Show of 02-17-2018

Tech Talk

February 17, 2018

Email and Forum Questions

  • Email from Carl Tyler: Dear Dr. Shurtz: I believe I have a good candidate for Tech Talk Radio’s “Profiles In IT”. His name is William Friedman. Friedman worked for the Signals Intelligence Service during World War II. He and his team were responsible for breaking the Japanese cipher “Purple”. Friedman had a long and illustrious career as a cryptologist and later worked for the NSA. He is also credited for coining the term “cryptanalysis”. Thank you for your podcast. Loyal podcast listener, Carl Tyler
  • Tech Talk Responds: Carl, this is a great suggestion. We will feature William Friedman today on Tech Talk.
  • Email from Hac in Bowie: Dear Doc and Jim. I use Facebook uploads to keep all of my pictures. Unfortunately, Facebook only uploads low-resolution images. Is there any way always to upload, photos in high resolution. That would allow my family to copy and download the pictures for printing. Thanks for a great show. Hac in Bowie
  • Tech Talk Responds: By default, when you upload a photo to Facebook from your phone, it’s uploaded as a low resolution file. The good news is that you can change that default. Here is how to change the upload resolution.
    • On an iPhone, Open the Facebook app, go to the Options screen and select Settings. Head to Account Settings > Videos and Photos. Turn on both Upload HD switches on.
    • On an Android Phone, Open the Facebook app, go to the Options screen, and under Help and Settings, select App Settings. Toggle the switches for Upload Photos in HD and Upload Videos in HD to On.
  • Happy Facebooking. However, I would not recommend that you use Facebook to store all of your photos. You may lose them if your account is ever high jacked, or if Facebook changes their storage options. You should upload your photos to the cloud (iCloud, Google Drive, or One Drive). You can also use an external hard drive to backup your photos. I actually use both the cloud and an external hard drive.
  • Email from Irene in Arlington, Texas: Dear Doc and Jim. I heard that you can get free software from the IRS to file you taxes. Is that true? How can I get it? Enjoy the podcast. Irene in Arlington, Texas.
  • Tech Talk Responds: If you earned less than $66,000, there is actually an official, truly free method: IRS Free File. This is a partnership between the IRS and several different tax preparation companies, and it offers you free software for working out and filing your taxes online. Companies like TurboTax and H&R Block are here, offering free versions of their software that won’t try to upsell you.
  • To get started, go to the official list of Free File Software Offers on the IRS website (https://apps.irs.gov/app/freeFile/jsp/index.jsp).
  • You will see 12 different options, all with different qualifying requirements. All of these programs are free for anyone who qualifies.
  • Which of these options you use is going to depend on your financial situation as well as where you live, because each has different requirements. The most universal offering is H&R Block, which offers federal and state taxes for free to anyone between 17 and 50 earning $66,000 or less. Start there if that describes you, otherwise check out the other options.
  • Email from John in Chesapeake, VA: Dear Tech Talk. My Internet is very slow. It used to be much faster. What should I do to restore the speed? Love the show. John in Chesapeake, VA
  • Tech Talk Responds: Before troubleshooting, it’s worth running a speed test using a website like Speedtest.net to see how well it’s actually performing. Be sure to stop any downloads, uploads, Netflix streaming, or other heavy internet activity before running the test to ensure as little interference with the results as possible.
  • Compare the measured speed results against the expected speed of the Internet connection you are paying for. Remember the bandwidth is not guaranteed and your speeds may slow during peak times.
  • Reboot Your Modem and Router — Like computers, modems and routers sometimes get stuck in a bad, slow, overloaded state. This problem can be fixed with a reboot. If you haven’t rebooted your router and modem in a while, you should do it now.
  • Improve Your Wi-Fi Signal — It’s possible your internet is fine, but your Wi-Fi—which connects you to the internet—is having signal problems. There are quite a few reasons you may have a bad Wi-Fi signal. The airwaves could be congested with too many devices nearby, especially if you’re using 2.4 GHz and not 5 GHz, which can support a lot more devices. This is a particularly common problem in denser urban areas. For example, if you live in an apartment complex with neighbors who have a bunch of wireless routers and other devices.
  • If you have a larger home or yard and need better Wi-FI coverage, consider getting a mesh Wi-Fi system that provides multiple base stations you can place around your home or property.
  • Stop Saturating Your Connection (or Try QoS) — Your Internet connection is shared by all the devices in your home, so other devices on your network could be saturating your Internet connection, slowing things down for everyone else. If your router has a Quality of Service (QoS) feature, which will allow your router to automatically manage and assign how much bandwidth different devices and services receive. For example, it can automatically throttle BitTorrent bandwidth to avoid slowing down Netflix streams.
  • Check for Coax Splitters — If you have cable Internet and you have coaxial cable splitters on the line going to your cable modem, these could be degrading your signal strength and leading to slower Internet connection. Splitters vary in quality, and a bad, cheap one could lower your signal strength much more than a higher quality one would. See how your Internet connection performs without any splitters on the line. If you have a much faster Internet connection speed, you have found your problem.
  • Call Your ISP and Report the Problem — There may be a problem with the cable line running from your house to your ISP, or with some other equipment they have. In this case, you should call your Internet service provider and report the problem.
  • Email from Alice in Fairfax: Dear Tech Talk. I am thinking about doing my banking online. However, I am not really sure that I can trust it. What is your opinion about online banking? Alice in Fairfax, Virginia
  • Tech Talk Responds: I regularly bank online. I have done so for years without incident. However, I follow some basic rules.
  • Use a strong password – Much of the account theft I see is due to poor passwords. You must have a strong password on your banking accounts. It’s your best, first line of defense.
  • Don’t share passwords – Giving your password to someone you “trust” is another way banking accounts often get compromised.
  • Use two-factor when available – Two-factor (also “multi-factor”) authentication prevents unauthorized entry into your accounts even when the password is known. Using SMS, a dedicated app, or some other approach is the best way to truly lock down your most important accounts.
  • Open only email attachments you trust – If you’re the least bit uncertain, don’t open ’em. Email attachments are, by far, the most common way malware lands on machines these days.
  • Learn to recognize and avoid phishing – In order to fool you, hackers constantly send email that looks like it came from your bank. Don’t click on links in email messages from your bank. Instead, visit your bank as you would without the email: type the address of your bank’s website into the browser address bar (or use a bookmark you saved previously).
  • Secure your network – Make sure to secure your router. Understand what it means to use an open Wi-Fi hotspot or other shared network connection safely. Yes, you can bank online safely when traveling (again, it’s something I do), but it does require that you pay attention to network security.
  • Avoid shared or public computers, period – While library computers or the machine you can borrow while visiting your friend might be convenient, you have no idea what’s on them. They could be full of malware or include undetectable malicious hardware. Avoid them for anything sensitive.

