1 00:00:00,000 --> 00:00:00,510 [VIDEO PLAYBACK] 2 00:00:00,510 --> 00:00:01,093 - Hello world. 3 00:00:01,093 --> 00:00:04,492 This is CS50 Live and I'm here on location in beautiful sun-- 4 00:00:04,492 --> 00:00:06,450 SPEAKER 1: I don't think this is going to work. 5 00:00:06,450 --> 00:00:08,242 DOUG LLOYD: Yeah, this isn't going to work. 6 00:00:08,242 --> 00:00:09,845 7 00:00:09,845 --> 00:00:12,130 This is CS50 Live. 8 00:00:12,130 --> 00:00:14,960 I'm Doug Lloyd filling in this week for David. 9 00:00:14,960 --> 00:00:20,170 And we are coming to you live from CS50 Live's beautiful new studio. 10 00:00:20,170 --> 00:00:22,780 Well, actually we're coming to you live from CS50 Live's 11 00:00:22,780 --> 00:00:26,170 beautiful former studio, Hauser Studio at Harvard University where 12 00:00:26,170 --> 00:00:30,325 scenes like this from the very first episode of CS50 Live may be familiar. 13 00:00:30,325 --> 00:00:32,950 But just like any other episode, we're going to talk about some 14 00:00:32,950 --> 00:00:35,325 of the latest stories and news you might be interested in 15 00:00:35,325 --> 00:00:38,260 and take a little bit of a look underneath the hood. 16 00:00:38,260 --> 00:00:42,040 And this week we're going to start by talking about malware and unfortunately 17 00:00:42,040 --> 00:00:45,160 some malware attacks that have befallen Windows users. 18 00:00:45,160 --> 00:00:48,010 The biggest one of these is known as WannaCry. 19 00:00:48,010 --> 00:00:54,130 And WannaCry started to attack users about a week ago on May 12th. 20 00:00:54,130 --> 00:00:56,170 Now WannaCry is based on some exploits that 21 00:00:56,170 --> 00:00:58,990 were leaked from the National Security Agency 22 00:00:58,990 --> 00:01:00,850 by a group called Shadow Brokers. 23 00:01:00,850 --> 00:01:05,643 And the names of these two exploits are EternalBlue and DoublePulsar, 24 00:01:05,643 --> 00:01:07,310 I'll get back to those in just a second. 25 00:01:07,310 --> 00:01:09,220 But what happened to victims of these attacks 26 00:01:09,220 --> 00:01:11,920 were they would see screens like this suddenly 27 00:01:11,920 --> 00:01:13,900 pop up on their Windows computers. 28 00:01:13,900 --> 00:01:17,260 Basically what's happening here is the ransomware 29 00:01:17,260 --> 00:01:19,490 is saying all your files have been encrypted, 30 00:01:19,490 --> 00:01:23,620 you need to pay us $300 in Bitcoin in a couple of days, or in a couple of days 31 00:01:23,620 --> 00:01:26,710 we're going to say you have to pay us $600 in Bitcoin, 32 00:01:26,710 --> 00:01:29,530 and after that we're just going to delete your files. 33 00:01:29,530 --> 00:01:32,680 Now, that's not exactly a trivial amount of money. 34 00:01:32,680 --> 00:01:35,470 And getting a hold of Bitcoin is also not necessarily the easiest 35 00:01:35,470 --> 00:01:36,010 thing to do. 36 00:01:36,010 --> 00:01:40,517 Right now one Bitcoin, at the time of this filming, is worth about $1,800. 37 00:01:40,517 --> 00:01:42,850 So getting your hands on one in order to pay this ransom 38 00:01:42,850 --> 00:01:44,980 can definitely be no small feat. 39 00:01:44,980 --> 00:01:50,683 Now how these attacks work is taking advantage of an exploit in SMB 1.0. 40 00:01:50,683 --> 00:01:51,850 I know what you're thinking. 41 00:01:51,850 --> 00:01:55,060 No, SMB 1.0 is not Super Mario Brothers one, 42 00:01:55,060 --> 00:01:56,740 the classic game from my childhood. 43 00:01:56,740 --> 00:02:00,520 But actually SMB 1.0 is Microsoft's earliest version 44 00:02:00,520 --> 00:02:02,770 of Microsoft's file sharing protocol. 45 00:02:02,770 --> 00:02:06,640 And a user might experience using this protocol if, for example, they're 46 00:02:06,640 --> 00:02:10,780 in an organization that has a networked file server where many different users 47 00:02:10,780 --> 00:02:15,340 terminals are connecting to that file server or other network shared drives, 48 00:02:15,340 --> 00:02:17,500 they're probably using SMB. 49 00:02:17,500 --> 00:02:21,070 Now, there have been several versions of SMB since 1.0, 50 00:02:21,070 --> 00:02:23,110 I think they're up to 3.1 or something now. 51 00:02:23,110 --> 00:02:30,127 But it is 1.0 that is attacked by these EternalBlue and DoublePulsar exploits. 