Show of 09-06-2014

Tech Talk

September 6, 2014

Email and Forum Questions
  • Email from LedbyBrain: Dear Doctor. I need a cure. I am beginning to believe my password management is inadequate. Please name the best pw management application and a few free ones that do a GOOD job.  A little overview in this topic is appreciated: Thanks! Led
  • Tech Talk Responds: Online merchants and other supposedly secure websites can’t be relied on to keep your personal information safe. Even sites using decent security practices may have been compromised by the Heartbleed bug discovered earlier this year. If you used that same password at other sites, you’re really in trouble. You need to use a different strong password on every site, and you should change each one often. Password managers can help with this process. 
  • PC Magazine recently reviewed password managers. They selected Last Pass 3.0LastPass 3.0 is more powerful and flexible than almost all of its competition; LastPass 3.0, LastPass 3.0 Premium ($12.00) for mobile support, Dashlane 3.
  • LastPass 3.0 imports passwords from over 30 of its competitors. If you’re starting from scratch, chances are good you’ve used your browser’s built-in password management feature. LastPass and Dashlane can import those passwords, delete them from the browser, and turn off the browser’s password management. 
  • All three support two-factor authentication, to ensure that someone does not access your passwords without authorization. You can use finger print or text message sent to a cell phone for the second factor.
  • Dashlane and LastPass actively detect and manage password change events, capturing credentials as you sign up for a new service. All three support remote login into your password file, so you can look up credentials even when using someone else’s computer. 
  • Dashlane and LastPass can also serve as form fillers for personal data. DashLane and LastPass offer to capture what you’ve entered if they see you filling a form manually. They can store various types of ID data such as passports and driver’s licenses. 
  • The free edition of LastPass has almost everything found in the premium; support for mobile devices is the big exception. You can use Dashlane for free on a single device; syncing requires the paid edition. LastPass Premium costs a dollar a month.
  • LastPass and Dashlane offer a security report listing all of your passwords and rating the strength of each. They also report on duplicates—passwords you’ve used on more than one site. And they make it easy to upgrade all your passwords to improve security. 
  • Email from Arnie in Crownsville, MD: Hi Dr. Shurtz. I would like to know how Pulse Point works. It is a free app for anyone knowing CPR and is especially good for those EMT, Firemen, Police Officers, and others who give assistance to those having heart attacks and strokes. How does one having the app get a signal of some kind to let them know someone is having a heart attack in a store, store next door, or nearby restaurant? How does it work? It has some great reviews and has saved lives. I just wonder how it works. 
  • BTW, here is another article about TOR and about the Godfather of Anonymity, David Chaum. If you haven’t reviewed his past on Tech Talk, he may be one you want to feature. Seems this anonymity thing isn’t going away. Thanks, Arnie Crownsville, MD
  • Tech Talk Responds: Thanks for the Profiles in IT suggestion. We will feature him in an upcoming show.
  • PulsePoint Respond is a location-aware phone application that empowers everyday citizens to provide life-saving assistance to victims of Sudden Cardiac Arrest. Notifications are made simultaneously with the dispatch of paramedics to anyone within the area that is CPR-trained and has indicated their willingness and ability to assist during an SCA emergency. These notifications are only made if the victim is in a public place.  When notifications do occur they intend to target potential citizen rescuers that are within walking distance.
  • Users receive a push notification accompanied by a distinctive alert tone. The notification is followed by a map display showing the dispatched location of the emergency along with the precise location of the citizen rescuer – providing for easy navigation between the two. The map display also shows the exact location of the nearest AEDs. 
  • Pulse Point is available for both iPhone and Android. It is only useful if the local government has opted to use it. Licensing fee is 5K to 25K, depending on population. The program has been adopted by 500 cities in 17 states, as of September 2014.
  • Email from Lauren in Bethesda: Dear Dr. Shurtz, Big fan of your program and listen regularly. I have a challenge and need some insights. I am between jobs b/c I was laid off from my last business analyst position a few day ago.
  • I’ve been contacted by a recruiter asking if I am certified in Google Analytics. Regrettably I am not. She said she has a wonderful job and do have stuff the employer wants but the really want Google Analytics. I wanted to learn from you how much prep/studying you believe I’ll realistically need to pass the cert. exam? I have never used GA. I need a realistic game plan on mastering this and hope you can offer some assistance please on timeframe and on best learning method/resources. 
  • PS: I am also looking at getting a Google Adworks certification. Thanks, Lauren Bethesda
  • Tech Talk Responds: Start with the online resources. They seem to be pretty good. Link: http://www.google.com/intl/en/analytics/learn/index.html. I have also found a blog which outlines an a pathway to certification, which seems quite credible. Link: http://viget.com/advance/how-to-pass-the-google-analytics-iq-test-in-two-days-zero-to-hero
  • Set up your own webpage and practice these concepts. It can be a very simple webpage, but practice on something real is quite important. If you have a friend with a website, you could practice on their site too. Good luck.
