The Dark Side of Downloading: The Dangers of Malicious Files and Cybersecurity Threats

When it comes to downloading files from the internet, many people don't think twice about the potential risks involved. However, there are many types of malicious files that can be downloaded, including executable files (.exe) and zip files containing executables. These files can contain malware, spyware, or other types of cyber threats that can compromise your device and steal sensitive information.

Google's Chrome team has warned users about the dangers of downloading non-encrypted files from unsecured websites. While users may receive warnings when downloading a file from an unsecured website, they may not get a warning if they download a file from a secure website with a link to a non-secure file repository. This is particularly concerning, as it can allow hackers to steal sensitive information without the user's knowledge.

One notable example of this threat is the Exodus spyware, which was found targeting Apple iOS users. What makes Exodus particularly sinister is that it has legitimate Apple developer certificates, making it difficult for Apple to track down the source of the malware. This highlights a problem with Apple's security measures, as they may not be doing enough to detect and prevent such threats.

Fingerprint Sensors: A Vulnerability Waiting to Happen

Another recent threat to device security is fingerprint sensors. While these devices use advanced technology to recognize individual fingerprints, there are still vulnerabilities that can be exploited by hackers. For example, Samsung's Galaxy S10 fingerprint sensor was fooled by a 3D printed fingerprint, which suggests that it may not be as secure as previously thought.

The process of creating a fake fingerprint is surprisingly easy and only took 13 minutes to complete using a specialized printer. The resulting fake fingerprint was so convincing that it fooled the device's fingerprint sensor, highlighting a critical vulnerability in these devices. It's likely that this type of attack could be repeated with other types of sensors or devices.

Click Tracking: A Growing Concern for Online Security

In recent years, online tracking has become increasingly sophisticated, with many websites using techniques to track user behavior without their consent. However, some major browsers have recently announced plans to prevent clickjacking attacks, which are used by hackers to steal sensitive information by tricking users into performing unintended actions.

Clickjacking is a type of attack that uses misleading or hidden links to trick users into clicking on them. These attacks can be particularly difficult to detect and prevent, but recent developments in browser security aim to mitigate this threat. By preventing click tracking altogether, these browsers hope to reduce the effectiveness of such attacks and protect online users from cyber threats.

Conclusion

As we've seen in recent stories, cybersecurity threats are becoming increasingly sophisticated and widespread. From malicious files and spyware to vulnerable fingerprint sensors and tracking attacks, there are many ways that hackers can exploit vulnerabilities in devices and websites. By staying informed and taking steps to protect ourselves, we can reduce the risk of falling victim to these types of attacks.

"WEBVTTKind: captionsLanguage: enhello today's wait April 17th yeah it is she questions yeah I immediately forgot I instantly forgot what we were doing and we have business and security to talk about today and when you talk about business there is one beacon of light a golden God at the forefront of all business Jeff Bezos just confirmed Amazon's growth is slowing that's surprising I mean they've done literally everything what else can they grow they're only growth now is to shed people well he's gone into grocery and healthcare I mean there's a lot of new avenues that he can follow into the growth isn't slowing down that much I mean he's still conquering the world or maybe has conquered the world and slowly losing his grip as is inevitable but remember he did that conference call that people recorded he's like yeah it's an Internet company someday it'll go away our job is to make that day as far from now as possible just ride this wave as long as we possibly can which is probably a good attitude to have what Amazon's replacement looks like I wonder I don't think we can predict it is who predicted Amazon yeah the world's biggest bookstore became the world's biggest API vendor so what's some little maybe tender will be the next Amazon there's something or fortnight who could have expected that a stupid Battle Royale game would become the next major game vendor and here they are I wouldn't guess it Bezos also had some things to say about minimum wage and he didn't name any names but Walmart felt like he was targeting them but because he was and Walmart has replied oh this is a NBC news story yeah it's like how about paying your taxes Walmart spawns to Amazon's challenge so Amazon's challenge was hey you know maybe our competitors could pay 16 dollars an hour instead of our 15 Walmart's minimum wage I think he's like 10 11 something but they also get benefits so although Amazon I guess that's too right yeah so I get 15 plus benefits yeah so Walmart it's like well but