Show of 03-30-2019

Tech Talk

March 30, 2019

Email and Forum Questions

  • Email from John in Fairfax: Dear Doc and Jim. Why are cables so expensive? Can I just buy the cheap version and still survive? Love the podcast. John in Fairfax, VA
  • Tech Talk Responds: Stores always push the expensive cables because they make more money and they know that you need it. The truth is, in the old days, cables with gold-plated connectors or fancy shielding actually produced a better picture because they were analog and signal to noise mattered. But with modern digital cables, like HDMI, USB, and others, things are much simpler and cheaper. A cheap cable will work just as well, so do not waste your money. While you are at it, buy refurbished and skip the extended warranty if you want to save even more money on your tech.
  • Email from Lien in Woodbridge, VA: Dear Tech Talk. Sometimes I log into Facebook at a friend’s house and forget to logout. Is there a way to log out remotely after I am home? I do not want anyone else posting to my account. Thanks. Lien in Woodbridge, VA
  • Tech Talk Responds: It is easy to forget to sign out of Facebook every time you move on to doing something else. It is extremely important that you always log out of a Facebook session if there is a possibility of someone else using that computer or mobile device after you are finished using it.
  • It is very easy to log out of any or all active Facebook sessions.
  • Close active Facebook sessions using a computer:
    • Log in to your Facebook account and click the “gear” shaped settings icon located in the upper right-hand corner of the screen.
    • lick Settings.
    • Click the Security and Login link on the left side of the screen.
    • Scroll down to the section labeled “Where You’re Logged In” and you will see a list of devices that are currently logged into your Facebook account.
    • Log those devices out remotely by clicking the three vertical dots over on the right and then clicking Log Out.
  • Close active Facebook sessions using a mobile device:
    • Log in to your Facebook account and tap the Menu button (depending on your version of the app it either looks like 3 horizontal lines or three vertical dots).
    • Scroll down and tap the Settings & Privacy link.
    • Tap the Settings link.
    • Tap Security and login.
    • The “Where you’re logged in” section will list all the devices that are currently logged into your Facebook account.
    • Tap on every device that should not be logged into your account and then tap Log Out.
  • Email from David in Kansas: Dear Doc and Jim. I have quite a few old smartphones and tablets in the house. I would like to find a use for them. Is there a way to them as a wireless security camera? That seems like a great application. David in Kansas
  • Tech Talk Responds: You are in luck. A simple downloaded app can turn them all into wireless security cameras.
  • EpocCam is a fantastic free app that use your unused device’s camera to capture and send streaming video directly to any web browser in the world. It is available for both Android and iPhone.
  • This app is easy to install, set up and use. Simply download, install and run the app that matches your device, then place the device with the camera facing the area you wish to monitor. You will need to enter your Wi-Fi connection’s password and jot down the IP address the app gives you for monitoring the video/photos. Then visit that IP address with the browser on any connected computer, smart phone or tablet to view the action. Be sure you have a decent Wi-Fi signal and an outlet available for plugging in a charger wherever you wish to install your “security camera”.
  • Question from Alice in Fairfax: Dear Tech Talk. I have listened to you discussions about two-factor authentication and am using it for my Facebook and bank accounts. The problem is I’m getting ready to buy a new phone in a few days and I’m afraid I’ll have problems when I try to log in with my new phone. Alice in Fairfax
  • Tech Talk Responds: You don’t really need to worry about getting locked out of your accounts. Two-factor authentication ties the security of your account to your phone number instead of to the phone itself. Therefore, simply switching to a new phone will not affect your ability to log in to your accounts at all.
  • However, you might end up with a new phone number in addition to a new phone if you switch carriers, but that won’t really be a problem either. If you know you will be getting a new phone number, simply temporarily disable Two-Factor Authentication on all of your online accounts right before you switch phones, then re-enable it using your new phone after you get it. Good luck!
  • Email from Arnie in Colorado Springs: Hi Dr Shurtz. Something I recently noticed on the address line of my iPad when looking at a site. “Not Secure – dslreports.com” & “Not Secure – espn.com” as examples. The “Not Secure” part is in dimmed script. Don’t remember seeing this in the past. Is this just a notice to those viewing the site that it’s a http” site vs “https” site? Does this tell viewers they are susceptible to hacking? Something else nefarious? Always look forward to your posts. Lots of great info. Thanks. Arnie in Colorado Springs, CO
  • Tech Talk Responds: That notification in the address line simply indicates that you are connected using an unencrypted data streams. You are not using Secure Socket Layer (SLL), which is indicated by https:// at the front for the web address. Most modern sites support both http:// and https://. For instance, I : enter https://dslreports.com and I would get a SSL connection. If I enter, http://dslreports.com, I get an unencrypted connection and see the Not Secure notification. Surprisingly, when I did the same for espn.com, it did not support the SS connection.
  • Email from Tom Schum: Dear Tech Talk. I listened to your discussion about adjustable eye glasses last week. The site you referenced is dormant. You can actually buy adjustable gassess for $88.95. Go to http://micromark.com and search for Eyejusters. They have an adjustable strength range of +.50 to +4.00 Diopter. A simple turn of the hidden eye dial changes magnification instantly. I agree that they look a bit nerdy. Tom Schum
  • Tech Talk Responds: Thanks for the research, Tom. They do look like a useful option for someone who needs to do multiple tasks at different ranges each requiring a different magnification.
  • Question from Andie in Indianapolis: Dear Tech Talk. My boyfriend and I have a bet that’s riding on your answer to this question. Is a six digit PIN really all that more secure than a four digit PIN? It does not seem like just two digits could make that much difference. He says it makes a big difference in making a phone harder to break into. So who’s right? Andie in Indianapolis
  • Tech Talk Responds: A six digit PIN isn’t just slightly more secure than a four digit pin. It’s actually a LOT more secure. And that isn’t an opinion, it’s a statistical fact.
  • A four digit PIN has 10,000 possible combinations (10**4). I know that sounds pretty impressive, but it’s actually quite easy to break using various electronic methods.
  • However, a six digit pin has 1 million possible combinations (10**6). And that of course makes it LOT harder to break (and a lot more time consuming) using those same methods.
  • If you secure a device (or an online account for that matter) with a PIN, using a six digit PIN will provide a LOT more protection than selecting a pin with just four digits.