Profiles in IT: Andrew Francis Kay
  • Andrew Francis Kay was the founder and CEO of Kay computers, manufactures of KayPro II, one of the first portable computers.
  • Andrew Francis Kopischiansky was born on Jan. 22, 1919, in Akron, Ohio.
  • In 1940, he received a BSEE from MIT in Boston and began his career at Bendix.
  • In 1949, he moved to California and went to work at JPL, where he was involved in the Redstone rocket program. His family changed its surname to Kay that same year.
  • In 1952 he founded Non-Linear Systems (NLS), a manufacturer of digital instrumentation. NLS developed a reputation for providing rugged durability in critical applications for military and space applications.
  • He is credited with inventing the digital voltmeter in1954, the concept of analog to digital conversion, and the digital revolution. 
  • He revolutionized high technology/high value product manufacturing by migrating away from traditional assembly lines in favor of autonomous “teams”, boosting quality and productivity while giving the employees a sense of ownership. 
  • Psychologist Abraham Maslow – who studied human motivation – spent a summer with Kay observing his techniques. Maslow later wrote a book on the topic and gave Kay credit for contributing to his theories. 
  • NLS had originally grown on the strength of the military and space industries. But after the Apollo space program ended in the early ’70s, the company lost money.
  • Mr. Kay came to the personal computer industry when he observed that his son-in-law was having trouble moving a bulky Apple II that came with a separate monitor. It occurred to him that an all-in-one machine would be more portable.
  • In 1982, he founded Kaypro Corp and released the Kaypro II at the West Coast Computer Fair in SF.
  • In 1982, the Kaypro II generated a great deal of enthusiasm by surpassing many of the Osborne’s features. Both machines were described as “luggables.” Kaypro II weighed 29 pounds and cost $1,795. The Osborne Computer was it chief rival.
  • Osborne announced plans for a new model, killing sales of the existing machine. This failure became famously known as the “Osborne effect.” Osborne’s was bankrupt.
  • Neither the Osborne I nor the Kaypro II initially ran the MS-DOS operating system, which would ultimately be an Achilles’ heel as the world adopted the IBM PC.
  • Kaypro focused on selling to independent electronics stores and saw sales soar to $120 million in just two years. The company went public. By the mid-1980s, it was the third largest computer seller behind Apple and IBM. Kaypro employed 700. 
  • The company never successfully made the transition to the IBM-compatible world. It filed for Chapter 11 bankruptcy protection in 1990. Kaypro was not able to emerge from bankruptcy, however, and its assets were liquidated in 1992.
  • Andrew Kay died August 28, 2014, in Vista, California. He was 95.
Photos of Celebrities Stolen from iCloud
  • Private celebrity photos were downloaded and posted to the web. Many are asking how this could have happened.
  • Initial reports suggested that hackers targeted the iCloud accounts of the high-profile victims, and held eager would-be-viewers to ransom on notorious bulletin-board 4chan, demanding Bitcoin in exchange for a peek of the images. 
  • Two theories have emerged. The first is simply social engineering using the password reset function. This is not a two-factor authentication. It simply required that you answer some challenge questions, which in the case of celebrities might be available on the Internet. Access required password change, so the celebrity would know that they had been locked out.
  • Programmers think they may have spotted at least one other (now fixed) route into accounts. The exploit relates to a project on the code hosting site Github, called iBrute. Just a day before the images leaked, the developers of iBrute announced a bug in the Find My iPhone service means it doesn’t employ brute force protection (i.e. an attack can continue using different passwords until the right one if found). This would not change the password and the user would know that an intrusion had occurred.
  • If this was the flaw used, the hackers would have needed email addresses of celebrities. The good news is that this exploit has just been patched. 
  • Once the hacker has logged into the account, they can restore data and download everything in the cloud (photos, text, and notes).
  • Reddit was clamping down on people naming the alleged leakers, and picture hosting site Imgur is pulling any uploads of the images, 4chan has pulled the original thread. Twitter reportedly suspending accounts that share the images.
  • What is Apple doing about this problem? According to Apple the following are being made.
    • Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.
    • Not just email anymore. If you’re in the middle of watching a Netflix show on your iPad, and someone is attempting to reset your password, your show will be interrupted with a push notification.
    • Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.
Deleted Unwanted Photos on iCloud?
  • Many of the photos that were leaked had been deleted by the victims from their cell phones. Yet the pictures remained in iCloud Storage. How could this be?
  • If you go to Apple’s iCloud.com right now and log in, you won’t see them there. You’ll see mail, contacts, etc., but no photos. 
  • So here are step-by-step directions on how to tell if your photos are on iCloud, how to delete photos, and then how to check to make sure they are really deleted.
  • First, check to see if your photos are being sent to iCloud. In iOS, click on Settings/iCloud. Scroll down to “Photos.” If it says “On” you have photos on iCloud.
  • The photos being shared are the ones in “My Photo Stream” in the Photos app. To find your Photo Stream, open your Photos app. On the bottom, click on “Albums.” You should then see a screen that shows both Camera Roll and My Photo Stream. Notice that there are fewer photos in my Camera Roll than in my Photo Stream? This shows that you have deleted photos from your phone that they are still available via iCloud.
