Show of 10-14-2017

Tech Talk

October 14, 2017

Email and Forum Questions

  • Email from Rick from Niceville: Dear Dr. Shurtz, I need to replace my external hard disk drive and I am considering the My Cloud Home by Western Digital. Is this a good product or are there other comparable products for home use and storage accessible via the cloud? Also, does My Cloud Home have security protection to prevent hackers to access my home files, pictures, videos, and etc.?  As a suggestion for a person to feature on Tech Talk (if you haven’t already done so), perhaps you can highlight the Father of the Disk Drive, Reynold B. Johnson, the American inventor and computer pioneer who was a long-time employee of IBM.  Johnson is said to be the “father” of the disk drive. Other inventions include automatic test scoring equipment and the videocassette tape. Rick from Niceville, FL
  • Tech Talk Responds: Western Digital’s My Cloud Home devices have gotten good reviews. I would make certain that you get the My Cloud Home Dual Drive. The dual drive is set up using RAID 1, where the second drive is an exact mirror of the first. RAID stands for Redundant Array of Independent Disks. This is truly a backup system. However, if you want a higher level of protection, you will need to have a second one at another location. The 4T dual drive is $309 and the 16T dual drive is $699. The other competitor in this space is Seagate Central. However, it is a single drive system and the capacity is capped at 4T. The reviewers loves Seagate Central because it is designed to work as a whole-home central media library for sharing and accessing data from game consoles, Smart TVs, and Blu-ray discs. As far as security is concerned, the WD My Cloud has critical security vulnerabilities revealed in early 2017. WD issued firmware patches in late March and early April, so make certain that you system has the latest firmware patches before connecting it to the Internet. The bottom line is that given your use, the WD My Cloud Dual Drive is a good choice.
  • That for the Profiles in IT suggestion of Reynolds Johnson. He was an interesting tech innovation. We featured him on February 17, 2017. If you have any more suggestions, send them in.
  • Email from Arnie in Colorado Springs: Hi Dr. Shurtz, I’m still working suggestions from your 29 July 2017 Tech Talk program re internet speed. I use Ookla for my speed test. Ookla automatically selects the server from Denver 54 miles away. Question is, since I have Comcast as a provider, will my router connect to other providers’ servers, or just Comcast in Denver? Ping speed varies from 13 to 17 ms, if that really concerns my speed. Last month within an hour my speed ranged from 1.26 mbps to 101.86 mbps
  • Considering the distance to servers here in Colorado Springs, does the 2.4 MHz work better for long distances or the 5.8 MHz? Not sure how you separated the speeds in previous / July program – Stratford _5.8, etc. I’d like to just switch to 5.8 Mhz to increase speed – for one laptop & WiFi to a couple of iPads & iPhone. BTW, I bought my own router to avoid monthly Comcast charge for one. Do I need both speeds to get connectivity & faster internet speed? Many thanks. Great show! Arnie in Colorado Springs, CO
  • Tech Talk Responds: Arnie, you can use any speed check service to check you lines. I never use the one provided by the ISP. They have a conflict of interest. The one that I like to use is dslreports.com (http://www.dslreports.com/speedtest). This provides both download and upload speed tests, as well as, latency reports to different servers. Note that you may have to turn off anti-virus protection to get an accurate upload speed test because this software may buffer the upload.
  • I like to have separate network names for the 2.4GHz and the 5.8GHz band. I put all my video on the 5.8GHz band (smart TV etc.) because it has higher bandwidth and less interference from other devices operating at 2.4GHz. However, 5.8GHz has a shorter range because of attenuation caused by walls and ducting. I don’t like my computer selecting the best channel automatically, so I simply choose a network and it stays with network. The increased bandwidth only matters for transfers within the house. The main bandwidth bottleneck to the Internet is the last connection of the router over the last mile. The set up my networks, I simply log onto the router and go the wireless setup section. By default, both bands have the same name. I simply rename the network for each band to a unique name (Network_2.4 and Network_5.8). If you are in an apartment building, the 5.8GHz band is your best option because of inference from your neighbors. This band has more non-overlapping channels.
  • Email from Tracy in Fairfax: Dear Tech Talk. I was send a document formatted in PDF (Portable Document File). I need to edit it. Is there a way to convert this to a document that can be edited without cost? I enjoy the show live every weekend. Tracy in Fairfax
  • Tech Talk Responds: PDF is a document standard created by Adobe. Unless you paid for Adobe Acrobat (the full version, not just the Reader), you will have to look for a specific tool to edit the text of PDFs. Many of these are available on various platforms, but for an easy and free method that works across all kinds of desktops and mobile devices, you can use Google Docs.
  • If you have your PDF file ready, open drive.google.com in any browser and log in with your Google account. Upload your PDF file from your local files by clicking the blue “NEW” button on the left, then “File upload.” Select your PDF and wait for it to upload to Google’s server. Once the file is in your drive, right-click or long-tap the item in Drive’s main view. Select “Open Open with,” then click “Google Docs.” The PDF document will open in a new browser tab in the Google Docs interface.
  • You can edit any of the text in the PDF document as if it were a standard word processor file. Some of the formatting may be a bit off thanks to Docs’ interpretation of the images and spacing in the PDF file, but all of the formatted text should be visible and editable. You can edit any of the text in this window and save your work online in Google Docs for later.
  • If you would rather have a standard document file for an offline word processor, click “File,” then “Download as.” Here you can choose from Docx, ODT, TXT, RTF, and other formats, so you can open them in Microsoft Office (or your word processor of choice). Click on the one you want, and it will immediately be downloaded to your default desktop or phone folder. You now have a saved, editable copy of your original PDF, compatible with any word processor.
  • Email from Ngoc in Ohio: Dear Doc and Jim. I understand that a computer driven program using trial and error can figure out my password, especially if it is not very strong. Wouldn’t a hacker have to actually try each of these computer derived guesses on the sign-in screen of the website? After just a few failed attempts at entering a password, the website will not allow any more tries. So how are they able to try out all of the possible passwords? I want to keep my content private so I use a long password, but worry about hacking. Enjoy the show. Ngoc in Ohio
  • Tech Talk Responds: Trying every possible combination is called a brute force attack. You are right that a login system will block you after a few failed attempts. However, hackers have other options. They hack the server directly and download the password file. Most password files are encrypted in what is called a hash file. It is statistically impossible1 for two passwords to generate the same hash. When you set your password, the service creates the hash associated with it and stores the hash, not your actual password. Hacker then operated on his hash file and try every possible combination. With each attempt, they create the hash; then they see if it is in the database they just stole. If it is, they now know the password for the user account that had that hash; it’s the password that created the hash like they just did. This is where password length and complexity come into play.
  • It is currently feasible to try all possible eight-character passwords in a short amount of time. That is why most industry experts now say 12 characters is the new minimum length of a password. The amount of time required to try them all increases exponentially each time you add a character to the length.
  • Because of this ongoing threat, I also advise adding two-factor authentication to your important accounts. With two-factor authentication enabled, even knowing the password isn’t enough to get in.