52 00:02:30,127 --> 00:02:31,960 Now this is actually not even the first time 53 00:02:31,960 --> 00:02:35,740 we've heard of SMB being part of a malware attack. 54 00:02:35,740 --> 00:02:40,090 You may recall a couple of years ago that Sony Pictures in November of 2014 55 00:02:40,090 --> 00:02:42,670 was also the victim of a malware attack whereby 56 00:02:42,670 --> 00:02:45,730 users who exploited SMB, in a different way than what we're talking about 57 00:02:45,730 --> 00:02:51,617 today, were able to get a hold of Sony's employee roster and their home 58 00:02:51,617 --> 00:02:53,950 addresses and Social Security numbers, bank information, 59 00:02:53,950 --> 00:02:57,940 stuff you really don't want hackers to get a hold of, 60 00:02:57,940 --> 00:03:01,750 and tried to extort Sony to pay up to prevent that information from being 61 00:03:01,750 --> 00:03:02,560 leaked. 62 00:03:02,560 --> 00:03:06,160 Now, we heard about the current attack, the first large scale victim of this 63 00:03:06,160 --> 00:03:09,280 appeared to be Britain's National Health Service. 64 00:03:09,280 --> 00:03:13,570 And the reason that this seemed to gain a lot of traction around the NHS 65 00:03:13,570 --> 00:03:16,840 was they're a very large organization and apparently they 66 00:03:16,840 --> 00:03:22,480 were running a lot of legacy versions of Windows, which were using the SMB 1.0 67 00:03:22,480 --> 00:03:26,560 protocol, which allowed this to spread very quickly through their system. 68 00:03:26,560 --> 00:03:29,060 Now, fortunately this week there was some good news. 69 00:03:29,060 --> 00:03:31,540 A security researcher found a kill switch, 70 00:03:31,540 --> 00:03:34,270 basically a way to just stop the virus from spreading 71 00:03:34,270 --> 00:03:36,340 or the ransomware from spreading. 72 00:03:36,340 --> 00:03:39,520 And the way they were able to find this actually cost them less than $11, 73 00:03:39,520 --> 00:03:40,570 which is pretty amazing. 74 00:03:40,570 --> 00:03:44,620 All the security researcher had to do was register these two URLs. 75 00:03:44,620 --> 00:03:47,620 They don't exactly seem like obvious URLs, they're pretty long, 76 00:03:47,620 --> 00:03:49,780 this random string of letters and numbers. 77 00:03:49,780 --> 00:03:52,570 But by registering those URLs, the security researcher 78 00:03:52,570 --> 00:03:55,840 was able to stop the spread of the ransomware. 79 00:03:55,840 --> 00:03:59,470 Now as it turns out, WannaCry is written in Visual C++, 80 00:03:59,470 --> 00:04:02,710 which looks pretty similar to C, which means we can actually take a look 81 00:04:02,710 --> 00:04:06,910 at the segment of code involved in this so-called kill switch that stopped 82 00:04:06,910 --> 00:04:11,317 the spread of the ransomware and see just how it worked. 83 00:04:11,317 --> 00:04:13,150 So the first thing we see here is a function 84 00:04:13,150 --> 00:04:16,660 called to memcpy, which copies information that the user is supplying 85 00:04:16,660 --> 00:04:18,610 into a location in memory. 86 00:04:18,610 --> 00:04:21,383 Here, URL is just a substitute for that really long string, 87 00:04:21,383 --> 00:04:23,050 I didn't want to type it out here again. 88 00:04:23,050 --> 00:04:27,490 But we're just copying that URL into memory so that it can be used later on. 89 00:04:27,490 --> 00:04:30,350 A couple of lines of code followed that weren't that important. 90 00:04:30,350 --> 00:04:35,900 But then WannaCry tried to open two internet connections. 91 00:04:35,900 --> 00:04:38,890 The first one, v4, is just checking to see whether the user is 92 00:04:38,890 --> 00:04:40,403 using a proxy server. 