Profiles in IT: William Frederick Friedman

  • William Frederick Freidman is known as the Dean of American Cryptology
  • Wolf Frederick Friedman was born September 24, 1891 in Moldavia, Russia
  • His family moved to Pittsburgh, PA in 1892 and changed his first name to William.
  • Friedman was introduced to cryptography by “The Gold-Bug” by Edgar Allan Poe.
  • He studied at Michigan State and received a scholarship to Cornell in genetics.
  • He joined Riverbank Labs in September 1915 as head of the Department of Genetics.
  • One of his projects was to find secret messages in messages by Sir Francis Bacon. He met his future wife, Elizebeth, who was working on the same project.
  • He soon became director of Riverbank’s Department of Codes and Ciphers as well as its Department of Genetics. Friedman wrote a series of 23 papers on cryptography, including the first description of the index of coincidence.
  • Riverbank became the unofficial cryptographic center for the US during WWI.
  • Friedmans broke a code used by German-funded Indian radicals in the US who planned to ship arms to India to gain independence from England.
  • The US decided to set up its own cryptological service. To support the program, Friedman wrote a series of technical monographs, completing seven by early 1918.
  • He enlisted in the Army and went to France to serve as the personal cryptographer for General Pershing. He returned to the US in 1920 and published an eighth monograph.
  • In 1921 he became chief cryptanalyst for the War Department.
  • Friedman coined several terms, including cryptanalysis.
  • During the 1920s, he analyzed and cracked cipher machines based on using typewriter mechanics and basic electrical circuitry using statistical analysis.
  • In 1939, the Japanese introduced a new cipher machine for their most sensitive diplomatic traffic, called PURPLE. It was different and much more difficult.
  • After several months Friedman and his team figured it out. PURPLE did not use rotors but stepper switches. His team constructed an exact analog of the PURPLE.
  • It was used to decrypt Japanese messages before and after the Pearl Harbor attack.
  • Friedman developed SIGABA, which was immune to this attack which became the US’s highest-security cipher machine in WW II.
  • SIGABA was similar to the Enigma in basic theory, in that it used a series of rotors to encipher every character of the plaintext into a different character of ciphertext.
  • The US gave the British a PURPLE machine, in exchange for details on the design of the Enigma machine and on how the British decrypted the Enigma cipher.
  • In 1949 he became head of cryptographics of the Armed Forces Security Agency (AFSA) and in 1952 became chief cryptologist for the National Security Agency.
  • Friedman produced a classic series of textbooks, “Military Cryptanalysis”, which was used to train NSA students. He encouraged the NSA to develop super-computers.
  • Friedman retired in 1956 died in 1969, after a long illness. Elizabeth placed an encrypted message on his tombstone (Knowledge is Power).
  • Friedman has been inducted into the Military Intelligence Hall of Fame and there is a building named after William and Elizebeth at the NSA complex at Fort Meade.

