Email and Forum Questions Profiles in IT: Jack Dorsey Google and Microsoft court Twitter Novel Application of Tritter Spies hacked US electrical grid Cyber Security Audit and Attack Detection Toolkit A Wi-Fi Virus Outbreak Possible Tax season brings phishing and other scams Conficker begins stealthy update
Email from Dave: What is your advice when looking a new career or job? Dave
Tech Talk Answers: Recommended reading: What Color is Your Parachute by Dick Bolles. Based on a method developed by John Crystal who mentored Dick Bolles. John lived in McLean and I attended his workshop nearly 30 years ago.
My class with John Crystal
Identify you natural tendencies (tropisms)
Decide what you want to do.
Survey the industry to gather information.
My IT projects at home are a reflection of this approach.
Linux for OS experience
Apache Web Server, PHP, MySQL for web design
Backtrack2 for security
Install Virtual Server (VMWare)
Email from Renee. Dear Tech Talk, I recently purchased a refurbished Samsung monitor. it came without a manual, which I in turn downloaded, but read that I also need a CD to complete installation? I already have it up and running on my PC. Do I really need the CD? Thanks, Renee.
Tech Talk Answers: You don’t need a CD for a new monitor. Many manufacturers get paid to offer you free Demo software with their product. This probably falls into that category. I’ve never run into a case where a display device, a monitor, required any additional software to be used. I’d just plug it in and use it. When it comes to displays, the devices that often do require additional software and drivers are the video cards that the monitor might be attached to. But rarely does the monitor itself even have software of its own, much less require it.
Email from a Mom: Hello: I am looking for classes that a 15 yr old who is interested in cooking can take. Also classes that a adult and a 15 yr. old could take. One last question do you have classes that specify in dessert items? I also heard that you have a class called Kids in the Kitchen I was wondering if you could send me information on this too. Thanks in advance for information for the above questions. Thank you.
Tech Talk Answers: Stratford does have Saturday culinary workshops. They can be found at www.statford.edu. Each summer the culinary department offers a Kids in the Kitchen program. Each session is one week. Many students sign up for several sessions.
Profiles in IT: Jack Dorsey
Jack Dorsey is an American software architect and businessperson best known as the creator of Twitter.
Jack Dorsey was born in 1976 in St. Louis, Missouri.
By age 14, he was interested in dispatch routing. He created open source software that is still in use by taxicab companies.
Dorsey was a student at New York University which he dropped out of and left his job as a programmer at a taxi dispatch service in 1999 to move to San Francisco.
In Oakland in 2000, Dorsey started a company to dispatch couriers, taxis, and emergency services from the Web.
When he first saw implementations of instant messaging, Dorsey had wondered if the software’s user status output could be shared among friends easily.
In July 2000, building on dispatching and inspired in part by IM, he had the idea for the realtime status communication.
He tried it with the first device that RIM made — the RIM 850, which was the predecessor to the BlackBerry. It had four lines of text, a keyboard and cost $400.
He wrote a very simple program to listen to an e-mail address and take any updates from me and send them out to a list of my friends.
His friends could reply to that e-mail and tell him what they’re doing.
In 2006, he approached Odeo, who happened to be interested in text messaging.
Dorsey and Biz Stone decided that SMS text suited the status message idea, and built a prototype of Twitter in about two weeks.
People use it to send out 140-character-or-fewer updates, called "tweets," through Twitter’s website or by text message over mobile devices.
The idea attracted many users at Odeo and investment from Evan Williams who had left Google after selling them Pyra Labs and Blogger.
Dorsey, Stone and Williams co-founded Obvious which then spun off Twitter, Inc.
As chief executive officer, Dorsey saw the startup through two rounds of funding by the venture capitalists who backed the company.
In October 2008 Williams took over the role of CEO, and Dorsey became chairman of the board.
Twitter’s popularity has given rise to an entire ecosystem of applications based on its open API.
In November 2008, Forrester Research estimated that Twitter had 4-5 million users
As the service grew in popularity, Dorsey had to choose improving uptime as top priority, even over creating revenue.
Dorsey described the commercial use of Twitter and its API as two things that could lead to paid features.
His three guiding principles, which are shared by the whole company and through its culture, are simplicity, constraint and craftsmanship.
BusinessWeek called him one of technology’s best and brightest.
Biz Stone and Dorsey accepting a TechCrunch award for best mobile startup.
Google and Microsoft court Twitter
Google Inc. and Microsoft Corp. are both courting microblogging service Twitter because of its search ad revenue potential.
A Wall Street Journal blog reported that many experts think Twitter’s instant 140-character format will be next big thing for search.
Earlier this month media reports said Google was in talks to buy Twitter, with figure of $250 million to $1 billion bandied about.
Twitter co-founder Biz Stone downplayed but didn’t refute the rumors.
A deal for Twitter has long been rumored. Potential suitors have included Facebook, which was reported to have made a half-billion-dollar offer last year.
Novel Application of Tritter
In observance of Good Friday, a New York church has been Twittering the story of the Passion–the biblical tale of the hours leading up to Jesus’ crucifixion.
This means that subscribers will receive 140-character updates coming from a set of Twitter accounts run by people playing characters in the story.
Trinity Wall Street is an Episcopal church in Manhattan’s Financial District that live-streams its services on the Web, encourages members of the congregation to send video e-postcards to friends and family, and produces its own podcasts.