Amazon you didn't pay your taxes so and a lot of that is because a lot of very wealthy people invested money in Amazon in the beginning Amazon lost money for a long time but they also get R&D tax credits because I mean and Walmart is trying to be the best Walmart that it can possibly be whereas Amazon is let's disrupt all existing business and take it over and they just made Walmart's they took Walmart's game and made it better because that's what Walmart did to like small local businesses in my town yeah well Walmart took over the world with retail locations and they were sitting on the throne and Bezos came along around and it's almost like Walmart had the greatest land army the world's ever seen and Bezos rolls in with an Air Force hey I got drones the British Navy of the retail world if you will yeah and the other thing about we talked about the facial-recognition Amazon is one of the players screaming at cats all day Amazon's one of the big players in the facial-recognition game and a lot of people don't like it when tech companies work with the government they don't like it so much there's gonna be a vote and as those shareholders are set to vote on a proposal to ban sales of facial recognition tech to governments yeah because Amazon's working in that it's like maybe government's probably shouldn't be giving this technology because they'll abused it he tried to stop this vote because he still has his power cuz Mackenzie didn't take his voting rights which was nice over but he wasn't able to so I think May 22nd during the earnings is when they will vote whether or not to shut this down they're probably not gonna do that cuz shareholders are like yeah if it makes money we don't care yeah I think it would lose them a little bit of money rich people are automatically exempt from all this spying nonsense see also the UK the other thing that Amazon is maybe locking horns with governments about our cashier --less stores we talked about the go store where you just walk in walk out steal with whatever you want yeah well you think you're stealing it but in fact you get charged for it through Amazon but here's the thing cash is legal tender for all debts public and private you kind of have to take it it's the law a lot of people are telling them that under pressure Amazon plans to accept cash at cashier Lascaux stores Philadelphia is the first city set to ban cashless stores so yeah is it financial discrimination I don't know that's the see anything well us see they make the they go further with the argument that it's unfair to poor and minority people because they have less access to non-cash payments why even go that far I the argument I didn't think the store would let you in but like the whole cashless thing was fine because you can't get in in the first place unless you're a member well that is another layer of discrimination right well I mean it's fine with like Sam's Club and I'm sure they have Sam's Club in Philadelphia there was a some kind of weak no head distort or story about that where there was some kind of ruling and if they ruled the wrong way on that I estimate that every store will have some sort of sign up like you I have an app get into Walmart get around these rules yeah exactly but anyway Philadelphia at least now here's the thing they have not laid out their plans of how they'll take your cash because there's no cashiers just big robot that you feed dollar bills that won't let you leave until you give it your you're attached item in the bagging area I've given you my money and I've picked it up let me leave puts one robotic arm around you goes through your pockets you're being detained please relax citizen meanwhile this is this is a big Amazon block and was one of the Amazon's biggest sellers is Alexa people love it I like to talk to it did you see the video of the parrot who won't let the woman play certain songs on Alexa because it's figured out Alexa stop it doesn't like this that's a great video anyway the Alexa you know it's an amazing thing you have in your house but those murder trials and some other leaks it seems like maybe they're recording those things that you'd say to it but maybe they're doing more than recording Amazon workers are listening to what you tell Alexa they have thousands of employees a global team reviews audio clips in an effort to help the voice-activated assistant respond to commands my favorite quote from this article is they're like well we don't we just delete recordings that are obviously private but if it's funny or interesting we share it on an office chat thing that was off the record basically what they did was they went to various places where they had these low-cost call centers not in America you know the international call centers just bought them and it's like oh you're not a call center anymore you sit and listen to Alexa and so what the the reason they're doing this is they want Alexa to be better so one that they'll pull random recordings and then these people listen to it and transcribe it and feed it back to Alexa and say okay Alexa this is the context this is what they're trying to say to you and Alexa learns from that you can pick up an Appalachian accent oh yeah but if it can't it's getting better at it yeah because they're telling but what one was talking about is these are just call centers this is