93 00:04:40,403 --> 00:04:42,070 So that one is not super important here. 94 00:04:42,070 --> 00:04:45,670 But v5 is the key to what allowed this kill switch to work. 95 00:04:45,670 --> 00:04:47,800 So what's trying to happen here is we are calling 96 00:04:47,800 --> 00:04:49,840 a function called internet open URL. 97 00:04:49,840 --> 00:04:52,120 And that is trying to open an internet connection 98 00:04:52,120 --> 00:04:57,820 to the URL that is stored in szurl, which is one of those really 99 00:04:57,820 --> 00:05:00,310 long alphanumeric strings. 100 00:05:00,310 --> 00:05:03,910 If it succeeds, so if v5, which means if I 101 00:05:03,910 --> 00:05:07,880 was able to establish an internet connection, as in that site exists, 102 00:05:07,880 --> 00:05:10,060 we just close both of the internet connections 103 00:05:10,060 --> 00:05:14,480 we have tried we just tried to open and we don't do anything else. 104 00:05:14,480 --> 00:05:18,430 But if that second one did not succeed, if v5 105 00:05:18,430 --> 00:05:21,980 failed because that long URL didn't exist, 106 00:05:21,980 --> 00:05:26,470 so you can't go to that domain name, then it would close both the handles. 107 00:05:26,470 --> 00:05:32,050 And then it would execute this function, sub_408090. 108 00:05:32,050 --> 00:05:36,220 Apparently sub408090 is where the code that would then 109 00:05:36,220 --> 00:05:41,170 encrypt all of the user's files and then put up that big red ransom screen 110 00:05:41,170 --> 00:05:42,460 lived. 111 00:05:42,460 --> 00:05:47,250 So just by registering those domain names, which did not exist before, 112 00:05:47,250 --> 00:05:49,920 when the code went to check to see whether it could establish 113 00:05:49,920 --> 00:05:51,930 an internet connection, it succeeded. 114 00:05:51,930 --> 00:05:54,840 And so this subroutine would no longer execute. 115 00:05:54,840 --> 00:05:58,320 Now the bad news here is that after this news of this got out, 116 00:05:58,320 --> 00:06:02,515 the hackers took that kill switch out. 117 00:06:02,515 --> 00:06:04,890 And so now there is another version of WannaCry out there 118 00:06:04,890 --> 00:06:10,360 that is not going to be shut off by that kill switch any further. 119 00:06:10,360 --> 00:06:13,890 Now Microsoft back in March actually released a security update 120 00:06:13,890 --> 00:06:19,798 for currently supported versions of the Windows operating system for SMB. 121 00:06:19,798 --> 00:06:21,840 And the reason that they released this update was 122 00:06:21,840 --> 00:06:24,960 that the most severe of the vulnerabilities that they're patching 123 00:06:24,960 --> 00:06:30,150 here could allow remote code execution if the attackers sends specifically 124 00:06:30,150 --> 00:06:33,150 crafted messages to an SMB Version 1 server. 125 00:06:33,150 --> 00:06:35,800 So clearly they did not want this to happen. 126 00:06:35,800 --> 00:06:37,980 They released a security patch for any currently 127 00:06:37,980 --> 00:06:40,050 supported versions of Windows. 128 00:06:40,050 --> 00:06:43,140 Unfortunately, you know it is not currently supported version of Windows? 129 00:06:43,140 --> 00:06:44,310 Windows XP. 130 00:06:44,310 --> 00:06:49,830 And despite that, Windows XP is actually still used by about 7% of computers 131 00:06:49,830 --> 00:06:53,700 on the planet, which makes it the third most popular operating system still 132 00:06:53,700 --> 00:06:57,540 in use on the planet and that's despite XP having been officially deprecated 133 00:06:57,540 --> 00:07:02,130 by Microsoft in April of 2014. 134 00:07:02,130 --> 00:07:05,503 But Microsoft realized that this patch was affecting too many people, 135 00:07:05,503 --> 00:07:08,670 excuse me, this exploit was affecting too many people, they had to patch it. 136 00:07:08,670 --> 00:07:10,770 And so they actually released an emergency patch 137 00:07:10,770 --> 00:07:15,000 for unsupported versions of Windows in response to this particular attack. 