Profiles in IT: Mahabir Pun

  • Mahabir Pun is what the Internet Society calls a global connector, who is best known for leveraging the Internet to improve lives in remote corners of Nepal.
  • Pun was born January 22, 1955 in Nangi, a remote village in western Nepal.
  • Pun spent his childhood grazing cattle and sheep, and attending a village school.
  • The family moved to the city and invested their entire savings in his son’s education.
  • After finishing high school, Pun worked as a teacher for 12 years in four schools.
  • In 1989, he received a partial scholarship to the University of Nebraska, receiving his Bachelor’s degree (1996) and Master’s degree (2001), both in education.
  • In 2001, he returned to his native village of Nangi to transform education. To check his email, he had travel to Pokhara, a five-hour walk and three-hour bus ride away.
  • Pun began teaching computer classes, but it was impossible to connect to the Internet.
  • Pun decided to bring wireless Internet access to Nangi’s 700 villagers.
  • He upgraded the village school through his Himanchal Education Foundation.
  • He set up revenue projects, like yak and rabbit farming and jam and cheese making.
  • In 2001, donors and volunteers helped him to rig a wireless connection between Nangi and the village of Ramche, using small TV dish antennae mounted in trees.
  • Small grants soon led to the construction of improvised mountaintop relay stations and a link to Pokhara. By 2003, Nangi had a wireless connection to the Internet.
  • When he began, the government was fighting a Maoist insurgency and had banned the movement of wireless equipment into the rebels’ rural strongholds.
  • He got university students from US and Europe to smuggle in equipment. The government was too busy fighting and the Maoists had no idea what he was doing.
  • By 2006, he had hooked up 13 mountain hamlets to the Internet. The following year, he received a Ramon Magsaysay Award – Asia’s equivalent of the Nobel Prize.
  • In 2006, the Maoists signed a peace accord with the government and Pun was operate in the open. He has now helped to connect almost 200 remote settlements.
  • Pun taught villagers how to use the internet and email, set up bulletin boards for communication. He installed IP phones so people reach nearby villages.
  • Since few families are able to afford a computer at home, each village has up to four computers – in schools, clinics, communications centers and local government offices.
  • He then shifted focus from communication to education, health and e-commerce.
  • He started video-conferencing to connect the rural clinics to a doctor in a hospital in Pokhara. He also provides online banking for transfer of funds to the rural areas.
  • Pun created the Nepal Trekkers Tracking System to monitor Everest hikers.
  • He is now a board member of Open Learning Exchange Nepal, which creates digital educational content in Nepalese, based on the school curriculum.
  • In 2007, Pun received the Magsaysay Award, considered the Nobel Prize of Asia.
  • In 2014 was inducted into Internet Hall of Fame as a global connector.

