July 5, 2024 • 21 mins
There's a lot of hacker news this week, with updates on the severity of the Ticketmaster hack, a credit union in California is doing its best to restore services after a ransomware attack, and a Chinese company turned an innocent, helpful tool into a malicious trick. Plus more!
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Welcome to tech Stuff, a production from iHeartRadio. Hey there,
and welcome to tech Stuff. I'm your host Jonathan Strickland.
I'm an executive producer with iHeart Podcasts. And how the
tech are you? It's time for the tech news for
the week ending July fifth, twenty twenty four. And y'all.
(00:27):
One of the tricky things about designing a website is
that you can't know which browsers your users are going
to be relying upon when they visit it. So you
might build a site that works great in certain current browsers,
but if you go back a generation or three, maybe
things aren't quite so seamless. But you still have people
(00:48):
out there who are relying on those browsers. So what
do you do. Do you try and design for the
lowest common denominator. Well, for many web designers, one work
around for this problem resided on an online code library
called polyfilm. The project is an open source one that
would put JavaScript code up on a polyfil account and
(01:11):
that would allow websites to include just a particular URL
link in the website design, and the library would work
with older browsers and allow them to display web pages
properly so that you know, you would still see the
way the web page was supposed to be laid out,
So it offloaded a lot of work for web designers.
You could just include this link and it would do
(01:34):
the work for you. But then earlier this year, a
Chinese company called finuln Ul or Funnel maybe it's funnel
funnel makes more sense anyway, they purchased both the GitHub
account that hosted this library, as well as the domain
name for the polyfil site, and last week a cybersecurity
(01:56):
company called Sansec alerted the world that what you to
be that JavaScript code is now code that redirects visits
to other websites, mainly ones related to porn or gambling.
That's not great. The security firm also said that the
code was designed so that it wasn't redirecting all the time,
and this was probably an effort to hide the fact
(02:19):
it was doing it at all, right, Like if it
was only doing it in certain hours, then it was
going to avoid detection longer. But it wasn't long before
various web companies began to block the domain entirely, and
the guy who first built polypill posted a message urging
website administrators to remove links to the Online Code Library.
(02:39):
Ours Technica's Dan Goodin reports that nearly four hundred thousand
sites are still linked to the library despite these warnings,
including sites that are connected to the US federal government,
which is a big old wompwomp. So these aren't just
little independent websites out there that are falling victim to this.
Some of those websites are connected to assive companies and
(03:01):
other organizations, you know, groups that should absolutely prioritize removing
malicious links and code from their web pages. But I
can't bust the USA's chops too much on this because,
as good In reveals in his article, more than half
of all the websites that are still linking to Polythyl
are actually in Germany, which is a big old achluliba.
(03:21):
In the end, this story shows that supply chain attacks
can really be effective. So that's when hackers aren't targeting
end companies, organizations, or individuals. Instead they target the tools
and services that those end targets are relying upon. So
you poison the supply chain and you hit a lot
of targets. It's also a black mark against Chinese companies
(03:43):
continuing to cause chaos online. Speaking of supply chain attacks.
What happens when the company that you count on for
added security is the target of hackers. That's a question
folks are asking after authe au Thhy, a two factor
authentication app, got hit by hackers. More specifically, the company
that makes Authee, a company called Twilio, revealed that hackers
(04:06):
had managed to access a limited amount of customer information,
apparently limited to just around thirty three million cell phone numbers. Now.
Authee is an app that generates codes meant to authenticate
users as they log into various services. I actually have
an Authee account so that I can log into Twitch,
for example. So I think there's a certain assumption among
(04:27):
users that the service is also secure because it exists
solely to aid in the security of other services. You
think if it's a company that's in the security business,
it should be pretty safe. And yet Twillio has confirmed
that hackers access to and quote unquote unauthenticated endpoint to
steal the list of customer phone numbers. While that information
(04:49):
has limited value, it does mean that the hackers might
rely on the data to conduct phishing attacks, or more
likely sell the data for cheap on a black market
where other people can use it for phishing attacks and such.
We're not done with hacking news yet. A group called
Shiny Hunters says its attack on Ticketmaster landed the group
some really valuable information. I'm talking seriously valuable, like more
(05:13):
than twenty two billion dollars valuable. And as such, the
group has increased its initial ransom demand, which was originally
one million dollars, up to eight million dollars. It has,
in the mortal words of Darth Vader, altered the deal.
