rolling out this week to all Office 365 users worldwide. In its current form, Microsoft says the reply-all storm protection feature will block all email threads
Starting point is 00:11:23 with more than 5,000 recipients that have generated more than 10 reply-all sequences within the last 60 minutes. Once the feature gets triggered, Exchange Online will block all replies in the email thread for the next four hours, helping servers prioritize actual emails and shut down the reply-all storm. Microsoft said it would also continue working on the feature going forward, promising to add controls for Exchange Admins so they can set their own storm detection limits. Other plan features also include Reply All Storm Reports and real-time notifications to alert administrators of an ongoing email storm so that they can keep an eye on the email server's status for possible slowdowns or crashes.
Starting point is 00:12:02 And since Microsoft had had its own run-ins with email storms recently, its own network provided the best testing round for the feature. Quote, humans still behave like humans, no matter which company they work for, the exchange team said this week. We're already seeing the first version of the feature successfully reduced the impact of reply all storms within Microsoft, end quote. Late Friday, Apple announced that it will begin reopening some of its U.S. stores this week, starting with select stores in Idaho, South Carolina, Alabama, and Alaska.
Starting point is 00:12:39 Apple will limit the amount of customers that it is letting in to these stores at any one time and will also check temperatures at entry, quoting 9 to 5 Mac. The company closed the majority of its 510 locations worldwide in the first half of March and has recently taken steps to restore critical support and service functions at a handful of stores across Australia, Austria, Germany, and South Korea. To reopen in the U.S., Apple is implementing precautions similar to those it tested when stores reopened in Asia, Europe, and Australia, end quote. End quoting from CNBC.
Starting point is 00:13:13 Apple has only six stores in those states named and did not confirm that all of them are opening next week. Overall, Apple has 510 stores globally and 271 stores in the U.S. Apple said that the primary focus of the stores would be. will be fixing products and that it will put safety procedures in place to protect staff and customers from the coronavirus, including temperature checks for employees and customers, social distancing, and face coverings for employees. Quote, our new social distance protocol allows for a limited number of visitors in the store
Starting point is 00:13:44 at one time, so there may be a delay for walk-in customers. We recommend, where possible, customers buy online for contact list delivery or in-store pickup, Apple said in a statement, end quote. And finally, here's something that I didn't expect to wake up to this morning. Online used car seller Vroom has apparently filed confidentially for an IPO, setting its sights on a June debut. In its most recent round of funding, just this past December, Vroom was valued at $1.5 billion, and in case I'm slurring a bit, I should be clear that I'm saying V-R-O-O-M, quoting the Wall Street
Starting point is 00:14:28 Journal. Vroom hopes to draft behind rival Carvana, a better-known online car seller whose shares have jumped sevenfold since its 2017 IPO. After falling 80% during the broader market sell-off in March, Carvana's shares have recovered to trade near record levels. With social distancing measures keeping consumers at home, online car sellers could benefit at the expense of traditional dealers if buyers opt for digital shopping and at-home delivery experiences over visiting dealer lots. Market volatility this year has largely quieted the market for IPOs across many industries in the U.S. in the first two weeks of April, only two companies went public raising a few hundred million dollars, according to data provider deal logic. And only one tech company has gone public
Starting point is 00:15:16 in all of 2020, according to data from IPO expert Jay Ritter, a finance professor at the University of Florida. Some of last year's offerings have performed poorly, including ride-hailing companies Uber and Lyft, while WE company, parent of office sharing company, WeWork, nearly collapsed after pooling its IPO last fall, end quote. Yeah, quite brave of Vroom to be the first company sticking its head out above the parapet at this moment, although I can see based on what we just said that maybe they think they're well positioned for the current COVID reality, and fortune does sometimes favor the bold. Though apparently until recently Vroom, while primarily, primarily known for selling used cars online, still sold more than half of its cars via traditional
Starting point is 00:16:02 dealerships. So maybe that's what this is about. They need this extra capital to go whole hog into the virtual sales space. Another book recommendation that I just stumbled across this weekend, some real data porn for you data nerds or history nerds or just sociology nerds, I guess. The book is called atrocities. And it's by this day. dude Matthew White, who for years has maintained the historical atlas of the 20th century website. A few years ago, he published atrocities, which outlines the deadliest episodes in human history. Like, he literally ranks them in order. What were the worst wars, the worst natural disasters, genocides, etc., over the course of human history? How many people really died? What were the
Starting point is 00:16:54 contours of each, etc.? This book actually came out several years ago, but it's new to me, and I was someone who was brought up with things like the Book of Lists and the Guinness Book of World Records, so this is right up my alley, even if the subject matter is grim. But look, what can I tell you? I do want to know how many people the Roman Gladiator Games killed over the years. I want to hear about things that I've never heard of before, like the Fangla Rebellion, or the debate over the real death toll of the 30 years war, or I'm just stunned to learn that the war of the Spanish succession was way more,
Starting point is 00:17:29 deadly than I ever knew. Anyway, if you're into this sort of stuff, it's super nerdy, super grim, but super fun. Link to the book in the show notes. It's called atrocities. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.