Show of 07-08-2017

Tech Talk

July 8, 2017

Email and Forum Questions

  • Email from Jim in Bowie: Dear Tech Talk. I have a problem with my Windows computers. When I access IPv6 websites, I cannot load any IPv4 websites. I don’t have this problem with my Linux machine. This is very inconvenient when I am working on some particular projects. What are my options to fix it? Enjoy the show. Jim in Bowie.
  • Tech Talk Responds: By default, an IPv6 socket created on Windows Vista and later only operates over the IPv6 protocol. In order to make an IPv6 socket into a dual-stack socket, the setsockopt function must be called with the IPV6_V6ONLY socket option to set this value to zero before the socket is bound to an IP address. When the IPV6_V6ONLY socket option is set to zero, the socket can be used to send and receive packets to and from an IPv6 address or an IPv4 mapped address. The IPv4-mapped IPv6 address format allows the IPv4 address of an IPv4 node to be represented as an IPv6 address. IPv4 addresses are 32 bits. IPv6 addresses are 128 bits. The extra bits are simply mapped as zeros.
  • Email from Joy in Sterling: Dear Doc and Jim. I recently deleted a string on text messages on my iPhone by mistake. Is there any way that I can recover them? Enjoy listening to the show. Joy in Sterling, VA.
  • Tech Talk Responds: The good news is that you can recover your text messages, if you act quickly. After you remove a message from iPhone, the message isn’t actually deleted. The deleted messages is technically marked for deletion by the system and hidden so that they become invisible. Therefore, deleted messages still stays somewhere on iPhone and you can retrieve them as long. But do the recovery quickly because it is limited that the deleted messages are not overwritten.
  • You can use the application PhoneRescue to find these messages. Download the PhoneRescue from https://www.imobie.com/phonerescue/download.htm. Install and run the application on your MAC or PC. Connect your iPhone to the computer using the USB connection. On Homepage of PhoneRescue: select Recover from iOS device. Click right arrow to scan your iPhone. Select Messages and Message Attachments. Select the contact with messages you want to retrieve. Preview the deleted messages and attachments. Select the items you want to recover. Click To Device button to get them back to your iPhone again. You can also recover them from your iPhone backup file on the iCloud using the same software.
  • Email from Johnny Bottulism, not in Kilmarnock: On a trip to New England last year, I bought several live lobsters in Connecticut with the intention of freezing them freezer bag and placed in the freezer while they were still alive. One year later, I took the bag from the freezer and placed it in the refrigerator for 24 hours to allow the lobsters to defrost.
  • When I removed the lobsters from the refrigerator, they literally disintegrated. Each of the lobsters were green around the joints and their remnants were floating in a toxic bouillabaisse. I threw them away. What did I do wrong? Johnny Botulism, Not in Kilmarnock, VA
  • Tech Talk Responds: You failed to freeze the lobster correctly. According to the Lobster Institute, properly prepared whole or “in the shell” lobster has a good quality shelf-life of 9 to 12 months.
    • Lobsters should be chilled and live.
    • Blanch at 212° for 60 seconds in a 2% salt brine (1.5 ounces, or roughly 1/2 cup, of non-iodized salt or sea salt to 2 quarts of water).
    • Chill after blanching in cold running water or in a tub with a mixture of 50% water to 50% ice.
    • Following a 15-20 minute chill, remove excess surface water.
    • Place lobsters in commercial freezer bags and remove as much air as possible.
    • Freeze at -18° C (0° F) or lower.
  • Email from Helen in Rockville: Dear Doc and Jim. I think that my ISP is throttling my download speeds. I am using BitTorrent to download movies. It much cheaper than other options. I have noticed by my download speeds a substantially slower than before. Helen in Rockville.
  • Tech Talk Responds: BitTorrent is a hyper distribution communications protocol for peer-to-peer file sharing (“P2P”) which is used to distribute data and electronic files over the Internet. BitTorrent is one of the most common protocols for transferring large files, such as digital video files containing TV shows or video clips or digital audio files containing songs.
  • Some Internet service providers slow down certain types of traffic, like BitTorrent traffic. Other ISPs slow down their customers’ connections if they download too much data in a month. If you are torrenting and you aren’t using a VPN, you are just asking for trouble. ISPs are blocking subscribers and sending notices to them to stop, and the problem is getting worse. The solution to use torrents and retain your privacy is really very simple: Just use a VPN like Express VPN or StrongVPN to keep your torrenting private so nobody can see. They have unlimited bandwidth, clients for any device, fast connections, great security, and a low monthly price. Plus as an added benefit, you can use them to watch streaming media like Netflix that might be blocked in your country.
  • Email from Yen in Greenbelt: Dear Tech Talk. My Windows 10 computer occasional crashes. I would like to find what what is causing this failure. What are my options. We enjoy listening to the podcast each week. Yen in Greenbelt.
  • Tech Talk Responds: The first step in troubleshooting is finding more specific error details. It could be a buggy device driver or faulty hardware.
  • The Windows Reliability Monitor offers a quick, user-friendly interface that displays recent system and application crashes. To open it, just hit Start, type “reliability,” and then click the “View reliability history” shortcut.
  • The Reliability Monitor window is arranged by dates with columns at the right representing the most recent days. You can see a history of events for the last few weeks, or you can switch to a weekly view. The column for each day shows events recorded for that day. If Windows crashed or froze, you’ll see a red circle with an “X” representing the failure. Click that day’s column and you’ll see more information at the bottom. Critical events are typically what you’re really looking for here, but the other information can be useful as well. For example, the history will show when you installed software, so you might be able to see whether crashes started occurring after the installation of a particular app. If you see an interesting event listed, double-click it to open a details window with more information. Here, we can see that Windows had trouble starting due to trouble with a hard disk.
  • When Windows encounters a blue screen error, it dumps the memory files to a local file that sometimes contains useful information for troubleshooting those errors. For a user-friendly way of examining these, we recommend NirSoft’s free BlueScreenView utility (http://www.nirsoft.net/utils/blue_screen_view.html). This tool displays a list of saved dump files. You can click any dump file to see the information it contains. The list of drivers at the bottom of the window may also be helpful. For example, the blue-screens may consistently implicate a particular driver file, such as your graphics hardware driver.
  • The Memory Diagnostics tool built into Windows can also help. It tests your memory to ensure everything is working properly. If your memory is damaged, this can cause system instability and blue-screens.

