Show of 06-14-2014

Tech Talk

June 14, 2013

Email and Forum Questions
  • Email from Benoit in New Jersey: Dear Tech Talk. I use Dropbox to share files. Many corporate documents are stored in the cloud. I simply send a public link to a particular file or subdirectory when I want to share. How secure is this practice. Thanks, Benoit in New Jersey
  • Tech Talk Responds: People using file storage services, such as Dropbox and Box, are being warned that they are at risk of inadvertently leaking their own files. Intralinks, a competitor, said it found sensitive files, such as mortgage records. The problem centered on the use of the services’ sharing function that generated a public link.
  • As a precaution, Dropbox has disabled access to links that have been previously shared. It said it had also implemented a patch to prevent shared links from being exposed. Dropbox is working to restore links that aren’t susceptible to this vulnerability. Box has a similar problem and is working to fix it.
  • The problem was not a security flaw as such, but instead an unexpected consequence of user behavior. Dropbox, Box and most other cloud hosting services often give users the option of creating a shareable web link for their files. It means users are able to simply send a web address – made up of a string of letters and numbers – for someone to directly download a file without needing to log in. Because of the complexity of the link, it is very difficult to guess – meaning that while the link is technically public, it is unlikely anyone would be able to access it by chance.
  • However, Intralinks discovered that the links were being exposed in two ways not previously considered. Firstly, it discovered that shared links were often appearing in websites’ referral data. Many websites look at referral data when analyzing their traffic to get an insight into how visitors got to their site. Intralinks found that if a link to a website is included in a file shared on Dropbox, and subsequently clicked within the web viewer, the website owner would see the shared link in its referral data – and therefore be able to access the file. Dropbox said its patch has now fixed the problem.
  • Email from Shawn in Fairfax: Dear Doc and Jim. I have a degree in information technology and am looking for a job. What techniques to you suggest. Love the show. Shawn in Fairfax
  • Tech Talk Responds: We use the methods outlined in What Color is Your Parachute? by Dick Bolles to facilitate placement. The introspection required in this book leads to informed interviews and helps each student develop an effective elevator speech.
  • Then we have our students actually behave like they are already employed in the field. We have them:
    • Do real projects
    • Read the industry rags (free)
    • Join user groups (free) to build a network of contacts
    • Attend local conferences and meetings.
  • Demonstrating an interest in actual projects and working shoulder to shoulder with other professionals is the best way to get invited for an interview.
  • Email from Alex in Reston: Dear Doc. I hear you talk about critical thinking as an important skill to develop. I don’t understand what that means or how to develop it. Please elaborate. Thanks. Alex in Reston
  • Tech Talk Responds: Critical thinking is applying the scientific method to all situations. We teach by asking questions so that students can isolate each of the eight elements of critical thinking as they think through a situation.
  • Teaching by asking questions like Socrates. Help students thing through things using the eight elements of critical thinking
    • Purpose, Question
    • Data Required, Conclusions, Implications of conclusion
    • Underlying model used for analysis
    • Assumptions, Point of view
  • Faculty inspire, students teach themselves (Sugata Mitra). The true value of education is what you know after you have forgotten all you memorized.
Profiles in IT: Alan Mathison Turing
  • Alan Mathison Turing was an English mathematician, logician, cryptanalyst and computer scientist. Turing is considered to be the father of computer science and AI.
  • Alan Mathison Turing was born June 23, 1912 in London and raised in Hastings.
  • His attended St Michael’s Day at the age of six and Sherborne School at age 13.
  • Received a BS in Mathematics from King’s College, Cambridge, in 1934.
  • In 1935, at the young age of 22, he was elected a fellow at King’s on the strength of a dissertation in which he proved the central limit theorem.
  • In his 1936 landmark paper, Turing proposed a simple arithmetic-based formal language, which became known as the Turing Machine, and proved that such a machine would be capable of performing any conceivable mathematical algorithm.
  • From September 1936 to July 1938 he spent most of his time at the Institute for Advanced Study, Princeton, New Jersey. In addition to his purely mathematical work, he studied cryptology and also built an electro-mechanical binary multiplier.
  • In June 1938 he received his PhD in Princeton, where he proposed a system of logic which allowed the study of problems that could not be solved by a Turing machine.
  • During World War II, Turing worked for the Government Code and Cypher School (GCCS) at Bletchley Park, Britain’s code breaking centre.
  • He devised techniques for breaking German ciphers, including the bombe, an electromechanical machine that could find settings for the Enigma machine.
  • This was first of five crypto-analytical advances that Turing made during the war.
  • In 1945, Turing was awarded the OBE (Order of the British Empire) for his wartime services, but his work remained secret for many years.
  • After the war he worked at the National Physical Laboratory, he created one of the first designs for a stored-program computer, the ACE.
  • Turing travelled to the United States in November 1942 and worked with U.S. Navy cryptanalysts on Naval Enigma and bombe construction in Washington.
  • During this trip, he assisted at Bell Labs with development of secure speech devices.
  • In 1948 Turing joined Max Newman’s Computing Laboratory at Manchester University, where he assisted in the development of the Manchester computers and became interested in mathematical biology.