Profiles in IT: Talmon Marco

  • Talmon Marco is an Israeli-American entrepreneur, best known as the CEO and founder of Viber, a VoIP application for smartphones.
  • He was born in Tele Viv, Israel in 1973.
  • In 1993, he entered the Israeli Defense Forces Central Command, ultimately becoming the CIO.
  • In 1997, he co-founded Expand Networks and served as the company’s President until 2004. Expand Networks was a technology company that helped pioneer the Wide Area Network (WAN) Optimization market.
  • In 1999, he completed a degree in Computer Science and Management from Tel-Aviv University, later moving to the U.S. where he spent most of his adult life.
  • In 2005 after leaving the Army, he founded iMesh, a P2P file sharing service.
  • In 2010 he co-founded Viber with Igor Magazinik, a friend from the Israel Defense Forces, and today he served as the first CEO until 2014.
  • Marco started Viber because of a long-distance relationship. Mаrco lived in New York and his girlfriend (currently his wife) lived in Hong Kong. Marco started looking for low cost ways to stay in touch.
  • Viber was developed as a competitive alternative to other services available such as WhatsApp, Wechat, and Skype.
  • The company was run from Israel, with much of its development outsourced to Belarus in order to lower labor-costs. It was registered in Cyprus.
  • Viber did not receive any venture capital money. The lean start-up funded itself by way of family and friends, as well as profits from Marco’s other program, iMesh.
  • The first two years the program was available, it did not generate any revenue. Viber was totally free (and still is), nobody paid anything for using it. The founders didn’t want to change this, so they started thinking of some other ways of monetizing it.
  • This was achieved by developing some paid services in addition, such as Viber Out and their graphical “Sticker store”, Viber began to make great profits.
  • After successfully dealing with security issues and creating a safe end-to-end encryption, Viber’s expansion accelerated.
  • In 2012, he was arrested and released after using Viber to call over the Wi-Fi GoGo service. He admitted to being a little curt with the airline staff.
  • In 2014, Japanese electronic commerce and internet service Rakuten purchased the company for US$900 million
  • In 2016, he founded Juno, a ride-sharing app. In 2017, Gett acquired the company for $200,000,000. At Juno, drivers are truly partners by earning ownership in the company with every ride they take, and receiving employee benefits.
  • He follows a moral compass. Viber refused to compromise encryption so unscrupulous regimes can spy and he treated drivers as partners.
  • He hold two patents related to TC/IP packet transmissions.