Google Now Blocks Annoying Ads In Chrome

  • To combat annoying ads, and leave its own alone, Google is adding an ad blocker to Chrome today.
  • If you are using Chrome, you can update your browser today to get the new ad blocker. The new version with ad blocking is Chrome 64. I had to request a download to get the latest browser.
  • This new feature will block a number of the most extreme annoying ad types, including autoplaying videos with sound and pop up ads.
  • It also blocks large sticky ads (those banners that appear over the text you’re reading and won’t go away), and what are known as “prestitial ads” that have a countdown. These are the huge overlays that block a site entirely and tell you to wait a few seconds before continuing to the site you’re about to read.
  • There are also a bunch of mobile ads that Google will start blocking according to the Coalition for Better Ads, an industry group that counts Google, Facebook, and Microsoft among its members.
  • Importantly, this feature does not mean that you’ll never see any ads at all. Google’s goal with this ad blocker is to get rid of the most annoying offenders, but it’s also hoping that if the bad ads are gone, you won’t mind the more mild ads quite so much.
  • Google reports that as of February 15, 2018, 43% of all sites have modified their ads to conform to the new standard.
  • This seems like a fair trade. But Google has an biased position in this effort.

How to Disable Chrome’s New Ad Blocker

  • Go to Chrome’s Settings menu. Click the three dots in the upper right, then choose Settings.
  • Once in the Settings menu, scroll all the way down to the bottom and click on Advanced.
  • Scroll down a bit more, to the Privacy and Security section. Find the Content Settings option and click it.
  • Scroll down to Ads and click it.
  • Interestingly, this is on by default, but the toggle makes it look like it’s off. Instead of disabling the feature by turning it off, you actually toggle to it “allow ads.” It’s sort of counter intuitive if you ask me.
  • If you’re not keen on allowing all ads to come through for every site but don’t mind it for specific sites, you can do that too.
  • Navigate to the site you want to show all ads on, then click the area just to the left of the URL—it’ll either show an “i” bubble or the word “Secure.”
  • In this new dropdown, click on Site Settings.
  • Find the “Ads” entry, then choose Allow in the menu.

Intel Facing Class Action Lawsuits for Spectre and Meltdown

  • Three class-action lawsuits were filed in early January days after the vulnerabilities were publicized, but according to an SEC filing, the total has grown to 30 multi-party suits by customers and two securities suits.
  • Most argue that Intel violated securities laws when it assured its products were safe to use, which the Meltdown and Spectre flaws revealed to be untrue.
  • The customer suits are seeking “monetary damages and equitable relief,” though they’re in such early stages that none have specified exact amounts.
  • The Meltdown and Spectre flaws were present in CPUs dating back to 1995.
  • Per SEC filing, a Google security team informed Intel about chip vulnerabilities that would later be called Meltdown and Spectre in June 2017.
  • News about the flaws emerged in early January, and Intel rushed out patches, some so crude that the company urged customers not to install them and wait for the next ones.

How to Block Cryptocurrency Mining Malware

  • Mining cryptocurrencies is a great way to earn small amounts of residual .
  • This is becoming an alternative revenue source some websites (and people with more nefarious intentions) are banking on.
  • com, for example, is giving readers the option to opt out of advertisements in exchange for letting the site use their CPUs to mine Monero, a cryptocurrency that is easier to mine than Bitcoin and has a current market cap of $4.6 billion.
  • Other sites mine using your computer without permission. This is malware.
  • Anti-malware software firm Malwarebytes and IT security company ESET both warned of of JavaScript files that use the CPU of visitors to mine cryptocurrencies without their knowledge (or explicit permission).
  • This can come in the form of malicious software that is installed on a user’s computer, an undetected JavaScript file that mines in the background or a pop-under window that can continue to mine coins even after the browser is closed.
  • Assuming your computer doesn’t have a malicious coin mining program installed, there are a number of ways to block coin mining while you browse.
    • Disable JavaScript on specific sites
    • If you suspect a website is using your computer to mine cryptocurrencies without your permission, you can simply block JavaScript altogether.
    • The problem, however, is that this is a very aggressive way to block mining and will break many websites. Facebook, for instance, will not load without JavaScript enabled.
  • There are a few of browser extensions available to block mining
    • No Coin (Chrome, Firefox, Opera)
    • minerBlock (Chrome, Firefox, Opera)
    • Anti Miner (Chrome)
    • Coin-Hive Blocker (Chrome)
  • These extensions work by blacklisting known domains and mining scripts. They’re regularly updated and are among the best hands-off approaches to block mining.
  • If you want to support a website by allowing it to mine, you can whitelist it.

Terrifying High-Tech Porn: Deepfake Videos

  • Artificial intelligence and machine learning help us in countless ways.
  • But not all uses are benign. The latest exploits are called deepfakes.
  • The term is a combination of “deep learning” and “fake” — deepfakes rely on artificial intelligence and machine learning.
  • Programmers use existing video and images of celebrities, public figures, or anyone they know to superimpose the source images into a pornographic movie.
  • The movies look ultra-realistic. A Hollywood star could ‘appear’ in an adult film and you might not realize it was all created by a bot.
  • It is also being used for revenge porn, a programmer can insert an ex-girlfriend or boyfriend into a pornographic movie and share it on social media.
  • Deepfakes are not difficult to program and the source code is freely available.
  • Recently, sites like Reddit and Twitter have banned them.
  • The technology behind deepfakes, however, could also be used for legitimate purposes too.
  • Nachlas said deepfake technology could help Hollywood movie-makers recreate classic scenes in movies, to create new movies that license the image of long-dead stars, and even as a way to improve an amateur video.
  • The technology could also be used to help people deal with the loss of loved ones.