Show of 11-08-2014

Tech Talk

November 8, 2014

Email and Forum Questions

  • Email from Mary Wilson: Dear Dr. Shurtz. I finally got a response from Ooma. They reviewed the four tests, which gave my line a B rating with some jitter. My download speed was 4 Mbps. My upload speed varied between 4 and 10 Mbps. Jitter varied from 0 to 4 milliseconds. Packet loss was zero. They suggested adjusting the Quality of Service settings to reduce jitter. How do you do that? I’m not too sure Thank you. I am a long time listener. Mary Wilson
  • Tech Talk Responds: QoS could be an issue if you have other people of your network. When my son was at home, I had to adjust QoS on my router to ensure good VoiP reception. Change the password on your router to made certain that no one is stealing your bandwidth. I have set m Ooma device to have the highest priority on my router.
  • Email from Margaret: Dear Dr. Shurtz, Today I’ve tried to clean up some files/documents in Finder. I simply wanted them GONE so I moved them to trashcan. But after doing this for a while I noticed the trashcan was empty and the files landed on my desktop!!!!! Not when I try and drag doc/files from desktop to trash I can’t get them to go into the trashcan. I hope you can please help. Thanks. Margaret
  • Tech Talk Responds: Obviously you were not dropping them into trash. Make certain that the trash can is highlighted before releasing them. Perhaps the files are locked. Try unlocking the files before trashing them. It looks like a permissions issue. Do you have sufficient rights to trash the file? Check the file properties to see if any of these are issues.
  • Email from Arnie: Hi Dr. Shurtz. It looks like TOR is showing itself again. Global cooperation among law enforcement agencies closed Silk Road 2.0 and 400 other sites. These sites used TOR, which was created by the US intelligence agency, to assist people living under repressive regimes. The authorities must have developed new techniques to crack TOR and track down the origins of these networks and those behind them. Wonder why the lab ever thought TOR should go public? Wonder how they cracked TOR to get these guys? Arnie Crownsville, MD
  • Tech Talk Responds: TOR was created by the US intelligence agency to assist people living under repressive regimes. I don’t think they cracked it. Most likely the websites that used TOR were not configured correctly and some location information leaked out unencrypted.
  • Email from Ngoc in Houston: Dear Tech Talk, I am attending a convention in Houston and would like to record some comments about a few of the sessions on using my iPhone. What are my options? Love the show, Ngoc…normally from Ohio.
  • Tech Talk Responds: You can, of course, always make a video of a session. That takes a lot of memory and may not be practical using the iPhone. I can make voice comments using Voice Memos. This is a great app for recording voice notes of the sessions. It is frequently used to record songs or other musical information. You can also use Notes to write notes. I like to use the voice recognition feature with notes. Just click on the mic symbol on the keyboard to activate voice recognition. It is quite accurate.
  • Email from Anita in Glen Allen: Dear Doc and Jim. I have a WD elements external hard disk. It is not recognized anywhere and I tried three computers. Before that I could not format it. I need help. Please help me, it’s urgent. It have very important data on it. Thanks Anita in Glen Allen
  • Tech Talk Responds: It could be as simple as the cable, so of course try another if you haven’t already. The problem is that it could be significantly more complicated. It could be the electronics in the external drive or it could be the hard disk drive itself. There’s just no way to really know for sure. Don’t reformat the disk. That only makes the matters worse. If you need to get the data, stop trying to use the drive and see a professional. Search for a data recovery company in your area with good online reviews. Expect to pay quite a bit. My last recovery was over $200, many years ago. Apparently you forgot the golden rule to backup all your data somewhere. Try to avoid that failure going forward.