not like you know lockdown central so they did mention that when something really weird happened it would go into a group chat okay I mean like if you work that off there's no way you wouldn't oh I would never send this to my coworker listen if you call in with a stupid tech support thing it's getting shared one of the most funny things that I've ever heard anyway or what's the old you know the old like Apple tech support recordings like from like the Mac se era there's just these hilarious Apple tech support recordings where it's like you sawed off the back of the computer and then you did what and then there was like a heavy mouth breather guy that called in and he's like I need to get the documentation for the ROM hook it's a very particular need that I have so like those if those are on the internet you can find those those are those that makes me really it was amazing the other thing that they found were at least two examples of what they thought might have been sexual assaults but they were told that's not your business don't worry about it just transcribe it to help Amazon like no that's not what the next story is supposed to be it's supposed to be the other one the one about a Alexa or did you cut it okay wasn't it well I was a little different that's what most about the transcribers though right okay the big we talked a lot about Disney Plus and that's been really in the news because Disney has gobbled up all these IPs and it seems like they were just consolidating for this kind of thing but the big question is how much is it gonna cost because Disney has a lot to offer you got Fox you got Marvel you got Pixar ESPN all this stuff so what does that price gonna look like now I know busy Plus to launch a November priced at $6.99 just enough to get people in the first taste is almost free was it didn't Netflix launch it around $7 yeah yeah so they admit that they're pricing this to bring people in I want to get you in there trap you because mister attractive the price up when your kid watches frozen to every morning as part of their routine and then though it's you know first of the month are you gonna say no more doing that are you gonna pay $10 wouldn't you just buy the movie well but you know you get all this other stuff and then when it happens again are you gonna say no are you gonna pay $13 next time 25 you know what's really inconvenient about owning the movie having to take it out of the case and put it in something I want to just hit a button and start watching your kid has broken 3 DVDs or blu-rays or whatever so this is gonna be huge everybody's gonna get it and it's gonna be a big thing one name that we should not be talking about anymore but keeps popping up because they refuse to die is Yahoo Yahoo tries again to settle lawsuit over massive data breach this time it's going to offer 118 million dollars Yahoo lost everything they low-balled him last time and it was rejected so I don't remember what that was I think it was less than a hundred million so now they're thinking 118 is the magic number and the judge gets to decide if you were affected by that you've moved on with your life surely I cry about Yahoo a little bit every day I wonder how much do you think that is per person affected put 25 cents might be nice now to get that quarter of course they have to ship it to you gonna be overhead to get those discount stamps please sign up and pay for postage here to receive your quarter this is a Facebook story that I didn't put in social media because it doesn't have anything to do with social media has to do with Facebook Hardware the oculus they got a new oculus that's coming out and when you get one you might feel like taking it apart if you take it apart you might find something weird it looks like you're using an ad blocker Facebook accidentally put hidden messages like big brother is watching and the Masons were here saw their new oculus rift controller so this was they manufactured they did it like a short production run to send to like journalists and Industry people and things like that and then they accidentally and so this is supposed to be a joke for those people because if they take it apart and find it but they accidentally mass-produced it with the same stuff inside most people would never know because there's a it's a flexible band and you would really have to take the whole thing apart and look at the inside of this inside flexible band but it is an ironically saying big brother is watching yeah when it says big brother is watching and it's not it makes a little more sense when you realize that this was targeted toward people one of the targets example was iFixit if you send something to I fix it you know they're taking a depart but they're tearing it down that's what they do so it was kind of like a little inside joke but do you how much trouble you think the guy who left that in the production around his and he's not there anyway he's being served really cooked I had like a burger man I think it's undeserved too because it's like okay you guys are happy with the production huh yeah everything is good all right we're gonna ship these exactly the way that they are are you sure that that's right yeah yeah they're good we tested up shipping okay and then it's like white we didn't mean that they were exactly good as they were we wanted you to