[Music]
here's what's coming up in the category
5 dot tv newsroom
hackers are using a severe windows bug
to compromise
unpatched servers three javascript
packages have been removed from the npm
portal for containing malicious code
nokia has been tasked with building a
new 4g
cellular network on the moon a new 80
watt wireless charging tech from
xiaomi is blowing our minds and the
raspberry pi compute module 4
has been released we'll let you know the
specs and how this changes things for
industrial iot
stick around the full details and this
week's crypto corner are coming up
this is the category dot tv newsroom
covering the week's top tech stories
with a slight linux bias
from the newsroom i'm becca ferguson
to compromise unpatched servers
one of the most critical windows
vulnerabilities disclosed this year is
under active attack
by hackers who are trying to backdoor
servers that store credentials for every
user
and administrative account on a network
researchers gave the vulnerability the
name zero logon because attacks work by
sending a string of zeros
in a series of messages that use the net
logon protocol
which windows servers rely on for a
variety of tasks
including allowing end users to log in
to a network
xero logon as the vulnerability has been
dubbed
gained widespread attention last month
when the firm that discovered it said it
could give attackers instant access to
active directories
which admins use to create delete and
manage network accounts
active directories and the domain
controllers they run on are among the
most coveted prizes
in hacking because once hijacked they
allow attackers to execute code and
munition on all connected machines
microsoft patched the security flaw in
august
on friday kevin beaumont working in his
capacity as an independent researcher
said in a blog post that he had detected
attacks on the honeypot he uses to keep
abreast of attack
attacks that hackers are using in the
wild when his lure server was unpatched
the attackers were able to use a
powershell script
to successfully change an admin password
and backdoor the server
beaumont said that the attack appeared
to be entirely scripted with all
commands being completed within seconds
with that the attackers installed a back
door allowing remote
administrative access to devices inside
his mock network
the attackers also enabled remote
desktop
as a result they would continue to have
remote access even if the admin later
patches the server
people with no authentic authentication
can use the exploit to gain domain
administrative credentials as long as
the attackers have the ability to
establish tcp connections
with a vulnerable domain controller in
some cases attackers may use a separate
vulnerability to gain a foothold inside
a network
and then exploit zero logon to take over
the domain controller
i think a good example of a way for
these types of
scripts to get into networks are
out of date computers on the network yep
and
also social engineering scams we hear a
lot about
like you probably receive these emails
that try to trick you into following
through with a process of
entering a credential or something like
that
the the risk that we run and the sad
case that i see as
in i t is that sometimes people think
well
i don't need to update that computer
because it's in the back room nobody
really uses it
or oh well we need this one to still
have windows xp because
we have problems with one of our
printers if we don't
uh we're still seeing a lot of windows 7
systems
and that is a tragedy if you have a
windows 7 or windows xp system on your
network just
turn it off get rid of it yeah see the
the thing is is with those systems so
microsoft has
what we call eol or end of life
has has ended the life of these
operating systems
so they've said you've got to upgrade to
windows 10. well i don't want to upgrade
to windows 10 i like my windows 7.
i understand that and i respect that
however
here's the problem hackers
now are able to exploit these operating
and as they do that as they find
exploits there's a couple of things that
happen
one they either give away or sell those
exploits
or two they're just they're released
to the public through whether it's
through the dark web or even on github
yep as as security research
and so now these hackers
if you will we're going to call them
that but realistically
in a lot of cases they're what we call
script kitties
and these are
not even like hackers yes but they don't
have to have a lot of knowledge because
the
the exploit is publicly that's right
known and understood so if there are
exploits that are available for an
operating system
what do we expect to happen we expect
the operating system vendor microsoft in
this case
to patch that exploit to fix it
and that's the case with windows 10.