Profiles in IT: Robert William Bemer

  • Bob Bemer is known for his early work as a computer pioneer and for standardization of ASCII. Frequently called the Father of ASCII.
  • Bob Bemer was born February 8, 1920 in Sault Ste. Marie, MI
  • In 1936, Bemer graduated from Cranbrook School.
  • In 1940, he received a BA in Mathematics at Albion College.
  • In 1941, he earned a Certificate in Aeronautical Engineering from Curtiss-Wright Technical Institute.
  • In 1941, he was hired by Douglas Aircraft Company as Aerodynamicist
  • In 1949, he was hired by Rand Corporation as Programmer.
  • In 1951, he began working with Mathematical Analysis for Lockheed Aircraft Corp, then Marquardt Aircraft Company, and finally Lockheed Missiles & Space Co.
  • In 1955, he moved to IBM Corporation, where he worked in Programming Research, Programming Systems, Logical Systems Standards, and Programming Standards.
  • While at IBM, he created PRINT I programming system and the first load-and-go compiler. He published first paper to describe commercial timesharing.
  • He served on a committee to combine the design for his COMTRAN language with Grace Hopper’s FLOW-MATIC and produce the specifications for COBOL (COmmon Business-Oriented Language). He is known as Grandfather of COBOL.
  • He developed XTRAN, predecessor of ALGOL(ALGOrithmic Language).
  • In 1960, he originated what have become the ASCII (American Standard Code for Information Interchange) and ISO character codes. He is known as Father of ASCII.
  • He invented the ESCape sequence mechanism and was a major influence in choosing the 8-bit character in IBM System 360. He preferred to term “octet,” not “byte.”
  • In 1962, he was hired by Univac as Director of Systems Programming.
  • In 1965, he moved to Bull General Electric, Paris, where he served as Consultant to General Manager and in Manager of Software & Field Support.
  • In 1965, he originated the concept of the “software factory”.
  • In 1966, he moved to GE as Manager, Systems & Software Engineering Integration.
  • In 1970, he was hired by Honeywell Information Systems as Senior Consulting Engineer. He retired in 1982.
  • In 1971, he published world’s first warning on Year 2000 problem. He discovered the problem when working on genealogy with the Church of Latter Day Saints.
  • In 1996, he patented a method to ameliorate Year 2000 problem.
  • In 2003, he was awarded the IEEE Computer Pioneer Metal
  • After retirement, he started Bob Bemer Software.
  • In 1999, he sold his company to BigiSoft and kept the title of Chief Scientist.
  • Bob Bemer website is still online at www.bobbemer.com.
  • Bemer died at his home in Possum Kingdom Lake, Texas in 2004 at age 84.

