Sunsetting TekThing

I know a lot of y'all support several of my shows, so I wanted to let you know what's up before TekThing posted today. 

For reference, here are my important links:

https://www.youtube.com/shannonmorse 

https://www.patreon.com/ThreatWire 

https://www.patreon.com/ShannonMorse 

https://www.instagram.com/snubs/ 

https://twitter.com/Snubs 

----------------

TekThing was created by Patrick and I back in December of 2014, which was a big turning point in my career. Tekzilla was over, I was leaving TWiT, and Patreon had just became a thing. Knowing that we could potentially create our own independent show that could be crowdfunded by our biggest fans and allow us to continue making epic content for your all meant the absolute world to me, and still does. You need lots of passion, motivation, and integrity to work in this field without burning out - and I hope that our love of tech comes across on the other side of the camera in each and every episode.

We've done over 200 episodes of TekThing together in the Hak5 studio over 4 1/2 years and just a few here in Patrick's home studio. As with every show, they're always changing with the times and I knew this year would be a year of major change (my tarot cards totally called it!).

This is our last episode of TekThing this week, but it's not my last tech show. In fact, I've started doing tech reviews and highlighting awesome gear on my YouTube channel - https://www.youtube.com/shannonmorse  - where I'll be consistently posting 2+ videos per week about travel and technology, with an emphasis on security as usual. I've even opened up my own Patreon under the same name: https://www.patreon.com/ShannonMorse  - which is where you can ask me tech questions, get secret travel tips only locals know, and get access to high res travel photography by yours truly. And I've got some other snazzy perks in store too!

To celebrate this big change, I'm hosting a giveaway on my youtube channel! Subscribe and comment on my smartphone camera shootout video at  https://www.youtube.com/shannonmorse  for a chance to win a new Pixel 3a! And if you follow me on Twitter, Instagram, or Patreon, those'll be counted as extra entries. https://www.instagram.com/snubs/ and https://twitter.com/Snubs 

My passion, since I was a 9 year old building computers with my dad, has always been technology, and always will be. Whether I'm sharing that love through a network, a co-hosted show, or my personally branded channel, I'm never but a youtube video away!

So thank you to all of our incredible viewers, Patreon supporters, and biggest advocates, for making this show so successful. Here's to you, and here's to a new chapter in my own life. I hope you'll consider supporting my new content. Keep doing something analog, be a positive force, and always follow what you believe in. I love you all!

---------------- 

Whew! And with that said, know that this does open up a realm of new possibilities for my creative content. While, yes, I am losing quite a bit of income with the loss of TekThing, I'm also very excited to begin a new path in my career. I've already started uploading more content to my youtube channel (linked above), and I've already started brainstorming new things for Patreon. ThreatWire (my show on Hak5) is 100% full steam ahead and I am so full of appreciation and love for that show, for my personal channel, and for y'all.

Thank you for supporting me <3

-Shannon

Airlines Don’t Encrypt Your Passenger Data for E-Tickets - ThreatWire

Apple Fixes their FaceTime Bug, and Finds More Issues in the process, airlines are found not encrypting your passenger data, and detailed and accurate GPS data was being sold off! All that coming up now on ThreatWire. #threatwire #hak5

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Our Site → https://www.hak5.org

Shop → https://www.hakshop.com

Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1

Support → https://www.patreon.com/threatwire

Contact Us → http://www.twitter.com/hak5

Threat Wire RSS → https://shannonmorse.podbean.com/feed/

Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999

Host: Shannon Morse → https://www.twitter.com/snubs

Host: Darren Kitchen → https://www.twitter.com/hak5darren

Host: Mubix → http://www.twitter.com/mubix

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Links:

