welcome to category five technology TV
and this week we have a legit hacker who
has hacked a ton of devices gonna be
sharing with us about those exploits how
he's been able to do it why he's done it
and some of the concerns that it raises
stick around our live recordings are
trusted only two solid-state drives by
Kingston technology revive your computer
with improved performance and
reliability over traditional hard drives
with Kingston SSDs category 5 TV streams
live with Telestream Wirecast and nimble
streamer tune in every week on roku cody
and other HLS video players for local
show times visit category 5 TV welcome
to the show everybody this is category 5
technology TV episode number 6 44 and
I'm Robby Ferguson and I'm Sasha Rickman
hey Before we jump into a very exciting
show this week I want to remind you to
subscribe to us on YouTube and click
that Bell that's going to make sure that
you receive all the notifications
whenever we are live or when we post new
shiny videos what the cool people do I
started seeing the rounds of the
exploits of the Canadian hacker as
Twitter blew up with people saying I
came into work today and on my printer
was this printout and the printout was
from the canadian hacker he is the
Politis hacker that you'll ever meet he
will hack your devices and then
apologize yeah he is none other then
the Canadian hacker the one fantastic
how about yourself
listen you you call yourself the
Canadian hacker just to give us a sense
of the scale of things how many how many
devices have you seriously hacked I mean
I've hacked about a hundred and fifty
devices how many devices have you hacked
whoa for the printers 100 thousand a
hundred thousand printers why'd you hack
printers well my main motivation for
doing all this was to give myself more
of a challenge all without really
affecting the people around me when you
say that when you say without affecting
are you talking about being benign in
your attacks so that you're not actually
creating damage you're walking would be
something that I wanted doing is what I
did with the pictures I saw the pictures
I was a very open target uh especially
with how many like everybody you're on
everybody's home has a picture
every business has a picture uh and a
lot of people don't look at them for
something that you could exploit rage so
you could be big vulnerability right
there so my my whole thing was to create
a challenge for myself
well not affecting others and they'd say
yeah I got here good Anya good Anya how
did you get started hacking well around
seven years old I actually you know what
that's actually really good question
you're sorry
understood did you know my timeline yes
well yeah I'd say probably around six or
seven
I guess there's there's a point in in
your like you're growing up in an era
unlike I did so when I was when I was in
high school is when I realized hey I can
hack systems and I can make them do what
I want them to do there must have been a
point in your life where you said hey I
can do more than what Windows allows me
to do what Linux allows me to do what
when was that point for you probably
around 10 or 11 I'd say when I started
when a lot of people on the internet
started coming out and trying to the
public like what you can do with this
and how everything can be explained I
thought I wanted to learn that ability
more so for good about okay so you know
and these devices you mentioned printers
and we're gonna talk more about that but
these devices are benign considered safe
these are these are devices that people
trust to plug into their network I mean
you walk into any Super Center you buy a
printer and you install it and it just
works yeah what is it that drew you to
start attacking those devices a little
bit easier of an axis then a more
sophisticated system so it was easy
enough for each of you but just don't
have a challenge and a large amount to
bomb like a surplus of pictures on any
given network so you know you're I have
a lot of access to them and it made it a
little bit easier sorry I'm kind of
contractor no not at all not at all so
but it makes me think though and we're
speaking with the Canadian hacker here
the Canadian hacker we know you by no
other name when you're attacking
printers so so I
as a consoled me as a consumer our
viewers as consumers will purchase a
printer and just install it on their
network so what makes that device a
vulnerable device you just think it's a
benign device just sitting on your
network that you print - well how are we
able to attack that how what is what is
it that I should know as a consumer that
you can share with me as a hacker that I
should know about that printer being
connected to my network is how like
security fever I guess you can say um
you might think that they're safe when
they really truly not and for printers
in this case um there's a lot of it's on
your network that it can be accessed
with which I don't mean that you don't
you shouldn't connected to your network
I mean it makes it so much easier to
think anything else that you just have
to be really careful with what's exposed
because there's outputs ninety one
hundred five one five and six three one
which is the main three ports that then
it's mainly ninety one hundred six three
one isn't that cups yeah so you gotta be
really careful with them what you're
exposing um and you just always not be
watching out with what you're installing
to hear about what you're adding to
network because I guess I could get into
that picture and if I wanted you
attacked it for malicious reasons but
here a large business I could anything
you print off finance reports or
anything I would actually be able to use
a man-in-the-middle attack and she drops
so Lauren yeah she really have to be
careful with what you're putting or
connecting to your network and you
should always be checking on your
settings on your modem or I mean people
know this router but it's really all the
rage on to see what ports your long to
pass through choose the side of your
network and that makes me think now the
Canadian hacker you're dropping a bunch
of bombs here so I got to cut you off
because like okay we got to talk about
this UPnP is enabled on a lot of
router's you UPnP means as soon as you
plug that printer in it opens up the
ports it doesn't matter if you
specifically said open up those ports no
UPnP will automatically do that because
it detects the new printer and allows it
to open those ports automatically that's
dangerous that's what I'm learning here
