Uh-OAuth: Difference between revisions
Jump to navigation
Jump to search
PDelahanty (talk | contribs) (→Guest: Indented guest's site) |
PDelahanty (talk | contribs) (Fixing links, episode title in infobox, and YouTube capitalization) |
||
Line 1: | Line 1: | ||
[[Category:Daily Tech News Show Episodes|.2226]] | [[Category:Daily Tech News Show Episodes|.2226]] | ||
{{Infobox Episode| | {{Infobox Episode| | ||
title = | title = Uh-OAuth | | ||
number = 2226 | | number = 2226 | | ||
date = May 2 2014 | | date = May 2 2014 | | ||
Line 7: | Line 7: | ||
hosts = [[Tom Merritt]]| | hosts = [[Tom Merritt]]| | ||
guests = [[Darren Kitchen]]}} | guests = [[Darren Kitchen]]}} | ||
Darren Kitchen is on the show to help us understand why we | Darren Kitchen is on the show to help us understand why we shouldn't freak out about the OAuth flaw, and what Apple, Google and Facebook are really doing to protect their users from government data requests. | ||
==Guest== | ==Guest== | ||
Line 61: | Line 61: | ||
::PodCamp Nashville happening May 17 in Nashville, TN is one of the last and largest Podcamps in the country. They are in need of sponsors and patrons or will have to cut out major parts of the event or cancel. For as little at $100 you can become of friend of this event the has been so vital to the Nashville creative community. This Friday is a deadline that they need to make a $2500 payment for the event. If you or a company you many know would like to help out Podcamp Nashville please visit: http://bit.ly/pcn14friend | ::PodCamp Nashville happening May 17 in Nashville, TN is one of the last and largest Podcamps in the country. They are in need of sponsors and patrons or will have to cut out major parts of the event or cancel. For as little at $100 you can become of friend of this event the has been so vital to the Nashville creative community. This Friday is a deadline that they need to make a $2500 payment for the event. If you or a company you many know would like to help out Podcamp Nashville please visit: http://bit.ly/pcn14friend | ||
== | ==YouTube== | ||
<youtube>2cTmMsADG-I</youtube> | <youtube>2cTmMsADG-I</youtube> | ||
==Links== | ==Links== | ||
*[http://www.dailytechnewsshow.com/dtns-2226-uh-oauth/ | *[http://www.dailytechnewsshow.com/dtns-2226-uh-oauth/ This episode on dailytechnewsshow.com] | ||
*[http://www.patreon.com/acedtect | *[http://www.patreon.com/acedtect Support DTNS on Patreon] | ||
*[http://dailytechnewsshow.reddit.com/ subreddit] | *[http://dailytechnewsshow.reddit.com/ DTNS subreddit] | ||
Latest revision as of 10:14, 5 May 2014
Uh-OAuth | |
Number | 2226 |
Broadcast Date | May 2 2014 |
Episode Length | 55:16 |
Hosts | Tom Merritt |
Guests | Darren Kitchen |
Darren Kitchen is on the show to help us understand why we shouldn't freak out about the OAuth flaw, and what Apple, Google and Facebook are really doing to protect their users from government data requests.
Guest
Headlines
- Apple, Microsoft, Facebook and Google are all updating their policies to expand the notification they give users when a government agency requests their personal data. Yahoo announced a similar policy in July, and Twitter has always done so. Users would not be notified if a court order prevents it or if there is imminent risk of physical harm to a potential crime victim. The policies will have no effect on NSA data collection or National Security Letters both of which are required to remain secret by law.
- Submitted by beatmaster80 and tekkyn00b
- Mashable story about Nanyang Technolohical University student Wang Jing uncovering a flaw in OAuth and OpenID that could be used to steal a login token from services like Facebook or Google, when using those services to login to a third party site. The token could then be used to retrieve data from Google or Facebook. Mashable’s Christina Warren has an excellent writeup of the issue. It’s not a weakness in OAuth at all but caused by a weak implementation on the third-party website’s side, which could be mitigated by certain practices on the side of Facebook or Google. Also, the attack requires you to click a suspicious link AND choose to then login with a service. So no. This is not another Heartbleed.
- Submitted by bmorales
- The Next Web reports Microsoft’s Windows Phone manager, Joe Belfiore held a Reddit AMA today where he said Windows Phone will get a file manager by the end of the month, hopefully. The app will let you create new folders, move files from one folder to another, and search within folders.