138 00:07:15,000 --> 00:07:17,610 Now, if you were using any of these versions of Windows here, 139 00:07:17,610 --> 00:07:21,270 and you had automatic updates turned on or at least critical security updates 140 00:07:21,270 --> 00:07:23,700 turned on for automatic download and install, 141 00:07:23,700 --> 00:07:26,077 you were likely safe from this attack all along. 142 00:07:26,077 --> 00:07:28,410 If you're using any of these versions of Windows though, 143 00:07:28,410 --> 00:07:30,330 which are officially unsupported, and you 144 00:07:30,330 --> 00:07:33,600 haven't been subjected to this attack yet, which is good, 145 00:07:33,600 --> 00:07:36,330 head to the Microsoft website, download that patch. 146 00:07:36,330 --> 00:07:39,090 And maybe consider upgrading to a different version of the Windows 147 00:07:39,090 --> 00:07:43,020 operating system so that you will be more protected in case of things 148 00:07:43,020 --> 00:07:44,910 like this happening again. 149 00:07:44,910 --> 00:07:48,060 For more on this attack and how Microsoft recommends customers 150 00:07:48,060 --> 00:07:50,520 respond to it, head to this URL here. 151 00:07:50,520 --> 00:07:54,987 But never forget the importance of backing up your files. 152 00:07:54,987 --> 00:07:56,070 SPEAKER 2: Backup systems. 153 00:07:56,070 --> 00:07:59,970 If you're in the habit, as you should be, of backing up all of your files 154 00:07:59,970 --> 00:08:02,790 your software might be using Shaw 1 in order 155 00:08:02,790 --> 00:08:06,270 to ensure that your file is indeed correctly backed up. 156 00:08:06,270 --> 00:08:10,570 157 00:08:10,570 --> 00:08:12,550 DOUG LLOYD: Now in addition to WannaCry, there 158 00:08:12,550 --> 00:08:16,300 was a similar piece of malware called Adylkuzz. 159 00:08:16,300 --> 00:08:21,790 And where WannaCry was trying to basically extort users to get Bitcoin, 160 00:08:21,790 --> 00:08:24,940 Adylkuzz is using their systems to generate Monero, which 161 00:08:24,940 --> 00:08:26,980 is a different kind of cryptocurrency. 162 00:08:26,980 --> 00:08:30,010 It's not taking the user's files hostage. 163 00:08:30,010 --> 00:08:33,280 What it's actually doing is just using their computer 164 00:08:33,280 --> 00:08:36,880 to mine for this cryptocurrency. 165 00:08:36,880 --> 00:08:40,419 It is making their computer constantly work hard and be busy 166 00:08:40,419 --> 00:08:42,820 and it really slows the user down. 167 00:08:42,820 --> 00:08:46,330 Now we're not going to get into how cryptocurrencies work, 168 00:08:46,330 --> 00:08:50,200 but if you're curious about why this particular attack would generate money 169 00:08:50,200 --> 00:08:54,070 for somebody who created this ransomware, you could head to this URL 170 00:08:54,070 --> 00:08:57,250 here, which explains how cryptocurrencies work 171 00:08:57,250 --> 00:08:59,680 and how they can be used to generate money. 172 00:08:59,680 --> 00:09:04,060 Now previously on CS50 Live we talked about a frighteningly effective Gmail 173 00:09:04,060 --> 00:09:05,930 scam, which was affecting a lot of people. 174 00:09:05,930 --> 00:09:07,770 And what would happen in this scam was that a user 175 00:09:07,770 --> 00:09:10,103 receive an email that looks like this, pretty innocuous, 176 00:09:10,103 --> 00:09:12,130 looks like a basic email with an attachment, 177 00:09:12,130 --> 00:09:15,230 except that this was not an attachment. 178 00:09:15,230 --> 00:09:20,472 It was actually an image that looked identical to Google's little box 179 00:09:20,472 --> 00:09:23,680 when you have an attachment attached to an email and you want to download it. 180 00:09:23,680 --> 00:09:28,420 And when you clicked on this image, it would bring you to a Google sign 181 00:09:28,420 --> 00:09:31,000 in page, which again looks completely innocuous. 182 00:09:31,000 --> 00:09:37,000 But if you provided your email and other login credentials to this form, 183 00:09:37,000 --> 00:09:41,050 that information wasn't being sent to Google it was being sent to a hacker. 