but you're talking about okay not only
are you able to send print jobs to my
printer but you're able to intercept the
print jobs that I send to my printer
exactly yeah and you can see how injures
that is and a lot of the security
features on printers that say like only
our men will be saved on the system or
anything like that um because it's not
it's again a form of security feeder
you're really thinking it's more safe
than it truly is I can't help but think
about accounting firms lawyers offices
who just okay let's back up a second the
Canadian hacker has revealed themselves
to the world and said look your printers
are unsafe you need to secure these
things what if there are 10 other
hackers who have accessed that printer
and have never even unveiled the fact
that they have access to that printer is
there isn't it true the Canadian hacker
that they could compromise this printer
and be receiving every single print job
from this lawyer's office from this
accounting office from wherever this
office is and never you'd never be the
wiser you just be sending them this
information is that a valid point it's a
very valid point and that is very true
um of course I've never necessarily seen
that in action
is definitely in the realm of
possibilities yeah if you have anything
that's into their network open to your
network um there's IP crawlers that can
go through every single IP address in
the world and will tell you objectable
instrument for example things like that
who sells like they show them online and
then anybody with the malicious intent
like the people you said or that you
stated I can use that to create many
Millett acts or copy off any files
premiere be damage your venture just do
most anything unreal and speak now
getting away from printers are there
other devices that we as consumers may
pick up whether they be from a retailer
or from say our Internet service
provider that would allow us to be
compromised without us even thinking
about the security aspect of it Oh
there are times on a really big example
that I personally found him I was that I
actually experienced myself in my own
home what is on a certain ISP company
that are not the state are that I would
say a major ISP in Canada Oh what did
install them all down in my own home
that release her personal de are and it
actually opened up the web interface to
the public and these and it had a
standard like usually password like no
like it's a lot like admin password yeah
so and so many people don't understand
that this is such a huge issue and be
like I haven't contacted I'm on edge
um I probably should most like
in the future but you really have to be
careful with what you're installing onto
your network because especially with
that like that did send a bit of a shock
because looked at anybody could walk
into my mode on oh we need to do more
basic things like we said it or power it
off but then it also gives you more
access to your network then you should
ever have like a modem or a router would
allow me to open up say port 3389 the
network which would allow me as a hacker
to remotely access your computer desktop
and wreak all kinds of havoc what other
kinds of what other kinds of threats
does this introduce to our network I
mean these are devices that we trust so
the internet service provider says
here's your new modem it's gonna be
faster it's gonna be better and you
don't ever think twice about the
security of that device what what does
it open up to a hacker such as yourself
now I understand that you're taking the
you're taking the high road and saying
you know I'm gonna educate people but
what about those hackers that are saying
no I'm gonna exploit people that's a
very good question I'm just gonna
pretending of their own
it is truly astonishing what you can do
when you have access to these systems
what you said I mean I believe those are
you people correct yeah yeah so um
figure out without one you most likely
chap you need to have that one enabled
but there's so many exploits with this
and a modem you know you'll be able just
in most cases you can see what is
installed on the network uh and then
your shoulder specific IP address and
you can find vulnerabilities and like
CVD for but the CVD database and it can
say oh yeah
this threesome wish to see if their
missed out you know IOT thermostats this
thermostat has this vulnerability that
hasn't been patched yet and access
accusing this or this port and jacked up
to temperature or kill it or damage to
thermostat and then you can because you
have accessed the modem you can open
that porch so you can access it yourself
even if you weren't able to before
can I didn't put something out there
because you touched on thermostats here
the Canadian hacker
I could also as a hacker monitor that
thermostat and see when the people are
coming and going so then it brings it
into a physical realm of saying okay
well my nest thermostat tells whoever
has access to it whether I'm home or not
yeah so what if I was a physical robber
it's definitely a scary world all that
for a lot of people have smartphones
right and communicate you zippe for
example now you have a makers help us
into album that connects all of those
systems together and if you don't have
that set up properly or if they didn't
correct any security issues that they
saw present that would allow you access
to for example unlock the door are
trading off and it's really bad because
they a lot of systems don't use any
other education with that I mean there
are some that do but yeah with like one
of those smart phones you know it's just
like if you were helped everything out
you could press a button on your phone
maneuver lock the door a wall we can
somebody else that has access to your
modem do the same thing so we thought
yeah never even really thought that we
were always thinking in terms of you
know the the actual app well if I have
access to the modem I can access any of
the devices within the same network
that's scary stuff
well we're speaking with the Canadian
hacker and before we take a quick break
let's have a look at a video of how the
Canadian hacker was able to compromise
all those printers
[Music]
please don't go anywhere when we come
back from the short break the Canadian
hacker is not only going to be sharing
with us about the response that he's
received to the printer Hanna but also
he's gonna share his concerns about how
young people could use similar hacks to
damage devices around the world and how
governments could use it for cyber
