Show of 02-03-2018

Tech Talk

February 3, 2018

Email and Forum Questions

  • Email from Nhan in Atlanta: I recently go an iPhone and love the way that is store photos to the Cloud. However, I have a problem, my data usage is now too high, expecially when I travel on vacation. What are my options? Enjoy the show. Nhan in Atlanta.
  • Tech Talk Responds: iCloud Photo Library is one of those features that just works: take a photo or video on your iPhone, and in a few moments it’s available on all your Apple devices. It’s not, however, great if you have a low data cap.
  • In iOS 10 and earlier, iCloud Photo Library would only upload over Wi-Fi. But in iOS 11, Apple enabled uploading over cellular data. This is great if you have a high data cap, but not so good if your cap is low and you shoot a lot of high-res photos and slow motion video. To turn off cellular uploads, Open Settings and select Photos > Mobile Data. Toggle off mobile data and your photos will only upload over Wi-Fi.
  • Email form Helen in Rockville: Dear Doc and Jim. I have head that two-factor authentication is very secure. I an thinking of using for a few of my accounts. However, I am worried about being locked out of the account if I lose my cell phone or am on travel. What do you recommend? Enjoy the podcast. Helen in Rockville.
  • Tech Talk Responds: First , print out the “backup codes” for all your accounts and store them somewhere safe. These codes will allow you to regain access to your account if you ever lose your two-factor authentication method in the future. Keep them in a secure location.
  • For a Google account, these backup codes only work once each, ensuring that anyone who intercepts the code can’t log into your account with it afterwards. If you run out of codes, be sure to generate some more. You can print backup codes for your Google account from the two-step verification settings page.
  • Be sure to check the phone number you have linked to your accounts. If an account does not have your current number on file, you cannot use that phone number to regain access. If you get a new phone number, be sure to update it with the services you use so you won’t get locked out of your accounts.
  • Ensure any email addresses you have on file with your accounts are current. If the service is linked to your main email account, this will be simple. But, if the service is your main email account, you might want to set up a separate backup email address for it. You should log into any email addresses regularly, as companies like Microsoft, Google, and Yahoo reserve the right to delete “inactive” email accounts that aren’t logged into on a regular basis. You would not want to find that your email address was incorrect or no longer exists if you need it to recover your account.
  • You should also ensure any personal information you have provided to websites you use two-factor authentication with is correct. For example, you may be asked to confirm the answers to any security questions you previously set up, recite the birthday as it appears on your account, or confirm any other personal information the service has on file. If you gave the service wrong information because you just didn’t want to share your real personal details at the time, you may want to go back and correct it.
  • Email from Alice in Reston: Dear Doc and Jim. My computer switches to a black screen after about 5 to 15 minutes of use. Then I have to turn it off to get another 5 to 15 minutes of use. What is causing this black out? Love the show. Alice in Reston
  • Tech Talk Responds: And the most common cause of crashes is overheating. Your computer needs good ventilation to avoid overheating. Make certain that the ventilation holes aren’t blocked by dust or other debris.
  • Hardware does fail. One of the early signs of impending failure is a periodic crash such as you describe. If it is consistently happening 5 to 15 minutes after boot up, after looking at possible overheating issues, I’d begin suspect the power supply.
  • One more common “black screen” failure mode is that the computer’s display has stopped working, but the computer itself is still running properly. Play an MP3 in loop mode. If the monitor goes black, but the music continues to play, you know that the computer is still running, and that the problem is more likely either the video card, the video drivers, the monitor, or the cables connecting the monitor to the computer.
  • Finally, it could just be a screen saver. If you wiggle the mouse or hit a key on the keyboard and your screen comes back, that’s it. If you have a laptop, it’s possible that the computer has gone into Standby or Hibernate mode. If you simply push the power button and it comes back up to where you were after a few seconds, that’s probably it.
  • Email from Ian in Greenbelt, MD: Dear Tech Talk. I keep getting programs installed on my computer that I never wanted. I can I clean up this mess. It is slowing down my computer and becoming very annoying. Listen every Saturday. Ian in Greenbelt, MD.
  • Tech Talk Responds: It’s becoming more common that installing one download may result in several other things being installed as well. This can be very annoying.
  • If some unexpected toolbars and other applications that show up on your computer, you can simply uninstall them. Go to the Control Panel’s Programs and Features item: Look for the items by name. Look for names that include the word “toolbar.” Right-click the item you want to uninstall and click Uninstall.
  • Next run MalwareBytes. You can download and install the free version. Do not select the free trial of their premium product. The Malwarebytes’ scan may take a while. When it’s complete, you’ll get a notification if you have malware. You can review the list if you like, but in general, the correct next step is to simply click Apply Actions to quarantine everything. You will likely need to reboot.
  • If you are still having problems, restore to a recent backup image. If the backup image was prior to this software appeared, restoring gets rid of everything.
  • The real message is prevention. The offer is usually hidden and defaulted to Yes. Whenever you install any software – even software that you’ve purchased as it turns out – always choose the “Custom” or “Detailed” option. Choose whatever option is not the default option.
  • Email from Dave in Colorado: Dear Tech Talk. I am backing up my computer as you recommended. How can I test whether the backup is actually any good? I would rather test now than later. Love the show. Dave in Boulder, CO.
  • Tech Talk Responds: Testing your backups is an easy step to overlook, but an important step to take.
  • If you are only backing up specific files and subdirectories, you can pick an important file on your hard disk and rename it. Now go restore the original from your backup, and make sure it’s the same. Assuming its successful, repeat this for several different files in different locations on your hard disk, to ensure that the files you expect to be backed up actually have been, and can be recovered if needed.
  • If you have created a disk image, create and boot from the “emergency disk” or “rescue media”, to make sure that it works and can “see” the back up you’ve created, as well as the hard disk onto which that backup might be restored. Follow the sequence to actually perform an image restore, stopping at the very last step. Do not actually perform the restore because that will overwrite your hard drive. You could try the restore to an extra internal hard drive, if that is an option.