Petya Malware Spread via Software Updates

  • Rsearchers at ESET and Cisco’s Talos division have published detailed analyses of how hackers penetrated the network of the small Ukrainian software firm MeDoc, which sells a piece of accounting software that’s used by roughly 80-percent of Ukrainian businesses.
  • By injecting a tweaked version of a file into updates of the software, they were able to start spreading backdoored versions of MeDoc software as early as April 2017 that were then used in late June to inject the ransomware known Petya (or NotPetya or Nyetya) that spread through victims’ networks from that initial MeDoc entrypoint.
  • This disrupted networks from pharma giant Merck to shipping firm Maersk to
  • Kaspersky Labs has seen at least two other examples in the last year of malware delivered via software updates to carry out sophisticated infections.
  • In one case, perpetrators used updates for a popular piece of software to breach a collection of financial institutions. In another, hackers corrupted the update mechanism for a form of ATM software sold by an American company to hack cash machines.
  • Kaspersky pins both of those attacks on a criminal organization known as Cobalt Goblin, an offshoot of the so-called Carbanak hacker group.
  • One reason hackers are turning to software updates as an inroad into vulnerable computers may be the growing use of “whitelisting” as a security measure. Whitelisting strictly limits what can be installed on a computer to only approved programs, forcing resourceful hackers to hijack those whitelisted programs rather than install their own.
  • A basic security precaution that every modern developer should use to prevent their software updates from being corrupted is “codesigning,” That safeguard requires any new code added to an application to be signed with an unforgeable cryptographic key. MeDoc didn’t implement codesigning, which would have allowed any hacker that can intercept software updates to act as a “man-in-the-middle” and alter them to include a backdoor.
  • But even if the company had carefully signed its code, it likely wouldn’t have protected the victims in the MeDoc case. According to both the analyses of both Cisco Talos and ESET researchers, the hackers were deep enough in MeDoc’s network that they likely could have stolen the cryptographic key and signed the malicious update themselves.

Researchers Find ‘Vaccine’ for Petya/NotPetya

  • A vaccine has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
  • The rapidly spreading ransomware hit businesses, including those in critical infrastructure, across Russia, Ukraine, France, Netherlands, Spain, India, and Denmark. Some experts found similarities with the Petya malware, including its encryption of the Master Boot Record (MBR) on infected systems. Others say this malware hasn’t been previously seen and call it NotPetya.
  • Amit Serper, a security researcher with Cybereason, discovered the ransomware operates by searching for a local file, and will exit the encryption process if the file already existed on the disk. Victims can block the ransomware from executing by creating this file on their machines.
  • To implement the vaccination, create a file called “perfc” in the “C:\Windows” folder and set it to read-only. Researchers call this a vaccination, not a killswitch, because it only vaccinates the machine where it’s stored.

Hackers Targeting US Nuclear Power Plants

  • For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the US, according to a new report from federal law enforcement officials. From a report:
  • One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week by the FBI and Department of Homeland.
  • The report carried an urgent amber warning, the second-highest rating for the severity of the threat.
  • Organizations running the nation’s energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years.
  • In a 2013 executive order, President Barack Obama called cyberattacks “one of the most serious national security challenges we must confront.”

