Tech Brew Ride Home - Wed. 04/01 - The Zoom Privacy Storm
Episode Date: April 1, 2020We’ve reached the end of the John Legere era. Samsung thinks we’ve reached the end of the LCD era. Comcast is inadvertently proving ISP datacaps are BS. Is Zoom a victim of its own success? And it...’s maybe not overstating things to say it’s past time Amazon should start thinking more humanely about… people. Sponsors: No Parking podcast TinyCapital.com Sponsors: Legere is out as T-Mobile CEO as Sprint merger officially closes (CNBC) Samsung Display to end all LCD production by end 2020 (Reuters) Marriott discloses new data breach impacting 5.2 million hotel guests (ZDNet) Comcast waiving data caps hasn’t hurt its network—why not make it permanent? (Ars Technica) Zoom Lets Attackers Steal Windows Credentials via UNC Links (Bleeping Computer) @c1truz_ thread about Zoom Amazon's Covid Hiring Boom Has Applicants Packed Into Job Fairs With No Special Precautions (Bloomberg) Amazon Struggles to Find Its Coronavirus Footing. ‘It’s a Time of Great Stress.’ (WSJ) Amazon's past catches up with it (The Interface) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the tech meme ride home for Wednesday, April 1st, 2020. I'm Brian McCullough. Today, we've reached the end of the John Leger era. Samsung thinks we've reached the end of the LCD era. Comcast is inadvertently proving ISP data caps are BS, is Zoom, a victim of its own success. And it's maybe not overstating things to say it's past time for Amazon to start thinking more humanely about people. Here's what you miss today in the world of tech.
As anticipated, John Leger has stepped down as T-Mobile CEO after that company successfully completed its merger with Sprint.
President and C.O.O. Mike Sievert takes over as the combined company's CEO. Quoting CNBC,
in an interview with CNBC's David Faber during Squawk on the street Wednesday, Severt said that T-Mobile plans to, quote, start lighting up 5G on what was Sprint's spectrum almost immediately.
that'll start to benefit consumers who have come from both sides of this merger immediately,
Sievert added. Asked by favor whether the current COVID-19 outbreak would slow development of 5G.
Severt said there may be some hiccups with local municipalities, but that the company is still pushing
forward. Quote, we've been classified as essential services, so we're allowed to continue operating,
he said. We've determined from a network standpoint, we can do that safely.
individual crews of one person, sometimes it's three, four, five people that arrive in separate
cars and work at a safe distance from each other.
Other than some issues around permitting, we don't see a slowdown in our ability to bring
this network to scale, end quote.
Yes, but how does he feel about wearing pinkish, purplish shirts every day?
Another changing of the guard, end of an era alert, Samsung display has announced that it will
end all of its production of LCD panels in South Korea and China by the end of 2020.
amid the falling global demand for LCD panels.
Quoting Anandek.
As recently as last year, Samsung display had two LCD production facilities in South Korea
and another two LCD plants in China.
Back in October, the company halted production of one of the South Korean factories
and now plans to suspend production of LCDs at the remaining three facilities
due to the low profitability and oversupply of traditional LCDs.
Instead, the company will be turning its attention
toward the quantum dot enhanced OLED displays.
A new technology for Samsung,
this would be distinct from the company's current Q-led displays,
which use quantum dots to enhance LCD displays.
Samsung previously announced their plans to invest a whopping $11 billion
in QD OLED production.
And now those plans are moving one step closer to completion
as the company gets ready to wind down traditional LCD production, end quote.
To quote a popular soccer song,
without actually singing it, if I can avoid it.
It's happened again.
Marriott has been forced to disclose a new data breach from mid-January that it says has affected
5.2 million hotel guests by exposing their personal contact information, including
mailing addresses and phone numbers.
Quote, according to a breach notification posted on its website, the hotel chain
learned of the security breach at the end of February when it discovered that
a hacker had used the login credentials of two employees from one of its franchise properties
to access customer information from the app's back-end systems. The hotel chain said that the
intruders had direct access to Marriott-Bonvoy loyalty data, such as contact details,
loyalty account information, additional personal details, partnerships, and affiliations,
and preferences. The hotel said that at this moment in the investigation, it did not believe
that the hacker gained access to account passwords, account pins,
payment card information, passport information, national IDs, or driver's license numbers, end quote.
Marriott launched a web portal where the apps users can check if they're one of the 5.2 million users
impacted by the security breach and what data the hacker might have accessed.
And let me re-up on this because I really want this to be reinforced in people's minds.
All of those years where ISPs were charging us for data caps because something, something,
hand-waving, limited capacity on networks or some such BS.
Once more, this crisis has revealed that, yes, that's exactly what it was.
It was all BS. Comcast has been among the ISPs that have been eliminating data caps during
the pandemic. And data from Comcast shows that that has had little effect on network data
speeds, even as peak traffic on those networks has increased as much as 32%.
