Show of 08-25-2018

Tech Talk

August 25, 2018

Email and Forum Questions

  • Email from Janet in Arlington: Dear Doc and Jim. I have enjoyed Tech Talk for many years and you have always recommended using a VPN when connected to the Internet with public Wi-Fi. Recently, I heard some disturbing news about a free VPN service offered by Facebook. What are your comments about this service and what do you recommend? Love the show. Janet in Arlington
  • Tech Talk Responds: Facebook removed Onavo, a free VPN, from the iOS App Store today. The voluntary move by Facebook was prompted by discussions with Apple about privacy policy. Onavo promises to help “secure your personal details” on the product’s website, but the VPN service exists primarily so Facebook can monitor user activity on rival sites. In other words, Facebook uses it to spy on you. Onavo is installed on around 33 million devices. As of this writing Onavo is no longer available for new downloads on the App Store, but existing users still have the current version on their devices. We suggest uninstalling it now.
  • Onavo remains available on Android’s Google Play store, but we suggest anyone using it uninstall now and find a VPN that respects your privacy. Yes: that will probably mean paying for it, but any VPN worth using is going to cost money.
  • AV-TEST, an independent IT security research institute, recently tested 12 different VPNs in a bid to discover which ones provide the best security and performance for consumers. In that test, the Hotspot Shield Elite came first in both usability and security, while also providing useful features including protection from malware and phishing. Other VPNs that performed well in the study include Private Internet Access, which was singled out for its exceptional leak protection, and NordVPN, whose multi-hop cascading abilities allow for increased anonymity.
  • If your primary concern is to retain your anonymity, then a product like NordVPN might be better than Private Internet Access. It also depends on how much money you are willing to spend — while some VPNs, like Hotspot Shield and TunnelBear, offer free versions of their products, many others require a continued subscription. I have been using ExpressVPN for years and love it. It was rated quite high, but not at the top in this particular report.
  • Link to Complete Test: https://www.av-test.org/fileadmin/pdf/reports/AV-TEST_VPN_Comparative_Test_Report_June_2018_EN.pdf
  • Email from Chris in Atlanta: Dear Doc and Jim. I like to sign up for newsletters from many organizations. Now I am getting hit with spam. Is there any way I can tell who is sharing my email account so that I can stop using them in the future. Enjoy the podcast. Chris in Atlanta.
  • Tech Talk Responds: You can easily use your Gmail account to tell which vendor is leaking your email account. Gmail ignores characters after a plus sign (+) in the first part of the address. If you want a variant to use for online shopping or to see who’s selling your address to mailing lists, you can also use a technique called “plus addressing” to add a word or a few characters after the name part of your address, and then create a label and filter in the Gmail settings to sort messages sent there. For example, when you sign up for email newsletters, use the address firstnamelastname+abcnews@gmail.com to sort the incoming messages sent to that variation of your address. If spam or newsletters you never signed up for begin to appear in your inbox, you will have an idea where the sender got your modified address.
  • Email from John in the Eastern Shore: Dear Tech Talk. I have a home network with three computers (two desktops connected with Ethernet cables to a Linksys router; laptop is wireless). The wireless signal is encrypted and I gave my next-door neighbors my network key so they can wirelessly connect just to check email, do banking, etc. They are not on my home network, but can they still see where I am surfing? John in the Eastern Shore
  • Tech Talk Responds: It is good that your wireless access point is using encryption, but it’s important to realize what it does and does not do. By giving your neighbor the password, you have given them the encryption password. As a result, the encryption is not affecting your security with respect to them at all. It is almost the same thing as having given them a wired connection to your router.
  • If you have computers that share files or a printer among themselves, your neighbor may be able to access them. If your neighbor’s computer becomes infected with malware it may propagate to your machines. To protect yourself, turn on the Windows or other software firewall on every machine you have on your network.
  • A more secure approach is to use a second router. That second router can act as a firewall between you and your neighbor. Yet another approach is to get a wireless router with two separate wireless connections, one of which is isolated from your local network. While the intent is typically to provide access to the occasional guest in your home, the guest connection could also be the one you share with your neighbor.
  • I want you to check the terms of service with your ISP. While it’s unlikely that they would detect that the connection was being shared with a neighbor, if they did you could be penalized in some fashion. For example, the Verizon Terms of Service: ….. Except as otherwise set forth in this Agreement, you may not resell, re-provision or rent the Service, (either for a fee or without charge) or allow third parties to use the Service via wired, wireless or other means……Violation of this Section may result in bandwidth restrictions on your Service or suspension or termination of your Service.
  • Email from Dave in Illinois: Dear Tech Talk. I would like to become a programmer or developer. What language do you think that I should learn first. Dave in Illinois
  • Tech Talk Responds: You have a number options depending on your objective.
  • Python — Python is always recommended if you are looking for an easy and even fun programming language to learn first. Rather than having to jump into strict syntax rules, Python reads like English and is simple to understand for someone who is new to programming. Python also is ideal for web development, graphic user interfaces (GUIs), and software development. In fact, it was used to build Instagram, YouTube, and Spotify, so it is clearly in demand among employers in addition to having a faster onboarding.
  • C# — While C is one of the more difficult languages to learn, it’s still an excellent first language pick up because almost all programming languages are implemented in it. This means that once you learn C, it will be simple to learn more languages like C++ and C#. Because C is more “machine-level”, learning it is great for teaching you how a computer functions. C is an exceptional choice to become a master coder and a talented developer from the get-go if you’re willing to take on the challenge.
  • Java — Java is an object-oriented and feature-heavy programming language that’s in high demand. It’s been built under the premise of “Write once, run anywhere,” meaning that it can be written on any device and work cross-platform. This makes it one of the most desired language skills. Java is often used for Android and iOS app development, as it’s the basis of the Android operating system, which makes it one of the best choices if you want to build mobile apps.
  • JavaScript — JavaScript is another incredibly popular language. Many websites that you use every day rely on JavaScript including Twitter, Gmail, Spotify, Facebook, and Instagram according to General Assembly. There’s nothing to install with JavaScript since it’s already built into browsers, so it’s the easiest language to get started with in terms of set-up.
  • Ruby — Ruby is similar to Python in that it is one of the easiest languages for people with no prior programming experience to read. A big reason people like Ruby is because of its full-stack framework, Ruby on Rails, which is becoming increasingly popular among startups and enterprise solutions. Airbnb, Groupon, Hulu, and Soundcloud.