The Pentagon Says It Will Start Encrypting Soldiers’ Emails Next

  • Encryption technology is finally coming to Pentagon email servers next year.
  • For years, major online email providers such as Google and Microsoft have used encryption to protect emails.
  • That technology, technically known as STARTTLS, has been around since 2002.
  • The Pentagon never implemented it. The lack of encryption left some soldiers’ emails open to being intercepted by enemies as they travel across the internet.
  • The US military uses its own internal service, mail.mil, which is hosted on the cloud for 4.5 million users.
  • But now the Defense Information Systems Agency or DISA, the Pentagon’s branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA.
  • DISA’s promise comes months after Senator Ron Wyden (D-Oregon) said he was concerned that the agency wasn’t taking advantage of “a basic, widely used, easily-enabled cybersecurity technology.”

Google to stop scanning Gmail for ad targeting

  • Google said it would stop scanning the contents of Gmail users’ inboxes for ad targeting, effective June 23, 2017.
  • Gmail users would still see “personalized” ads and marketing messages but these would be based on other data, which may include search queries or browsing habits.
  • The free Gmail service would now follow the same practices as its corporate G Suite Gmail.
  • Privacy activists have long complained that the scanning of email contents amounts to unwarranted “eavesdropping” on users.
  • Beware: Google is still tracking you (Searches, YouTube, Chrome, Waze, etc.)

Trick of the Week: Using Amazon Alexa for Calls

  • Alexa Conversations is Amazon’s way of offering a way to contact other Alexa users with either your voice or an app.
  • You can only contact contacts who have Alexa.
  • Calling friends with Alexa Conversations can be done in two different ways. The first was is using your voice, which goes a little like this: Alexa, make a call.
  • Saying this will cause Alexa to ask you who you want to call. From here, you can speak the first name of anyone in your Alexa contacts list. This list is created when you install the Alexa app on your phone. The Alexa app checks your contact information and checks to see if any of those people have an Alexa account. If they do, you’ll see their name in the contact list and be able to speak their name to your Echo.
  • Once you say a name, the call will begin. The recipient’s Alexa devices and apps will start ringing. This means the call can be answered from an Echo or an app on a phone with the same basic result.
  • The other way you can make a call is directly through the Alexa app on your phone. It’s simple enough to do, as long as you know where all the buttons are.
    • Open your Alexa app
    • Tap on the Conversations tab at the bottom of the app
    • Tap the People icon in the top right of this page
    • Tap the contact you want to call
    • Tap the Phone button in the top right
  • This will start the call, after which everything is the same as using your voice. When a call is over, you’ll see the call details nex to the contact in your Conversations tab with any messages you’ve sent.
  • Update: Alexa now supports call Drop In. If you own multiple Echo’s you can have a Drop In conversation simply by saying Alexa, Drop In or XXX.

Net Neutrality Digital Protest Day

  • Dozens of companies and activist groups, including Facebook, Google, Amazon, Netflix, Twitter, Spotify and the ACLU, have already signed on to the protest the recent FCC actions regarding relaxing Net Neutrality Rules., which is trying to drum up grassroots support for the regulations.
  • July 12th is the official Fight for the Future digital protest day. The companies have not revealed how they plan to protest.
  • The rules, which were passed in 2015 by a Democrat-controlled FCC, are meant to prevent broadband companies from favoring their own content over competitors’ services.
  • The regulation explicitly prevents these companies from blocking or slowing down competitors’ traffic or charging fees to deliver service faster.
  • The regulation has been controversial because the FCC in 2015 changed the classification of broadband to treat the service like a public utility.
  • Broadband and wireless companies say the regulations impose outdated law designed for the old telephone network on the internet.
  • Republican FCC chairman, Ajit Pai, who voted against the rules when he was a commissioner, has argued that the previous FCC under President Barack Obama overstepped its authority.