espionage don't go anywhere
jumping back to your own hack of
printers across Canada the US and even
overseas what is the response that
you've received like have you have you
gotten a lot of feedback from that hack
yes I have the attack my Twitter handle
as well as my email now the majority of
the feedback has been positive in a lot
of people actually font acted me to help
with the problem and a lot of the folks
tutor I don't know how to do this me
help me and you know you just buy stuff
with it
there's some other people which I mean
necessarily know your motives but I have
bought in actually a few death threats
from mom Russia which is why you can see
their master in this aw sure
is it possible the Canadian hacker and
we don't like to get into politics or
any of that kind of stuff here on
category 5 but is it possible that
they're utilizing these exploits and you
are educating the people to these
exploits you know what I've actually
never thought that and that is really
good
you are just so that is a possibility
that is very much so possibility yes and
I could be showing by doing this I could
be showing the public are things that
maybe those people who said those
threats they want to see oh yeah that's
a very good point how do you think the
CIA felt when eternal blue was revealed
publicly you know I don't know what
happened to those hackers we nobody
knows so looking at so this is the
Canadian hacker that we're speaking with
her and and we joke but the truth is is
that the Canadian hacker has taken a
very high road approach to these types
of exploits and in your actual printouts
so understand hundreds of thousands of
printers around the world suddenly
started printing out this printout from
this hacker and on this printout it says
if you are unable to find suitable
instructions you are welcome to contact
me via email or Twitter and I'll be glad
to help you out you mentioned some older
folks reaching out like have you really
received folks reaching out and saying I
need help with this yes I have the
majority of the emails I've received
where people thank you all which I
necessarily will pay for that through
the email or anything like that but is
more to provide a support system to help
people with that and yes I've received
multitudes of emails stating that they
required help and their company hasn't
told them or they don't know about you
things like that and I could provide a
step-by-step process and then there's
also some people some people that don't
necessarily know how I do the x-point
like you know how to fix the problem and
they've contacted me to test it again to
make sure that their printer isn't
accessible Oh fantastic okay so are you
gonna continue hacking printers in this
way Oh most definitely
um I am gonna be sending out another
wave item on there nothing I made inside
I don't know how many pictures I'll be
sending this Oh - oh maybe five hundred
thousand so that'll be much larger
amount of pictures that I sent it to
before but also sorry no no you're
fantastic and and we appreciate your
time so very much the Canadian hacker so
many hackers would utilize these types
of exploits for example I mean you're
talking about sending you've already
sent to over a hundred thousand printers
print out jobs okay and now we're
talking about the next wave being
another five hundred thousand printers
where a lot of hackers would just like
hey let's print out a mass amount of
porn on all these business printers
let's like print out some some horrible
things this is you know the approach of
the traditional hacker and this is how I
think media has painted the hacker so we
have this picture of what a hacker is
and that's what we expect of them what
has caused you to take a different
approach and instead send to 600,000
printers instructions and assistance
with helping to close these exploits
thought or not nuts - Siri thought
they'd never ever wanted to have any
devices for immoral purposes or to do
for reasons of my own Oh
first they wouldn't like necessarily a
dump so I see
it was just I wanted to be able to make
a difference in something without
necessarily hurting the persons involved
oh yeah that's pretty much home and
sorry are you you live up to the the the
handle of the Canadian hacker by
apologizing but what what you're
revealing to us I I just envisioned like
a new world of philanthropy in a way
like as a hacker you're choosing to help
others by exploiting the very things
that are exploitable within their
networks
so you're saying hey by the way your
printers could be used for these
malicious purposes but I want to help
you to lock those down exactly and of
course I didn't have to do that if I
wanted to I could go or completely
destroy those printers by deflating DEP
wrong over and over and over again
um takes about 24 hours and I'm
completely toilet printer I could do
that I could print off some images that
you wouldn't necessarily want to be
printed off all things like that I to it
I'll permanently
Ashe like a lot but not necessarily text
you could do anything you wanted any
image oh but yeah I've chosen to all the
things that you could do but you're
choosing the highroad did kudos and and
well done do you have plans you know
stepping away from the so the printer
hack has been a successful hack and and
you've been making a difference for
those who receive it and realize oh my
goodness my printer is exploitable but
this hacker has chosen to tell me about
it so that I'm no longer susceptible
what what do you have planned beyond
that so when this is exhausted itself
what's the next step for the canadian
hacker
well I've kind of cheap chicken'll
character to career paths I still always
want to do ethical hacking depending on
whatever career I choose and I
definitely wanted definitely don't want
to go on to the dark side of that either
so I've been looking at excite any sort
of cybersecurity jobs or anything like
that um seeing if I could get a degree
of some sort of that um or I've also
been look at engineering electrical or
so you're talking about you're talking
about career paths as future tense so am
I to understand that you are younger
than twenty ten so high school so I
still have a good bit of time but it
kind of just goes to show that if I'm
able to do this if they tends to didn't
lifter somebody with a lot more
knowledge who's actually done a degree
MS or can do it why don't you and the
Canadian hacker what this is what this
is revealing to me is that if you can do