make this one little change it's like I'm not clairvoyant I did exactly what you said these also haven't been shipped so they could trash these or rebuild them but they're saying uh you know what that costs a lot of money just deal with it yeah steel with weird messages that you shouldn't be seeing anyway because you're not supposed to be repairing your own devices how dare you YouTube continues its downward spiral its death throes as it tries to appease the advertisers by destroying everything that people actually like to watch like favorite subscribe and so maybe this could affect us they talk about quality content what is this if not quality content and this is not things that are click Beatty or you know quick videos that just try to get the the click numbers up but like actual user engagement how do you measure it to enter critics YouTube is trying a new metric response civility the largest online video service is trying to reward quality content not just clips that people keep people glued to their screens well it remains to be seen how that's gonna help you know that the the most amazing quality thing if the news titles the news titles are amazing you guys don't appreciate those but there's like there are like nine spend literally ten minutes not amazing if I'm gonna say this is a major success if by reward they actually mean demon size or they actually send it out to all the subs because there were people that were like I thought you guys stopped posting and then it's like oh yeah here you go well maybe we're just bein troubled I don't know yeah I can't I don't know maybe it people aren't saying it maybe their interest changed so YouTube tried the k2 their interest to something else I'm I get a lot of random recommendations for things that don't make any sense yeah I keep getting recommendations for cooking stuff and I'm like I don't like to cook I for some reason I started getting ping-pong recommendations you talked about maybe whatever and it turns out I love those videos superhuman what those guys are doing we're talking about Disney Plus and there any entering a crowded market a TV the new breed of TV delivery services there's so many of them and they all have wildly different prices and services the old guard of TV is dying and people like YouTube are trying to get in on that but seems to be more expensive than I expected YouTube TV costs $50 a month after another price hike but you get discovery least a month seems a little hot SEC receive AMA ting but regular TV if you get this I think a comparable channel lineup is more than 50 basic if you get the basic satellite internet you can get a three-year deal for 55 a month but I don't that's more but you get a lot more channels do you I don't know what you get with YouTube TV discovery apparently is how you get more than that but they might have listed some stuff I bet you get to watch oh I'm Carly Oprah Winfrey Network oh I didn't know she still had a network HDTV Food Network Animal Planet Motor Trend TLC epics so this is nothing anybody wants anyway I do like discovery but not enough to pay that much for it it's the you know that they don't have them anymore back when they sold DVDs at stores that giant band they had up next to the cashier we're just the most garbage DVD titles live but you get it for $3 mm-hmm that's the TV version of that yeah Anderson Cooper I don't want your newsletter ah let's talk about Tesla and/or SpaceX anything that has to do with mr. musk and first let's talk about the historic launch of the Falcon Heavy SpaceX's Falcon heavy rocket launches the first paid mission and it landed all three boosters so all three boosters landed successfully mmm this is actually cool very cool and this is the first time that someone just commissioned an entire launch it was some kind of middle-eastern communication satellite I think camera I think Saudi Arabia maybe anyway they launched it everything went well landed the Rockets all good and I think that was the least expensive launch like that that's ever happened so it's a bargain at only a few billion dollars no it's like 160 million I think I mean I guess it's still a lot but not as much as say maybe NASA Oh back in the day just getting a satellite was a billion dollar yeah yeah ray easy the other thing that is Tesla related is the gigafactory and maybe not the best news for the gigafactory tesla and panasonic have modified a quotation marks the expansion plan for the gigafactory as in they're not gonna do that right now there's no planning on it but they're probably good with the capacity that got they're going to improve current production rather than expand it seems like there might be a softening of demand for these batteries must be on the other hand has said on the record that that's not true and they are absolutely over capacity on demand for the batteries so I can see that like you said on this Twitter the grid batteries would maybe be good but not the car batteries because what they did in Australia with the backup power for the grid that's actually impressive I've also had a lot of controversy about the crazy direction changes that Tesla's doing they were canceling the showrooms and then they weren't now they are again they were selling cars for less and then they raised the prices then they lowered them again and it just seems to be