  • If you have more than one photo you want to delete from iCloud, click on Select, then on all the photos you want to delete. 
  • Be careful about which photos you delete. Getting rid of them from Photo Stream gets rid of them on your other devices, as well.
  • To check if the photos are really gone, open up another Apple device and look at your Photo Stream in your Photos app.
Rogue Cell Towers Could Be Intercepting Your Call
  • Rogue cell phone towers around the US are forcing mobile devices to disable their encryption making it possible that someone might be able to listen in to their call. 
  • In 2010 at the DEF CON in Las Vegas, security researcher Chris Paget did the unthinkable. He built a cell tower of his own so that he could spoof legitimate towers and intercept calls.
  • The device would mimic the type used by law enforcement agencies to intercept phone calls. In this case, he was able to build it for roughly $1500 US. 
  • Paget’s device would only capture 2G GSM phone calls. Carriers such as AT&T T +0.6% and T-Mobile would be vulnerable as they use GSM, unlike Verizon which relies on CDMA technology.
  • Popular Science has reported very similar type of tower that has been popping up all around the United States. These rogue interceptors do not identify themselves as opposed to towers that belong to towers that belong to the large cell carriers. 
  • The problem here is that the phones would not alert the user if the encryption was switched off if it managed to associate with these rogue towers or interceptors.
  • So, who is responsible for these interceptors? In one particular case one of these towers was discovered at a casino in Las Vegas as well as near several military installations.
  • The FCC said that they are investigating, according to Popular Science. 
iPhone 6 Update
  • Apple’s new iPhone 6 will be introduced at a September 9 media event at the Flint Center, the same location where Apple debuted the original Mac 30 years ago.
  • With the iPhone 5, Apple increased the screen size of the device from 3.5 inches to 4 inches, and with the iPhone 6, the phone’s display is going to grow even larger. Though Apple experimented with a range of screen sizes, the company settled on 4.7 inches and 5.5 inches for its two devices, which will bring the next iPhone in line with competing Android and Windows phones that have adopted larger displays.
  • It will include:
    • NFC (Near Field Communication) for payments
    • Sapphire crystal screen on some models
    • Faster and more efficient A8 chip
Apple Dominating Shipping Capacity
  • Apple is shipping so many units of upcoming devices from its manufacturing facilities to sales outlets that it is causing delays for other manufacturers.
  • Apple shipments via major concerns like FedEx and UPS are said to be ‘incredibly high’ for the holiday quarter, pointing to a massive number of new devices.
  • The company is apparently flooding its channels with devices, causing shipments for other ‘top tier’ device makers to be delayed to make way for Apple products.
  • One other manufacturer was reportedly told by shippers that they couldn’t meet some deadlines because they were booked up servicing a ‘very important customer’.
  • If Apple is displacing shipments from other manufacturers with its volume then it wouldn’t be the first time. An account given by logistics exec John Martin to Businessweek a couple of years ago gives a few examples:
  • Apple could sell in the mid-60 million iPhones in the holiday quarter.
The Next iPhone Could Kill the Credit Card
  • The next iPhone is rumored to include a chip that makes the device scannable at checkout counters.
  • Apple could transform in how money moves with the iPhone6
  • An iPhone wallet likely would act as a surrogate for credit cards, a way to store the data of multiple cards but using the phone as the way to transfer that data instead of a swipe. 
  • But over time, the point of holding onto any of those cards, which become digital abstractions once they’re on the phone, will fall away. 
  • Instead, for all anyone with an iPhone is concerned, the way to pay will be Apple. 
  • Apple’s already got a great mobile wallet. I already use it when I buy something on iTunes.
  • They already have 800 million cards on file. Apple can rely on its proven design expertise to entice users into its payment world. 
  • They’re going to give people a better experience that’s arguably, probably more efficient and simpler with hardware they control.”
  • In that world, it’s Apple, not the credit card companies, that have the control, even if those iPhone wallets are being used to “store” those credit cards. 
  • The credit card becomes abstract, just another option to tap that otherwise stays hidden. Really, you’ll be paying with Apple. 
  • Once the credit card becomes that hidden, it’s only a short logical step to that card being eliminated altogether. Apple could get into the credit side of the game itself.
  • The ubiquity of an NFC-enabled iPhone, however, finally could force brick-and-mortar stores to offer a pay-by-phone option. 
  • Apple has the ability to succeed where Google and the few NFC-enabled Android phones to hit the market never could, because Apple controls the hardware and the software.
  • Google supported NFC with its own wallet, but few handsets came out with the chips inside, since few payment terminals would take them. That uncertainty disappears as soon as an NFC-enabled iPhone 6 floods the streets.
  • And while an iPhone wallet won’t mean an end of credit cards anytime soon—American Express and Visa reportedly have reached agreements to work with Apple—it’s hard to see how its spread wouldn’t hasten a future free of plastic. After all, a credit card is just a medium for transferring data, just like a smartphone.