Pray they do not alter it further. So what's going
(05:33):
on here? All right? So the hackers breached Ticketmasters systems
back in May, I'm pretty sure I talked about on
our previous news episode, and in the process, the hackers
were able to access a ton of information, and that
includes around four hundred and forty thousand tickets to Taylor
Swift shows. You know, she's like the hottest ticket in town,
(05:55):
no matter what town it is. And the hackers have
all the information they need to do stuff like produce
fraudulent but working tickets. They could do that because they
have all the data. So imagine that you show up
to a Swift concert and then you find out that
your legitimate ticket that you purchased months ago no longer
works because you know someone else has beaten you to it,
(06:17):
and this is a ticket you purchased for some ungodly
amount of money, because, let's face it, Ticketmaster is a
real beast of a company, and it also has beastly
convenience and processing fees to boot. But because hackers were
able to steal your ticket information, they produced a copy.
Maybe they produced a whole bunch of different copies. Maybe
they scalped all those tickets to unsuspecting buyers. There could
(06:40):
be one hundred other people who bought your ticket information
and they're also stuck waiting outside because whomever got there
first is currently sitting in your seat and they're waiting
for blank Space to start playing. That's actually the only
Taylor Swift song I know off the top of my head. Anyway,
the hackers also have information about all the people who
have bought tickets. They have personal identifiable information, and that
(07:04):
could mean that they could reach out to the customers
and pose as ticket Master. They could say, hey, we
have recovered your tickets. They were part of this breach,
but we have it. We need to secure x amount
of money in order to send you the updated information
and they're just exploiting you. That's a possibility. Maybe they
sell your information online and other hackers use your information
(07:27):
to conduct spear phishing campaigns against you. I mean, if
you're the sort of person who has spent hundreds or
one thousands of dollars on a concert ticket, then you
could end up being a very attractive target for exploitation
down the line. According to hack Read, the stolen information
includes nearly a billion sales orders and half a billion
unique email addresses, plus four hundred million encrypted credit cards
(07:50):
records with partial details unencrypted. Now, the encrypted credit card
information at the very least means the hackers don't have
immediate access to that information. Encryption is a tough thing
to break us, particularly if you're using really good encryption,
so they might not be able to ever get that
credit card information. But this is a really ugly hack
that has affected millions of Ticketmaster customers. So what's the
(08:12):
company going to do? Well? I do not know, but
I bet this is not going to look good in
the antitrust lawsuit that the US government has brought against
Live Nation, which is Ticketmaster's parent company. Now, do you
think we're done with hacker stories this week, don't bank
on it literally. Ransomware hackers targeted the Patelco credit Union
in California. According to John Broadkin of Ours Technica, we're
(08:35):
going to have a lot of Ours Technica stories for
the second half of this episode. But apparently the hackers
used a phishing email to trick someone within the organization
to activate malware that quickly began encrypting data in Patelco's systems,
and it locked that information away from the credit union.
Just as the credit card information being encrypted means that
(08:56):
hackers can't easily get to the credit cards. Well, if
hackers in encrypt all of an organization's data on their
systems and their servers, then the organization has no access
to their legitimate information. So among the many services that
have been disrupted by this massive attack are online banking,
which is a big one. The actual attack happened on
(09:17):
June twenty ninth, and the credit union chose to shut
down several of its services sort of as a protective
measure to prevent the hack from spreading throughout the entire system. So,
according to the credit Union, that includes stuff like quote transactions, transfers, payments,
and deposits end quote, you know, the basic functionality of
a bank, So direct deposits were also affected, but according
(09:39):
to the bank, cash and check deposits are still working,
So that sounds like for the time being, Patelco customers
will have to go to a physical location in order
to make deposits or withdrawals. They may also have had
their personal information compromises part of this attack. In fact,
patel coasys you should assume that's the case. They have
also said that the credit union will work with law
(10:02):
enforcement to provide protection to those customers. Now, if I
were to guess, I would say that would be things
like credit protection and maybe some id theft protection that
will last for like a year. That's a pretty common
thing that companies will offer in the wake of a
breach like this, but this is a particularly bad one.
It does really illustrate the fact that companies need to
(10:25):
really drill home the proper security measures that employees need
to follow in order to avoid these kinds of attacks.