all over the road can't make a decision and now that continues Tesla's original plan but $35,000 model 3 is dead so this seems to be around margin they wanted to produce a cheap model 3 that didn't have anything but it's actually going to cost more to build the production lines for the cheap from all three but it doesn't have anything that they actually sell you a bet on better model 3 that is software limited but even beyond that the 35,000 model is not for sale online yeah you go seems like they don't want you to buy it and there's not gonna be a showroom pretty soon so literally this is all their stuff is online except this car do you want this car you got to get on the phone yeah but the good news is that you can turn your battery capacity up later with a phone call which you would not have been able to do with the original plan for the model 3 so I guess that's good but they were way more than literal minutes to do this when I'm sure oh yeah they will sell you a different model 3 with power seats and the bigger battery and look one more feature that was in car navigation and stuff the software is better but it's not gonna be 35,000 so very confusing the model 3 world but if you really want it you can get that cheaper one which is probably is a really good deal and the reason you would think it's a really good deal is because they're trying not to sell it to you everybody has seen this picture at this point yes literally every human on the planet must have seen this picture black hole picture captioned captioned michael picture captured for first time in space breakthrough the caption is black hole or sucking sound it took a network of eight radio telescopes and it doesn't have the picture of the girl with the hard drives because it was like a ton of data it's got a picture of the girl there's a I like the picture of the girl with hard drives better nice yeah they did mention that there's the girl oh that Noddy have you got there controversy of her yeah oh it's so sad oh the hard drives you talking about there was so much data that we had to wait for the thaw to get the Antarctic telescope station you couldn't transfer the data you had to actually airlift all those hard drives out yeah so we could have had this earlier if not for that as Andy Tannenbaum says don't underestimate the bandwidth of a station wagon hurtling down the highway so yeah pretty cool and you can't see a black hole obviously nothing escapes black hole even lie so we're looking at all the stuff swirling around the black hole at a lot like a toilet oh yeah that's a cosmic toilet what's really awesome is that it matches the mathematical models really well so Einstein was right I can't man what didn't he get right and this is young lady now the controversy around the young lady is that she she did the algorithm that actually allowed them to do the programming to my image work the algorithm is hers and but she was widely celebrated I mean read it every post on reddit one was the pictures black hole next one was picture her in the black hole then the two of them together and it just went on and on and also the other famous women the computer science like Grace Hopper and Margot ableton and they're the Google Doodles and but if you look at the get for this actual program it's open source on github which is awesome she did not write the lion's share of the code there was a young man who wrote eight hundred and fifty thousand over the nine hundred thousand lines I believe and he was not mentioned anywhere so the controversy is what's she giving credit although if she did the algorithm and he didn't did you actually read what he said about it though yeah the guy they actually got a quote from the guy the guy was like she totally did it it was like oh I like half the stuff I did was just generated and he was like if we didn't have her math and like her calculations we wouldn't have gotten the image everything we built was around her stuff so we were saying oh it's not her she didn't do anything like shut the hell up cuz you don't know what you're talking that guy's obviously why knighting is what the other people he was gay and so it's like oh no it's appropriate if he's an orbiter but the people are all pushing this guy for him if he's gay like is it like does that invalidate him leaning to find another man to like push forward cuz that one's gay and we can't have a woman take credit for it either it doesn't matter if he's gay but it does matter if his tongue is compressed just Chris I do you feel strongly about this I can't really get it frustrates me just let her have her moment I'm not saying that everyone else didn't do work to you because they're all a big team there was like three or four teams they were all working together she was leader of one but like just she's like more about his moment he had a moment two people were interviewing him to I don't think they interviewed me till the controversy but I totally agree with you that if the algorithm was hers then yes that's the the new thing laughter were doing a TED talk from like years ago like oh no she just no they just pushed her forward announced she's a PhD come on the internet is terrible it really is I got frustrated reading the articles well I've been enjoying the image of the black hole and thinking about how I'm gonna die someday well see