Quoting Ars Technica, who breaks down why this is all BS. With Comcast's network performing so
well during the pandemic, why did Comcast's data cap exist in the first place? The answer has
always been money, of course. A Comcast executive once acknowledged in a Twitter reply that
imposing data caps is a business decision, not one driven by technical necessity. But it might be
useful to re-examine Comcast's previous
justifications for the data cap now that the
arbitrary limit is temporarily
gone and Comcast could face
public pressure to make it go away forever.
Comcast's official line
is that it imposes a data cap to ensure
fairness among its customers,
which is not the same thing as saying
data caps are necessary to prevent network
congestion. But Comcast
has occasionally spoken of internet data
as if it's a depletable resource
like water or gas.
Using more broadband
data is like driving farther in your car and thus using more gasoline or turning the air conditioning
on higher and, quote, consuming more electricity. The same is true for broadband usage. Comcast's CEO
Brian Roberts said in 2015, that's when the company was rolling the cap out through much of its 39
state territory. Comcast also makes sure to never call the data cap a data cap, but rather a data
plan. But Comcast's commitment to fairness coincidentally doesn't apply in the Northeast United States,
where it faces strong competition from Verizon's uncapped fiber-to-the-home Fios service. Comcast was giving
customers in the Northeast states unlimited data all along, even before the pandemic, despite
imposing the caps in 27 other states. Customers in Northeastern states don't experience this particular
brand of Comcast imposed fairness, but those customers don't seem to mind. Since,
they can use their internet as much as they like without paying overage fees, end quote.
So this is really becoming a thing. The rolling concerns about Zoom and security seem to be spreading.
Bleeping computer, for example, says a vulnerability in Zoom's Windows client would let attackers steal Windows
login credentials of users who click on malicious links inside chat messages.
Quote, the Zoom Windows client is vulnerable to UNC path injection in the client's chat
feature that could allow attackers to steal the Windows credentials of users who click on the link.
When using the Zoom client, meeting participants can communicate with each other by sending text
messages through a chat interface. When sending a chat message, any URLs that are sent are
converted into hyperlinks so that other members can click on them to open a web page in their
default browser. The problem is that security researcher A underscore God mode discovered that the
Zoom client will convert Windows networking UNC paths into a clickable link in the chat message as
well. You may be wondering what is so bad about that? Well, if a user clicks on a UNC
Pathlink, Windows will attempt to connect to the remote site using the SMB file sharing protocol
to open the remote cat.jpg file. When doing this, by default, Windows will send the user's
login name and their NTLM password hash, which can be cracked using free tools like
Hashcat, Dehash, or reveal the user's password, end quote. And on top of this, another security
researcher has found that Zoom uses what he calls shady techniques to install its Mac app without any
user intervention.
Quote, ever wonder how the Zoom MacOS installer does its job without you ever clicking install?
Turns out that they use slash abuse pre-installation scripts, manually unpack the app using a bundled
7 zip, and install it to applications.
If the user is in the admin group, no route needed.
If the app is already installed, but the current user is not admin.
They will use a helper tool called Zoom authentication tool and the authorization execute with privileges API to spawn a password prompt identifying as system to gain root, including a typo.
This is not strictly malicious, but very shady and definitely leaves a bitter aftertaste.
The application is installed without the user giving his final consent, and a highly misleading prompt is used to gain root privileges, the same tricks that are being used by macOS malware, end quote.
As Tom Warren notes in The Verge, the storm clouds that are gathering for Zoom are sort of a case of
with great popularity comes great scrutiny, right?
Once you're wearing the crown, people tend to be more interested in what you're up to, and yes,
ease of use is what has helped Zoom rise to the top of the video chat scrum, but sometimes
the methods that allow you to win can actually lead you to be the victim of your own success.
We've not even discussed the whole Zoom bombing phenomenon, where in
strangers can butt their way into your Zoom events and flash pornography or troll you, as recently
happened to an online meeting of members of Alcoholics Anonymous. I mean, the person administering a
Zoom call has little to no control over who can come and go inside the call and what they can do
when there. That seems like a pretty fundamental design flaw to me. Quoting Tom Warren,
ultimately, Zoom is feeling the effects of a rare moment for the app. The video conferencing app
was never designed for the myriad of ways consumers are now using it. Zoom doesn't require an
account. It's free for 40-minute meetings and it's reliable. The barriers to entry are so low and
the coronavirus pandemic so unusual that Zoom is suddenly in the spotlight as a crucial tool for many.
Zoom may well be forced to tighten up the very parts of its app that make it so appealing for
consumers and businesses alike in the coming months. The company now faces some tough
decisions on how to better balance its default settings, user privacy, and ultimately its ease of use.
Zoom's appeal has been its simple approach to video conferencing, but that crucial ingredient
now threatens to be its downfall unless it gets a firm grip on the growing concerns, end quote.
