Show of 2-2-2013

Email and Forum Questions

  • Email from Tim: Dear Tech Talk, I clicked on a link in a spam email that I received by mistake. What should I do to find out if I have malware like a key logger on my computer? Things seem ok so far; no weird pop-ups or anything but I’m concerned. I’m running Mac OSX 10.6.8. Thanks, Tim
  • Tech Talk Responds: Well, the good news here is that most malware is actually not targeted at the Macintosh. There is malware out there, there’s just not a lot of it. You’re probably safe simply by virtue of having a Macintosh and having this happen on your Mac.
  • If you were on a PC, I would immediately say:
    • Start running your anti-malware software.
    • Run up-to-date scans of the entire machine.
    • Use both your anti-virus and your anti-spyware tools.
  • Email from Sam in Herndon: Dear Doc, I have a very bad internet connection especially during in the evening.† Someone advised me to use a router. Will it be useful or what advantage does it make and will it require me to change my modem? Thanks, Sam.
  • Tech Talk Responds: A router will not change your Internet speed. During business hours, your Internet Service Provider is the bottleneck. Their network is oversubscribed and you connection is slow.
  • You may want a router for protection as a firewall, since a simple modem may not provide that service. You need to check whether your ISP has provided a modem with a built-in firewall. The other reason to use a router is to share your connection with multiple computers. Since you have only one computer this is not the problem. You might want to contact your ISP and buy some guaranteed bandwidth. It will cost more, but may be worth it.
  • Email from Alice: Dear Doc, I just go a new Windows computer. How should I set it up. Thanks, Alice.
  • Tech Talk Responds: First steps with a new computer would be to insure it is set up just the way you like, and then take recovery images of the new machine.
  • Tech Talk Responds: I would make an image of the computer disk as purchased. I would install backup software, like Macrium Reflect, and create a full backup image to an external hard drive. Save that image. You can get a free download from http://www.macrium.com/reflectfree.aspx. That is your recovery disk. That is your set up disk. That is a replacement for not having installation media.
  • Log onto the Internet and update the operation system and all software updates (especially Java). This is very important, particularly in view of the recent Java fiasco. You may want to take another image at this point.
  • Get rid of “bloatware” I would look at Control Panel’s programs and features. I would take a look at the list of software that’s installed and I would start uninstalling the bloatware.
  • If it is unwanted software that requires that you buy to extend the trail, uninstall it. This is what I call crapware. The computer manufacturer is paid to put this on your drive. Use Revo Uninstaller if it doesn’t uninstall completely to help clean things up further. You can get it at http://www.revouninstaller.com/.
  • Now create a final backup image.
  • Email from Mary Ann: Dear Tech Talk, I checked in to my hotel which provides free high speed internet. All was well and good, except that after a while, I could no longer send email. I could receive all I wanted, but all my attempts to send failed. The next morning, sending mail worked … again, for a while. What’s going on? Thanks, Mary Ann
  • Tech Talk Responds: I’ve run into this as well. There is a reason that makes sense. The root cause of all this is spammers. Many hotels are intercepting mail being sent to any mail server on port 25. Instead of connecting to the server your email program requests, they intercept and connect to their email server instead.
  • Even though your mail program is configured to send your mail through the SMTP server of, say, your isp, the hotel’s infrastructure sends it through their email server. And now that they’re controlling it they then often impose a cap on the amount of email you can send.
  • Email you send while you’re at the hotel could possibly be traced back to the hotel and even cause the hotels internet connection to be blacklisted. If you are a spammer, or your machine is infected with a spam-sending zombie, sending unrestricted email that originates from the hotel’s IP address some anti-spam technologies will eventually blacklist the source – the IP address of the hotel.
  • By limiting the number of emails you can send per day the hotel effectively restricts your ability to be a spammer, and dramatically reduces the possibility that their network could be accused of being a source of spam.
  • Work arounds
    • Use web mail. If your ISP has a web interface, than can be a quick way to be able dash off that important email with no further thought.
    • Use an alternate port. If your email provider supports this, you may be able to configure your email client to connect via a port other than 25. If they provide an SMTP over SSL connection (more and more common these days) that’s often via port 465 or 587.
    • Use a VPN. If you or your corporations have the ability to connect using a VPN, or Virtual Private Network, that connection bypasses these types of redirections.
  • Email from Jessica in Lansdowne: Dear Tech Talk, I have been using Viber on my cell phone and love it. Recently, I have been using Viber texting and the person I have chatting with is able to identify my location? How can they do that. Is there a way to turn off that feature? Thanks, Jessica
  • Tech Talk Responds: Viber is an iPhone app that provides phoning and texting using your data connection, either over cellular or wi-fi. When you text, it shares your GPS location. The person you are chatting with can click the location icon to the right on the text message and get your location on map, including the address.
  • In order to stop sharing your location information, you need to change your iPhone settings. Go to Setting. Click on Privacy. Click on Location Services. Scroll down to Viber and turn off permission to share location data.
  • BTW, if you donít want to share GPS data on your pictures, you might also location the camera app and turn off position sharing there too. This data was used by the enemy to locate soldiers who posted pictures to their social media page. It has also been used in court to provide location data.