sadly though
those that are eol it's not the case
with an eol operating system sometimes
we hear oh well i don't need support
well microsoft has ended support that's
what we've heard yeah they've ended
support for windows 7. they've ended
support for windows xp
oh but i i've never had to call support
i can
handle it that's not what they're
talking about at all what they're saying
is they
will not fix the patches it does
the the exploits doesn't matter how
severe they are
it doesn't matter how easy they are to
exploit so you have a windows 7 machine
on your network well
you are giving entry to
one of these hackers who don't even have
to be very good at hacking because
the exploits are publicly known yep
sometimes they're part of tools
sometimes they can just download a free
tool and they can say i want to
with one check exploit windows 7
and so they get into a windows 7 box or
they've tricked one of your employees
even if they're just somebody in the
back working in the warehouse
they've tricked somebody into opening a
file that now gives them access to the
windows 7 machine the windows xp
machine or the machine in the back room
doesn't matter
and here we're learning that microsoft
servers
now have an exploit that as long as
a malicious party can gain access to any
computer on the network
they can now get domain administrator
access to the entire network
now scary now your windows 10 machines
are no longer safe
that's right because you've given them
entry
to your network as if they're a domain
administrator
oh see that's just bad news right there
well it's bad news though why is
ransomware a thing
because what do they do they now okay
i've gained access to this network
i'm going to sell on the dark web access
to this network
you see this with um with townships
and yeah with cities that
was it the original script kitty who did
it no what
he just they just want they want to get
in
install their software and get out and
then sell access
that's right because that's quick money
so why do people do it for money
and that's how they do it so um yeah you
gotta
kind of keep things up to date so you
know just a quick thought
to ponder hey if you've got any obsolete
machines on your network you've got to
get them off
and get your staff trained on cyber
security practices
understand what phishing scams are
because you know oh well
somebody clicked on a link and now their
computer's infected but their computer
is
on your network but i was gonna get half
of that
prince's money that's a whole other
worms right there jeff
but i mean i when it comes to these kind
of things to look at your system and say
oh
i don't want to spend seven eight
hundred bucks for a new computer i
wouldn't worry about updating this one
you'll end up spending more in the long
run or in in the short term
no in the long run if you don't have
your system patched because once they
get access to everything
you could be down and out but and i
think
when they have access to everything i
think it's just important to realize
that one entry point becomes access to
everything so spend a couple hundred
bucks get the new computer
save yourself i don't know what it takes
i mean it's different it's different for
every case right yeah i had one person
today who called and said i have a
single windows 7 computer
i don't want to upgrade it because it
just works oh
so here's here's an explanation and here
becca has shared with us a story
that simply tells us that all they need
is access to that
one computer and now they've got access
to
all computers of your computers and not
in just like a samba way not in a
a way that's like friendly and hopefully
they don't find any
ways into the back doors on those
computers no
they have administrator credentials on
your network
so they can do anything that's right
anything they want when i think about my
house
i think i've got you're done i think i
have
seven devices not including phones and
tablets and stuff like that that are
connected to the network
i don't want them to have access to that
yeah i just can't stress enough though
jeff
i mean i think in the terms of
businesses more so the home user but
once they're in they're in you can't
that you're done because you can't now
shut down that windows machine that
windows 7 machine no they're already
into everything
so what do you do replace everything
have every single computer
wiped because you don't know what tools
they've installed that's expensive
yeah so don't fall into that
anyways that's a bad exploit that's
really serious folks i hope
we've stressed that enough that you
understand that this is a bad one
so make sure your network administrators
are up and up and they understand these
things
and that you are protected and safe
against these kinds of threats
all right we're going to head back to
becca three javascript packages have
been removed from the npm portal for
containing malicious code
according to advisories from the mpm
security team
the three javascript libraries open
shells on the computers of developers
who imported the packages
into their projects the shells allow
threat actors to connect remotely to the
infected computer
and execute malicious operations the npm
security team said that the shells don't
depend on a particular
operating system and could be used to
compromise windows linux freebsd
openbsd and other systems
all three packages were uploaded to the
npm
portal in 2018 and each had hundreds of
downloads since then