Hackers will take any advantage they can to do this
sort of thing, and they will target organizations that are
particularly vulnerable like banking. Medical organizations are another big one,
(10:46):
because there's a huge incentive for the company to pay
off the ransom and get regain access to all that information.
But as I've always said, keep in mind, paying the
ransom is typically a bad idea. One, there's no guarantee
you're going to get everything back, or that the hackers
aren't going to keep copies of all the information and
(11:07):
then sell it on the black market. Two. Paying the
ransom sends the message, hey, these attacks work, they make money,
and then hackers will just step it up. So paying
ransoms is typically pretty bad. But at the same time,
if it's a mission critical kind of thing, I get
how it's hard to just shrug your shoulders and say, well,
we're just going to take a loss on this one. Okay,
(11:28):
we're going to take a quick break. When we come back,
we've got some more tech news stories to cover. Okay,
we're back, and we've got some more Ours Technica stories,
because there were a ton of good ones this week.
So Ashley Bellinger of Ours Technica, she's actually got a
(11:50):
couple of stories in this week's episode, has a disturbing
piece about AI and it's titled AI trains on kids
photos even when parents use strict privacy settings. So this
piece is all about how AI companies with image generators
have been using posted photos across the web to train
(12:11):
those models, even in cases where the platforms that are
hosting these photos have specific rules against data scraping, or
platforms where parents have settings where they can opt into
denying permission for the use of their children's pictures so
they can explicitly say I do not want these photos
(12:31):
used for anything else. And yet it appears that these
image generator models have still been using those kinds of
images to train up and that's awful. It is an
enormous violation of privacy. And researchers with the Human Rights
Watch have discovered that these companies have hundreds of photos
of children from vulnerable populations. That makes us even more horrifying.
(12:53):
It's not just kids, which is already bad enough, but
kids from disadvantaged communities where they don't have access to
the kinds of tools or services that others might have
to fight this kind of thing. Not that fighting it
is that easy in the first place, but it's even
harder for these folks. So the researcher said that the
metadata connected to these images sometimes also includes personal information
(13:16):
about the children, which is obviously an even bigger privacy
and security risk, and the generator also creates images based
off these reference photos. Right Like image generator companies say
that their AI isn't plagiarizing off of other people, just
as AI text generator companies say that the text generator
doesn't plagiarize. But there have been plenty of cases where
(13:39):
people have pointed out, hey, that's not entirely true. Like
you can spot elements that seem to be directly lifted
from source material, and if not directly lifted, so heavily
influenced by that source material as to constitute a copy.
So I think it's really important to read this piece.
There's a lot more that Ashley Bellinger writes about in
(14:01):
her article. I highly recommend reading it again. That's on
ours Technico if you want to check out the full
story now. She also has a piece titled tool Preventing
Aimmicry Cracked Artists Wonder What's next. This is kind of
related because it also has to do with AI generation
and specifically image generation. So as the headline indicates, a
(14:24):
tool that some online artists use called Glaze has recently
been called into question as to whether or not it
is a really great defense So glaze works by inserting
data into images, and that data alters the images in
ways that aren't noticeable by humans. In a way, you
could say it corrupts the information of the image itself.
(14:46):
And a computer that's scanning these images doesn't know that
the superfluous data isn't necessary. It thinks it's part of
the image. Because computers aren't looking at pictures, they're looking
at the information that makes up that picture and replicating
or working off of that. So if you're poisoning the
(15:07):
images by inserting some meaningless information that doesn't really show
up in the finished picture when you're looking at as
a human being, then the computer thinks, oh, well, this
is a necessary component of this kind of image for
this particular style. Like it's looking at the metadata and saying, oh,
this is the artist who created this image. If someone
(15:27):
asks me to create an image in the style of
this artist, I will take this data in an effort
to produce that kind of image. But because of the poison, right,
because of the superfluous data, it might take that noise
and boost the noise. So what you'll end up with
is an image that does not look like the reference material,
(15:49):
which is that's the whole point of glaze. It's to
poison the reference material so that artists can retain their
unique styles and not worry about computers copying it. But
now there are a pair of orobloms facing artists who
want to use glaze. So one is just that doing
so requires going through an approvals process with Glaze, and
the demand for the tool has exceeded the team's capacity
(16:10):
for keeping up with those requests, so there's a bottleneck there.