this and you can choose the the moral
Road and help people to secure their
networks what about the next grade 10
student like folks I mean there's a lot
of people who just woke up and said oh
my goodness like and I apologize the
Canadian hacker but you some people are
saying this is a kid what we've learned
here is that you could have used this
exploit for for malicious purposes of
purposes and you haven't personally but
what about the next grade ten kid and
not not to necessarily put my own gender
this year but there are not three people
out there especially of my age group and
this big so desire to
- there's like you know the
possibilities are almost endless yeah
anything certain to be printers rage it
can be any sort of LG device or anything
connected to your network Wow well I
encourage you as we wrap up this
interview the Canadian hacker I
encourage you to continue pursuing that
positive path there are a lot of cyber
security companies out there that want
people like you that can exploit systems
for the good so that they can help patch
them and and I encourage you to pursue
that career path
absolutely and keep up the great work
and what you're doing and I and I hope
that everything goes very very well for
you thank you
the Canadian hacker do you have any
final words for us today as we close off
our interview well do preacher I'm sorry
all right thanks for being on the show
we've got a head over to the newsroom
Sasha if you are all set I am here's
what's coming up in the category five TV
newsroom a man hit the keys to it 59
million dollars worth of Bitcoin with
his fishing gear which got thrown out
and incinerated while he was in jail
firefox has turned on encrypted DNS by
default to court snooping ISPs automatic
pet feeding systems could serve your
pets in the event of a failure musicians
have algorithmically generated every
possible melody and release them to the
public domain stick around the full
details are coming up later in the show
this is the category
TV news covering the week's top tech
stories with a slight linux bias I'm
Sacha Rickman joined this week by Ravi
Ferguson
alright Sasha well some quick honourable
mentions this week let's get into it
pioneering african-american nasa
mathematician Katherine Johnson has
passed away I want to get into a little
bit about her story and as Johnson
calculated she calculated the rocket
trajectories and earth orbits for NASA's
early space missions she was portrayed
in the 2016 Oscar nominated film hidden
figures and the film tells the story of
an african-american woman whose math
skills helped to put US astronauts John
Glenn into orbit around the Earth in
1962 miss Johnston verified the
calculations made by new electronic
computers before his flight
imagine that computers were brand new at
the time so we had to like verify that
data and there she was
verifying it making sure that the math
was correct from this new fandangled
device right miss Johnston
miss Johnson pardon me had previously
calculated the trajectories for the
space flight of Alan Shepard the first
American in space and such was her skill
and reputation that Glenn had asked her
specifically to be a part of his mission
and refused to fly unless she verified
the calculations she also helped to
calculate the trajectory from the 1969
Apollo 11 flight to the moon now NASA
Administrator Jim bridenstine describes
miss Johnson as a leader from NASA's
pioneering days he says miss Johnson
helped our helped our nation enlarge the
frontiers of space even as she made huge
strides that also opened doors for women
and people of color in the universal
human quest to explore space her
dedication and skill as a mathematician
helped put humans on the moon and before
that made it possible for our ass
not to take the first steps in space
that we are now following on a journey
to Mars here in 2020
miss Johnson was born in a small town in
West Virginia in 1918 she excelled
academically she graduated from high
school at just 14 years old and from
University at 18 NASA notes that her
academic achievements were partially
were particularly pardon me
impressive quote in an era when school
for African Americans normally stopped
at 8th grade for those who could indulge
that luxury to think of education as a
luxury at that time just an astonishing
woman after working as a teacher and
being a stay-at-home mom miss Johnson
began working for NASA's predecessor the
National Advisory Committee for
Aeronautics pardon me they called it
NACA at the time in she started working
there in 1953 Johnson died at a
retirement home in Newport February 24th
at the age of 101 lived a long life
bridenstine described her as quote an
American hero and he stated that her
pioneering legacy will never be
forgotten since we're already on the
subject of mankind traveling to the
stars the Los Angeles City Council has
approved a SpaceX permit to least 19
acres of land in the city's port for 20
years for a starship rocket facility
SpaceX's new rocket factory will be for
its massive next generation rocket
called starship the rocket so far has
been developed at SpaceX's facilities in
Texas and Florida but the new location
add
capacity for SpaceX within driving
distance to its headquarters outside of
Los Angeles International Airport and
that's where the majority of their staff
actually work 6000 employees in an
outline of plans described by government
officials
SpaceX's facility will include multiple
buildings for manufacturing such as
blacksmith shops and machining Los
Angeles officials say that SpaceX is
plan will actually refurbish dilapidated
facilities with a history of vacancy and
vandalism and quote has the potential to
create 130 aerospace jobs the facility
itself would be a large tent-like
structure similar to those that Tesla
was using to ramp up their production of
the cars in recent years the port
location provides SpaceX with immediate
access to water that's a key
transportation item for them for their
immense rocket because they need to get
that from a production facility to the
launch site in either texas or Florida
so SpaceX currently moves Falcon 9
rocket across the highway on super long
trucks but starship and it's super heavy
booster would be so large they wouldn't
be able to transplant transport that by
the road so the water is gonna play a
big part in that researchers have
developed an algorithm that could stop
self-driving vehicles from getting into
crashes and traffic jams the algorithm
divides the ground beneath the machines