Russian Hackers Used Kaspersky Antivirus as Backdoor

  • Hackers from Israel discovered that Russian spies were using the Kaspersky Lab antivirus software to spy on American intelligence agencies.
  • The Israeli hackers spied on the Russians in real time. The discovery has led the Department of Homeland Security to remove Kaspersky Lab software from government computers.
  • Like other antivirus software, Kaspersky Lab software requires complete access to the computer it is installed upon in order to effectively scan and check for viruses. If exploited, a hacker could technically gain access to everything stored on a computer running Kaspersky Lab antivirus software.
  • The Department of Homeland Security issued an order last month for all federal executive branch agencies to cease using antivirus products from Kaspersky Lab, citing “information security risks.”
  • Kaspersky released a statement claiming it has “never helped, nor will help, any government in the world with its cyberespionage efforts,” while also requesting any relevant information from the U.S. government to enable Kaspersky to begin an investigation.
  • Kaspersky Lab reiterated its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems.

PornHub Hit with Poisoned Malware Ads

  • The Kovter malware is being spread via poisoned ads served up by the X-rated adult PornHub site.
  • The ads, delivered via the Traffic Junky advertising network, tricked unsuspecting users of Google Chrome, Firefox and Microsoft Edge/Internet Explorer into installing bogus “critical” updates to their browsers.
  • The attackers were attempting to generate money for themselves by using click fraud.
  • However, the malware could easily have been modified to spread more serious threats such as ransomware or spyware.
  • Researchers at Proofpoint, who discovered the attack, report that both PornHub and Traffic Junky acted swiftly to fix the problem after they were notified.
  • PornHub visitors who were duped by the attack and tricked into installing malicious code on their Windows computers.
  • Whether your visiting smutty sites or not, you can reduce the chances of your computer being hit by a malvertising attack by simply preventing the ads from showing up in your browser in the first place.
  • Until websites and ad networks can prove that they are able to deliver safe ads it seems to me that surfing the internet without an ad blocker is asking for trouble.

Cutting the Cord: My Journey

  • I purchased Mohu Airwave for $149.99.
  • It includes a curved HD antenna and a Wi-Fi bridge
  • It is currently supports Apple TV4 and Roku, with plans for iOS and Android apps.
  • No directions came in the box, but I could configure it easily once I figured it out.
  • I used an internal Wi-Fi connection to configure the Wi-Fi Bridge. Once it was connected to the home Wi-Fi system, it downloaded a firmware update.
  • I installed the Mohu app on Apple TV4 and continued the setup. After connecting to the bridge, I input my zip code. I then scanned for available channels.
  • I found about 20 (only one was a main broadcast station). The Mohu automatically downloaded the programming schedule for each station found. Very nice directory.
  • My problem was that I did not get the stations I wanted. I put the unit on the second floor at every window. Same result. I need more S/N from the antenna.
  • I email Mohu support and they told me that I could not use an antenna with an amplifier because if would create a ground fault. I could only use an unamplified antenna.
  • I will try it, but I am not hopeful. This unit needs to come with more antenna options.
  • The concept is great and shows that we are nearly ready to cut the cord. More to come.