The other problem is that some researchers have come forward
saying that Glaze's methods aren't really bulletproof and that AI
will inevitably evolve to defeat these protections. So it's kind
of like a seesaw approach, and we've actually seen that
in other security measures like captures are a great example.
You know, experts would design a new test that in
(16:32):
theory is easy for humans to do but hard for machines.
But then eventually the computer scientists train up machines so
that they can do these tests as well as are
sometimes even better than humans can, and it requires a
complete redesign of the capture test, and so it goes.
The same thing could be going on in image generating
AI and the efforts to foil it and again. To
(16:54):
learn more about this, read Bellinger's article on ours Tetnica.
She does a phenomenal job breaking it all down again.
That's titled tool Preventing AI mimicry. Cracked artists wonder what's next? Now,
I'm sure all of y'all out there had the experience
of setting up a new television and scrolling through all
the options to find out how the heck you can
turn off motion smoothing. This is that feature that removes
(17:15):
motion blur, and that might look great if you're watching
a live sports event, but for everything else, well, a
lot of people really hate that effect, including me. This
is what gives everything that kind of soap opera look.
You could argue that the reason why classic films and
television look the way they do really becomes part of
a combination of limitations on the technology as well as
the costs of production. But it means that we have
(17:38):
certain concepts that we associate with what looks like cinema
or looks like TV, and motion smoothing kind of violates that. Well,
back in early June, Roku turned on motion smoothing by
default and there's no way to turn it off, which
has prompted William Joel of The Verge to write a
(17:58):
very entertaining piece title Dear Roku, you ruined my TV.
So Joel writes about how Roku has removed the choice
from users, forcing them an experience that many people do
not like. Well worth the read. It's over on the Verge.
Go check that out. Particularly, you should read it if
you happen to be an executive at Roku and you're
wondering why your customers are so agitated. It's been a
(18:21):
year since Meta launched its competitor to x, formerly known
as Twitter. Meta's platform is called Threads, which takes its
name from earlier abandoned Meta projects, and this week Mark
Zuckerberg announced that Threads hit one hundred and seventy five
million users, which is impressive but also shows that Meta
users have not been adopting Threads as quickly as they
have other platforms like Instagram. Zuckerberg did not go into
(18:42):
detail on stuff like daily users or anything like that,
and if I were a betting man, I would wager
that the reason Zuckerberg did not share those numbers is
that they aren't very impressive, because I'm guessing on a
daily basis, people just aren't going to threads that much. Yes,
there's one hundred and seventy five million users total, but
how many of those are going to threads regularly? So
the question is will Threads gain more purchase and user
(19:04):
mind share? And also how is X doing during all
this stuff? Honestly, I have no clue. My perception is
that things that X aren't going great, but that's largely
down to how you know, there's these ongoing challenges the
company is facing when it comes to convincing advertisers that
the ads they are paying for are not going to
show up next to hate speech. In November twenty twenty three,
(19:28):
Amazon launched an ambitious product called Astro, which is a
home robot, a little wheeled CTC robot that can roll
around your house and keep an eye, well, you know,
keep a keep cameras and sensors on how things are going.
And the company also introduced an enterprise version of that
bought Astro for business, so it's a device intended for
(19:49):
corporations and such. Now, less than a year after launch,
Amazon has announced is discontinuing the enterprise version. Customers that
bought one will receive a full refund, which is around
twenty three hundred and fifty bucks plus a few hundred
dollars in credit because their security system is going to
stop working. Once Amazon shuts down the servers on September
(20:09):
twenty fifth, it will brick these little robots. The company
has said it will continue to develop robotics for the home,
so it sounds like the consumer version of Astro will
continue to receive support at least for now, and that
Amazon is apparently working on successors to that twenty twenty
three model. As for Astro, for business models, they cannot
(20:30):
be switched to work as consumer versions, so Amazon is
sending customers shipping label so they can ship off these
former security robots back off to Amazon so they can
go to the recycling center, which seems like a pretty
sad fate for the cute little fillers. Okay, that's it
for the tech news for the week ending July fifth,
twenty twenty four. I hope you are all well and
(20:52):
I'll talk to you again really soon. Tech Stuff is
an iHeartRadio production. For more podcasts from iHeartRadio, visit the
iHeartRadio app, Apple Podcasts, or wherever you listen to your
favorite shows,
Welcome to tech Stuff, a production from iHeartRadio. Hey there,
and welcome to tech Stuff. I'm your host Jonathan Strickland.