into a grid the robots learn their
position through technology similar to
GPS and coordinate their own movements
together through sensors that assess
where there's free space to move
northwestern engineers Michael
Rubenstein says the robots refused to
move to a spot until that spot is free
and until they know that no other robot
are moving to that same spot they are
careful and reserve a space ahead of
time Rubenstein's team tested their
algorithm on a swarm of 100 robots set
up in their lab to cut out any
distractions the robots were only
allowed to sense three or four of their
closest neighbors this restricted their
vision it and it made the system easier
to scale as the robots can interact
locally without needing global
information think about the impact of
that so the advantage of a swarm of
robots is that there is no centralized
controller that can disrupt the whole
system this allows them to work together
to accomplish any task even if one of
them breaks down
this gives the system and obvious
application in warehouse robots but
Rubinstein believes it could actually
also cut traffic and collisions for
self-driving vehicles on the road he
said quote by understanding how to
control our swarm robots to form shapes
we can understand how to control fleets
of autonomous vehicles as they interact
with each other
finally cyber security researchers today
uncovered a new highly severe Hardware
vulnerability residing in the widely
used Wi-Fi chips manufactured by
Broadcom and Cypress
apparently they power over a billion
devices including smartphones tablets
laptops routers and IOT gadgets dubbed
crook K R 0 0 K the flock had let nearby
remote attackers intercept and decrypt
some wireless network packets
transmitted over the air by a vulnerable
device
the attacker doesn't need to be
connected to the victims wireless
network and the flaw works against
vulnerable devices using wpa2 personal
or wpa2 Enterprise protocols with AES
ccmp encryption ESET researchers said
quote our tests confirmed some client
devices by Amazon echo Kindle Apple the
iPhone iPad MacBook Google's Nexus
device Samsung's Galaxy devices
raspberry PI's PI 3 and show meas redmi
as well as some access points by a soos
and Huawei were vulnerable to crook now
the attack relies on the fact that when
a device suddenly gets disconnected from
the wireless network the Wi-Fi chip
clears the session key in the memory and
it sets it to zero but see the chip
inadvertently transmits all data frames
left in the buffer with an all Z with an
all 0 encryption key even after the
disassociation so it's actually pushing
out that data without encryption so
therefore of course an attacker in a
near proximity to vulnerable devices can
use the flaw to repeat of repeatedly
trigger disassociation by sending D
authentication packets over-the-air to
capture more data frames quote
potentially containing sensitive data
including DNS ARP ICMP HTTP TCP and TLS
packets basically it's like a
man-in-the-middle without actually
having to be in the middle
besides this since the flaw also affects
chips embedded into wireless routers the
issue also makes it possible for
attackers to intercept and decrypt
network traffic transmitted from
connected
vices that are not vulnerable to crook
either attached or using different Wi-Fi
chips so consider that if you are
connecting to a Wi-Fi hotspot whose
hotspot is vulnerable you are
susceptible to crook Apple has already
released patches for its users some
should have issued advisories or
security patches at the time of the
publication and other vendors are still
testing the issue against their devices
watch for patch for patches to mitigate
this problem via software or firmware
updates for your device wow thank you
let's get into the top stories were
following this week
in a world where various mass breaches
dictate the use of strong randomized
passwords more than ever reliable and
secure credentials management is
paramount in 2021 Irish drug dealer has
evidently learnt the lesson the hard way
this week the Irish Times reported the
sad tale of Clifton Collins a 49 year
old cannabis grower from Dublin Collins
quietly grew and sold his product for 12
years and he amassed a small fortune by
using some of that revenue to buy
bitcoins around 20 2011 and 2012 before
the price of cryptocurrency soared but
in 2017 state authorities on a routine
overnight patrol spotted and then
arrested Collins with roughly $2,000 of
cannabis in his car the men quickly
earned himself a five-year jail sentence
as part of authorities investigation
Ireland's criminal assets Bureau
discovered and confiscated 12 Bitcoin
wallets belonging to Collins totaling
nearly 59 million dollars reportedly the
biggest financial case in CA B's 25 year
history there was only one problem CA B
couldn't access the accounts because
Collins had lost the keys nervous about
having a ton of money tied up in a
single wallet Collins diversified in
2016 by splitting his 6,000 bitcoins
across 12 newly created wallets
and to further secure this fortune
Collins hit a piece of paper containing
the access codes inside a fishing rod
case at his home unfortunately a
separate criminal broke into Collins
home in 2017 and cleared his belongings
and upon Collins arrest his former home
was cleared out by his landlord with
left-behind belongings taken to a dump
dump workers told State Police they
remember seeing fishing gear but waste
from this particular dump is set to
Germany and China and incinerated by
procedure the fishing rod case has been
missing ever since Collins told the
Irish police that he has had time to
come to terms with the loss of the money
and regarded it as punishment for his
own stupidity this makes me want to cry
right okay Wow
so that money would not have been his in
the end which is why he's kind of okay
with losing it because he's been caught
yep back up
where are your backups right I
understand that in the lure box the
tackle box is out they call it tackle
box of backups fishing rod for the main
believe me I understand the idea the
concept behind a paper wallet yeah but
paper wallet as a term doesn't
necessarily mean that you have to print
it on a piece of paper which is
susceptible to everything yeah a paper
wallet think about it this way an
offline wallet right like it could be an
encrypted GPG encrypted file on your
hard drive which is also Luke's
encrypted and that can be your
protection and and then back it up oh
you know what six I am slightly
suspicious actually of this story mr.
