here's what's coming up in the category
five TV newsroom Mycroft a eyes Linux
voice assistant has attracted a lawsuit
and the crater is decided to fight the
patent trolls tooth and nail a u.s. a
us-based natural gas facility shut down
operations for two days after being hit
by ransomware Jeff Bezos the richest man
in the world has pledged 10 billion
dollars to fight climate change and ring
doorbell maker makes two-factor
verification mandatory stick around the
full details are coming up later in the
show this is the category 5 TV newsroom
covering the week stop texting with a
slight linux bias i'm sasha Rickman
joined this week by Jeff Westen and Ravi
Ferguson well some quick honorable
mentions this week dell technologies is
selling its InfoSec business RSA for two
point zero seven five billion dollars as
it tries to reduce its long-standing
debt RSA helps companies confirm user
IDs and manage other security security
risks it serves 30,000 customers ranging
from banks to consumer goods makers it
also runs security conferences including
one scheduled for this month in San
Francisco that IBM incidentally dropped
out of recently the sale which was
rubber stamped on Tuesday was made to a
consortium led by STG Partners a private
equity investor that specializes in tech
Ontario teachers pension plan board and
Dutch private equity group it's called
Alf invest Partners Alphen best partners
Alpen Alpen dust southla de help out
will say Alpine vest alright that works
yeah
Microsoft released a buggy security
update for Windows 10 last week rise now
some windows users report that all of
the files on their desktop have been
deleted don't worry it hasn't actually
been deleted that thankfully those files
are still there the update just moved
them to another user accounts folder
that's better than the last time when
Microsoft actually deleted people's
files back in the October 2018 update
while files appear to the user to be
deleted and settings such as the Start
menu and desktop customization appear to
be reset to default what's actually
happening is that Windows 10 is signing
people into a temporary user profile to
be used during the update process but
for some people it's failing to restore
the user's proper profile when the
update is complete on the buggy update
is KB four five three two six nine three
well I have the utmost respect for you
Sasha
having to read those very tiny numbers
Microsoft released this update for
Windows 10 On February 11th of 2020
Windows Update will automatically
install it on your PC if the system has
already installed the update and you
haven't experienced the bug you don't
need to take any action however if
you've encountered the bug there's one
simple way to fix it and get your files
back uninstall the update that caused
the problem I will not repeat the update
kb ID you can you can rewind since
Microsoft will likely re-release the
update in the future when the problem is
solved removal is the quickest and
easiest fix now looking at the update
itself it says it is - hmm improve
security when using Internet Explorer
and Microsoft edge so we suggest you
stop using those browsers yep problem
solved the
you let's get into the top stories were
following this week startup my craft a I
stood up to a patent troll who filed a
lawsuit against it for a building an
open source Linux based voice controlled
assistant my craft AI develops voice
assistant software that runs on Linux
systems including the Raspberry Pi the
device can then respond to spoken
requests similar to Amazon echo or
Google home such as setting alarms and
reminders searching the web and so on my
craft day I at first learned trouble was
brewing a when it was contacted in
December by a lawyer at a Texas law firm
focused on intellectual property in an
email to the startup CEO Joshua
Montgomery the lawyer claimed my craft a
eyes technology infringed two US patents
belonging to their client voice tech
court these patents described a system
for a handling quote voice commands from
a mobile device to remotely access and
control a computer and closed initially
the lawyer offered my craft AI a
non-exclusive license of voice Tech's
patents however after Montgomery ignored
the emails voice tech sued Mycroft AI
for patent infringement earlier this
month
Montgomery declared he's ready to fight
the lawsuit all the way he told the
register quote this is a textbook case
of why the US patent system is
fundamentally broken software is math
running on a microchip sure it's written
in a particular language and that is
copyrightable but math is not patentable
unquote according to their abstract the
patents involve quote receiving audio
data from mobile device at the computer
the audio data is decoded into a command
a software program that the command was
provided for is determined at least one
process is executed at the computer in
response to the command output data is
generated at the computer in response to
executing at least one process at the
computer the output data is transmitted
to the mobile device
and quote the Montgomery argued the
patents do not reflect the complexity
and architecture of modern assistants