Profiles in IT: Peter Thomas Kirstein

  • Peter Thomas Kirstein is a British computer scientist who played a role in the creation of the Internet. He is best known as the father of the European Internet.
  • Peter Kirstein was born in Berlin, Germany in 1933, but moved to the UK in 1937.
  • He attended high school at Highgate School in North London.
  • He went to Gonville and Caius College in Cambridge U. He received a BA from Cambridge U in Mathematics and Electrical Engineering in 1954.
  • He received an MSc in 1955 and PhD in 1957 in EE from Stanford University
  • He received a D.Sc. in engineering from the University of London in 1970.
  • His PhD thesis was entitled “A solution to the equations of space-charge flow by the method of the separation of variables”.
  • In 1958, he became Lecturer at Stanford U in microwave engineering. In 1959 he joined the Centre of Nuclear Research in Geneva as an accelerator physicist.
  • During his time there he spent six months in the at the Joint Centre for Nuclear Research in Dubna, Russia.
  • In 1963, he joined the European Office of the US General Electric Corporate Research Centre responsible for evaluating European scientific research.
  • In 1967, Peter Kirstein joined the University of London Institute of Computer Science, first as Reader and then Professor of Computer Communications Systems.
  • He transferred to the new UCL Department of Statistics and Computer Science in 1973 and became its first Head of the Computer Science Department in 1980.
  • In 1973, Kirstein’s research group at University College London started the first European ARPANET node with transatlantic IP connectivity.
  • In 1978, he co-authored (with Vint Cerf) one of the most significant early technical papers on the internetworking concept, Issues in packet-network interconnection.
  • His research group at UCL adopted TCP/IP in 1982, a year ahead of ARPANET, and played a significant role in the very earliest experimental Internet work.
  • He collaborated with both industrial and academic partners on multimedia networking, network management, directory and security applications.
  • In 1994, he assumed the role Director of Research at UCL and continued teaching.
  • He was awarded the CBE (Commander of the Most Excellent Order of the British Empire) for his work on the Internet.
  • He is a Fellow of the Royal Academy of Engineering, a Fellow of the Institute of Electrical and Electronics Engineers, and a Distinguished Fellow of the British Computer Society.
  • He has also received the SIGCOMM Award in 1999 and the Postel Award in 2003.
  • In 2012, Kirstein was inducted into the Internet Hall of Fame by the Internet Society.
  • In 2015, he was awarded the prestigious Marconi Prize.