the package's names are plutovs dash
slack dash client node test 199
and nodetest1010 the npm
security team said any computer that is
that has this package installed or
running should be considered fully
compromised
all secrets and keys stored on that
computer should be rotated immediately
from a different computer they warn
the package should be removed but as
full control of the computer may have
been given to an outside entity
there is no guarantee that removing the
package will remove all malicious
software
resulting from installing it mpm
security staff regularly scans its
collection of javascript libraries
considered the largest package
repository for any programming language
well i can't even get good cell coverage
coverage at my cottage
nokia is working with nasa to bring 4g
to the moon
nasa's artemis mission aims to establish
a long-term
human presence on the moon as a stepping
stone toward
mars colonization and to get things
started
nasa is extending 370 million dollars to
14 companies
to provide the technology for the
program
from robotics to power generation and
even cryogenics
but it makes sense that these teams will
need to be able to communicate with the
mother planet
the new network will be designed
specifically for lunar conditions
able to withstand the extreme
temperature shifts and radiation
the tech will also utilize small cell
tech which as the name suggests is
significantly smaller than the tall cell
towers they are used to seeing
here on earth they also use a lot less
power
the plan is for a lunar lander to carry
the 4g communication system to the lunar
surface
in 2022 nokia's bell labs has been
granted 14.1 million dollars
for their part a new 80 watt wireless
charging tech from xiaomi is blowing our
minds
and the raspberry pi compute module 4
becca has these stories coming up plus
robert is here with the crypto corner
don't go anywhere
welcome back to the world of cryptos and
welcome back to the crypto corner
last week we spoke about banks in a few
years time you will not recognize them
anymore
and i also mentioned to you not so long
ago
the chinese digital currency that will
replace the riemann bee
and that they already implemented it and
they they're running some trials in
shenzhen
now this week there has been some
development and i'd like to talk about
that because
it will have a direct impact on your
life and my life
so let's dive into this here
the international monetary fund the head
of that international organization
is a lady called cristalina jojeva and
she delivered a speech
in regards to the new bretton woods
moment now what is the bretton woods
britain woods
system is uh monetary management
established
the rules of commercial and financial
relations between
uh countries like u.s canada western
europe australia and japan
and so it's the system was first
example of a fully negotiated order
intended to govern monetary relations
between independent states so that was
bretton woods
and she's speaking about the change of
that system into something
more modern now interesting enough
on monday there was a meeting with a few
central bankers talking about so-called
cross-border payments
but if you think about it look what type
of people they were
present so you've got the head of the
saudi central bank
you have got the head of all the central
banks
the head of the imf the head of the u.s
central bank and the head of the
malaysian central bank
missing is europe which is interesting
but there will be a reason i guess
so they met together to talk about gross
border payments
now i don't believe that that's a real
story the real story
uh was also published by a gentleman
called ron paul
which i totally concur with so his
thoughts is exactly how i'm thinking
and what he's talking about is exactly
this meeting that happened on monday
that will replace the old bretton woods
uh relationship
between countries so what will happen
it looks like that the central banks
will
collude and come up with a system
a central bank system between all of
them so there will not be another us
dollar central bank system
there will be one for each for all
organizations
and then from there it will be
diversified
and what can you do with such a system
that's the interesting part and
i love that is so it will change
the circumvent the banking and finance
fiscal system because you're directly
interacting with people
yeah so it's not like at the moment
where the central bank in the u.s or
canada doesn't matter
comes up with some policy and then it
goes it trickles down
um the chain and you as the individual
you probably see the least amount of
money and
probably at the highest interest rate
that you can think of other people
will benefit much stronger with digital
money
plus cryptocurrency so programmable
you're able to do much more because now
the central bank can directly influence
uh the behavior of people and how do
they do that yes they can say well
if you're a restaurant owner you can you
get the money directly
into your pocket from us yeah so no more
banks involved we'll do it directly
it's possible it's central bank money
they can change interest rates so in one
instance or one industry they can have
high interest rate than another
what will happen with taxes yeah what
will happen with
the irs because they can deal with these
things directly through
programmable money it will take time to
get it to that
ultimate extent but it will happen as
you
as you can see so direct payments will