Apple Facetime Update:

https://arstechnica.com/information-technology/2019/02/apple-pushes-fix-for-facepalm-possibly-its-creepiest-vulnerability-ever/

https://support.apple.com/en-us/HT209520

https://support.apple.com/en-us/HT209521

https://www.zdnet.com/article/ios-12-1-4-fixes-iphone-facetime-spying-bug/

https://www.businessinsider.com/apple-security-audit-on-group-facetime-bug-discovers-second-flaw-2019-2

https://twitter.com/benhawkes/status/1093581737924259840

https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/

https://techcrunch.com/2019/02/07/apple-glassbox-apps/

Airline Systems:

https://www.wandera.com/mobile-security/airline-check-in-risk/

https://threatpost.com/flaw-in-multiple-airline-systems-exposes-passenger-data/141596/

https://www.cyberscoop.com/airlines-ticketing-email-hackers-wandera-southwest/

Cell Carriers:

https://motherboard.vice.com/en_us/article/j575dg/what-a-gps-data-is-and-why-wireless-carriers-most-definitely-shouldnt-be-selling-it

https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls

https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years

Photo credit:

https://upload.wikimedia.org/wikipedia/commons/d/d5/N731SW_Southwest.jpg

Best Gaming TVs, New 49 Inch Dell U4919DW Monitor, Pocketalk Translator vs. Google Translate!!! - TekThing 215

Best Gaming TVs! Google Translate Alternative??? Meet Pocketalk! New 49 Inch Dell U4919DW Monitor, VPN Blocks My Bank?

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

00:47 CamelCamelCamel’s $45,000 Drive Disaster

It was a rough week for CamelCamelCamel.com, the ever so awesome Amazon price tracking service. In the words o' TekThing viewer Don, “Well here's s a good reason to back up that data: $29k for data recovery.” More deets (like what happened) i the show, and we hope they’re back online this week! Go backup your data!

https://camelcamelcamel.com/

03:37 Dell UltraSharp 49 Inch Curved Monitor: U4919DW

Patrick’s run a 35” Dell ultrawide monitor on his desk for years. Has he finally found a monitor that’s too wide??? What makes this a better monitor for office apps and Creative Suite than other massive panels? Watch the review to find out!

https://www.dell.com/en-us/shop/dell-ultrasharp-49-curved-monitor-u4919dw/apd/210-arnw/monitors-monitor-accessories

10:33 Pocketalk Translator

A verbal language translator, the size of a bar of soap, that works with 74 languages over WiFi or mobile data on its own SIM card? Meet Pocketalk. Can you really have a conversation with it? Is it better than Google Translate? Watch the video to find out! https://www.pocketalk.net/

24:15 Will My Bank Work Over A VPN???

James emailed from Dallas, Texas, “If I run everything through a VPN will I still be able to log into my bank, email etc. or will they automatically think I am unauthorized?” That’s an absolute maybe! Find out more in the video.

28:02 Gaming TV Recommendation

Thomas emailed ask@tekthing.com, “

I am planning on downsizing my life and moving in to a tiny home or an RV for full time living. I am a big gamer but because of the size limitations of an RV or a tiny home i don't want a TV and then a monitor as well. I know that you can get TV tuners for your computer but monitors are way more expensive then a TV. I want to get a 50+ inch TV, would love 60hz+ and would need enough inputs for my computer, Roku, PS4, PS3 at the very least so 4 but 6 HDMI inputs would be nice.” Our picks are in the video, and check out the excellent “The 7 Best 4k Gaming TVs - Winter 2019” at RTINGS.com!

https://www.rtings.com/tv/reviews/best/by-usage/video-gaming

Thanks Hak5!!!

A big Thank You to Hak5 for the studio space! Check out the security and privacy podcasts at hak5.org, the pentesting gear in the shop, and don’t forget: Cloud C2: makes remote pentesting easy!

https://shop.hak5.org/

https://C2.Hak5.org

31:46 Do Something Analog!

Like Terry, who preserved a fragile stained glass church window, including LED back lighting to make it glow. Nicely done!

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn't be able to make the show for you every week!

https://www.patreon.com/tekthing

EMAIL US! ➳ ask@tekthing.com

SUPPORT:

Amazon Associates ➳ https://amzn.to/2pHgf8T

Subscribe ➳ https://www.youtube.com/tekthing

Website ➳ http://www.tekthing.com

RSS ➳ http://feeds.feedburner.com/tekthing

Patreon ➳ https://www.patreon.com/tekthing

Help us with translations! ➳ http://www.youtube.com/timedtext_cs_panel?c=UC6sWaC11f4mxnizvOroOvkQ&tab=2

THANKS!

HakShop ➳ https://hakshop.myshopify.com/

Dale Chase Music ➳ http://www.dalechase.com/

SOCIAL IT UP!