Collins why when you're released from
jail if all of a sudden you disappear
maybe you could excuse me I'm going
fishing
elsewhere oh boy okay so where do you
keep your crypto keys so think about
this Oh your wallets and your keys your
wallet is reasonably easy to recover as
long as you know your wallet address
it's that private key that you're not
going to be able to recover if you don't
have it so encryption I mean use like
can I skip off can I skip off the set
for a second here Sasha I'm jumping over
here and I know you guys can't see me
but I just want to grab a device right
from Kingston Tech okay so Kingston has
these guys would not stand up against
incinerator though wouldn't stand up
against an incinerator an incinerator
but perfect a data traveller mm has an
encryption key pad so save your GPG
encrypted keys yes on this encrypted
with the keypad and then back it up to
multiple devices yes like come up when
you've got millions and millions of
dollars in Bitcoin you can afford to buy
a dad a traveler mm don't be dumb daft
as they would say this is marish the
raft mister don't be a prat oh come on
now buy it like yeah right
that just breaks my heart in so many
ways but it's just like okay this guy
obviously knew his way around the
cryptocurrency I mean he but maybe he
was just lucky maybe he just bought it
right time boulders yeah hurts him some
chattering at the local pub evidently
I'm painting a picture of who this guy
is he's sitting there except in a pine
tea Guiness listening kisum so I bought
a thousand Bitcoin last week no that'll
never be worth anything they said he
wrote it down on a napkin they were
there are only 20 cents each like oh my
goodness not to be again s I'm going
fishing boys yeah
so the question becomes okay so think
about it where are your keys okay so if
you collect cryptocurrency where are
your keys how are they safe do you have
a device like a data traveler 2000 from
Kingston I have one and if not get one
okay because this is a great device
two-storey keys on but I wouldn't just I
wouldn't just put my files on here I
would also encrypt those files with GPG
right so you've got multiple layers of
encryption and heck if you want to Luc's
encrypt this as well
triple layer encryption that's fine and
then you can back that up to multiple
devices create a DD image I don't care
what you do but you need to have a
backup of your keys yes and an offline
key does not necessarily mean that
there's only one copy no you can still
have backups but I think that is safer
than the paper key because the paper key
can be picked up by anyone so that
robber if he recognized it and he also
had the wallets I'm saying he I'm just
assuming it was probably a woman but if
the robber was to get a hold of the keys
the private keys on paper as well as the
wallets well they've got all your 69
billion dollars whatever it is a lot of
money a lot of money right right so at
least with encryption you can have
multiple copies of your file backed up
that has your keys but don't just pray
hail it would be for him when he gets
out after I don't know if his sentences
up yet but when he gets out and he's
just talking to somebody who's never met
him before and he tells them the tale he
lost so much money they'll think that he
is lying yeah all right
Firefox has begun the process of
switching browser users to cloud flairs
encrypted DNS service this week the
change rolls out across the United
States in the coming weeks
DNS over HTTPS helps keep eavesdroppers
from seeing what DNS lookups your
browser's making potentially making it
more difficult for Internet service
providers or
other third parties to monitor what
websites you visit mozilla
embrace of dns over HTTP is fueled in
part by concerns about ISPs monitoring
customers web usage mobile broadband
providers were caught selling their
customers real-time location data to
third parties and internet providers can
use browsing history to deliver targeted
ads wireless and wired internet
providers are suing the state of maine
to stop a web browsing privacy law that
would require ISPs to get customers
opt-in consent before using or sharing
browsing history and other sensitive
data the telecom companies already
convinced Congress to eliminate a
similar federal law in 2017 with web
users already being tracked heavily by
companies like Google and Facebook
Mozilla had said it is embracing DNS
over HTTPS because quote we don't want
to see that business model duplicated in
the middle of a network and it's just a
mistake to use DNS for those purposes
end quote
Mozilla said in an announcement Tuesday
quote today we know that unencrypted DNS
is not only vulnerable to spying but is
being exploited and so we are helping
the Internet to make the shift to more
secure alternatives we do we do this by
performing DNS lookups in encrypted
HTTPS connection this helps hide your
browsing history from attackers on the
network and helps prevent data
collection by third parties on the
network that ties your computer to
websites you visit end quote
while Firefox is encrypted DNS uses
CloudFlare by default users can change
that to next DNS in the Firefox setting
or manually enter the address of another
encrypted DNS service Firefox users can
also disable the new default setting if
they don't want to use any of the
encrypted DNS options google's plan for
encrypted dns in chrome which is still
in the experimental phase and hasn't
been deployed to everyone is
little different from mozilla x' instead
of automatically switching users to a
DNS provider chosen by google chrome
sticks with whichever DNS provider the
user has selected if the user selected
DNS provider offers encrypted lookups
and is in the list of providers chrome
automatically upgrades the user to that
DNS providers encrypted service if the
user selected DNS provider isn't in the
list chrome makes no changes see that
makes more sense to me yeah don't touch
my DNS settings browser ha ha ha Swiss
aghhh no I mean we're gonna we're gonna
divide the community right now my belief
is that my web browser should not touch
my DNS it shouldn't touch my IP address
it shouldn't touch my default gateway
right you're all agreeing with that so
why is it touching my DNS my browser
should be subject to my operating
systems DNS settings my operating system
should be making these decisions
Lubuntu should be saying hey we're gonna
try to encourage our users to use HTTPS
for DNS queries my browser should never
be allowed to override my DNS right I
see what you're saying that's my opinion
my browser is to be able to surf the web
based on the settings which I have set
in my operating system for TC I for my
tcpip
