Show of 10-11-2014

Tech Talk

October 11, 2014

Email and Forum Questions
  • Email from †Mary in Bethesda: Dr Shurtz, A while back I had a conversation w/ a woman who runs this group and I was considering getting involved so she set something up and now, weekly, I get these popup notices in top R corner of my screen. I donít want to see them anymore and donít know how to make them go away. Can you please help!!?? †Thanks, Mary in Bethesda MD
  • Tech Talk Responds: It looks like you accepted a weekly meeting. †Your calendar is putting those notices on your screen. You to your calendar and click on one of those meeting and donít accept it.
  • Email from Carl Tyler: Dear Dr. Shurtz: I’ve been reading in the tech news about companies revoking trust in “Certificate Authorities”. I know there is plenty of articles on the internet about a certificate authority but they are very technical and hard to understand. You have always had a way of explaining things so most everybody can understand them, which is one of the reasons I listen regularly to your podcast. Could you explain what a certificate authority is? Thanks, Carl Tyler
  • Tech Talk Responds: Asymmetric key exchange has become the preferred method of secure communication. Public-private key encryption is used to encrypt the transmissions. The originating computer uses its private key and the public key of the receiving computer to encrypt the message. The receiving computer uses it private key and the public key of the sending computer to de-encrypt the message. The question then becomes: Can the public keys be trusted.
  • Digital Certificates allow a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate provides identifying information is forgery resistant and can be verified because it was issued by an official, trusted agency. The certificate contains the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures) and the digital signature of the certificate-issuing authority (CA) so that a recipient can verify that the certificate is real.
  • To provide evidence that a certificate is genuine and valid, it is digitally signed by a root certificate belonging to a trusted certificate authority. Operating systems and browsers maintain lists of trusted CA root certificates so they can easily verify certificates that the CAs have issued and signed.
  • What so many revocations? Around 17% of all trusted SSL web servers were vulnerable to the Heartbleed bug when it was publicly disclosed. The bug made it possible to steal a server’s private keys, thus allowing unauthorized parties to impersonate an affected website using its own SSL certificate. All of these certificates must be revoked and replaced. Not all sites are doing with this expeditiously. †
  • Email from Lauren: Dear Dr. Richard Shurtz, I have a hard decision and know too few individuals I can ask pc / mac hardware question and get a solid answer. I have signed up for a training class taught. The instructor has said that I need to bring a laptop to the training and that it must have Internet Explorer. I have an iMac and donít use IE. What are my options? Your thoughts are most appreciated. Lauren, a regular TechTalk listener : †)
  • Tech Talk Responds: IE is currently not supported for the Mac. You should ask your instructor if you can use Safari. You might also install the Chrome browser on your Mac. Chrome is an excellent option and has excellent compliance with all standards.
  • Email from Mary Wilson: Dear Dr Shurtz, I have been using several different Gmail accounts for some time (over 2 years). I usually access them via the apple MAIL Application and also look at them through internet/Chrome browser. Today I needed to find a sent message. I never found it either place and it was about 2 weeks old!
  • I donít know if my Gmail settings are correct and I tried, of course, to figure this out but it seems it may involve the POP/IMAP settings that I dont really understand. If you could spend some time giving an overview on the Most Important Setting in Gmail, I need to know this. I am very upset that I donít have a copy of many emails I sent over the past several months and I never ran into this before today. I guess stuff happens on Googles end that could cause this also, correct? Best, Mary
  • Tech Talk Responds: If you’re trying to decide between using POP and IMAP, I encourage you to use IMAP. Unlike POP, IMAP offers two-way communication between your web Gmail and your email client. This means when you log in to Gmail using a web browser, actions you perform on email clients and mobile devices (ex: putting mail in a ‘work’ folder) will instantly and automatically appear in Gmail (ex: it will already have a ‘work’ label on that email the next time you sign in).
  • IMAP also provides a better method to access your mail from multiple devices. If you check your email at work, on your mobile phone, and again at home, IMAP ensures that new mail is accessible from any device at any given time.
  • Finally, IMAP offers a more stable experience overall. Whereas POP is prone to losing messages or downloading the same messages multiple times, IMAP avoids this through two-way syncing capabilities between your mail clients and your web Gmail.