be possible
um they're also talking here about
um yeah behavioral economics
so not through some economists that
are telling the government what to do
and what not to do because that has
failed in the past
everybody's saying so what they're going
to do is like a facebook
a type of idea or tick tock idea or
youtube idea
where you're interested in people
befriending you
or where people are you're interested in
getting more likes
and so you change your behavior in
regards to
getting more likes and the same thing
will happen with the money
so and that will be all regulated
through central bank
without anybody from the outside world
having a chance to
have a significant influence so how that
will look like at the end
nobody knows of course but that these
people are meeting together to discuss
cross-order payments is something that i
find highly interesting
and that is of course fantastic news for
bitcoin
because bitcoin is outside of that
system there's nobody
that can regulate uh bitcoin
it's decentralized um it's immutable
you know other features of uh bitcoin so
um bitcoin is a fantastic alternative
all the other cryptocurrencies the major
ones are definitely a good alternative
let's see what libra will bring up
but there's will be some good
alternatives to um
to the central uh centrally driven
money through central banks so i hope
you found that interesting and i hope
you liked it
and i hope i get a lack from you and i
wish you a fantastic week
so thank you very much for watching bye
bye
thank you robert just a reminder we're
not providing financial advice
but only sharing what's happening in the
cryptocurrency market
always remember that the cryptocurrency
markets are ever-changing and
always volatile so you should only spend
what you can afford to lose
now back to becca in the newsroom thank
you robbie
xiaomi has announced a new charging
check that can fully charge a depleted
smartphone in less than 20 minutes
but it does it without any wires fast
charging has become a key feature of
many smartphones in recent years and for
convenience sake
wireless charging can be really great
but of course wireless charging
typically charges a phone with between
10 to 15 watts of power
some phones like the oneplus 8 pro have
wireless charging up to 40 watts
but xiaomi's new charging tech promises
a whopping
80 watts of wireless juice
what does that mean in practical terms
well according to the announcement
unveiling the 80 watt me wireless
charging technology
a smartphone with zero percent charge of
a four thousand milliamp hours battery
will charge ten percent in just one
minute fifty percent
in eight minutes and be fully charged
after 19 minutes
finally a charger that will charge my
phone
from zero to a hundred percent right in
like my lunch break
see that's nice that's a game changer
can you imagine
i think about my kids and how we have
like phones everywhere
obviously i mean this is going to take
like the latest and greatest tech but
um it's always a case of oh i forgot to
put my phone on the charger or it
doesn't last
long enough for the entire day and now
that you know with the pandemic of
course
my kids are being homeschooled now kind
of by force
and everybody's on their devices the
whole time so we've got
zoom meetings happening on phones and
it runs it depletes the battery yes but
what i like
is that it's wireless it's not just
wiring that's amazing
yeah it's wireless that's huge like the
idea that i could take my phone
not have to worry about chargers and
just go just set it down set it down 20
minutes later i'm good to go
that i love the other thing that i love
about it the
the concept is that um
i think about as you just did if i could
set it down on a table
what if you could set it down on a
restaurant table yes because a lot of
restaurants have
gone the route and i'm using restaurants
as the example but a lot of places have
gone the route of
embedding usb yes so that you can plug
in your usb
cable to charge your phone but then all
of a sudden people got
wise to the fact that oh those usb ports
could be malicious
because usb also carries data or that's
right who knows if it's
too many volts and that you know maybe
it's got a short or something like that
and could fry my phone
so then all of a sudden we're afraid to
plug into the usb port because hey it
could be
something bad that's right well wireless
charging you
set it down it charges and you pick it
up and you're done yeah
but you can set it down for like three
minutes and it's given you enough of a
charge to get through most of the
afternoon
which is incredible awesome i i think
just as a i mean you look around now and
you've got all these charge stations
for electric vehicles it would be great
to start seeing little pop-ups
in public places with this kind of stuff
where you can literally put your phone
down for five minutes
and have enough to have a phone call to
get help or whatever
and it's all wirelessly i just pictured
like a stretch of road
and embed the receiver in the car and it
recharges the
autonomous car because it drives over
this thing whoa
we're getting into the tech now folks
[Laughter]
still i like it i'm excited about it the
crazy thing is just
in conclusion is that while what i just
said
is very sci-fi like when we were growing
up that was like
the future totally doable it's possible
now
that's ridiculous the raspberry pi
foundation has launched a compute module
with the specs of a raspberry pi 4.