Profiles in IT: Demis Hassabis

  • Demis Hassabis is best known as co-found of Deepmind Technologies, an artificial intelligence startup purchased by Google.
  • Hassibis was born July 27, 1976 in London a Greek Cypriot father and a Chinese Singaporean mother.
  • A child prodigy in chess, Hassabis reached master level at the age of 13.
  • Hassabis was educated at Queen Elizabeth’s School in Barnet and Christ’s College in Finchley. He completed his A-level exams two years early.
  • Hassabis began his computer games career at Bullfrog Productions, first level designing on Syndicate and then at 17 co-designing and lead programming on the classic game Theme Park.
  • Theme Park, a celebrated simulation game, sold several million copies and won a Golden Joystick Award, and inspired a whole genre of management sim games.
  • Hassabis then left Bullfrog to study at Queens’ College, Cambridge, in Computer Science, graduating in 1997.
  • After graduating from Cambridge, Hassabis worked at Lionhead Studios, as lead AI programmer on the god game Black & White.
  • In 1999, aged 23, he won the Mind Sports Olympiad, an annual international competition for games of mental skill. He won it a five times before retiring in 2003.
  • Hassabis left Lionhead in 1998 to found Elixir Studios develop games. In April 2005, the assets were sold to various publishers and the studio was closed.
  • Hassabis then returned to academia to obtain his PhD in cognitive neuroscience from University College London (UCL) in 2009. In his research, he sought to find inspiration in the human brain for new AI algorithms.
  • After a stint as MIT and Harvard, he received as a postdoc fellowship at the UCL.
  • In 2010, Hassabis co-founded DeepMind, a London-based machine learning AI startup, with Shane Legg and Mustafa Suleyman.
  • Hassabis and Suleyman had been friends since childhood, and he met Legg at University College London as a postdoc.
  • DeepMind aims to combine neuroscience and machine learning with new computing hardware to create artificial general intelligence (AGI).
  • The company focused on training learning algorithms to master games. It developed Deep Q-Network (DQN) to play Atari games using the raw pixels as inputs.
  • Google purchased DeepMind for 400 million pounds. Since the Google acquisition, the company created AlphaGo, a program that defeated world champion Lee Sedol at the complex game of Go.
  • Deepmind has made advances in deep learning and reinforcement learning, and developed deep reinforcement learning which combines these two methods.