and pointed out my Mycroft AI doesn't
even involve a separate mobile device
because Mycroft AI is based in Missouri
they'd have to spend money hiring a law
firm in Texas to work with its attorney
Montgomery described voice tech in his
opinion as a quote patent troll
end quote and compared such
organizations to playground bullies he
said if you don't stand up the first
time it you'll get picked on forever
end quote On February 11th voice Tech
voluntarily dismissed the case in an
update posted to Mycroft blog
Montgomery says quote we have won the
battle not the war he also noted the
outpouring of support from the open
source community saying over the last
week we have been humbled by the
outpouring of support thousands of you
shared the shared the post sent in
further evidence of the incident
invalidity of the patent claims offered
your expert testimony and even wanted to
contribute financially to the legal
defense from everyone at Mycroft thank
you all end quote I love that the open
source community comes together yes and
says you know what we're gonna back you
up we're gonna help you with this I
think that in all of this is the big win
statement because it shows you that it's
not just about company versus company
it's the community that's behind it and
I mean we hear this all the time where
somebody gets kind of beaten over the
head going we have this generic patent
that covers about everything you're
infringing upon it yeah and it's like as
you're as you're talking about this
patent I'm thinking like have you never
seen an episode of Star Trek this is
this is all the stuff that we were
talking about in the 80s like this is
not something you can really patent
right this is something we've had all
along I'm really happy that they dropped
it because to be honest that would have
been a late it wouldn't have been a fair
fight in that they would have had to
hire
lawyer outside the state they would have
it so stressful yeah anyone but like
what a waste of resources no you're
right but feel like you're on the
defensive and you know the whole thing
would have been yucky and I really loved
that they felt supported yeah in the way
it was shown yeah exactly and check out
Mycroft I mean it's a great project so
think about your Amazon echo or Google
home Mini or whatever device you have
and then create an open-source kind of
alternative that you can install on a
Raspberry Pi and create your own virtual
assistant and create plug-ins for it and
everything else definitely something we
need to look at my category 5 my a I the
Department of Homeland Security said on
Tuesday that a us-based natural gas
facility I had to shut down operations
for two days after sustaining a
ransomware infection that prevented
personnel from receiving crucial
real-time operational data from control
and communication equipment the advisory
didn't identify the site except to say
that it was a natural gas a natural gas
compression facility such sites
typically use turbines motors and
engines to compress natural gas so that
it can be safely moved through pipelines
the attacks started with a malicious
link in a phishing email that allowed
attackers to pivot from the facility's
IT network to the facilities ot network
which is the operational technology hub
of servers that control and monitor
physical processes of the facility with
that both the IT and OT networks were
infected with her handsome where the
attack knocked out crucial control and
communications gear that on-site
employees depend on to monitor the
physical processes the infection didn't
spread to program a programmable logic
controllers which actually control
compression equipment and it didn't
cause the facility to lose control of
operations the adviser explicitly said
that quote at no time did the threat
actor of
tane the ability to control or
manipulate operations end quote okay so
even though they weren't able to control
operations it's still really scary
I have to kind of bite my tongue on that
statement because it kind of feels like
one of those where there oh well they
didn't they weren't actually able to
take control well they really were yeah
really worried yeah maybe they didn't
take control and blow something up sure
but they had control mm-hmm so it's kind
of like I don't know if I like that
statement and ransomware is we can be
really complacent and say it's just the
encryption of my files no they had to
get that in somehow and how did they get
that in in this case an email file right
so that email file contained ransomware
which encrypted our files okay what else
did it do what else could it have done
mm-hmm could it have installed a
gigabyte motherboard driver that is
exploitable right that has like a
backdoor in it that allows them into our
network and into our ot network and then
into our actual controllers hmm you
don't really know like that's really
complacent to state unless you've got
data to back it unless you can
legitimately say this was strictly this
infection we found the infiltration
point we've locked it down we've blocked
every instance but I've had computers
come in for service where they say oh I
I accidentally fell for a phishing scam