the raspberry pi foundation launched a
new product monday the comp
the compute module 4. it's hard to
believe it's been so long but the
raspberry pi 4 was released in june
2019.
the compute module 4 brings the pi 4 to
the industrial
iot space featuring the same processor
packed in a compute module just begging
to be integrated into powerful iot
appliances
if you're unfamiliar with compute
modules you can think of them
as single board computers without all
the ports and gpio
pins they allow the computer components
the brains
of a raspberry pi to be integrated into
robotics smart devices
maker tech clusters or anything you can
come up with that requires a tiny low
powered linux computer at its heart
since the compute module 4 shares its
spec with the raspberry pi 4
developers can do all their prototyping
on the pi 4
sbc but then order a bunch of compute
module 4s to integrate into their
commercial product just like the
raspberry pi 4 the compute module 4
features a 64-bit arm based processor
with video core vi graphics this is
going to represent a huge upgrade for
previous compute module
customers and with 4k video output
output at up to 60 frames per second
plus the ability to decode h.265 video
the compute module for the compute
module 4
could be a game changer for multimedia
driven devices such as smart tvs or
set-top boxes
the compute module 4 is available with
your choice of 1 2
4 or 8 gigabytes ram and 8 16 or 32
gigabytes on board emmc
flash storage wi-fi and bluetooth are
also optional
the price ranges from just 25 to 90
usd now imagine that jeff the raspberry
pi
compute module 4 yeah in one of your sbc
projects or something like that powering
it like the brains this is a pretty
soon as becca said h.265
decoding so that's like video that is
very cpu intensive
yeah that's awesome like it says a lot
that's more power than my plex
server yes which is like
who knows where that's going to take
things i like the idea of
cluster computing and that's where you
take
several computers connect them together
through networking
and basically install
software beowulf or something like that
that clusters them to make them be able
to perform
tasks together in such a way that it
basically makes a super computer
right out of several computers so you
think about these raspberry pi
cl uh cluster or the modules
and and put like 10 of those together
in a a cluster and you'd have like this
compute module
cluster that'd be nice computer with
that much power
when you can have eight gigs of ram on
each
board times that by 10. a lot
can do a lot it's changing things folks
the world is changing
that's for sure what would you do with
all that power
and silence he's waiting for you to
answer i i'm
thinking i'm like what would i do with
that how many people just went
bitcoin mining sorry guys
it's you know what's sad my first
thought was
could i automate like some of the
utilities that i have in the kitchen to
make food for me
that was my first thought with a with a
compute module four
yeah it takes more than that but i know
it could be the brains of such an
operation
clearly i'm hungry though
your thoughts comment below we'd love to
hear what uh what you would do with a
compute module for
thanks for watching the category 5 dot
tv newsroom
don't forget to like and subscribe for
all your tech news with a slight linux
bias
and if you appreciate what we do become
a patron at patreon.com
category5 from the category 5 dot tv
newsroom i'm becca ferguson