Twitter ➳ https://twitter.com/tekthing

Facebook ➳ https://www.facebook.com/TekThing

Reddit ➳ https://www.reddit.com/r/tekthingers

HOSTS:

Shannon Morse ➳ https://www.twitter.com/snubs / https://www.youtube.com/shannonmorse

Patrick Norton ➳ https://www.twitter.com/patricknorton

☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆

5G Network Security Flaw Discovered! FaceTime Disabled - ThreatWire

5G Security Flaw

A flaw was recently discovered in the new 5G protocol that could allow a third party to use IMSI catcher like devices to snoop on data on this new protocol.  Four researchers at SINTEF Digital Norway, ETH Zurich Switzerland, and Technische University Berlin Germany discovered the vulnerability, which effects not only 5G, but is also backwards compatible with 3 and 4G protocols as well. It affects the Authentication and Key Agreement (AKA for short) - the technique between your phone and a cellular network that allows them to communicate securely.  AKA is supposed to negotiate and establish a key exchange between the phone and carrier to encrypt the link. 5G-AKA is supposed to thwart IMSI catchers, but the vulnerability opens up a potential entry point for newer devices to spy.

Data about a users activity, such as numbers of texts or calls received and sent, could be used by an attacker to profile a victim.  And if you take your phone away from the signal of a newer IMSI catcher? Well, the moment you come back within it’s vicinity, it can pick up where it stopped and continue tracking. This could be used to track political figures or officials in targeted attacks, not only to see amounts of calls, but also to track physical location between fake base stations.

The researchers responsibly disclosed their findings to 3GPP (the 3rd Generation Partnership Project) and GSMA, and the parties are taking steps to remedy the situation before the end of 2019.

FaceTime Vulnerability

Last week, a major bug surfaced by 9to5Mac, detailing how iPhone users could use FaceTime group chats to snoop on the audio from other phones without their knowledge.  All someone would have to do is call another user using FaceTime, and they would immediately hear the audio from the receivers phone before they accepted or rejected the call. The ringer rings as normal, so the receiver would know someone was calling, but they wouldn’t be able to tell if you could hear their audio before they actually picked up.

Many iphone users took to social media expressing their concerns at the ease of this vulnerability. Put simply: you’d first have to start a FaceTime Video Call to an iphone contact, then, when it’s dialing, swipe up from the bottom and tap Add Person. Add your own phone number on the Add Person screen, then start a group FaceTime call with yourself and the audio of the contact.

To make matters worse, this flaw could also be used to snoop on the video feed of the user. To do this, all a user would have to do is press the power button while on the lock screen, which also would send their video to the caller. According to BuzzFeedNews, pressing volume down did similar. While the underlying cause wasn’t specified, security researchers think that bad logic coding of the group FaceTime processes could be the problem.

After this news broke, it was discovered that a 14 year old boy found this flaw over a week prior to the news article, while playing Fortnite with his friends.  The boy stumbled upon the bug on January 19, while trying to initiate a group FaceTime call. His mother reported this problem to Apple through a series of posts and emails, but to no avail. It appears Apple knew or should have known about the problem for a week before actually getting around to fixing it. While they did respond to one of her reports on January 23, it was not clear to the mother that they were fixing it.

Apple disabled the group FaceTime feature on January 29, and it has since been listed as temporarily unavailable on their system status page. Before that disabled the feature altogether, the best option was just to disable FaceTime in the iOS settings.

Apple is now experiencing legal concerns related to this bug. They have been sued by a Houston based lawyer, who claims someone eavesdropped on a conversation.  New York Attorney General Letitia James has also initiated a formal investigation into the bug.

A software patch will be made available to users this week in iOS 12.1.4, and to update, simply go to your settings app, general, and software update.

Facebook Loves Your Data

Facebook isn’t out of the security headlines yet… no surprise. Facebook uses an Apple program called the Developer Enterprise Program to create and manage apps that aren’t found in the Apple App Store, but are available for download. This is usually used by companies to create internal apps used for internal capabilities. Facebook used the Developer Enterprise Program to create and distribute an application to the masses that allows them to obtain user data while paying that user $20 a month.  Since Apple has pretty strict privacy rules for their App Store, this is a loophole that Facebook was able to take advantage of to track users data. The “Facebook Research” app used Root Certificates to collect data on users. This could be browsing history, time spend on apps or sites, purchases made, private messages, location data, and network data just to name a few. Since Facebook Research also enabled their own VPN network, this also gave them the ability to view anything that would normally be kept private under a VPN service.