I'm an executive producer with iHeart Podcasts. And how the
tech are you? It's time for the tech news for
the week ending July fifth, twenty twenty four. And y'all.
(00:27):
One of the tricky things about designing a website is
that you can't know which browsers your users are going
to be relying upon when they visit it. So you
might build a site that works great in certain current browsers,
but if you go back a generation or three, maybe
things aren't quite so seamless. But you still have people
(00:48):
out there who are relying on those browsers. So what
do you do. Do you try and design for the
lowest common denominator. Well, for many web designers, one work
around for this problem resided on an online code library
called polyfilm. The project is an open source one that
would put JavaScript code up on a polyfil account and
(01:11):
that would allow websites to include just a particular URL
link in the website design, and the library would work
with older browsers and allow them to display web pages
properly so that you know, you would still see the
way the web page was supposed to be laid out,
So it offloaded a lot of work for web designers.
You could just include this link and it would do
(01:34):
the work for you. But then earlier this year, a
Chinese company called finuln Ul or Funnel maybe it's funnel
funnel makes more sense anyway, they purchased both the GitHub
account that hosted this library, as well as the domain
name for the polyfil site, and last week a cybersecurity
(01:56):
company called Sansec alerted the world that what you to
be that JavaScript code is now code that redirects visits
to other websites, mainly ones related to porn or gambling.
That's not great. The security firm also said that the
code was designed so that it wasn't redirecting all the time,
and this was probably an effort to hide the fact
(02:19):
it was doing it at all, right, Like if it
was only doing it in certain hours, then it was
going to avoid detection longer. But it wasn't long before
various web companies began to block the domain entirely, and
the guy who first built polypill posted a message urging
website administrators to remove links to the Online Code Library.
(02:39):
Ours Technica's Dan Goodin reports that nearly four hundred thousand
sites are still linked to the library despite these warnings,
including sites that are connected to the US federal government,
which is a big old wompwomp. So these aren't just
little independent websites out there that are falling victim to this.
Some of those websites are connected to assive companies and
(03:01):
other organizations, you know, groups that should absolutely prioritize removing
malicious links and code from their web pages. But I
can't bust the USA's chops too much on this because,
as good In reveals in his article, more than half
of all the websites that are still linking to Polythyl
are actually in Germany, which is a big old achluliba.
(03:21):
In the end, this story shows that supply chain attacks
can really be effective. So that's when hackers aren't targeting
end companies, organizations, or individuals. Instead they target the tools
and services that those end targets are relying upon. So
you poison the supply chain and you hit a lot
of targets. It's also a black mark against Chinese companies
(03:43):
continuing to cause chaos online. Speaking of supply chain attacks.
What happens when the company that you count on for
added security is the target of hackers. That's a question
folks are asking after authe au Thhy, a two factor
authentication app, got hit by hackers. More specifically, the company
that makes Authee, a company called Twilio, revealed that hackers
(04:06):
had managed to access a limited amount of customer information,
apparently limited to just around thirty three million cell phone numbers. Now.
Authee is an app that generates codes meant to authenticate
users as they log into various services. I actually have
an Authee account so that I can log into Twitch,
for example. So I think there's a certain assumption among
(04:27):
users that the service is also secure because it exists
solely to aid in the security of other services. You
think if it's a company that's in the security business,
it should be pretty safe. And yet Twillio has confirmed
that hackers access to and quote unquote unauthenticated endpoint to
steal the list of customer phone numbers. While that information
(04:49):
has limited value, it does mean that the hackers might
rely on the data to conduct phishing attacks, or more
likely sell the data for cheap on a black market
where other people can use it for phishing attacks and such.
We're not done with hacking news yet. A group called
Shiny Hunters says its attack on Ticketmaster landed the group
some really valuable information. I'm talking seriously valuable, like more
(05:13):
than twenty two billion dollars valuable. And as such, the
group has increased its initial ransom demand, which was originally
one million dollars, up to eight million dollars. It has,
in the mortal words of Darth Vader, altered the deal.