Microsoft Found Russian Targeting US

  • A group affiliated with the Russian government created phony versions of six websites, including some related to public policy and to the U.S. Senate, with the apparent goal of hacking into the computers of people who were tricked into visiting, according to Microsoft.
  • The effort by the notorious APT28 hacking group, which has been publicly linked to a Russian intelligence agency and actively interfered in the 2016 presidential election, underscores the aggressive role that Russian operatives are playing ahead of the midterm elections in the United States.
  • S. officials have repeatedly warned that the November vote is a major focus for interference efforts.
  • Microsoft said the sites were created over the past several months and that the company was able to catch them early, as they were being set up
  • Microsoft’s Digital Crimes Unit, which is responsible for the company’s response to email phishing schemes, took the lead role in finding and disabling the sites, and the company is launching an effort to provide expanded cybersecurity protection for campaigns and election agencies that use Microsoft products.
  • Among those targeted were the Hudson Institute, a conservative Washington think tank active in investigations of corruption in Russia, and the International Republican Institute (IRI), a nonprofit group that promotes democracy worldwide.
  • Three other fake sites were crafted to appear as though they were affiliated with the Senate, and one nonpolitical site spoofed Microsoft’s own online products.

What can we Learn from the NotPetya Attack

  • The cyberweapon NotPetya started in Ukraine in June 2017.
  • It quickly spread, paralyzing major companies, including FedEx, Merck, and Maersk, the world’s largest shipping firm.
  • Ultimately it caused more than $10 billion in damage.
  • This was Russian military intelligence hackers unleashing a piece of malware using zero-day vulnerabilities, vulnerabilities we have not patched in our systems.
  • It was meant to be a cyberwar attack on their enemies in Ukraine, but it spread unintentionally to the rest of the world.
  • It is difficult to prevent these types of attacks from ultra-sophisticated hackers.
  • Maersk was able to find one remote office in Ghana, which had a power outage when NotPetya struck, to get their network back online.
  • Backing up your system, making an offline copy of all of your data, is one way to recover from this. When you get hit with a ransomware attack that encrypts your entire computer, that may be the only way.
  • You can’t necessarily prevent that but you can have that offline backup as a recovery.
  • This kind of resilience is maybe the solution.
  • What we need to do is first send a message to countries like Russia that this is unacceptable, this kind of reckless attack cannot happen again.
  • Facebook removed more pages, accounts and groups linked to influence campaigns originating from Iran as well as Russia. This is a start.
  • This battle is asymmetric. We must make their cost as great as ours. Or it will continue.

Idea of the Week: Robots Help Autistic Children

  • A new study published in Science Robotics suggests that a month of robot-aided lessons might Autistic children communicate more effectively.
  • Manifestations of autism can vary from person to person, but they often include trouble interacting and communicating with others.
  • For the experiment, they recruited 12 families of children who had communication difficulties due to autism. The children were between the ages of six to 12.
  • They were given a special computer setup that included an early prototype of Jibo, a 12-inch robot developed at MIT.
  • Jibo responds to voice commands and can rotate its body and head 360 degrees, and features a black screen “face” with a pair of eyes that blink and indicate emotions.
  • The children, with their caretaker, interacted with Jibo every day for 30 minutes.
  • These games reinforced aspects of communication, such as reading others’ emotions or understanding their perspective.
  • The children got better at the games as time went on, with most being able to complete the highest levels of each one by the end of the month-long study.
  • Outside of their robot sessions, the children also showed improvement in their ability to pay attention to the same thing as the adult they were with.
  • The caretakers also reported that their children became more socially adept, willing to make more eye contact and to communicate more with others.
  • The children’s improvement in their joint attention skills started waning 30 days after the experiment had ended.

The Need for Digital Detox

  • Digital detox refers to a period of time during which a person refrains from using electronic connecting devices such as smartphones and computers.
  • It is regarded as an opportunity to reduce stress, focus more on social interaction and connection with nature in the physical world.
  • Claimed benefits include increased mindfulness, lowered anxiety, and an overall better appreciation of one’s environment.
  • In one study in Mind, 95% of those interviewed said their mood improved after putting down their phones to spend time outside, changing from depressed, stressed, and anxious to more calm and balanced.
  • Constant engagement with digital connecting devices at the workplace is claimed to lead to increased stress levels and reduce productivity.
  • Certain characteristics of the technology make it more difficult to distinguish work from leisure. Moreover, being continually connected increases the amount of interruptions at work.
  • Allowing employees to disconnect for a part of the day in order to truly focus on their work without disturbance from colleagues is claimed to be beneficial to the productivity and work environment.