that outrage I think that a lot of the the other thing that happened was that yeah a small group of people did that but I think that whatever like the websites need to generate a certain amount of outrage in order to get the clearance did that yeah yeah so I think it worked because I I felt for the bait bait a big one she definitely got her moment I mean I didn't find out about controversy stuff until of course where would I find that kind of stuff our twitch chat lurkers cuz I was like oh that's cool so I was like reading the article about the black hole and then I read the comments and a bunch of the comments had to be like they were either downloaded or deleted because it was just guys being like she's not as smart as I am eyebrows write it a lot so and I understand Rick and Morty so clearly I'm more intelligent than a PhD candidate well but that's the comments but the media response that I saw was overwhelmingly positive yeah pretty sure she's gonna get her PhD I messed that up I think she's got some employment prospects yeah not everything good about the black hole I mean you think such a feel-good story like an object that's sucking all matters into it I'm feeling really scared of when you think about yeah destroying entire worlds yeah do you think that's all positive but it's not China's largest stock photo provider draws fire overuse of the black hole image so China's stock former provider was like this is ours well we're gonna copy with it we're gonna send takedown notices to people that are using it and it's like what this was so bad that the Chinese government who turns a blind eye to all copyright issues actually got involved yeah and is that the most hilarious thing about it is somebody was like hey if you're gonna copyright this why don't you just go ahead and copyright the National Chinese Amblin they did or the flag oh they did again I mean couldn't you just like upload a gradient and then be like this is the black hole that most people wouldn't know the difference but no they they took the image right off of that yeah yeah off of the news post yeah there was supposed to be like an image for all humanity yeah we all own the black hole the black hole is gonna own us one day the Chinese government the stock of the company the stock photo company declined 10% which is the maximum allowed under the law in China which is strange thing to say okay sorry you say that that makes you feel your mortality like but there's no way the black hole is gonna kill you before you don't know you die I mean wasn't there a thing that said that the image of the black hole it's like the light from that is like how many millions of years old no no even seeing a current image of it yeah most of the stars in the sky that you see you're gone yeah yeah it's gonna be like heart disease or your lungs or something their brain tumor or something like that I might not have a PhD but I clearly know what I'm talking about it's not the black holes probably the energetic particles one of those yeah but not that black hole some other black hole whose light is hitting us now is gonna give you cancer that's how it's gonna get you it's gonna spaghettify me like what my astronomy teacher wouldn't me if you get sucked into that event horizon then you know you'll never know time well well I become like what's-his-face interstellar but they do his name you know the the part that with a swirly part that we can see the reason we can see those is because they're at like a billion degrees because of the rate that they're spinning so I don't think you'd survive it to get there but what's-his-face did a merciful death anyway that's enough about the black hole let's talk about ridiculous residence put that back your mind Sonne creates a colossal 16k screen in japan's look at the size of it they need something for scale yeah the camera I mean the camera that take the picture of the screen probably can't even capture it it's only a K I mean it's you know it has as many horizontal pixels as a 4k television so it's not really a K I think it's one of those Disney movies right well they just they're be releasing blanking oh yeah probably is so it's a K cross because it's an ultra-wide it's really just no it's not really I mean 16 K it's like four but then it's not very tall so imagine playing for it not on that be incredible now transitioning into the security section we first must talk about face unlocking why it's bad friend's trick sleeping man robbed hidden using his phone's face unlocked so this was in China apparently this guy phone face unlock was not very good because if your eyes are closed it still works pro relationship tip if your friends do this you they're not your friends well he took it to the police and he's like I've been robbed in the police pretty quickly figured out it was his roommates and they gave it back I love how whenever we see these Chinese embezzlement or thefts or whatever they never spend the money they always have it to give back which shows an amount of caution that I appreciate a criminal it's been a week we didn't we got away with it okay great but in the best day if the authorities show up it's like oh we should saved it it was invested it haha but it's a meth head around here breaks into your car just gone immediately yeah you're never getting it back no I don't know what