Over $100B Drop in Cryptocurrency Market in 24 hours

  • Over $100 billion was wiped off the global cryptocurrency market in 24 hours on Friday amid concerns over tighter regulation and worries that the bitcoin price was manipulated on a major exchange.
  • The total market capitalization or value of all cryptocurrencies in circulation stood at $405 billion Friday (February 2, 2018) morning. This was a fall of $112.6 billion in value from a day before.
  • fell below $9,000 on Thursday and briefly dropped below $8,000 Friday morning.
  • Other major coins including ethereum and ripple were down 12 percent and 13 percent, respectively.
  • The cryptocurrency world has been plagued by a spate of negative news.
  • India’s Finance Minister Arun Jaitley said the country wants to “eliminate” the use of digital currencies in criminal activities, signaling tighter regulation in the country.
  • The New York Times reported that an increasing number of digital currency investors are worried the price of bitcoin and other digital currencies have been inflated by cryptocurrency exchange Bitfinex, which is suspected on market manipulation.
  • And last week, Japanese exchange Coincheck was compromised after hackers ran off with over $500 million worth of a cryptocurrency called NEM.

Meltdown, Spectre Malware Samples Found In The Wild

  • Security company Fortinet announced that it has found dozens of malware samples that have started taking advantage of the proof-of-concept (PoC) code for the Meltdown and Spectre CPU flaws released earlier last month.
  • The security research team at AV-test uncovered 119 malware samples between January 7 and January 22 that were associated with the Meltdown and Spectre flaws.
  • Intel has promised some Meltdown and Spectre fixes only for chips released in the past five years, and it has promised to look at patching older chips later on, too.
  • However, Intel has already pulled its Spectre variant 2 patch because it was causing rebooting errors for some Intel-based computer owners, so everyone will remain vulnerable to this flaw for the time being.
  • Additionally, the microcode updates that Intel is releasing have to be integrated and delivered by device makers. Most of the currently used PCs, notebooks, and mobile devices may never see microcode fixes.
  • Once the antivirus companies learn about some malicious code being spread online, they can classify it as a virus and give its own signature. Then the antivirus can block it from everyone’s computers before it infects millions of users. However, before that happens, many thousands of users will likely suffer the full consequences of such malware.
  • Fortinet released the a list of known Meltdown/Spectre malware signatures.

NASA finds Satellite But Still Can’t Communicate

  • NASA has announced it will try to wake up the “zombie satellite” IMAGE, unexpectedly found working by an amateur sat-spotter.
  • Magnetosphere scanner IMAGE went silent, and was presumed dead in 2005. Then this month, Scott Tilley caught a signal from the missing satellite. He was looking for a recent spy satellite lost by SpaceX.
  • The rediscovery of IMAGE was tentatively confirmed by NASA’s Goddard Space Flight Center, which said it would use the Deep Space Network to verify the observation.
  • However, the space agency has lost the communication software for this satellite. Goddard is undertaking “significant reverse-engineering” to capture and analyze the probe’s communications.
  • The types of hardware and operating systems used in the IMAGE Mission Operations Centre no longer exist, and other systems have been updated several versions beyond what they were at the time.”
  • If NASA can decode data from the satellite, it will then try to, by remote control, turn on the satellite’s payload “to understand the status of the various science instruments,” and make a decision about IMAGE’s future.

Fitness App Reveals Remote Military Bases

  • In November, Strava, a fitness app that markets itself as a social network for athletes, released a global heat map that tracked users’ shared running routes using GPS data from FitBits, cellphones and other fitness tracking devices.
  • Any military personnel using the app who enabled data sharing may have caused a security breach in remote military bases that are “clearly identifiable and mappable.”
  • If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous.
  • A close review of the app’s heat map shows the whereabouts of well-known U.S. military bases as well as other obscure, potentially sensitive locations, which could inform someone who wants to attack or ambush troops at these remote locations.
  • Military leaders are in the process of reviewing the privacy settings of fitness tracker devices, which the Pentagon has encouraged military personnel to use since 2013.