Voting Systems Boost Security after Criticism

  • Election Systems and Software (ES&S), which is the third largest election system vendor in the U.S., announced it will work more closely with the Department of Homeland Security (DHS) and Information Sharing and Analysis Centers (ISAC) in an effort to increase security of its systems ahead of the 2018 midterm elections.
  • These federal partnerships will help “conduct cyber hygiene scans of ES&S public‐facing internet presence, monitor and share cyber threat information, detect and report indicators of compromise, develop and distribute election security best practices, and raise the election security awareness of election officials and the voting public,” according to the company’s press release.
  • ES&S also said that it will install advanced threat monitoring sensors known as Albert network security sensors in its voter registration environments in an effort to further secure its voting systems.
  • The company says the service, which is fully monitored at all times, helps track and then alert election officials when it detects “both traditional and advanced network threats for state and local jurisdictions.”
  • The press release comes just one day after a bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about ES&S election voting systems, questioning whether they are doing enough to secure its systems.
  • The senators had criticized ES&S for its refusal to allow independent testing of its systems at the popular annual DEFCON convention, where hackers attempted to find ways to exploit voting technology.

Russian Science Does Not Produce Innovation.

  • In recent years, Russia has become almost a petro-state—a nation of roughly 140 million people, many of them highly educated, whose wealth comes mostly from the blunt-force industries of resource extraction, and whose economy rises and falls on individual fluctuations in the price of oil or natural gas.
  • When the price of oil started to slide, the ruble was suddenly vulnerable.
  • Other growing nations, like China, India, and Brazil, have diversified, building wealth from a wide base of technology and manufacturing.
  • You can see this as you walk down the aisles at your local Best Buy, where the shelves are stocked with computers made in Chengdu and hard drives from Thailand, and again when you drive down the street, alongside cars made in Germany and Korea.
  • Russia has not created any great global technology products. No one ever seeks a Russian laptop to a Russian smart phone or a Russian flat screen TV.
  • Russian scientists have been responsible for some of the most important scientific advances of the 20th century. Among their achievements, they invented lasers, did pioneering work on computers, and even came up with the idea of fracking, all of which were later developed and commercialized in other nations.
  • They have been unable to take the next step. Use the invention to innovate and produce new products.
  • Why has this happened? Perhaps too much central control.

North Korea Creates Mac-Based Malware

  • Mac users beware. North Korean hackers appear to be developing malware that can infect your computer.
  • Security firm Kaspersky Lab uncovered the macOS-based malware while investigating a hack at an unnamed cryptocurrency exchange in Asia.
  • The breach was sourced back to an email that convinced a company employee to download a third-party app for trading virtual currencies.
  • The app was a Trojan in disguise. It contained a malware strain known as Fallchill, which has been linked to a notorious North Korean hacking group called Lazarus.
  • Once infected, Fallchill can secretly take over your computer to steal data or install other malicious code.
  • The app came from a US-based company called Celas, which specializes in secure “blockchain solutions” for the enterprise market.
  • When you install it, the program doesn’t do anything harmful. However, Kaspersky Lab noticed that it can update itself and deliver the Fallchill malware to your computer.
  • The updater acts like a reconnaissance module: first, it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server,
  • If the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update.
  • The Trojan that hit the cryptocurrency exchange was installed on a PC. But during its investigation, Kaspersky noticed that the hackers had developed a Windows and Mac version of the app, both of which contained the hidden auto-updater.
  • This is the first case where Kaspersky Lab researchers have observed the notorious Lazarus group distributing malware that targets macOS users. Finally Mac is getting some respect.

An Emergency SOS Feature on Your iPhone

  • The Mollie Tibbetts tragedy reminded us how important an SOS functions can be.
  • The iPhone has a lifesaving SOS feature that few iPhone owners know about.
  • It allows you to summon emergency services to your location without dialing a phone number or even looking at your phone.
  • You can call 911, send your geolocation, and notify family or friends without ever actually dialing. All you need to do is one of the following:
    • Press the power button on your iPhone in rapid succession five times and then slide the SOS bar across the screen.
    • Press and hold the Power button and one of the volume keys continuously
  • Be sure to read all of the instructions, adjust your SOS settings, and test this out to make sure it works as you expect it to.
  • Similar features are provided on some Android phones, such as the Samsung Galaxy.
  • Here’s how to make the call on iPhone X, iPhone 8, or iPhone 8 Plus:
    • Press and hold the side button and one of the Volume buttons until the Emergency SOS slider appears.
    • Drag the Emergency SOS slider to call emergency services.
  • Here’s how to make the call on iPhone 7 or earlier:
    • Rapidly press the side button five times until the Emergency SOS slider appears.
    • Drag the Emergency SOS slider to call emergency services.
  • To set it up, go to Settings/Emergency SOS. Select Auto Call. Choose Countdown Sound if you want a warning sound. I chose to keep the countdown silent.