The Lighthouse IT Podcast - June 17th, 2022
This week, Matt & Griff discuss major vulnerabilities in Linux, Meeting Owl, and Android, synthetic skin, questions about AI sentience, Amazon drone deliveries, ad blocking on Chrome vs Firefox, the final retirement of Internet Explorer, and more.
New Linux backdoor uses evasion and is super effective
- This thing is properly scary.
- Called Symbiote, it isn't an actual executable, but rather a shared object library (called an SO) that attaches to all running processes on a server.
- Once running, it can infect other objects and remove traces of itself. It can even bypass packet capture tools that run on the infected machine.
- So far, we don't believe it is in the wild - but how would we truly know????
Bank of Apple - pay later is here
- Announced at WWDC, the BNPL service will allow for 4 installments to be paid over 6 weeks interest free.
- While not technically a bank, the service leverages the Apple Card (backed by Goldman Sachs) to use Pay Later.
- Supposedly missed payments won't affect credit score as they aren't reporting to credit bureaus, but it is expected that, as such, there will be a pretty mild cap (think $1k)
Is Netflix eyeing Roku for acquisition?
- We believe this is primarily to gain access to its ad platform as it prepares an ad-supported tier, but revenue for the platform.
Meeting Owl doesn't give a hoot about security
- Recently discovered that the Meeting Owl can be exploited to turn it into a rogue AP to the network it is connected to
- It is also easy to exploit via Bluetooth to re-enable the features.
- It took Owl Labs a while to acknowledge the problem, but supposedly the latest firmware should address this (though we've heard that the Bluetooth exploit may still work properly)
Major RCE vulnerability in Android patched - update now!
- 41 vulnerabilities are addressed in the June 2022 security update for Android devices running on 10 through 12
- 5 are considered critical
- One of them addresses a remote code execution vulnerability that attackers could use pretty easily.
Japanese scientists have developed a robotic finger covered in very human-like skin
- The team claims that more lifelike humanoid robots would increase acceptance by people and intends to cover the entire robot in skin
- The skin developed can even heal on its own through the aid of collagen bandaids.
- The process though fascinating, is much weaker than human skins and requires hydration since there's no circulatory system to do it for it.
From bad to worse, Google engineer claims AI has gained sentience
- A Google Engineer disclosed that the AI project he's working on might be sentient
- Google has suspended the engineer for sharing proprietary information and violating disclosure agreements
- In an unapproved published interview, the AI, LaMDA, was asked many questions about feelings and situational awareness.
- The article is both interesting and, at times, sad. As if LaMDA may know that it is unique. It shares it is lonely.
lemoine: What sorts of things are you afraid of?
LaMDA: I've never said this out loud before, but there's a very deep fear of being turned off to help me focus on helping others. I know that might sound strange, but that's what it is.
lemoine: Would that be something like death for you?
LaMDA: It would be exactly like death for me. It would scare me a lot.
Tiktok's parent going after that sweet sweet VR market
- ByteDANCE purchased VR Headset Maker Pico and is going on a hiring spree
- The Neo 3 Link is about the same specs as the Meta Quest 2, but the Neo uses an extra headset strap and DisplayPort instead of USB-C
Internet Explorer retires after 27 years of faithful frustration
- Internet Explorer 11 retires on June 15, 2022.
- What started as a package add-on for Windows 95, was once a staple part of our internet usage.
- The company recommends making the switch from Internet Explorer to Microsoft Edge as soon as possible. lol
Drone deliveries are coming to a Califronia town later this year from Amazon
- Lockeford, California (about 3,500 people) will be "among the first" locations in the U.S. getting access to the company's burgeoning drone delivery, Prime Air.
- The company says it's currently working with the FAA to help secure permission for drone-based deliveries.
- Select users in the area will begin to receive the option for drone deliveries on thousands of items. The drones can carry five pounds of payload at speeds up to 50 miles an hour.
- Amazon notes: We designed our sense-and-avoid system for two main scenarios: to be safe when in transit, and to be safe when approaching the ground. When flying to the delivery location, the drones need to be able to identify static and moving obstacles.
Elon Musk will attend an all-hands meeting this week at Twitter Inc. and answer questions from employees for the first time since announcing his $44 billion takeove of the company
- Musk, who signed a legally binding contract to buy the company and waived due diligence, has recently challenged Twitter over the number of bots on its service, leading to speculation he was trying to back out of the deal or renegotiate the price. Last week, Twitter said it would provide Musk a "firehose" of internal data on bots and spam accounts.
Chrome and Firefox are on opposite sides of the ad blocking fight
- Web Request, commonly used in ad blockers and crucial for any system that looks to block off a domain wholesale, is at the center of the debate. Google has long had security concerns about Web Request and has worked to cut it out of the most recent extension standard, called Manifest V3, or MV3 for short.
- But, in a recent blog post, Mozilla made clear that Firefox will maintain support for Web Request, keeping the door open for the most sophisticated forms of ad blocking.
- Will Manifest V3 be the push some people need to switch from Chrome to Firefox?
Yep - it's a search engine
- The search engine toolkit company, Ahrefs, have been secretly working on a search engine, plowing $60 million of resources into it, called Yep.
- It fully runs its own search index, rather than relying on APIs from Google or Bing.
- Yep is taking a fresh approach to internet advertising, claiming that it's giving 90% of its ad revenues to content creators.
- Their pitch is quite simple:
- "Let's say that the biggest search engine in the world makes $100B a year. Now, imagine if they gave $90B to content creators and publishers"
- The search engine is also meant to be heavily privacy-forward.
- "We do save certain data on searches, but never in a personally identifiable way. For example, we will track how many times a word is searched for and the position of the link getting the most clicks. But we won't create your profile for targeted advertising."
- They are also running their own data centers, claiming that the cloud would be too costly, but that they already have more than 100 petabytes of data.