184 00:09:41,050 --> 00:09:44,080 Google quickly responded, took care of that attack, 185 00:09:44,080 --> 00:09:46,030 but unfortunately a similar attack happened 186 00:09:46,030 --> 00:09:49,730 in Google Docs a couple of weeks ago. 187 00:09:49,730 --> 00:09:52,630 So I woke up on May 3rd with a bunch of emails 188 00:09:52,630 --> 00:09:55,240 that looked like this in my inbox. 189 00:09:55,240 --> 00:09:58,510 A lot of people suddenly wanted to share documents with me on Google Docs. 190 00:09:58,510 --> 00:10:00,910 Now a couple of things tipped me off here immediately. 191 00:10:00,910 --> 00:10:03,470 First of all, I was BCC'd on this email and second of all, 192 00:10:03,470 --> 00:10:06,310 I have no idea whose email address this is. 193 00:10:06,310 --> 00:10:07,900 So I was a little nervous about this. 194 00:10:07,900 --> 00:10:11,350 I didn't click on this link, but unfortunately some people did. 195 00:10:11,350 --> 00:10:14,590 And when they clicked on this link they were brought here, 196 00:10:14,590 --> 00:10:17,410 to a screen that, again, looked really similar to what we just saw. 197 00:10:17,410 --> 00:10:21,460 Google Docs is asking for permission to do certain things with your computer 198 00:10:21,460 --> 00:10:24,910 and it seems reasonable to allow Google to do this 199 00:10:24,910 --> 00:10:27,580 if you want to access this document. 200 00:10:27,580 --> 00:10:30,280 Unfortunately, this thing that says it's Google Docs 201 00:10:30,280 --> 00:10:34,020 was really more like Google Docs in air quotes. 202 00:10:34,020 --> 00:10:35,770 You may have heard, for example, something 203 00:10:35,770 --> 00:10:38,470 called email spoofing, which basically means 204 00:10:38,470 --> 00:10:43,510 I send an email from me that looks like it's being sent from somebody else. 205 00:10:43,510 --> 00:10:47,920 And the way this works is that email is sent using the SMTP, or simple mail 206 00:10:47,920 --> 00:10:49,960 transfer protocol. 207 00:10:49,960 --> 00:10:54,100 And in addition to the message that's being sent, the SMTP protocol includes 208 00:10:54,100 --> 00:10:58,210 a number of metadata or headers that include information such as who it's 209 00:10:58,210 --> 00:11:01,480 being sent to, who it's being sent from, where it's being sent from, 210 00:11:01,480 --> 00:11:05,870 where replies should go, what time zone, and so on and so on. 211 00:11:05,870 --> 00:11:09,040 So if I'm spoofing, for example, I might send 212 00:11:09,040 --> 00:11:12,880 an email that appears to be from say your HR department. 213 00:11:12,880 --> 00:11:15,527 And it's an email that asks for your direct deposit 214 00:11:15,527 --> 00:11:18,610 information, your banking information so that I can make a direct deposit. 215 00:11:18,610 --> 00:11:21,850 But though the email appears to be coming from your HR department, 216 00:11:21,850 --> 00:11:25,900 because that's what from header says, I could change the reply to, 217 00:11:25,900 --> 00:11:28,090 which is a different field that's usually invisible, 218 00:11:28,090 --> 00:11:30,190 to actually reply to me. 219 00:11:30,190 --> 00:11:33,460 So that you send the email thinking it's going to your HR department, 220 00:11:33,460 --> 00:11:37,280 but really it's going to me because I've pretended to be your HR department. 221 00:11:37,280 --> 00:11:39,280 This is really similar to what's happening here. 222 00:11:39,280 --> 00:11:43,450 This app called Google Docs is really just pretending to be Google Docs. 223 00:11:43,450 --> 00:11:47,500 And if you hover over the permissions page, that Google Docs there, 224 00:11:47,500 --> 00:11:49,660 you'll see this information here. 225 00:11:49,660 --> 00:11:53,560 And that information does not appear to be legitimate Google Docs. 226 00:11:53,560 --> 00:11:56,050 And in fact, if you submitted your login credentials here, 227 00:11:56,050 --> 00:11:59,830 it would go to this person and that page there. 