More than 2,000 WordPress websites are infected with a Keylogger

  • More than 2,000 websites running the open source WordPress content management system are infected with malware. The malware in question logs passwords and just about anything else an administrator or visitor types.
  • The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that’s secretly run on the computers of people visiting the infected sites. PublicWWW showed that the package was running on 2,092 sites, as of January 29, 2018.
  • Website security firm Sucuri said this is the same malicious code it found running on almost 5,500 WordPress sites in December. Those infections were cleaned up after cloudflare solutions, the site used to host the malicious scripts, was taken down.
  • The script sends data entered on every website form (including the login form) to the hackers via the WebSocket protocol.”

ATM jackpotting reaches US

  • ATM manufacturers Diebold Nixdorf and NCR have warned that jackpotting attacks have come to the United States.
  • Jackpotting first appeared in Western Europe in 2015 and in Mexico in 2013.
  • Once the top portion of an ATM is open and another device is connected, the malware can be used to force an ATM to dispense money.
  • Once installed, criminals can operate the ATM remotely and send money mules to pick up the proceeds, keeping their own identities hidden.
  • FireEye estimates that a money mule can obtain thousands of dollars in minutes, since compromised ATMs my release up to 40 bills every 23 seconds.
  • Diebold Nixdorf is the malware’s target, with attacks specifically impacting Opteva 500 and 700 series models. These models are no longer being produced but are still in circulation.
  • Criminals have compromised these machines by dressing as technicians in a set of coordinated attacks. Further attacks may be on the horizon.
  • Diebold alerted customers on Friday to the attack trend. The jackpotting method can be stopped if the latest firmware updates are applied.
  • However, ATMs operating on the now unsupported Windows XP operating system are particularly at risk from jackpotting.
  • In May 2017, European law enforcement agency Europol arrested 27 suspected members of a criminal gang which specialized in jackpotting.
  • The two-year investigation uncovered jackpotting in at least 10 countries.
  • Overall ATM fraud was estimated to have caused 32 million Euros in losses between 2015 and 2016.

Alexa Won’t Light Up During Amazon’s Super Bowl Ad

  • com is advertising its Alexa-powered speakers in the big game on Sunday.
  • The word “Alexa” is uttered 10 times during the Super Bowl spot, but Alexa wont respond.
  • A September 2014 Amazon patent titled “Audible command filtering” describes techniques to prevent Alexa from waking up “as part of a broadcast watched by a large population such as during a popular sporting event.
  • The patent broadly describes two techniques. The first calls for transmitting a snippet of a commercial to Echo devices before it airs. Then the Echo can compare live commands to the acoustic fingerprint of the snippet to determine whether the commands are authentic. The second tactic describes how a commercial itself could transmit an inaudible acoustic signal to tell Alexa to ignore its wake word.

Scientists find massive Mayan society under Guatemala jungle

  • Researchers using aerial mapping have found tens of thousands of previously undetected Mayan houses, buildings, defense works and pyramids in the dense jungle of Guatemala’s Peten region.
  • The discoveries, which included industrial-sized agricultural fields and irrigation canals, were announced Thursday by an alliance of U.S., European and Guatemalan archaeologists working with Guatemala’s Mayan Heritage and Nature Foundation.
  • The study estimates that roughly 10 million people may have lived within the Maya Lowlands, meaning that kind of massive food production might have been needed.
  • Researchers used a mapping technique called LiDAR, which stands for Light Detection And Ranging. It bounces pulsed laser light off the ground, revealing contours hidden by dense foliage.
  • The images revealed that the Mayans altered the landscape in a much broader way than previously thought; in some areas, 95 percent of available land was cultivated.
  • The 810 square miles of mapping done vastly expands the area that was intensively occupied by the Maya, whose culture flourished between roughly 1,000 BC and 900 AD. Their descendants still live in the region.
  • The mapping detected about 60,000 individual structures, including four major Mayan ceremonial centers with plazas and pyramids.