Profiles in IT: Steven J. Sasson

  • Steven J. Sasson is best known as the inventor of the digital camera.
  • Steven Sasson was born July 4, 1950 in Brooklyn, New York.
  • Sasson received a BSEE (1972) and an MSEE (1973) from Rensselaer Polytechnic Institute.
  • He was hired by Eastman Kodak after graduation. 
  • His invention began in 1975 with a broad assignment from his supervisor at Eastman Kodak Company, Gareth A. Lloyd: to attempt to build an electronic camera using a charge coupled device (CCD).
  • As he set out on this project of the electronic camera, he imagined a camera without mechanical moving parts. 
  • It weighed 8 pounds (3.6 kg) and had only 0.01 megapixels (10,000 pixels). The camera took images in black and white. It used 16 AA batteries and was about the size of a toaster. 
  • It used a removable storage medium that could store 30 images. This made it seem like a traditional film camera with either 24 or 36 image role of film.
  • The image was recorded onto a cassette tape and this process took 23 seconds. He displayed pictures on a television monitor. He took rejected parts bin from the Super 8 movie camera production line for the optics. 
  • He took the first digital camera picture in December 1975. Sasson and his chief technician, Jim Schueckler, persuaded a lab assistant to pose for them. The image took 23 seconds to record onto the cassette and another 23 seconds to read off a playback unit onto a television. 
  • After a few adjustments, they got the image to display correctly. You could see the silhouette of her hair. This was the first digital photograph.
  • When he showed it to upper management, they said that all of this electronics to replace a piece of cellulose that cost a few cents. The camera was not shown to upper management. 
  • He estimated that it would take 15 to 20 years before a useful camera based on Moore’s law. He felt it would take 2 million pixels and he currently had 10,000 pixels, hence 20 years.
  • The resulting camera invention was awarded U.S. Patent 4,131,919. Kodak eventually obtained over 1,000 patents relating to digital photography. These patents were licensed to other companies and form the basis of most digital camera.
  • He made the first realistic digital camera in 1989. They may six prototypes and showed them to upper management. It was rejected because it would crimp the film business. The IP in this prototype is incorporated in every digital camera sold today.
  • The made a series of professional digital cameras in the early 1990s, selling for as much as $25K. They used Nikon bodies for these cameras. They then made the first Apple digital camera which sold for around $1K.
  • In the mid to late 1990s digital cameras became common among consumers. By the mid-2000s digital cameras had largely replaced film cameras, and higher-end cell phones had an integrated digital camera. By the beginning of the 2010s smartphones had an integrated digital camera. Kodak missed the parade and didn’t jump into the market until 2001.
  • Steven Sasson now works to protect the intellectual capital of his employer, Eastman Kodak. 
  • On November 17, 2009, U.S. President Barack Obama awarded Sasson the National Medal of Technology and Innovation at a ceremony in the East Room of the White House.

Website of the Week: InsecureCam

  • Website link: http://www.insecam.com/
  • There mission is to get users to secure their webcams.
  • This site links to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.
  • You can remove your web camera from the site by securing it with a proper password.
  • The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 
  • 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.
  • Change the defaults to secure the camera to make it private and it disappears from the index.
  • There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.
  • There were lots of businesses, stores, malls, warehouses and parking lots, but there were also baby cribs, bedrooms, living rooms and kitchens.
  • The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. 
  • That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. 
  • Once you take control of some webcams, you can talk through the speaker, a terrifying thought for baby webcams.
  • The lesson: change the default password on your web cam.

Apple blocks WireLurker malware apps from opening

  • Apple has now blocked the launching of Mac apps infected with WireLurker malware, after earlier revoking security certificates to prevent them being installed on new devices. 
  • It targets OS X 64 bit and waits for an iOS device to be connected. It then infects the iPhone/iPad, scanning for confidential information.
  • WireLurker was capable of infecting non-jailbroken iOS devices when connected to a Mac running one of the compromised apps. 
  • Over 400 Mac apps in a third-party Chinese app store were affected.
  • In a written statement, an Apple spokesperson said:
    • We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.
  • However it would be easy for other attackers to exploit the exact same weakness … 
  • The bigger issue here is not WireLurker itself; WireLurker appears to be in its infancy, and is mostly a collection of scripts, property lists, and binaries all duct-taped together on the desktop, making it easy to detect. 
  • The real issue is that the design of iOS’ pairing mechanism allows for more sophisticated variants of this approach to easily be implemented.
  • Once you pair an iPhone and a Mac, say, and say yes to each becoming a trusted device, there is virtually no limit to what the Mac is able to do to the iPhone. 
  • Users need to be given much more specific warnings about the dangers of installing unsigned apps. 
  • In addition, Mac apps should have to ask the user for permission to install software on iOS devices.
  • Congratulations to Apple. You have now been honored with malware, just like Microsoft has for years.