stack for my DNS stack for my Gateway
now
what about a consumer or a user who
isn't as knowledgeable as you with the
suit them I think that is the exception
to where I think this works yeah I think
this works for the average Windows user
we'll say like the average home user who
just bought a laptop from the future
shop yes from Walmart and fires it up
and installs Firefox hopefully because
they're not going to use edge because
they're smarter than that at least yes
right
but you trust your browser and and so
that user sure I mean use HTTPS but
here's my problem is that I set I have a
pie hole that's right you do oh I have a
DNS server on my network that is on a
Odroid xu4 in a cloud shell - that pie
hole powered device so pie hole is the
operating system it's a DNS server uses
by nine and it controls the flow of DNS
through my network so if my kids go to
something that Daddy says is
objectionable it will block it so what
Firefox is saying is I don't care what
daddy says I'm going to go around what
daddy says and I'm gonna go directly to
CloudFlare and whatever the kids type in
I don't care cuz I'm Firefox I know
what's what yeah so I'm gonna go I'm
gonna circumvent your piehole hi every
time I say it I laugh
it's called piehole okay it's a DNS
server yeah so I block things like
advertisements pornography things like
gambling sites and stuff that I'm that
you know yeah even stuff that I just
think that the kids should maybe
approach me about if they need access to
it just so that I can explain why they
might want to be careful on those sites
yeah so so I try to control those things
not from a control freak perspective but
from a I want to be a parent who
protects my children and in this
connected world and Firefox is saying
you know what yeah and I hate that so if
my kids are using Firefox they are
circumventing the settings that Daddy
set up to protect my kids
that I don't like so I but I do
understand for the average person who
goes into Walmart and buys a laptop and
installs Firefox this is safer right
because nobody needs to know what URLs
you are going to write and Mike
Sasha from 2009 I don't even know when I
started the show mm see Sasha from 2011
wouldn't have known anything about
technology like I wouldn't have known I
would have just loved to Dada walked
into a store picked up a computer
brought at home plugged it in and
probably would have believed any pop-up
that showed up on my computer right and
so those are the people that needs oh
right no absolutely and but like the
adults sure but for fur I mean there are
so many great uses for being able and I
understand that the the approach or the
promotional end of it so I mean we'll
say the marketing perspective that
Firefox is using is that this protects
you because now your internet service
provider can't see what domain you go to
so if you punch in a pornographic
website into your url bar your ISP knows
that right but so does daddy and so
Daddy can say I don't want my kids to
see that yes I want to protect them from
that so please Firefox don't turn that
off yes I have to be able to see those
domains so that's why I have a problem
with it I agree that HTTPS is important
but there are times when maybe Google's
approach is better right because Google
is saying if you already have something
set in chrome in your browser in your
operating system we will honor that but
we'll try to switch to HTTPS so Google
is saying if you have a piehole I'll
still go through your piehole but then
daddy can set the pie holes DNS server
to an HTTP server so the ISP cannot see
what my family is putting in so daddy
can still see it because the browser no
longer has the power to override but the
ISP cannot because my pie hole which is
the override of my systems see that is
is able to direct
okay so I can make that decision because
I'm smart enough yeah you're smart
enough to make that decision so there
should be a process that Firefox has for
some reason forgotten to put into place
there should be a process of qualifying
is this user capable of making these
decisions for themselves yes or do we
actually need to override for them right
okay that's my perspective please
comment below I know we're probably
gonna have some mixed perspectives here
on this topic but my perspective is from
the father who just wants to protect his
kids I like it thank you
comment below we have to take a quick
break more of this week's top tech
stories are coming up
owners of the device designed to release
food for pets say their animals are left
hungry during a week-long
however such devices are being trusted
by pet owners pet net allows owners to
schedule and control feeding via
smartphone app one pet owner tweeted my
cat starved for over a week while others
complained about other hardware issues
quote my three Gen 2 feeders constantly
Jam and won't dispense food wrote
another some expressed relief that the
feeders were now back online pet net has
two Twitter accounts the official one
has not tweeted since August 2019
but the support account issued for
tweets between last week and now about
the problems experienced in its first
tweet it said a system outage was
affecting second generation devices and
asked customers not to switch off their
feeder even if it appeared to be offline
it said automatic feeds would quote
still dispense four days later it
tweeted again to say that it hoped to
release more information soon on Friday
it said it's smart feeders were quote
returning online and a system reset was
in progress stuart miles founder of the
tech site pocket-lint says quote as we
go towards a more automated home you
have to acknowledge that somewhere along
the line things will fall over robots
and automated systems have hiccups along
the way it's something we need to get
used to end quote
this particular outage though points to
a need for pet owners to have a back-up
plan a friend or family member to check
in on the Pats every couple of days may
be all it takes to ensure that if tech
fails a human is there to ensure things
are safe and careful for that makes
sense here it really reminds me of the
Tesla automated autonomous vehicles yes
and how there have been some crashes and
it's while they're watching a movie or
talking on the phone or like this is
what okay so this is why I don't think
robots are
gonna take over the world and all the
humans are gonna totally are well they
need us robots need people as yeah
people need robot we got to keep them in
check who can have animated cat feeder
like I think of people I know in my
daily life that really could use an
automated cat feeder to help assist them
in feeding their cat but they're not
gonna hightail it out for two weeks and