Pray they do not alter it further. So what's going
(05:33):
on here? All right? So the hackers breached Ticketmasters systems
back in May, I'm pretty sure I talked about on
our previous news episode, and in the process, the hackers
were able to access a ton of information, and that
includes around four hundred and forty thousand tickets to Taylor
Swift shows. You know, she's like the hottest ticket in town,
(05:55):
no matter what town it is. And the hackers have
all the information they need to do stuff like produce
fraudulent but working tickets. They could do that because they
have all the data. So imagine that you show up
to a Swift concert and then you find out that
your legitimate ticket that you purchased months ago no longer
works because you know someone else has beaten you to it,
(06:17):
and this is a ticket you purchased for some ungodly
amount of money, because, let's face it, Ticketmaster is a
real beast of a company, and it also has beastly
convenience and processing fees to boot. But because hackers were
able to steal your ticket information, they produced a copy.
Maybe they produced a whole bunch of different copies. Maybe
they scalped all those tickets to unsuspecting buyers. There could
(06:40):
be one hundred other people who bought your ticket information
and they're also stuck waiting outside because whomever got there
first is currently sitting in your seat and they're waiting
for blank Space to start playing. That's actually the only
Taylor Swift song I know off the top of my head. Anyway,
the hackers also have information about all the people who
have bought tickets. They have personal identifiable information, and that
(07:04):
could mean that they could reach out to the customers
and pose as ticket Master. They could say, hey, we
have recovered your tickets. They were part of this breach,
but we have it. We need to secure x amount
of money in order to send you the updated information
and they're just exploiting you. That's a possibility. Maybe they
sell your information online and other hackers use your information
(07:27):
to conduct spear phishing campaigns against you. I mean, if
you're the sort of person who has spent hundreds or
one thousands of dollars on a concert ticket, then you
could end up being a very attractive target for exploitation
down the line. According to hack Read, the stolen information
includes nearly a billion sales orders and half a billion
unique email addresses, plus four hundred million encrypted credit cards
(07:50):
records with partial details unencrypted. Now, the encrypted credit card
information at the very least means the hackers don't have
immediate access to that information. Encryption is a tough thing
to break us, particularly if you're using really good encryption,
so they might not be able to ever get that
credit card information. But this is a really ugly hack
that has affected millions of Ticketmaster customers. So what's the
(08:12):
company going to do? Well? I do not know, but
I bet this is not going to look good in
the antitrust lawsuit that the US government has brought against
Live Nation, which is Ticketmaster's parent company. Now, do you
think we're done with hacker stories this week, don't bank
on it literally. Ransomware hackers targeted the Patelco credit Union
in California. According to John Broadkin of Ours Technica, we're
(08:35):
going to have a lot of Ours Technica stories for
the second half of this episode. But apparently the hackers
used a phishing email to trick someone within the organization
to activate malware that quickly began encrypting data in Patelco's systems,
and it locked that information away from the credit union.
Just as the credit card information being encrypted means that
(08:56):
hackers can't easily get to the credit cards. Well, if
hackers in encrypt all of an organization's data on their
systems and their servers, then the organization has no access
to their legitimate information. So among the many services that
have been disrupted by this massive attack are online banking,
which is a big one. The actual attack happened on
(09:17):
June twenty ninth, and the credit union chose to shut
down several of its services sort of as a protective
measure to prevent the hack from spreading throughout the entire system. So,
according to the credit Union, that includes stuff like quote transactions, transfers, payments,
and deposits end quote, you know, the basic functionality of
a bank, So direct deposits were also affected, but according
(09:39):
to the bank, cash and check deposits are still working,
So that sounds like for the time being, Patelco customers
will have to go to a physical location in order
to make deposits or withdrawals. They may also have had
their personal information compromises part of this attack. In fact,
patel coasys you should assume that's the case. They have
also said that the credit union will work with law
(10:02):
enforcement to provide protection to those customers. Now, if I
were to guess, I would say that would be things
like credit protection and maybe some id theft protection that
will last for like a year. That's a pretty common
thing that companies will offer in the wake of a
breach like this, but this is a particularly bad one.
It does really illustrate the fact that companies need to
(10:25):
really drill home the proper security measures that employees need
to follow in order to avoid these kinds of attacks.
Hackers will take any advantage they can to do this
sort of thing, and they will target organizations that are
particularly vulnerable like banking. Medical organizations are another big one,
(10:46):
because there's a huge incentive for the company to pay
off the ransom and get regain access to all that information.