China Hacking iCloud

  • Chinese authorities launched “a malicious attack on Apple” that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports. With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.
  • China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. 
  • “The attack point is the Chinese internet backbone, and that it is nationwide, which would lead us to be 100 percent sure that this is again the work of the Chinese authorities,” one of the GreatFire founders told the South China Morning Post.
  • The scale of the potential data breach is immense—and the timing is interesting for two reasons.
  • First, Chinese authorities have been strictly controlling information about Hong Kong’s Umbrella Movement on the mainland, by reporting about the protests without actually showing any protesters, and deleting messages and posts on the demonstrations on internet searches and the messaging services Weibo and WeChat. They’ve also been detaining mainland Chinese citizens believed to be sympathetic to the protesters. Keeping an eye on Apple users’ data could certainly help with both efforts.
  • Secondly, sales of the iPhone 6 just began Oct. 17 after several weeks delay in China, reportedly because of “resistance” from the Ministry of Industry and Information Technology after Apple added new security features. This summer, China said the “frequent locations” feature on Apple’s new operating system could reveal “state secrets.” 
  • Beijing’s recent criticism of Apple comes after the company has worked for years to improve relations in Beijing, going so far as to self-censor apps there. Last year, for example, the company quietly deleted OpenDoor, an app that allowed users to evade China’s firewall. In August, Apple agreed to move its China iCloud storage to mainland China, reportedly to “ease tension” between the company and the government. 
  • Working with the authorities to help them prevent free access to news and information is not a guaranteed path to riches in China. If anything, cooperation with the Chinese authorities can now increasingly be labeled as the worst decision a foreign company can make. Not only will the authorities bite you in the ass, but your willingness to work with the censorship regime will lose you customers and fans worldwide.
  • Several hours after the GreatFire report, Apple posted an “update on iCloud.com security” to its own support center. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” the company said, adding that the attacks “don’t compromise iCloud’s servers,” or affect devices running the Safari browser. The update, however, did not mention China specifically.

Embedding YouTube videos is legal after all

  • Merely embedding a video doesn’t constitute copyright infringement, Europe’s highest court ruled this week, as long as the video was already publicly available.
  • The ruling came in response to a lawsuit initiated by BestWater, a German water filter producer that wanted to prevent one of its competitors from embedding a BestWater video ad on its website.
  • The issue in question was whether merely embedding a video published by someone else constitutes a public performance, which would need to be licensed by the copyright holder. 
  • The European Court has now said no, as long as the embedding doesn’t make the video available to new audiences. 
  • The water filter ad in question had already been available to the entire internet on YouTube, so merely embedding it didn’t make it available to audiences that previously didn’t have access — but one could imagine that the justices may have felt differently about a pirate video site embedding a video that wasn’t publicly listed anywhere else before.

Police Crack Tor and Shut down Sites

  • Law enforcement officials say they were able to unmask users of the popular Web anonymity tool Tor.
  • US federal officials and European law enforcement groups in over a dozen countries said Friday that they shut down more than 400 illegal websites — uncovering the tracks of website operators even as those operators used specialized anonymity software.
  • Authorities said they made the arrests by figuring out the identities of Tor users. 
  • Tor is free software meant to encrypt, or hide, actions on the Internet. While the law enforcement officials said they identified website operators who were using the software, it’s unlikely they actually cracked through Tor’s complicated encryptions.
  • The websites, or so-called “dark markets,” were selling illicit goods including illegal narcotics, firearms, stolen credit card data and counterfeit currency.
  • Authorities also arrested 17 people, seized computer hardware, cryptocurrency bitcoins worth $1 million and more than $200,000 in cash, drugs, gold and silver.
  • The announcements from the FBI and European authorities came a day after US federal officials said they had arrested Blake Benthall, a 26-year-old identified in connection with the operation and ownership of Silk Road 2.0. The illegal marketplace was similar to the original Silk Road site, which was shut down more than a year ago.
  • Tor — originally TOR, or “The Onion Router” — was first developed by the US Naval Research Laboratory and is currently funded in part by the US State Department and Department of Defense. By unveiling the identities of the website operators, authorities signaled they may have gotten more than a fleeting grasp on one of the hidden corners of the Internet.
  • The software facilitates anonymous Web surfing, forum posting, instant messaging, and other Internet communication by wrapping signals in layers of encryption and then sending them on an unpredictable path through a network of routers.
  • Each router peels off one “skin” of encryption to send the signal along, but no one router has access to all the details — thus the signal can’t be traced back to its sender.