Profiles in IT: Ping Fu

  • Ping Fu, a Chinese refugee from the Cultural Revolution, is the co-founder and CEO of Geomagic, a 3D software development company.
  • Ping Fu was born in 1958 in Nanjing, China.
  • Her father was a professor at the Nanjing University of Aeronautics and Astronautics.
  • Her parents sent Ping to Shanghai to be raised by her aunt and uncle.
  • In 1966, as part of the Cultural Revolution, Ping was taken from her Shanghai family and returned to Nanjing. Both her parents had been sent to for “re-education.”
  • For the duration of the Cultural Revolution, Ping Fu took care of her little sister.
  • She attended study sessions of Mao’s Little Red Book, performed mandatory military service, worked on farms and in factories, suffered humiliation included a gang rape.
  • In 1976, Mao Zedong died and the Cultural Revolution came to an abrupt end.
  • Universities were reopened. Ping took China’s first entrance exam and was admitted.
  • For her thesis, Ping traveled the countryside researching the effects of China’s newly implemented one-child policy. She discussed the practice of female infanticide.
  • A story based on Ping’s research was published in Shanghai’s largest newspaper, and another in the People’s Daily. She was forced to leave the country.
  • In 1983, Ping moved to the US without English language skills.
  • She enrolled in the University of New Mexico. Taking first ESL, then the MS in Computer Science. She worked as a babysitter and cleaning lady, then, as a waitress.
  • Shortly before completing her MS, she enrolled in the UCSD as an undergraduate.
  • In 1988, Ping graduated with a BS and MS in computer science from UCSD.
  • She accepted an offer from Bell Labs in Naperville, Illinois.
  • She met her future husband, computational geometry professor Herbert Edelsbrunner.
  • In 1990, she was hired by the National Center for Supercomputing Applications.
  • Her work there contributed to advancements in the fields of virtual reality, image processing, scientific visualization, massive storage, and user interface.
  • Ping hired undergraduate Marc Andreessen to work in her lab in 1992.
  • NCSA and University of Illinois offered to back new venture started by researchers.
  • Ping co-founded Geomagic with her husband, based on his research results.
  • Her goal was to develop software that could take the data from 3D scanners, process it, and output it on 3D printers, doing for 3D printing what Adobe did for publishing.
  • By 1999, Geomagic had partnered with Boeing and Mattel, and raised $6.5 million in VC financing. The company also moved to Research Triangle Park, North Carolina.
  • In 2005, Ping was selected by Inc. magazine as its Entrepreneur of the Year.
  • In 2012, Ping published a memoir “Bend, Not Break”, to phenomenal reviews.
  • In early January 2013, 3D Systems announced an agreement to acquire Geomagic.
  • Ping was married to Herbert Edelsbrunner in 1991 and they divorced in 2008. They have one daughter Xixi Edelsbrunner who was born in 1993.

Oracle Responds to Java Security Flaws with 50 Fixes

  • Oracle has been under increasing pressure to finally fix Java security flaws.
  • On February 1, 2013, Oracle released a massive security patch fixing at least 50 different issues.
  • The February 2013 Critical Patch Update for Java SE was originally scheduled for February 19th, but given that at least one of the vulnerabilities is being actively exploited, Oracle decided to expedite the patch update.
  • Of the 50 fixes, 40 of them are specific to Java usage in web browsers, which has been the primary attack vector against Java.
  • At the end of last week, Oracle publicly posted an audio call with its Java security team, where the team lead admitted that Java needed to be fixed.
  • Oracle issued a critical one-off patch two weeks earlier to fix a flaw that was being actively exploited at the time. That patch in turn, missed at least one flaw that has been exploited over the last two weeks and is now part of the 50 flaw fix.
  • Looking at the contents of Oracle’s February Critical Patch Update for Java reveals that 49 of the 50 flaws being fixed are remotely exploitable without authentication.
  • Oracle’s Risk Matrix for the flaws show that at least 35 of the flaws carry a CVSS score of 10.
  • The Common Vulnerability Scoring System (CVSS) is used to provide a common metric to determine the risks associated with a given vulnerability.
  • A score of 10 represents the most serious and immediate risk.
  • In addition to the 50 fixes, Oracle has now also set Java security settings to high.
  • The Java 7 update 10 release that came out in December of 2012 introduced a new security panel to Java that allows users to set different levels.
  • Oracle has already scheduled the next three regularly planned set of security updates for Java to be June 18th, October 15th, and January 14th of 2014.