and they install the they started
controlling my computer yep yeah and
then we found after is so ok they
thought they were safe but then we found
that there was like back-end software
that was running as as services in the
background there was no uninstaller for
it it was just a service running on the
computer that allowed them to remote in
at any time and take control of the
computer which they're only gonna do it
two o'clock in the morning while you're
sleeping sorry so you don't know what's
happening how many people would notice
now
you just as a precaution I mean I'm not
saying that this is the answer just turn
your computer off at night would that be
that in a in a home environment oh but
not environment when it's controlling
the flow of propane yeah
you'd probably want to leave it running
yeah yeah it's just sad that this is
still becoming a regular story every
single week oh that's like come on how
many times do we have to hear this
before we go hey the world finally got
it and it always seems to be the big
companies or the government's that are
getting hit by it it's like directed
those are the ones that make the news
true but still it's like you're a bigger
target and I think Jeff and maybe we can
you know maybe this is a discussion to
be had in the comments below but I think
that these big targets and forgive me if
you're in the IT departments in these
companies forgive me I don't mean this
as a jab but it's a it's a truth it's a
sad truth that we were educated 10 15 20
years ago okay and we've been in the
industry for that long and and some of
us in the IT department not myself of
course but some of us are on the verge
of retirement and that's again not a jab
I entirely respect what you do however
malware has evolved right significantly
significantly what we're encountering
now is not natus we're not dealing with
PSVs we're not dealing when was the last
time you ever saw a bsv and if you know
what a bsv is then you're you're this
I'm speaking to you it's not about those
anymore
no now it's the evolution back in 2017
when wanna cry dropped and we started
seeing ransomware infiltrating networks
and we started seeing RDP attacks and
and eternal blue being exploited and and
all of these kinds of things that's when
the cybersecurity industry woke up and
said okay we need to re-educate
ourselves and if we haven't since then
and if we're still thinking in that old
that we're viruses is is our threat I'm
sorry to say that viruses are not our
threat when was the last time we ever
heard of a virus infiltration it truly
has been a long time but I'll still go I
don't want viruses it's like yeah that's
your biggest concern antivirus I'm safe
yeah when was the last time you heard of
a virus I haven't got a virus infection
because I have antivirus no I'm just
saying that's that's an old-school way
of thinking and it's a dangerous way of
thinking because that's that's how these
big industries are getting hit because
we've got that old-school thinking and
we're not adequately educating and
protecting ourselves and it comes down
you know it comes down to the c-suite as
well
educating our staff and making sure that
there are cybersecurity professionals
that are brought in as consultants and
DLP's put in place to be able to protect
our networks from today's threats not
yes not yesterday is not 1999 threats
now I know we have to get to the next
story but as part of this a budgetary
component sure like they're looking at
it go ahead we can only put in one
percent total budget for cybersecurity
when really they should be looking at 10
percent like not that there's a defined
number but like the way that things grow
it's like you have to grow with the
threats and if that means allocating
more of your budget to more
cybersecurity to protect your
investments and your industry whatever
you're doing you gotta just the budget
accordingly you can't just stick another
same number and be like well we've got
our subscriptions we updated that and oh
we've got an old computer we got to
replace so that's our budget it's like
yes I think it's exactly the same
mindset though Jeff it's yes that word I
use complacent we've become complacent
because we're so used to the old way
when things change we have to change
with it plain and simple otherwise
you're gonna be we're all under attack
sorry we are all under attack are you
going to be susceptible to the attack
right are you gonna fall victim or are
you gonna be a brick wall that they
can't penetrate we're all under attack
this is 2020 do you remember the books
when we were kids 2020 is the future
hello here we are yes we're there all
right we have got to take a quick break
more of this week's top techni are
coming right up
don't go anywhere
[Music]
back I'm Sasha Rickman and here's our
next story Amazon boss Jeff Bezos has
pledged a 10 billion pledge ten billion
dollars to help fight climate change he
wants the money to finance work by
scientists activists and other groups he
said quote I want to work alongside
others to both both to amplify in own
ways and to explore new ways of fighting
the devastating impact of climate change
end quote
writing on his Instagram account mr.