Cybersecurity have 3.5 Million Unfilled Jobs by 2021

  • A report from Cybersecurity Ventures predicts 3.5 million cybersecurity jobs will go unfilled worldwide by 2021.
  • 2 million to 1.5 million of those 3.5 million unfilled cybersecurity jobs will be in the U.S.
  • The research and statistics firm compiled that number after reviewing dozens of employment figures from analysts, job boards, vendors, governments, the media and other organizations.
  • Cybercrime also is expected to cost the world $6 trillion a year by 2021, up from $3 trillion in 2015, the company reported.
  • Cybercrime is the single biggest threat to humanity we have seen in our lifetime besides nuclear weapons.
  • The impact on our infrastructure, including gas, electric power, water, is enormous.
  • Figures from Mondo, a digital marketing and staffing agency, show some jobs in cybersecurity pay six figures and more.
  • An information systems security engineer or network security analyst, for example, can expect to earn $90,000 to $150,000 a year depending on experience, while cybersecurity analysts pull down $90,000 to $185,000.

An IT Guy Gets Fired and Erases 23 Amazon Web Servers

  • In 2016, Voova, a marketing and software company an IT staffer and paid a big price.
  • The employee, 36-year-old Steffan Needhan, was let go due to “poor performance” after only four weeks on the job.
  • Needhan was still able to access the company’s systems soon after being terminated, because he’d stolen a fellow employee’s login credentials.
  • After gaining entry to Voova’s network, Needham erased the Amazon Web Services computers which hosted the company’s main business applications and data.
  • As a result, the company lost “big contracts with transport companies” worth $700,000
  • The company was unable recover the deleted data.
  • Needham was ultimately tracked down and arrested, and he found guilty.
  • Could Voova have avoided this crisis? Yes, and the solution would have been simple: a 2FA (two-factor authentication) system.

Three Pioneers in AI Win Turing Award

  • In 2004, Geoffrey Hinton doubled down on his pursuit of a technological idea called a neural network.
  • It was a way for machines to see the world around them, recognize sounds and even understand natural language.
  • Backed by the Canadian government, Dr. Hinton, a computer science professor at the University of Toronto, organized a new research community with several academics who also tackled the concept.
  • They included Yann LeCun, a professor at New York University, and Yoshua Bengio at the University of Montreal.
  • On March 27, 2019, the Association for Computing Machinery announced that Drs. Hinton, LeCun and Bengio had won this year’s Turing Award for their work on neural networks.
  • The Turing Award, which was introduced in 1966, is often called the Nobel Prize of computing, and it includes a $1 million prize, which the three scientists will share.

Russia Orders VPN Providers to Block Banned Sites

  • Russian authorities have ordered ten major VPN providers to begin blocking sites on the country’s blacklist.
  • NordVPN, ExpressVPN, IPVanish and HideMyAss are among those affected.
  • TorGuard also received a notification and pulled its services out of Russia immediately.
  • The government agency is demanding that the affected services begin interfacing with the FGIS database, blocking the sites listed within.
  • The notice also details the consequences for not doing so, i.e being placed on the blacklist with the rest of the banned sites so it cannot operate in Russia.
  • The demand from Roscomnadzor requires that the VPN’s hand over information to the authorities, including details of their operators and places of business.