But as I've always said, keep in mind, paying the
ransom is typically a bad idea. One, there's no guarantee
you're going to get everything back, or that the hackers
aren't going to keep copies of all the information and
(11:07):
then sell it on the black market. Two. Paying the
ransom sends the message, hey, these attacks work, they make money,
and then hackers will just step it up. So paying
ransoms is typically pretty bad. But at the same time,
if it's a mission critical kind of thing, I get
how it's hard to just shrug your shoulders and say, well,
we're just going to take a loss on this one. Okay,
(11:28):
we're going to take a quick break. When we come back,
we've got some more tech news stories to cover. Okay,
we're back, and we've got some more Ours Technica stories,
because there were a ton of good ones this week.
So Ashley Bellinger of Ours Technica, she's actually got a
(11:50):
couple of stories in this week's episode, has a disturbing
piece about AI and it's titled AI trains on kids
photos even when parents use strict privacy settings. So this
piece is all about how AI companies with image generators
have been using posted photos across the web to train
(12:11):
those models, even in cases where the platforms that are
hosting these photos have specific rules against data scraping, or
platforms where parents have settings where they can opt into
denying permission for the use of their children's pictures so
they can explicitly say I do not want these photos
(12:31):
used for anything else. And yet it appears that these
image generator models have still been using those kinds of
images to train up and that's awful. It is an
enormous violation of privacy. And researchers with the Human Rights
Watch have discovered that these companies have hundreds of photos
of children from vulnerable populations. That makes us even more horrifying.
(12:53):
It's not just kids, which is already bad enough, but
kids from disadvantaged communities where they don't have access to
the kinds of tools or services that others might have
to fight this kind of thing. Not that fighting it
is that easy in the first place, but it's even
harder for these folks. So the researcher said that the
metadata connected to these images sometimes also includes personal information
(13:16):
about the children, which is obviously an even bigger privacy
and security risk, and the generator also creates images based
off these reference photos. Right Like image generator companies say
that their AI isn't plagiarizing off of other people, just
as AI text generator companies say that the text generator
doesn't plagiarize. But there have been plenty of cases where
(13:39):
people have pointed out, hey, that's not entirely true. Like
you can spot elements that seem to be directly lifted
from source material, and if not directly lifted, so heavily
influenced by that source material as to constitute a copy.
So I think it's really important to read this piece.
There's a lot more that Ashley Bellinger writes about in
(14:01):
her article. I highly recommend reading it again. That's on
ours Technico if you want to check out the full
story now. She also has a piece titled tool Preventing
Aimmicry Cracked Artists Wonder What's next. This is kind of
related because it also has to do with AI generation
and specifically image generation. So as the headline indicates, a
(14:24):
tool that some online artists use called Glaze has recently
been called into question as to whether or not it
is a really great defense So glaze works by inserting
data into images, and that data alters the images in
ways that aren't noticeable by humans. In a way, you
could say it corrupts the information of the image itself.
(14:46):
And a computer that's scanning these images doesn't know that
the superfluous data isn't necessary. It thinks it's part of
the image. Because computers aren't looking at pictures, they're looking
at the information that makes up that picture and replicating
or working off of that. So if you're poisoning the
(15:07):
images by inserting some meaningless information that doesn't really show
up in the finished picture when you're looking at as
a human being, then the computer thinks, oh, well, this
is a necessary component of this kind of image for
this particular style. Like it's looking at the metadata and saying, oh,
this is the artist who created this image. If someone
(15:27):
asks me to create an image in the style of
this artist, I will take this data in an effort
to produce that kind of image. But because of the poison, right,
because of the superfluous data, it might take that noise
and boost the noise. So what you'll end up with
is an image that does not look like the reference material,
(15:49):
which is that's the whole point of glaze. It's to
poison the reference material so that artists can retain their
unique styles and not worry about computers copying it. But
now there are a pair of orobloms facing artists who
want to use glaze. So one is just that doing
so requires going through an approvals process with Glaze, and
the demand for the tool has exceeded the team's capacity
(16:10):
for keeping up with those requests, so there's a bottleneck there.