- Ars Technica reports on a system called Large Emergency Event Digital Information Repository, meant to let citizens upload videos and photos to help police investigations and disaster response. Amazon Web Services has teamed with the Los Angeles Sheriff’s Department on the project. Santa Barbara, CA authorities are the first to use the system and are calling on the public to upload images taken of a riot last month at the Isla Vista community near the University of California at Santa Barbara. Apps for LEEDIR are available for iOS and Android.
- The Verge reports the next Call of Duty game, Advanced Warfare, will launch on November 4th, and star Kevin Spacey as head of a private military corporation that has launched an attack on the US. The first trailer showed up on the official Call of Duty YouTube page late last night.
- Macrumors reports Apple is expanding its iTunes Match service to Japan. The service, which costs ¥3,980 per year, lets iTunes users match their library with cloud versions of the songs for quick storage, which can then be accessed from any Apple device.
News From You
- GigaOm story that a class action complaint has been filed against Google, alleging secret deals force Samsung and others to use the Google search engine on mobile devices, creating a search monopoly, which in turn makes devices cost more. The crux of the complaint is that Google offers Mobile Application Distribution Agreements, which require device makers to make Google the default search engine if they want to include Google’s other mobile apps like YouTube and the Google Play app store. Google told GigaOm by email “Anyone can use Android without Google and anyone can use Google without Android.
- Submitted by KAPT_Kipper
- PC World story about the Attorney General for the US state of Washington filing a lawsuit against a company that raised $25,000 on Kickstarter but failed to deliver its product, a retro-horror playing-card deck called Asylum. The project funded in October 2012 and has yet to deliver any rewards. Kickstarter’s terms of use requires creators to fulfill all rewards of their projects or refund backers. The complaint, filed in King County Superior Court, seeks restitution for consumers and as much as $2,000 per violation of the state’s Consumer Protection Act.
- Submitted by metalfreak
- Recode story that Lila Tretikov has been named Executive Director of Wikimedia Foundation, the nonprofit organization that runs Wikipedia among other projects. Outgoing director Sue Gardner will end her term on June 1. Tretikov was previously chief product officer at SugarCRM. Tretikov’s personal background growing up in the Soviet Union and her experience with open-source engineering seem to be the main reasons she got the job.
- Submitted by beatmaster80
- ITWorld story that Sony has developed magnetic tape that stores data at 148 gigabits per square inch, 74 times the density of standard tapes. That could mean 185 TB tape cartridges. Current LTO-6 cartridges can handle up to 2.5 TB. Tape is still used for long-term data storage. The Tape Storage Council industry group reports tape capacity shipments grew by 13 percent in 2012 and were projected to grow by 26 percent last year.
- Submitted by KAPT_Kipper
- Slashdot posting about a Vanderbilt University graduate student, working at Oak Ridge National Laboratory, who has discovered a way to create three-atom-thick nanowires capable of linking transistors and other components. It’s a step toward devices that could be as thin as paper.
- Submitted by by pootinky
Discussion
- Serious security flaw in OAuth, OpenID discovered
- OAuth 2.0 and OpenID Covert Redirect
- Another Security Flaw Gets the Heartbleed Treatment, But Don't Believe the Hype
- Threat: Open Redirectors on client
- Apple, Facebook, others defy authorities, notify users of secret data demands
Pick of the Day
- Looking to get into some Dogecoins before the DogeCar takes the track at Talladega this weekend. Not sure how to how to navigate crypto exchanges? Have no fear dogeforsale.com is here. Its a site where users can buy and sell Dogecoins with paypal, google wallet, debit cards, etc. The site is a basic escrow service, it holds the coins during the transaction. Get Dogecoins fast and securely. much speed very secure. DISCLAIMER: I’m a seller on the site “SkyJedi”
Good cause of the day
- PodCamp Nashville happening May 17 in Nashville, TN is one of the last and largest Podcamps in the country. They are in need of sponsors and patrons or will have to cut out major parts of the event or cancel. For as little at $100 you can become of friend of this event the has been so vital to the Nashville creative community. This Friday is a deadline that they need to make a $2500 payment for the event. If you or a company you many know would like to help out Podcamp Nashville please visit: http://bit.ly/pcn14friend
YouTube
Links
Preceded by: "Thieving little thief" |
Uh-OAuth |
Followed by: "tba" |