  • Turing worked from 1952 until his death in 1954 on mathematical biology, specifically morphogenesis.
  • Turing’s homosexuality resulted in a criminal prosecution in 1952, when homosexual acts were still illegal in the United Kingdom. He accepted treatment with female hormones (chemical castration) as an alternative to prison.
  • He died in 1954, just over two weeks before his 42nd birthday, after taking a bite from an apple injected with cyanide poisoning.
  • On 10 September 2009, following an Internet campaign, British Prime Minister Gordon Brown made an official public apology on behalf of the British government for the way in which Turing was treated after the war.
Citizen Scientists Control Old NASA Probe
  • The ISEE-3 Reboot Project has announced that it has achieved two-way communication with the ISEE-3, which was originally launched by NASA in 1978.
  • The probe was originally launched in 1978 with a goal of studying the solar winds that flow near the Earth. It completed that mission in 1981. Since it was still operational, it was then directed to observe two comets. It’s spent the past 30 years orbiting the sun and is now on its way back to Earth.
  • NASA has no plans to do anything with the returning probe, but a group of citizen scientists was interested in attempting to contact and possibly control it. So earlier this month it signed an agreement with Skycorp, Inc. to allow the ISEE-3 Reboot Project a chance to communicate with the probe and use it for research.
  • The project achieved its first big success on Thursday. Using the Arecibo Radio Observatory in Puerto Rico, the project was able to establish two-way communication with the probe and access its current telemetry.
  • “We have successfully commanded both of ISEE-3?s data multiplexers into engineering telemetry mode,” project member Keith Cowing noted in a blog post. “The current bitrate is 512 bits/sec.  We have been able to verify modulated data through ground stations in Germany, Morehead State in Kentucky, and the SETI Allen Array in California.”
  • As the team learns more about how to communicate with and command the ISEE-3 probe, their eventual goal is to actually change its current trajectory into one that will enable more frequent communication with the probe. Its instruments are still functioning, which means that if the project is successful, there may be a wealth of scientific information that it can uncover.
  • The project crowd funded over $150,000 towards this effort, and it will be announcing more of its future plans regarding the probe next week.
  • Crowd funding link: http://www.rockethub.com/42228
Zagg Invisible Shield Glass
  • Zagg has announced a tempered glass screen protector. It is getting great reviews.
  • The protector itself is made from tempered glass, which should completely protect my iPhone’s screen from scratches. You can remove the protector at any time.
  • The Glass protector is simple to install; it takes a few minutes. The process involves cleaning your iPhone display with an included damp cloth, drying the display with a microfiber cloth, and then placing the Glass protector on your iPhone.
  • Once attached, you simply rub from the center to the edges to remove any trapped air bubbles.
  • The end result? You can’t tell there’s a screen protector at all.
  • You’ll be adding 0.4 millimeters of thickness to your iPhone with this screen protector, but you’d be hard pressed to realize it. The Glass is silky smooth and has rounded edges.
  • Zagg has a lifetime guarantee on the Glass protector. The Zagg Invisible Shield Glass screen protector for iPhone 5s costs $34.99 directly.
  • This would have saved by dropped cell phone and still let me keep the uncovered phone feel.
Cybercrime Laws used to target security researchers
  • Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure.
  • Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have used it against anyone looking for vulnerabilities in the internet, criminalizing work that’s largely benign.
  • They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action.
  • HD Moore, creator of the ethical hacking tool Metasploit and chief research officer of security consultancy Rapid7, told the Guardian he had been warned by US law enforcement last year over a scanning project called Critical.IO, which he started in 2012.
  • The initiative sought to find widespread vulnerabilities using automated computer programs to uncover the weaknesses across the entire internet.
  • The project that landed Moore in trouble, Critical.IO, uncovered some serious, widespread vulnerabilities, including one case where between 40 and 50 million network machines could have been compromised due to weaknesses in a network protocol, known as Universal Plug and Play (UPnP).
  • Yet US law enforcement continued to pursue Moore, even though he was transparent with his role and the reasons for his scanning, he claimed, without naming the government body that was responsible.
  • ‘The law doesn’t encourage experts with the skill to investigate threats’
  • Moore said the actions by law enforcement were partly responsible for him taking a break from the industry, from which he has just returned. But his biggest fears surround the overall effect on internet security.
  • “You need people who can get into the detail with these systems, people who know how to manipulate the technology to their advantage as a criminal would,” he added.
  • Many other researchers are believed to have had similar issues. Zach Lanier, senior security researcher at Duo Security, said many of his team had “run into possible CFAA issues before in the course of research over the last decade”.
  • ‘We warned of a vulnerability – but they claimed we were hacking their systems’
  • Lanier said that after finding severe vulnerabilities in an unnamed “embedded device marketed towards children” and reporting them to the manufacturer, he received calls from lawyers threatening him with action.
  • The threat of a CFAA prosecution forced Lanier and his team to walk away from the research.
David Burd Surprise Visit
  • iPhone technology
  • Google glass and “Glassholes”
  • Random tech talk