  • You need to enable IMAP in Gmail. Go to your Gmail account, click on the Gear in the upper right corner. Click on Forward and POP/IMAP tab. Enable IMAP. When configuring your Mail application for Gmail, choose the IMAP option for Account Type and use imap.gmail.com for the incoming mail server.
  • As far as looking for the missing email, you to the web portal for Gmail (www.gmail.com), log into your account, and check the sent mail folder.
  • Email from Thomas Medford: Would the good doctor please discuss the physics and principles behind the EM or microwave drive for long distance space flight and have the results been repeated by other researchers? Thanks, Thomas Medford.
  • Tech Talk Responds: It is a very controversial propulsion technique because it violates conservation of momentum. It is based on microwave generated by a Magnetron and injected into resonant cavity shaped like a trapezoid. The radiation is bounced between the short and long sides of the cavity. Differences in radiation pressure between the two sides provide the thrusts. Despite skepticism, NASA tested the thruster and measured trust. Some are speculating that the radiation is interaction with the quantum particles that come and go in a vacuum. The jury is still out on this thruster. More test and theory will follow.
  • Email from Mary Wilson: Dear Dr Shurtz, Based on you having said good stuff about OOMA awhile back, I signed up with this VoIP about 1 month ago and have had a ton of troubles. †People I call say they only hear every other word I say. I wanted them to change the caller ID to only show my phone# and not my name. They first told me this could not be done. I called back and they said they could do it but had to put two letters into where the name usually goes. They said it was done.
  • So I called a friend and asked what the caller ID read and they told me a former Google voice number that I didnít even think was still working and I have no idea how OOMA got THAT number. want to know if you still have your OOMA acct? †Thanks, Best, MW
  • Tech Talk Responds: You need good bandwidth, both uplink and downlink. Go to BroadBandNetworks.com and check your connections speeds. If they can hear you properly, it means that you uplink bandwidth is low. As for caller ID, your old number was probably in their contact list. I still use OOMA and the results are excellent. I an currently using FIOS for my ISP. By the way I actually have two numbers through OOMA: one for the phone and one for the fax. The fax has a distinctive ring. The system works perfectly.†
Profiles in IT: Nick D. Woodman
  • Nicholas “Nick” Woodman is the founder and CEO of GoPro.
  • Nicholas D. Woodman was born June 24, 1975 in Santa Clara County, California.
  • Woodman grew up in Menlo Park and Atherton, CA, attending the Menlo School.
  • Nick began surfing his senior year of high school, dropping team sports to focus on catching waves. He formed Menlo School’s first surf club before graduating in 1993.†
  • He earned a BA degree in Visual Arts UC, San Diego in 1997.
  • After graduation, he founded a marketing company called funBug but after it failed.
  • In 2002 at the age of 26, he decided to travel around the world surfing. While surfing in Australia and Indonesia, he used a 35mm camera attached to the palm of his hand.
  • Seeing that amateur photographers like him became his inspiration for GoPro.
  • Nick originally conceived GoPro as a strap to tether film cameras to surfers’ wrists and fashioned the prototypes out of surfboard leashes and rubber bands.
  • Dean Woodman, his father and a silicon valley investment banker, was one of the earliest investors in GoPro, providing his son with two $100,000 checks in the company’s earliest days. Upon starting his company, Nick put in $30,000 of his own money and also received $35,000 from his mother.
  • He debuted his first camera–the GoPro 35mm Hero–in September 2004 at San Diego’s Action Sports Retailer trade show. He sold 100 cameras to a Japanese firm.
  • At the end of its debut year, GoPro sold $150,000 worth of product. Most of these cameras were sold to surf shops and specialty sports retailers
  • Woodman’s early tradeshow trips were made in his 1971 Volkswagen Bus. He remembers sleeping in the van, which he dubbed “The Biscuit.”
  • Woodman hired his college buddy and roommate, Dana, to run sales at GoPro. Woodman and Dana took in revenue of $350,000 in 2005.
  • Woodman soon realized that his camera was just as good on land as in the water. He branched into other sports, including mountain biking and skiing,
  • In 2006, the company went digital and and introduced its first Digital Hero, with 10 second video capabilities. 2006 brought $800,000 in revenue and 2007 $3.4M.
  • The product has since evolved into a compact digital camera that supports WiFi, can be remotely controlled, has waterproof housing, records to a micro SD card, and is affordable to the average action sports enthusiast ($200-$400).†
  • Thereafter, sales doubled every year and in 2012, GoPro sold 2.3 million cameras.