Bezos said the fund would begin
distributing money this summer
mr. Bezos has an estimated net worth of
more than 130 billion dollars so the
pledge represents almost 8 percent of
his fortune some Amazon employees have
urged him to do more to fight climate
change
there have been walk outs and some staff
has spoken publicly also mr. Bezos is
financing the Blue Origin space program
the seattle-based company is a neighbor
of Microsoft which in January unveiled a
plan to become carbon negative by 2030
closing his post mr. Bezos says quote
Earth is the one thing we all have in
common let's protect it together
unquote we're gonna get all kinds of
comments below there's all kinds of
mixed feedback - yeah
Jeff's oh but Jeff has never been known
as a philanthropist right and I think
because of that a lot of people will see
this as an investment opportunity as VR
or PR or a saving face in light of
strikes and things like that and truth
in that but if saving face also flipside
save the world I'm down with it I don't
know that ten billion dollars will save
the world however it's a lot more than I
can well I think it's kind of like
playing poker where you just like put
some money in and you hope somebody else
is like I'll see you ten billion dollars
in all our Asia right Bill Gates has
some money yeah you know it's I
part of me wonders if this truly is a
bit of a PR thing because of the strikes
that some of the employees have been
doing and the negative media attention
about it and the fact that Amazon at the
end of the day is a true global
enterprise that is built on fossil fuels
and the fact that all of their product
is shipping their shipping through
planes they're stripping their
automobiles you can say that but they're
based on their current infrastructure
yes yeah and they have put effort into
drone base deliveries like that so
perhaps part of their investments might
actually be to change transportation
right potentially right yes yeah so and
but I mean something like that I think
could have more of a positive impact
than saying I'm just gonna throw money
out there however you're thinking in
terms of his business yes so you're
thinking Amazon can make changes and
maybe they will we'll see it's his
company but what he's doing here is
instead setting up a venture fund that
says this is for environmental science
environmental research and whatever
whatever can come from that so this is
not Amazon correct this is an investment
of 8% of his fortune that he will go yes
that will go toward those that research
and things that could potentially make a
very large impact on a positive shift in
an environmental impact I also wonder if
part of it is a as a taxation even if it
just changes the focus for people going
oh wait climate change is that important
it is asking that question now saying
like if he if he's saying yes this is
important enough to me that I'm going to
put this money towards it then then
that's kind that becomes the the news
and then more people are focused on the
climate change issue and now there'll be
more creative minds thinking about it
and ten billion dollars sitting in a
riot be spent on it somebody's gonna
want to get a grant for
that fun right and so they're gonna
start thinking about ways they can apply
for that grant and they're gonna come up
with great ideas yeah yeah yeah and and
I have to be honest Jeff I understand
what you're saying yeah it's a tax
write-off and it's it yeah it's gonna it
have a positive impact on that end of
things for him that's fine if if
somebody has money and gives it to a
cause and and get your benefit back
awesome Wow exactly and it's a good
cause and it's making a positive impact
on humanity that it didn't do it
I'm not saying bad I'm just saying I
think you know I think to focus on the
idea of all that's about climate change
I I think there's other things to it
where it's like there's a whole plethora
of positivity that comes with it yeah
from the positive PR the tax write-off
oh sure the impact let him have it
though exactly he does yeah the
preserves it in that he's had all the
opposite of that and and yeah and it's
funny because now that he like he
probably feels like he can't win I just
get I'm getting the same flack that I
got when I was hoarding all my funds
right and now that I've given ten
billion dollars to a venture fund I'm
getting the same flat people are like
why only 8% Jack yeah why only 8% when
my other 50% of his know what is worth
it's up to him the truth is not entirely
up to him this money is going to grow in
that more people are gonna start
thinking about it more people right so
it's just the seed like he's just ranted
this well he didn't plant the seed save
the world
he started it all but I mean he he's at
least the listening to the important the
important issues and the fact that the
strikes are going on and the fact that
people really do want to see people put
their money where their mouth is yeah
you say the earth is important show us
yeah he's on my final thought is like
let's watch who qualifies for this
funding yes let's watch what companies
in what institution
benefit from this funding and then we
can see what kind of difference it's
making because I think ten billion
dollars to go a long way in my bank
account one or two things with that yeah
one or two all right moving right along
ring Amazon's video doorbell system has
introduced additional steps to the way
users log into their accounts and is
making two-factor of verification
mandatory nice users will need to enter
a password and unique six digit code