Since this is in violation of Apple’s guidelines, Apple revoked Facebook’s enterprise certificates, which also broke some of Facebook’s internal team apps. Beta versions of apps like Instagram, Messenger, and the Facebook app would also stop working, since those were all part of the enterprise program.  After some time, Apple restored Facebook’s access to the Enterprise Program. Your version of the social media apps if downloaded from the App Store, are not affected.

With Facebook came similar news from Google.  Google’s Screenwise Meter app was also available in this format that allowed them to analyze and monitor user data. Google removed their application from download, and made a statement regarding the iOS app saying that it was a mistake.

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

Links:

https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/

https://eprint.iacr.org/2018/1175.pdf

https://www.cnet.com/news/security-flaw-allows-for-spying-over-5g-researchers-find/

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

https://www.buzzfeednews.com/article/nicolenguyen/facetime-bug-iphone

https://www.cnet.com/news/apples-facetime-bug-was-discovered-by-a-teen-playing-fortnite/

https://twitter.com/MGT7500/status/1087171594756083713

https://twitter.com/MGT7500/status/1090079031666438144

https://twitter.com/BEASTMODE/status/1090298850764644352

https://www.cyberscoop.com/facetime-bug-group-chat-disabled-apple-ios-macos/

https://www.apple.com/support/systemstatus/

https://www.zdnet.com/article/iphone-facetime-bug-now-apple-sued-over-eavesdrop-on-lawyers-client-phone-call/

https://www.cnet.com/news/apple-facetime-bug-prompts-investigation-from-ny-attorney-general/

https://www.zdnet.com/article/ios-12-1-4-is-coming-to-fix-the-worst-iphone-and-ipad-bug-to-date/

https://www.cnet.com/news/facebook-shuts-down-ios-research-app-it-used-to-access-user-data/

https://www.cnet.com/news/apple-restores-facebooks-ability-to-run-internal-apps/

https://www.cnet.com/news/googles-data-gathering-app-may-have-also-violated-apples-policies/

https://threatpost.com/google-pulls-data-chugging-app-from-ios-devices/141358/

Photo credit:

https://pixabay.com/p-387026/?no_redirect

ICYMI: The Snubs Report is Going Strong!

I was in Kyoto for just a few days, so I made the most of it with these must-see tourism sites! Here are my top 6 places to see in Kyoto! Twitter: http://www.twitter.com/snubs Site: http://www.snubsie.com YouTube: http://www.youtube.com/ShannonMorse I've been hosting online video shows since 2008, and recently learned how to edit!

 

I've been working on The Snubs Report every week as an after-hours hobby platform. This show is giving me the ability to fine-tune my own vlogging and learn more editing skills. Since I've started The Snubs Report, I've gotten better at editing video and photos with Adobe Premiere, Lightroom, and Photoshop. I'm also learning a lot about analytics and what kind of videos you want to see.

So, what do you want to see me talk about on The Snubs Report? Anything in particular? Let me know via my social networks, or comment below!

Cheers!

Busy, Busy, Busy!

This past month has been extremely busy! Luckily, though, I'm loving each and every minute of it. I recently got the open position as the new producer of Before You Buy on TWiT.TV and I'm up in Petaluma part time managing that new role. This is an exciting opportunity to work with a new group of core tech enthusiasts and grow my own career as a journalist and entertainer. When I'm up at the TWiT headquarters, I'll be wrangling gadgets for the show, guest hosting when asked, reviewing products every week, and producing the show. It sounds like a lot, but it's very fun and manageable with my organization skills.

A few folks have asked me if I was leaving Hak5 when I started producing BYB, and I'm still hosting the show just like normal. Now, I'm hosting/ producing Hak5, HakTip, Before You Buy, Bite Club Show, and (soon!) Threat Wire. So even though I'm starting new endeavors I'm still sticking to my roots with Hak5 and learning as much as I can about the world of security. We have plenty to look forward to in the next year, and I'm actually excited to go to work during the week. :)