The church’s thinking behind offering a Twitter feed of the Passion is to offer a way to bring the day of observance into modern life and technology:
While Good Friday is one of the most important days of the church year for many Christian denominations, there are plenty of devout Americans who don’t take the day off from work.
Also worth noting this week: a Passover haggadah depicted in the form of a Facebook news feed.
Spies hacked US electrical grid
Foreign cyber-spies have reportedly been infiltrating the US electrical grid and planting software that can be used to destroy key components.
According to the Wall Street Journal, which cites unnamed national security officials, hackers from China, Russia, and "other countries" are trying to navigate and control the power grid as well as other US infrastructure like water and sewage.
The intruders don’t appear to have attempted to cause any damage yet, but US intelligence officials worry they’ll try during a crisis or war, the paper said.
Governments on both sides of the Atlantic have warned lax cyber-security may leave critical infrastructure vulnerable to terrorists and saboteurs.
The Chinese have attempted to map our infrastructure and so have the Russians, according to the Wall Street Journal
The vulnerability is linked to Supervisory Control And Data Acquisition (SCADA), software used to control switches and valves at power generators, gas refineries, and manufacturing plants across the world.
As more of the systems are being hooked to the internet and corporate intranets to save costs, remote access is easier for hackers.
Because security on the systems is not regulated in the US, protection of key infrastructure left in the hands of the industry.
Chinese and Russian officials denied electrical grid espionage in the report.
This is the same warning that we have heard for the past several years. It hits the news when another outlet hears about it.
Cyber Security Audit and Attack Detection Toolkit
The good news is that both industry and government have responded to the SCADA threat.
The Cyber Security Audit and Attack Detection Toolkit is a Digital Bond research project funded by the Department of Energy.
The goal to prevent and detect attacks on control systems by integrating control system intelligence into security products and security intelligence into control system applications. The Bandolier and Portaledge projects comprise the Toolkit.
Bandolier documents best security practice configurations for control system application components, and then program these configurations into audit files that can be used in Nessus and other leading vulnerability scanners.
Portaledge is project that aggregates security events from a variety of data sources on the control system network and then correlates the security events to identify cyber attacks.
A Wi-Fi Virus Outbreak Possible
If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.
The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.
The issue is that most of these routers are installed out of the box very insecurely.
The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.
Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.
Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique.
Because New York is such a dense city with a relatively low percentage (25.8%, according to the researchers) of encrypted routers, it was particularly susceptible to this type of attack.
San Francisco, on the other hand, where 40.1% of routers are encrypted and which had a lower density of routers was less susceptible.
Tax season brings phishing and other scams
If you get an e-mail from the IRS, it’s probably a scam.
As the April 15 tax filing date nears, online tax-related scams tend to ratchet up.
Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, and that your computer is free from any malware.
If any of these components are compromised then your data is not safe.
Probably the most common type of tax season scam is the fake IRS phishing e-mail.
These e-mails will either claim to be a tax refund or an offer to help file for a refund, settle tax debt, or other aid.
They will provide a link to a Web site where the visitor is prompted to type in personal data like a Social Security number.
Also cropping up are fake tax Web sites that offer to electronically file or prepare taxes for individuals. They ask for information including bank account information for alleged refund automatic deposits. However, the sites just steal the data, which can be used for identity fraud and outright theft later.
The IRS has a list of companies that are authorized to do electronic filing but the IRS site doesn’t include the exact Web address.
Another potential risk comes from programs that may be on the computer that you don’t know about, and not just malware.
Given the propensity for inadvertent file sharing, it might be wise to not use peer-to-peer programs on the same computer where tax data is located.
When in doubt, pick up the phone or go straight to the IRS Web site.
Conficker begins stealthy update
The Conficker worm has started to update infected machines with a mystery package of data.
Computer security firms watching the malicious program noticed that it sprang into life late on 8 April.
The activity on its update system delivered encrypted software to compromised machines. It is not yet clear what the payload contains.
The Conficker virus variants are thought to be present on millions of PCs around the world.
The updating activity has begun about a week later than expected. Analysis of the "C" variant of Conficker (aka Downadup) revealed that its updating mechanism was due to go live on 1 April.
Analysis showed that the file had arrives via the peer-to-peer file transfer system that infected machines use to communicate.
In a bid to avoid alerting people to its activity, the update is slowly being trickled across the population of machines.
Exact figures for the number of Conficker-infected machines are hard to determine, but the minimum is widely believed to be three million.
Once it arrives on a machine, the package of data randomly checks one of five different websites – MySpace, MSN, eBay, CNN and AOL – to ensure its host still has net access and to confirm the current time and date.
Following this check the data package removes all traces of its installation.
The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a "rootkit" that will bury itself deep in Windows in order to steal saleable data such as bank website login details.
Security researchers are continuing to analyze the payload to get a better idea of what it is intended to do.
Symantec said it too had noticed the increased activity of Conficker and its analysis suggested a link with another well-known virus called Waledac. This malicious program steals sensitive data, turns PCs into spam relays and opens up a backdoor so the machine can be controlled remotely.
The security firm noticed that the update also included an instruction to the worm to remove itself on 3 May, 2009. However, the Waledac imposed backdoor on the machine will remain open, so its creators can still control compromised PCs.