financial express calm what nationality website this is but they say it's twelve thousand yon which is I know pronounce that wrong nearly Rs 1.25 lakh what's a lock-in dia chat will tell us chat comments whatever whoever you people are Wow this the ad blocker thing on Tom's guide is just absolutely a wreck this is the this is the Alexis story well this is the security bird thinking am i okay so how to stop Amazon from listening to your Alexa recording so we covered that earlier this article is the step by step before all the stuff that you have to go through to turn that off you can opt out so that they'll never hear your recordings it's still recording probably we can't show you the screenshots was actually pretty basic you just go to settings and privacy and just say no to all that say no to everything at privacy don't want no privacy yes you want the problem no I mean no not no privacy okay that's not that those confusingly worded forms that we were talking about oh you know what we should have no one needs know just quick just you know how you put that idea of the black hole sucking you up and killing you in the back your mind let that come to the foreground again and then have a panic attack so let's just refresh in our minds the idea of privacy settings and changing them to and better for the consumer Chrome Safari and opera have been criticized for removing a privacy setting this is HTTP click auditing so this is a feature where if you turn it on while it's on by default so it's on all the time when you click a button a secondary ping is sent to a URL of the web site designers choosing to so that an event is generated so that like you click a button and like it's recorded somewhere so that it can be used for analytics or tracking or whatever you can't turn that off now in chrome safari and opera it started off in firefox off by default in firefox oh nice good job Firefox Firefox getting it right with all the muting and stopping the autoplay and stop I think far is the ultimate they're working on trying to do something about newsletter pop-ups Firefox is just like this web design is an anti-pattern you're not allowed to do it I do enjoy like putting in like admin at web site most of them have gotten wise to that I think marketing at some times don't be like this address is not valid how appropriate that on the week where we have just enjoyed the first new episode of Game of Thrones we celebrate again Ivana again but a new vulnerability named dragon play dragon blood vulnerabilities disclosed in the Wi-Fi WPA 3 standard and also needed for ruling the Iron Throne we just have ideas this is it's a vulnerability that will let them get little snippets of you know like the the parts that they need to eventually reconstruct your password yeah just by listening that's really horrifying really horrifying AES encryption should be pretty sturdy and AES encryption is pretty sturdy but the implementations are always disappointing there's a like a transition mode for wpa2 WPA 3 if you have a browser where that's enabled that's a problem here you can turn that off or you can just patch turns out this has been fixed so update your router just update your router every week you sent alarm uh Triton now we had king of the sea Stuxnet it Stuxnet and then we had there was another one right before this one we're on it that was a botnet this is like the safety control thing anyway this one is one of the newest ones and we thought we understood it but it's back a serious safety tampering malware infects a second critical infrastructure side you said game-changing tried malware to target safety systems is not an isolated incident so we're not really sure what the vector is for how this is happening but it's not good that it's targeting safety equipment and it's very very cautious was the word that you would use it's trying to get embedded in there and not really make itself known well but the in its caution it sort of reveals it's not trying to pull data because most the time malware wants to steal something it's not trying to gain control the systems or steal data or export anything it's just trying to warm its way into these safety controls which is insidious to say the least and they don't really give you a lot of details about who it was or what it affect or anything cuz they want to try to you know really keep this lock down but it's terrifying because if a chemical plant or a nuclear plant or something blows up that's bad for everybody we read about hotels that are constantly leaking data marriott was the last big one had a giant leak and Symantec they're still asking do what now yeah Symantec took a look kind of audited a lot of big hotels and how they process things online and do all that things and how they send out emails for confirmations and I found something very disturbing two out of three hotels accidentally leaked guests personal data according to Symantec now this is just from them looking at the websites so I suspect that part of what it what they're talking about here is like the JavaScript on the site like you got to fill it out and put your stuff in there's a lot of third parties that can see how you fill out forms and so Symantec in looking at that would basically fail a security audit on two out of three hotel companies and there doing this on purpose maybe not on purpose