228 00:11:59,830 --> 00:12:02,260 Now Google Docs responded very swiftly, again, to this, 229 00:12:02,260 --> 00:12:03,885 just as they did a couple of weeks ago. 230 00:12:03,885 --> 00:12:06,033 They, within an hour or so of the announcement 231 00:12:06,033 --> 00:12:08,200 of the attack really started to hit a lot of people, 232 00:12:08,200 --> 00:12:09,825 they posted this on their Twitter page. 233 00:12:09,825 --> 00:12:13,630 And less than 3 hours later they had addressed the issue, 234 00:12:13,630 --> 00:12:17,230 they had taken steps, they had updated safe browsing notifications, 235 00:12:17,230 --> 00:12:20,530 and they also updated in-email email notifications 236 00:12:20,530 --> 00:12:25,785 to warn users that an attack like this, similar messages to this 237 00:12:25,785 --> 00:12:27,160 were being used to attack people. 238 00:12:27,160 --> 00:12:29,050 So use extra caution and make sure you know 239 00:12:29,050 --> 00:12:32,590 the user before clicking on that link. 240 00:12:32,590 --> 00:12:34,900 Now, changing gears entirely. 241 00:12:34,900 --> 00:12:35,488 Oh, excuse me. 242 00:12:35,488 --> 00:12:38,530 Actually, if you want more information about this attack head to this URL 243 00:12:38,530 --> 00:12:39,160 here. 244 00:12:39,160 --> 00:12:42,220 Now switching gears entirely. 245 00:12:42,220 --> 00:12:45,010 You may recall that at the end of every fall semester 246 00:12:45,010 --> 00:12:48,130 we have the CS50 Fair, an epic display of students' final projects 247 00:12:48,130 --> 00:12:51,400 where they come and show the staff all the work 248 00:12:51,400 --> 00:12:54,490 that they did over the course of the fall semester. 249 00:12:54,490 --> 00:12:56,650 Well in the spring semester we run CS50 as well 250 00:12:56,650 --> 00:12:59,525 through Harvard Extension School for students both local to Cambridge 251 00:12:59,525 --> 00:13:00,490 and around the world. 252 00:13:00,490 --> 00:13:03,490 And this year we were very fortunate to have about a dozen students, who 253 00:13:03,490 --> 00:13:06,700 happen to be local, come and show our projects to the course's 254 00:13:06,700 --> 00:13:09,635 staff, their teaching fellows and course assistants, to David, 255 00:13:09,635 --> 00:13:12,510 and, of course, to their fellow students to delight in their project. 256 00:13:12,510 --> 00:13:14,550 So congratulations to everybody. 257 00:13:14,550 --> 00:13:17,340 It was great to meet you and great to see your projects. 258 00:13:17,340 --> 00:13:19,580 We also had a very special visitor, Sandy Shea, 259 00:13:19,580 --> 00:13:23,930 who came all the way from Taiwan to visit us at the CS50 Fair this year. 260 00:13:23,930 --> 00:13:27,110 And she proudly earned her, I took CS50 shirt. 261 00:13:27,110 --> 00:13:31,010 And that wasn't the only special visitor we had this week in the CS50 office. 262 00:13:31,010 --> 00:13:35,540 So pictured here is team Pochi Ma Buoni, sorry about the Italian 263 00:13:35,540 --> 00:13:40,940 there, who was one of the winning teams for CS50X puzzle day in 2016. 264 00:13:40,940 --> 00:13:43,520 And pictured at right here is Luigi Morelli 265 00:13:43,520 --> 00:13:47,150 who's also very active in the CS50X forums online. 266 00:13:47,150 --> 00:13:51,840 And Luigi actually came all the way from Rome to visit us in the CS50 office 267 00:13:51,840 --> 00:13:52,340 as well. 268 00:13:52,340 --> 00:13:53,400 Luigi it was great to meet you. 269 00:13:53,400 --> 00:13:54,483 Thanks so much for coming. 270 00:13:54,483 --> 00:13:57,410 I hope you enjoyed your stay in Cambridge. 271 00:13:57,410 --> 00:14:00,750 Well that's it for live this week. 272 00:14:00,750 --> 00:14:05,510 Thanks so much to Dan, and Scully, and Ian, Patrick, Tara, Marina, 273 00:14:05,510 --> 00:14:07,910 Christian, the Hoff. 274 00:14:07,910 --> 00:14:10,670 David, sorry I cut you off earlier. 275 00:14:10,670 --> 00:14:11,730 We'll see you next time. 276 00:14:11,730 --> 00:14:13,910 And until then, no vertical videos. 277 00:14:13,910 --> 00:14:17,260 [MUSIC PLAYING] 278 00:14:17,260 --> 00:14:36,000