And Nilai Patel tweeted, quote, the biggest question facing Zoom is whether these gaffes are more
move-fast break-things mistakes or reflective of a deeper culture of disrespect for user privacy,
or both.
Also, you sort of expect these issues as consumer products go to the enterprise, but Zoom is an
enterprise product, and it appears that none of its enterprise customers did any sort of worthwhile
vendor security review, end quote. Remember how we reported that Amazon is hustling to try to
hire hundreds of thousands of new employees? Sources are telling Bloomberg that Amazon has
indeed been holding job fairs in various cities, but those job fairs took place in
packed rooms and followed no special precautions while also ignoring social distancing guidelines.
Just going to read from this lead from Bloomberg.
In March, a laid-off customer service representative for one of the airline companies attended
an Amazon employee orientation in Dallas. He found himself packed into a room with about
70 other applicants sitting shoulder to shoulder to watch a PowerPoint presentation about
what it's like to work for the online retailer. The man who provided a smartphone
photo to document his experience, said the event was exactly like one he attended last year for a seasonal
holiday job with Amazon. In other words, there were no special precautions to keep attendees safe
from the coronavirus. When the man raised concerns about the crowded conditions, he said an Amazon
manager mocked him and a fellow recruit sneered. Quote, they made jokes and told me to leave if I was
unhappy, he said, adding that one manager said Amazon's operations were exempt from the rules because
the company is considered an essential service. Quote, they didn't care one time.
bit, end quote. The former customer rep took the job, but still worries about getting sick.
Amazon also ignored official social distancing guidelines at hiring events near Portland, Oregon,
and in Kenosha, Wisconsin, according to two applicants. A fourth person who attended an Amazon
job fair in West Jefferson, Ohio, said she was sent home and asked to return another day because
the gathering was too crowded, suggesting precautionary measures are in place, at least at some
events or Amazon is changing its practices, end quote. Yeah, remember some months ago when I was
speculating as to whether or not it seemed like Amazon had suddenly pivoted into lawless,
reckless cowboy mode? Yeah, well, I want to end today by also flagging this analysis of Amazon
from Casey Newton in his newsletter this morning. Yeah, Amazon has been struggling to keep up with
the coronavirus surge all this month. We know this. We empathize. The Wall Street Journal says that
every day of March has basically been the equivalent of Black Friday for Amazon. Home and
kitchen items, for example, as a category, are up 1,181% this month. Quote, Amazon has been processing
from 10 to 40% more packages than normal for this time of year, according to an employee tally at
One Delivery Center. The company's website had 639 million visits for the week of March 9th,
according to data from Comscore up 32% from the year earlier. From February 20th to March 23rd,
Amazon's sales of toilet paper increased 186% from the year earlier period, according to
analytics firm Commerce IQ, which said that before the coronavirus hit, it had forecast a 7% increase
for the period. Commerce IQ said sales of cough and cold medicine grew 8662,000.
percent compared with a forecast growth rate of 110 percent, and children's vitamins by 287 percent
compared with a forecast rate of 49 percent, end quote. Okay, fair enough. But Casey also makes a point
worth considering, quote, the story of Amazon's struggle against the coronavirus is not simply one of
demand. It's also a story about the company's increasingly fractious relationship with its own workforce.
For years now, a growing body of journalism has documented how Amazon's relentless
drive for efficiency, especially in its fulfillment centers, has led to injury and even death.
And now these employees are working shoulder to shoulder with colleagues who may be infected
with a deadly virus and spreading it before they can even show symptoms.
COVID-19 has demonstrated the limits of a workplace that continuously pushes workers to the point
of harm in the name of efficiency.
When 60% of those workers stop coming into the office for fear of death, as happened recently
at a fulfillment center in Southern California, the efficiency of the system is revealed as a lie.
It's true that few businesses could have capably prepared for the havoc that will be wreaked by a global
pandemic, but it's also true that Amazon's delivery delays are a long time in the making.
And it's the company itself just as much as the coronavirus that deserves the blame, end quote.
I guess when you're an efficiency hammer, every worker just looks like an efficiency nail to be pounded into the ground until the nails can't take it anymore.
Is that the most tortured metaphor I've ever employed on this show? Still, it's worth Amazon stopping and considering. No matter how much they might wish it was otherwise, their entire infrastructure still depends on people and people can only bend so far, especially
in times of crisis. Sometimes actually building in humane allowances can have efficiency benefits
that you don't anticipate, and they can come in handy in times of crisis. Hey, you know, I didn't have
to talk about any stupid tech April Fool's jokes today. So there's that. Maybe among the things
that coronavirus will cancel going forward will be that dumb tradition, which I still blame on Google,
but the old Google, the good Google,
when it was still a goofy and fun company and again a good one.
Anyway, talk to you tomorrow.