when they first log in to view their
security footage or access the neighbors
app two-factor authentication was an
option for ring users before but it was
not the default setting on Tuesday ring
also said it would pause its data
sharing with third-party firms the
change comes as ring and Amazon face
increasing scrutiny about privacy
protection and data sharing in a blog
post rings President allele a-- roie's
said the company takes quote digital
security and privacy seriously end quote
and would look at additional ways to
improve security rings a new login
system will be similar to other two
factor authentication processes after
signing in with the username and
password the app will ask to send a text
message or email with a one-time six
digit code once the code is entered the
user will have access to the app and be
able to view footage from outdoor and
indoor cameras owners will then be able
to use their mobile apps for 30 days
before they're required to go through
the 2-step process again unless they log
out of their accounts in the mean time
last week nest Google's home security
device began requiring two-factor
authentication as well good move I like
I like that they're making it a
compulsory thing not a fan of the 30-day
window though why okay I think it should
be shorter to be honest but if you log
out
but because I'm thinking like because
this is my computer yeah right so it's
only gonna remember it on my computer
right if I switch to a different
computer or somebody tries to compromise
them my account they're gonna need the
2fa in order to sign in right but still
I feel like 30 days is a long time for
you can log out let's say you don't log
it like how much can be accessed in
those 30 days on potentially a shared
device I mean I would hope that you're
not using on a shared device but I think
for a lot of people know on a home
computer or maybe like a laptop or
something I'm assuming this is also
going to be the same case with phones if
you're viewing on your phone like I
think that that likely 30 days is the
mandatory you can probably set it to be
more frequent I would hold on I mean I
have a lot of two-factor authentication
devices and most of them I just set to
every time I think also though you're
putting a local spin on the security
right you're thinking along the terms of
somebody breaking into your house and
having access to your security cameras
but if they have that then they're
already em I get that but I I don't know
I just to me 30 days seems long I could
two weeks I'd be ok with two weeks two
weeks make sense but 30 days to me seems
long what do you think should it be 45
days go there I think that the idea here
is not so much the spin that you're
giving it but instead it's to prevent
illicit access from outside I don't I
don't want somebody from Latvia being
able to access my security course I
don't wanna get sloppy by the way
nothing against Latvia
they're very peaceful people I don't
want somebody and you can have access to
my cameras I'll give you my to f8 code
right now it's digits but my point is
that I think that's what I'm trying to
lock out I'm trying to lock down yeah
people that are trying to hack into my
security cameras I want that two-factor
authentication to block that attempt
because even if they get in they can't
get further than them to FA because they
don't have my device to get that code
right but it's not just text it was also
email you know if they've gotten into
your once it's a
one time use password so once I've
logged in on my computer with that 2fa
code they can't use that same code again
attacks I set out an area of access to
your I mean like this is what I'm saying
30 days is not great you know what is
great though that it's happening at all
yes exactly it's all sri by default
which is that's the advantage here right
we don't all think about especially
novice users who go to a super center
and buy one of these smart cameras and
don't know that hey i really need to
enable 2fa mm-hmm you know what some
people are right turned off by two FA
which blows my mind when I announce
technical session right when I have
people over to my house and I'm you know
showing them my VR and I have my Steam
account it's two FA and they're like why
do you have it so that it text your
phone just next time you go to like hey
what's the two FA for your Wi-Fi and
then I have to like explain it to them
but they're like oh boy it's like my
banking is two-factor authentication
like all like I like it to me it feels
good well done yeah I think I think to
efface should be the default for all
security for everything yeah yeah yeah
it just makes sense in it and it let's
be clear and Jeff it is not perfect
security no it's not perfect it's not
flawless is not uncompromising it's just
a very good added layer of protection to
prevent the the average two fairly
exceptional hacker from being able to
access your stuff that's all so it's a
really good easy way to do that and and
you know it's until they come up with
something better that's the best thing
going so comment below what do you think
and how many days ufa on your ring
doorbell be set for for by default for
Jeff let Jeff know yeah let chef know
big thanks to Ray W Nash in our
community of viewers for submitting
stories to us this week thanks for
watching the category-five TV newsroom
don't forget to Like and subscribe for
all your tech news with a
slight Linux bias and if you appreciate
what we do become a patron at
patreon.com slash newsroom from the
category-five TV newsroom and Sacha
Rickman I'm Robbie Ferguson and I'm Jeff
Westen