  • In December 2012, the Taiwanese contract manufacturer Foxconn purchased 8.88% of the company for $200M which set the market value of the company at $2.25B.
  • Woodman is married to Jill R. Scully and they have two children.
  • They live in Woodside, California. Woodman is known as the “mad billionaire” due to his unconventional behavior and eccentricities.
  • As of 2014, he is worth an estimated US$4.8 billion.
Unpatchable USB Flaw
  • Story recommended by Arnie, a long-time listener.
  • Computer code that can turn almost any device that connects via USB into a cyber-attack platform has been shared online.
  • Computer security researchers wrote the code following the discovery of the USB flaw earlier this year.†
  • The pair made the code public in an attempt to force electronics firms to improve defenses against attack by USB.
  • One of the experts who found the flaw said the release was a “stark reminder” of its seriousness.Details of the BadUSB flaw were released at the Black Hat computer security conference in August by Karsten Nohl and Jakob Lell.
  • Their work showed how to exploit flaws in the software that helps devices connect to computers via USB. The biggest problem they discovered is in the onboard software, known as firmware, found on these devices.†
  • Among other things the firmware tells a computer what kind of a device is being plugged into a USB socket but the two cybersecurity researchers found a way to subvert this and install attack code. At Black Hat, the BBC saw demonstrations using a smartphone and a USB stick that could steal data when plugged into target machines.
  • Mr Nohl said he and his colleague did not release code in order to give firms making USB-controlling firmware time to work out how to combat the problem.
  • Now researchers Adam Caudill and Brandon Wilson have done their own work on the USB flaw and produced code that can be used to exploit it. The pair unveiled their work at the DerbyCon hacker conference last week and have made their attack software freely available via code-sharing site Github.†
  • “We’re releasing everything we’ve done here, nothing is being held back,” said Mr Wilson in a presentation at DerbyCon.†
  • “We believe that this information should not be limited to a select few as others have treated it,” he added. “It needs to be available to the public.”
  • Mr Wilson said cybercrime groups definitely had the resources to replicate the work of Mr Nohl and Mr Lell to produce their own attack code so releasing a version to the security community was a way to redress that imbalance.
  • Responding to the release of the attack tools Mr Nohl told the BBC that such “full disclosure” can motivate companies to act and make products more secure.
  • “In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.”
  • The fix will be slow because the standard must be changed and ratified before any vendors will patch their firmware.
  • Warning: Beware of rogue USB devices.
David Burd Surprise Visit
  • Humorous tech discussions about topics of the day
  • BadUSB malware and its impact
  • iPhone6 versus iPhone6+
  • Facebook has overtaken the older generation,; the young have moved on.
ATT $105M Cramming Settlement
  • Ongoing efforts by the FTC and its federal and state partners to stop mobile cramming have resulted in a $105 million dollar settlement with AT&T ó the biggest to date with a prominent mobile phone carrier. Even better news for affected AT&T customers? They might be eligible for a refund.†
  • According to the FTC, AT&T Mobility, LLC allegedly charged consumersí mobile phone bills for third-party subscriptions or services that they never ordered or authorized. Many consumers werenít aware they had been paying ó up to $9.99 per month ó for seemingly random horoscope text messages, flirting tips, celebrity gossip, wallpaper or ringtones that showed up on their phones.
  • How were consumers supposed to know about the charges? According to the FTC, AT&T didnít make it easy. The complaint alleges the phone bills sent to consumers were deceptive because the company lumped together all the charges to make it look like everything was related to AT&Tís mobile phone services.†
  • So when a consumer saw the overall balance due, the hidden charges were hard to detect. Even consumers who regularly checked their phone bill line by line every month missed them.
  • So whatís the bottom line for AT&T consumers affected by the settlement?
  • AT&T will make sure from now on that they have your consent before billing you for third-party charges.†
  • If you contact AT&T about unauthorized third-party charges on your bill, they will provide a refund unless the company has information you consented to the charge.
  • AT&T will continue offering consumers the option to block all third-party charges. Other phone carriers, not just AT&T, offer third-party blocking service for free. Ask your phone carrier about services to block these charges.
  • Consumers can find out more information about the refund process and submit claims by visiting http://FTC.gov/att.†
  • Unsure if you are eligible for a refund? Contact the FTCís refund contractor at 1-877-819-9692 for more information.†