assume that the cat's gonna be fine with
their automated kitty litter cleaner and
their automated hat feeder like they
they're gonna stay there you can't just
trust your cat's life to technology
kinda ever yeah I like I trust
technology yes but when it comes to life
and death health wellness I think it's
important for us to still be the human
like autonomous vehicles still have a
steering wheel for a reason yes
you're meant to observe what's going on
around you yeah but sit there and relax
enjoy the music and just kind of look
around and enjoy nature for once be a
passenger but as soon as you start
swerving toward the guardrail be like
grab a hold of the damn steering wheel
and take control right I honestly don't
think that the pet feeder company is at
fault in this systems goal they are they
totally are
but our complacency in trusting a
digitally connected device to provide
life-giving food right to our past yes
there's a problem right they didn't say
hey leave your cat alone we know well
maybe they did I didn't see our getting
material but understand this is a
connected device that if Wi-Fi goes down
if internet goes down if their servers
go down which is what happened here your
pets will not get fed right think about
that for a second so we need to still
make sure like I I set an automatic
plant feeder yeah when I go away from my
annual vacation
okay and it feeds my cucumbers and it
keeps my garden fed but my sister-in-law
still checks in for us right every
couple days she goes in and waters the
plants and does it make sure
everything's working right because I
don't want to come back to a bunch of
dead cucumbers just in case something
happens don't just write willy-nilly
trust the tech we can as a convenience
but please don't trust it to give life I
would never trust a robot to keep me
alive without human intervention let you
say that now but wait till you're 95 no
there will be people there there will be
nurses there will be people there make
sure the robots are doing the right
thing more pepper
it could be pepper Oh pepper she's so
cute
pepper can be my nurse okay - programmer
musicians wrote every possible melody in
existence - a hard drive in MIDI format
copyrighted the whole thing and then
released it all to the public domain in
an attempt to stop musicians from
getting sued programmer musician and
copyright attorney a Damian reel along
with musician programmer Noah Rubin
sought to stop copyright lawsuits that
they believe stifle the creative freedom
of artists often in copyright cases for
song melodies if the artist being sued
for infringement could have possibly had
access to the music they're accused of
copying even if it was something they
listened to just once they can be
accused of subconsciously
infringing on the original content one
of the most notorious examples of this
is Tom Petty's claim that Sam Smith's
stay with me sounded too close to
Petty's I won't back down Smith
eventually had to give Petty co-writing
credits on his own chart-topping song
which entitled petty to royalties
defending a case like that in court can
cost millions of dollars in legal fees
and the outcome is in never assured real
and Ruben hoped that by releasing the
melodies publicly
they'll prevent a lot of these cases
from standing a chance in court in a
recent talk about the project real
explained that to get there melody
database they algorithmically determined
every melody contained within a single
octave to determine the finite nature of
melodies real and Rubin developed an
algorithm that recorded every possible
eighth note twelve beat melody combo
this used the same basic tactic that
hackers used to guess passwords churning
through every possible combination of
notes until none remained real says this
algorithm works at a rate of 300,000
melodies per second oh I know once a
work is committed to a tangible format
it's considered copyrighted and in MIDI
format notes are just numbers all of the
melodies they've generated as well as
the codes for the algorithm that
generated them are available as open
source materials on github and the
datasets are on the Internet Archive
fantastic thank you guys that is so oh
my goodness and this is like this should
go into the files of why didn't we think
of this before
these guys should get a super award like
they should actually get a small royalty
from all of the royalties that these
other big bully
musicians yeah so now I want to download
the entire MIDI set like a tribute
edirol orchestral to all the mini notes
and re sequence everything add some drum
loops and let's see what we come up with
I think this is great I think it's it's
obviously novel but it's also a
brilliant way to thwart like this is the
equivalent copyright trolls are the
equivalent of patent trolls in many many
ways so oh yeah that sounds I mean
there's only so many chords we can use
in in our you know 4/4 and 3/4 time yeah
and and they do start like I mean
barenaked ladies
you know GD c GD c GD c mi
like how many songs are gonna fall into
that and and you can creatively have a
thought that is similar to somebody
else's very creative unique thought turn
but you didn't hear it even like it you
can people have said things that I've
said I'm sure without hearing me say
them they're not stealing my thoughts I
just feel like in this particular case
especially the example Tom Petty was
being very petty I think that since the
only person who is able to create unique
melodies Asiya these days it just comes
down to it like seriously there's only
so many melodies that can be made and
we're coming up on a time where in
recorded history there have been so many
recordings made that we're going to
start to see overlap and we have seen
that this is a cool way for them to say
haha we we own them all we've released
them to the public domain well done
thank you so much
links below yes go download the MIDI
files sequence them use them yeah we ate
your tracks
be creative yeah big thanks to Roy W
Nash and our community of viewers for
submitting stories to us this week
thanks for watching the category-five TV
newsroom don't forget to Like and
subscribe for all your tech news with a
slight Linux bias and if you appreciate
what we do become a patron at
patreon.com slash newsroom from the
category-five TV newsroom i'm sasha
Rickman and i'm robi ferguson well
thanks for being with us this week it's
been great having the Canadian hacker on
the show to share with us and I hope
that you've enjoyed the show please
comment below give us a like a big
subscribe and thumbs up and we look
forward to having you as a part of our
community we'll see you again next week
everyone take care