Sunday’s Super Bowl Tech Review

  • Officials will use GPS tracking devices to keep an eye on players, performers and even the Lombardi Trophy during their travels to and from the stadium.
  • The stadium will be equipped with free Wi-Fi for up to 32,000 fans simultaneously.
  • All major wireless companies have ramped up their signals around the stadium, too, to make sure their customers don’t lose service.
  • The NFL has apps for both the iPad and Android. The app is geared toward people attending the game. The app includes a 3-D map of New Orleans with restaurant and bar locations, a tool to find parking, concessions and restrooms at the stadium.
  • To watch on a tablet, go to CBSSports.com. CBS will have a live stream of the game along with alternate camera angles.
  • Verizon Wireless customers will also be able to live stream the game on their phones using the NFL Mobile app, available for iOS and Android. Hopefully you have unlimited data.
  • Other useful app include ESPN’s ScoreCenter and Yahoo! Sportacular — both free and both available for Android and iOS.
  • Each team has developed its Official Team App.

NASA Technology at the Super Bowl

  • Probably no other government agency invented more technologies on display in the game than NASA.
  • Helmets and pads. NASA developed a variety of shock-absorbent foams to protect astronauts during take-off and landing. The foams could conform to the shape of an object under pressure, and then return to their original shape. Memory foam is now used in helmets as well as shoulder, and knee and elbow pads.
  • Safety Visors. For astronauts on space walks or on the moon, NASA invented anti-UV, anti-glare, anti-scratch coatings for the visors of their spacesuits, to protect their eyes from the harsh light in places with no atmosphere to filter it. Sunglasses and tinted visors, based on this technology, are worn by some players, particularly defensive backs and linebackers. The visors shield their eyes from glare and also keep opposing players from seeing where the visor-wearing player is looking.
  • Shoes. A NASA engineer invented a cushioning material for spacesuit boots designed to reduce fatigue by stabilizing the boots and absorbing shock. The material is now used in the midsoles of athletic shoes and covered by air chambers. The shoes have helped performance to some degree and very likely reduced injuries.
  • Sports fashion. Modern sportswear that lets perspiration pass through and manages heat from the body started with material NASA used for spacesuits. More than 200 brands use it, so itís likely that every player on the field will be wearing some form of the material.
  • Wireless headsets. NASA invented wireless headsets for the missions to the moon. Theyíve come a long way since then, with lighter equipment, clearer signals, and so on. The quarterback and a defensive player, usually a middle linebacker, have them in their helmets, so they get play calls from coaches. Coaches have them on the sidelines.
  • Video stabilization software. NASA didnít invent video recording, playback or even slow motion. But it did invent video stabilization software so it could analyze space shuttle launches. Detailed views of plays that can be reviewed.

Twitter Accounts Compromised

  • Twitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies.
  • It admitted that hackers may have gained access to information on 250,000 of its more than 200 million active users.
  • The social media company said that earlier this week it detected attempts to gain access to its user data.
  • It shut down one attack moments after it was detected. But it discovered that the attackers may have stolen user names, email addresses and encrypted passwords belonging to 250,000 users.
  • Twitter reset the pilfered passwords and sent emails advising affected users.
  • China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics.
  • The Chinese foreign ministry could not be reached for comment Saturday, but the Chinese government has said those accusations are baseless and that China itself is a victim of cyber-attacks.
  • One expert said that the Twitter hack probably happened after an employee’s home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized.
  • Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers “a toehold” in Twitter’s internal network.
  • The relatively small number of users affected suggested either that attackers weren’t on the network long or that they were only able to compromise a subset of the company’s servers.
  • But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.
  • Since few people bother using different passwords for different services, a password.