on purpose but they know that they have these tracking scripts if they choose to they're being paid for these so easy to fix but they won't turn the tracking scripts off on pages where people enter PII how will I know that I got a conversion so that we can pay our agency yeah it's like three conversions I'll bet it's pretty big in the hotel world yes people will link directly there from all the various things or like travel websites something like that that's probably huge this was supposed to go with the other track clicking story but it worked better than the other one so I don't really have a great lead-in to this Google Chrome Engineers want to block some HTTP file downloads so this is if you're on an HTTP site that has a link to download an HTTP file they want that not to work because you might accidentally download an exe file or zip file containing an exe file or something that otherwise might be malicious or dangerous now there's no effect if you're on an unencrypted web site and you downloaded an unencrypted file Google's Chrome team said well you would have already gotten the warning that it's not secure but you don't necessarily get a warning that you've downloaded a file from the unsecure source in the scenario where you're on a secure web site that has a link to a non secure file repository we talked about the exodus spyware and the exodus spyware was perhaps unique and the scope of things that it stole from your phone literally everything turned on your mind and that maybe your camera and then just exfiltrate it every piece of data you had it just is you know full compromised of your phone and good news for iOS users the Exodus spyware has been found targeting the Apple iOS users so it's trying to steal everything from them now the crazy thing is it's got legit Apple developer certificates so Apple should know exactly who this is from and be able to track it down I don't think the Apple security team is doing much these days they should be on top of it like playing Tetris it's like hey there's a security problem there like yes well I mean because you go through apple's process the Apple has to have a dashboard or an SQL query or something they can run that it's like show me all the applications that demand access to literally everything that can't be a big list like the camera and the microphone in the video and the other one that now show me like now cross-reference that with oh I don't know from the fortune 500 and then the payload came later they opened everything up so they net wouldn't necessarily be able to do that mmm so might be a more of a needle than you think and that horrible rotten haystack we talked a lot about fingerprint sensors and the fact that everybody does it a little different some people use visual and some people have used lasers to try and scan the finger one of the most impressive ones was one that did it acoustically though all the little ridges in your thumb as they land as you push it down it detects the the same pattern and I open it up that way what could go wrong there right Samsung's Galaxy S ten fingerprint sensor has been fooled by a 3d printed fingerprint it seems like a lot of work took thirteen minutes to print the fake uh I got a picture of it but yeah there it's on this little slide here so it's not very thick maybe like an eighth of an inch thick but boom there it is he said it took him three minutes and most of that was waiting on the printer he used his own well it's pretty easy to get somebody finger print out a 3d print for the proper depth of it yeah I wonder if that's more than just like lifting it off a print or whatever well if you could get the image pattern then you can play with that in the 3d printer like let's put on a point two millimeter layer let's put on a point five millimeter layer eating mice effect the printer yeah wouldn't be able to do it in three minutes but still I'm sure there's some sort of object that you could have somebody just pick up that would leave some of that pick up some of the silly putty for me smell that like dental impression stuff I do it I think you could probably lift the Fink print for this purpose enough with just a scotch tape maybe I mean you do need the the distance you need to get the the curvature you're part of this so probably do that just dusting for fingerprints the old-fashioned way I've got some of those kits in the basement and oh man oh yeah this is a duplicate the last story was supposed to be the last story of the duplicate Oh major browsers to prevent disabling click tracking well this version of the story has a slightly different take on it I mean it's still bad news for users but there's there is a lot of stuff that will break without this functionality so it's a ping back and it explains what a ping back is and how it works so if you're interested mechanically and how the whole tricking thing the tracking think tricking tracking thing works this is a pretty good explanation we really didn't have a great story to end on in that section anyway which is why the security's Krista's favorite but Friday we will have a great story to end with cuz Friday's nonsense day we've gone up and there's it great it was a great story Friday I think it's the largest nonsense section in 2019 that's a bold claim I'm not gonna close but we'll see we'll see you next time\n"