The other problem is that some researchers have come forward
saying that Glaze's methods aren't really bulletproof and that AI
will inevitably evolve to defeat these protections. So it's kind
of like a seesaw approach, and we've actually seen that
in other security measures like captures are a great example.
You know, experts would design a new test that in
(16:32):
theory is easy for humans to do but hard for machines.
But then eventually the computer scientists train up machines so
that they can do these tests as well as are
sometimes even better than humans can, and it requires a
complete redesign of the capture test, and so it goes.
The same thing could be going on in image generating
AI and the efforts to foil it and again. To
(16:54):
learn more about this, read Bellinger's article on ours Tetnica.
She does a phenomenal job breaking it all down again.
That's titled tool Preventing AI mimicry. Cracked artists wonder what's next? Now,
I'm sure all of y'all out there had the experience
of setting up a new television and scrolling through all
the options to find out how the heck you can
turn off motion smoothing. This is that feature that removes
(17:15):
motion blur, and that might look great if you're watching
a live sports event, but for everything else, well, a
lot of people really hate that effect, including me. This
is what gives everything that kind of soap opera look.
You could argue that the reason why classic films and
television look the way they do really becomes part of
a combination of limitations on the technology as well as
the costs of production. But it means that we have
(17:38):
certain concepts that we associate with what looks like cinema
or looks like TV, and motion smoothing kind of violates that. Well,
back in early June, Roku turned on motion smoothing by
default and there's no way to turn it off, which
has prompted William Joel of The Verge to write a
(17:58):
very entertaining piece title Dear Roku, you ruined my TV.
So Joel writes about how Roku has removed the choice
from users, forcing them an experience that many people do
not like. Well worth the read. It's over on the Verge.
Go check that out. Particularly, you should read it if
you happen to be an executive at Roku and you're
wondering why your customers are so agitated. It's been a
(18:21):
year since Meta launched its competitor to x, formerly known
as Twitter. Meta's platform is called Threads, which takes its
name from earlier abandoned Meta projects, and this week Mark
Zuckerberg announced that Threads hit one hundred and seventy five
million users, which is impressive but also shows that Meta
users have not been adopting Threads as quickly as they
have other platforms like Instagram. Zuckerberg did not go into
(18:42):
detail on stuff like daily users or anything like that,
and if I were a betting man, I would wager
that the reason Zuckerberg did not share those numbers is
that they aren't very impressive, because I'm guessing on a
daily basis, people just aren't going to threads that much. Yes,
there's one hundred and seventy five million users total, but
how many of those are going to threads regularly? So
the question is will Threads gain more purchase and user
(19:04):
mind share? And also how is X doing during all
this stuff? Honestly, I have no clue. My perception is
that things that X aren't going great, but that's largely
down to how you know, there's these ongoing challenges the
company is facing when it comes to convincing advertisers that
the ads they are paying for are not going to
show up next to hate speech. In November twenty twenty three,
(19:28):
Amazon launched an ambitious product called Astro, which is a
home robot, a little wheeled CTC robot that can roll
around your house and keep an eye, well, you know,
keep a keep cameras and sensors on how things are going.
And the company also introduced an enterprise version of that
bought Astro for business, so it's a device intended for
(19:49):
corporations and such. Now, less than a year after launch,
Amazon has announced is discontinuing the enterprise version. Customers that
bought one will receive a full refund, which is around
twenty three hundred and fifty bucks plus a few hundred
dollars in credit because their security system is going to
stop working. Once Amazon shuts down the servers on September
(20:09):
twenty fifth, it will brick these little robots. The company
has said it will continue to develop robotics for the home,
so it sounds like the consumer version of Astro will
continue to receive support at least for now, and that
Amazon is apparently working on successors to that twenty twenty
three model. As for Astro, for business models, they cannot
(20:30):
be switched to work as consumer versions, so Amazon is
sending customers shipping label so they can ship off these
former security robots back off to Amazon so they can
go to the recycling center, which seems like a pretty
sad fate for the cute little fillers. Okay, that's it
for the tech news for the week ending July fifth,
twenty twenty four. I hope you are all well and
(20:52):
I'll talk to you again really soon. Tech Stuff is
an iHeartRadio production. For more podcasts from iHeartRadio, visit the
iHeartRadio app, Apple Podcasts, or wherever you listen to your
favorite shows,
TechStuff News
Hosts And Creators
Oz Woloshyn
Karah Preiss
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.