Thirty-six New Security Flaws In LTE Protocol

  • A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.
  • The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic.
  • They were discovered by a four-person research team from the Korea Advanced Institute of Science and Technology Constitution (KAIST), and documented in a research paper they intend to present at the IEEE Symposium on Security and Privacy in late May 2019.
  • The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past.
  • They discovered this sheer number of flaws by using a technique known as fuzzing –a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs.
  • The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), the baseband chipset vendors and the network equipment vendors.

Tesla Cars Keep Lots of Data

  • Two security researchers found a trove of unencrypted location, camera, and other data on a wrecked Tesla Model 3.
  • The two researchers say they bought a totaled Model 3 in late 2018. When they accessed the car’s computer, they found unencrypted data from “at least 17 different devices.
  • The car had been owned by a construction company and presumably used by multiple employees.
  • That included 11 driver or passenger phonebooks, with numbers, email addresses, and calendar entries intact. The researchers also gained access to the last 73 locations that had been plugged into the car’s navigation system.
  • In addition, the car’s computer still contained footage from one of the Model 3’s seven cameras. This included the forward-facing view of the wreck that totaled the car, as well as a clip of a previous crash that was less serious.
  • Tesla said it offers customers the option to delete personal data by performing a factory reset on the vehicle.
  • So as cars continue to collect more and more data, everyone needs to think a little harder about how to make sure that data doesn’t wind up in the wrong hands.

Facebook Left User Passwords Unencrypted

  • Facebook said Thursday that an internal security review found the passwords of hundreds of millions of users had been stored on company servers without encryption.
  • The passwords were accessible by 2,000 engineers and developers.
  • No passwords were leaked and the company has found no indication the sensitive data was improperly accessed by Facebook personnel.
  • Most companies encrypt passwords to prevent them from being stolen in the event of a data breach or used for nefarious purposes by company employees. Facebook said it is standard procedure for the company to encrypt passwords.
  • This is another black eye for Facebook. Encrypting passwords is among the most basic steps to ensure user safety.

This Village Built Its Own Solar-Powered Public Wi-Fi Network

  • Mankosi is a remote rural area in South Africa’s Eastern Cape province.
  • The village has a population of 6,000 people, with the nearest city about 60km away.
  • In 2012, the village entered a partnership with a research team at the University of the Western Cape. The aim was to experiment with creating a model for bottom-up village telcos, ones that would be cheaper for rural communities, as well as sustainable.
  • It’s called the Zenzeleni Networks project, which translates to “do it yourself” in the prevalent local language.
  • After receiving the necessary permission, they set up a cooperative comprised of ten respected local figures. The group then designed a layout for their network, and built a dozen mesh network stations, all powered by solar panels.
  • These are mounted on and inside houses around Mankosi, with the Wi-Fi stations covering an area of about 30 square kilometres.
  • The network offers users Internet access and even VoIP at cheaper rates than the national average, through a billing system overseen by the cooperative that keeps it fair and non-exploitative.
  • People can also connect directly to the solar-powered stations in order to charge their phone batteries at a fraction of the price.
  • The next step, Tucker indicates, is for Zenzeleni Networks to provide its services to between 20 to 30 other communities around Mankosi.

Facebook violated US Fair Housing Act Violations

  • US regulators say digital advertising practices at Facebook violate housing law.
  • They are reviewing whether ads placed by Twitter and Google also discriminate against those seeking a place to live.
  • The US Department of Housing and Urban Development (HUD) on March 28 accused Facebook of enabling and encouraging bias based on race and religion, as well as sex, by restricting who can see housing-related ads on its platforms and across the Internet.
  • HUD also has sent letters to Twitter and Google inquiring about the advertising systems for their sites and products as well, said Brian Sullivan, a department spokesman.
  • “Facebook is discriminating against people based upon who they are and where they live,” HUD Secretary Ben Carson said. “Using a computer to limit a person’s housing choices can be just as discriminatory as slamming a door in someone’s face.”
  • The social network allowed those advertising housing to exclude people it classified as parents; non-American-born; non-Christian.
  • The government’s civil lawsuit against Facebook came after the social network has been working to address many of the issues raised and last year eliminated advertising targeting options that could be misused.
  • If the judge rules that Facebook violated the Fair Housing Act, penalties could include fines and a ban on the ads in question.