Show of 07-13-2019

Tech Talk

July 13, 2019

Email and Forum Questions

  • Email from Doug in Baton Rouge: Shurtz and Jim. Since I do not watch movies, play games, search the internet, make many calls, do texting, etc., how many cell phone Minutes, Text or Data do I really need? Can you please explain these elements that are offered from the cell phone providers? I find it a little bit confusing with the Minutes, Text and Data that one would actually needed for a month of cell usage. Since the usage will vary from person to person, can you address your answer for a typical LOW, MIDDLE and HIGH usage person? Furthermore, why are there Minutes, Text and Data on a cell phone anyway? Since the cell phone is a “walkie-Talkie” on a carrier band, it seems that it should be similar to my desktop computer that can do all these features without the mumbo-jumbo of Minutes, Text and Data involved. I really enjoy your great radio show. Thanks, Doug / Baton Rouge, LA
  • Tech Talk Responds: Minutes relate to the actual phone call duration that is made using the cellular network. Text messages refer to SMS (Short Message Service) messages that are sent over the cellular network. They are limited to 160 characters and do no use data. If you send a picture, it uses MMS (Multimedia Messaging Service ) protocol, which also uses the cellular network and does not count against your data cap. Carriers will typically charge more for MMS messages and may limit the size of your picture. Data is used for all other services, include VoIP (Skype, Viber, WhatsApp), iMessages (the iPhone text message), surfing the web, listening to streaming media (Pandora, Amazon Music, Amazon Video, Netflix, Amazon Prime Video). Streaming video is the real data hog. If you are connected to Wi-Fi, not data is used. If you have Wi-Fi calling enabled on your phone, you can make a call and not use any minutes. Since it all about data, the carriers are moving to data charging. Even calls are converted to VoIP once they leave the cell tower.
  • Tech Talk Responds: Email from James Messick in North Carolina: Dear Dr. Shurtz, I sometime edit home video to upload onto YouTube to share with friends. My old laptop work fine for 1080p video, but does not really have enough power to handle the 4K video that my new Mavic Air drone can produce. I was wondering if it is possible and affordable to rent time on a remote computer to edit and render my videos. If so, what are some good options and how much can I expect to pay? Thanks, James Messick, Kernersville, NC
  • Tech Talk Responds: Using cloud-based computer is definitely a possibility. There are many services available. Since all the computing is done on a virtual machine, you can use any client. Here are a few free editors that look pretty good. Nothing is really free, so you have to put up with ads.
  • Movie Maker Online – A flexible online tool, with royalty-free media to supplement your own movie clips, audio files and images. Movie Maker Online is funded by ads that you might find distracting, and you will have to deactivate any ad-blocking plugins you have installed before you can use it. Movie Maker Online lets you upload video, images and music, and combine them into a project by dragging and dropping them onto a timeline. You can only export your finished projects in MP4 format. Movie Maker Online is the best for your browser.
  • ClipChamp — The free version of this online tool lacks some advanced features, but it’s easy to use and is a good choice for simple movie-making tasks. The free version of ClipChamp has a few limitations, the biggest of which is that you can only export videos in standard definition. There are premium tiers starting at US$9 per month, that give you more freedom, but if your needs a simple, the free version might well offer everything you need. Once your footage is in ClipChamp, you’ll have ready access to tools including trimming, cropping, flipping, rotating and brightness/contrast adjustment. Processing is fast, and you can share the results online or download the video to use in other projects.
  • Adobe Spark — Adobe Spark is something of a Jack-of-all-trades, offering browser-based tools for making greeting cards, flyers, Instagram posts and, yes, videos. Spark gives you two options for making videos: use one of Adobe’s own themed templates, or start from scratch. Whichever you choose, you will be able to upload still photos and video clips, or import them from cloud services including Dropbox, Google Drive, and Adobe’s own Creative Cloud. You can record audio from your PC’s microphone (a great way to annotate a video), add titles, apply color themes, and add music from an impressive choice of options. To adjust the length of a clip, just change the number at the bottom right of the preview image. Your finished video will bear a small Adobe Spark watermark on the bottom, but it’s unobtrusive.
  • Online Video Cutter — Despite the name, Online Video Cutter is about more than just cutting up videos. The site lets you upload files up to 500MB in size, or work with clips stored on Google Drive or other online service. You can then opt to trim away unwanted footage, and crop in if you have taken too wide a shot. There is a rotate function for footage accidentally shot with your phone on its side, and there’s even a Chrome extension available so you can access the tools more easily. When you are happy with the changes you have made, you can take your pick from a variety of popular video formats and choose lower a quality setting if you need to minimize file size.
  • Email from Bob in Maryland: Dear Doc and Jim. I just read this slightly disturbing article about MS Window 10 not backup up the registry with informing the end user. What is going on? Thanks. Bob in Maryland (another physicist, but a Canuck down south of the border)
  • Tech Talk Responds: Microsoft Issued Warning for 800M Windows 10 Users that it stopped backing up the registry in Windows 10 machines in October 2018, starting in Windows 10, version 1803. The OS gives the impression that the registry was backup up, but the files size is 0 kB. They said it was to reduce the Windows 10 footprint. The company coming clean about what happened. Ironically, this disclosure comes just two months after Microsoft pledged to give Windows 10 users more “control, quality and transparency”.
  • Backing up a registry is a crucial last line of defense for many businesses and everyday users. Should a Windows System Restore point fail, barring the use of third-party software, the registry backup is all you have. And yet Microsoft has now revealed what is actually happening: This means that set point restore will not work. I hope that they will fix this quickly and let the users decide if they want to use disk space to back up the registry.
  • Email from Lynn in Ohio: Dear Doc and Jim. I have a Gateway desktop PC that is running Windows 7. I upgraded it to USB 3.0 but by adding a USB 3.0 expansion card. The only thing I use this particular computer for is writing blog posts in Microsoft Word before uploading them to my WordPress blogs. I plan to turn my blog posts into a series of books someday so I want to keep the posts stored on my hard drive in MS Word format. Right now, the 7 folders containing the posts and their associated images add up to a grand total of a little over 22 Gigabytes. My question is do you see anything wrong with using a 64 GB USB thumb drive to hold backup copies of these 7 folders? I do not need to back up anything else, just the Word files and images. I bought the USB 3.0 card because I need really fast data transfer speeds when backing up to the thumb drive and I’d hate to think I’ve wasted that money. A buddy of mine says thumb drives aren’t reliable enough to use for backup storage. What is your opinion about that? Lynn in Cleveland, Ohio
  • Tech Talk Responds: Your friend is right about USB flash drives being unreliable, and if there’s one thing you want in a back-up medium it’s reliability.
  • Flash drives can be quite finicky, and the way Windows sometimes caches data in system RAM before actually writing it to the drive makes the risk of data loss and corrupted files very real should you remove the drive from the PC before the files have all been written to it. If you decide to go that route there are some steps you can take that could lessen the risk to almost zero, always “Eject” the thumb drive before pulling it out of its socket by right-clicking on it in Windows Explorer and clicking Eject.
  • Do not trust your files and life’s work to a single backup drive. If you are going to back up your files onto a USB flash drive, back them up to at least two or three of them. These days 64GB thumb drives (and even larger ones) are cheap. Use several of them!
  • Back up your files to the cloud as well using Google Drive, Microsoft OneDrive, Carbonite or another dependable online backup service.

Profiles in IT: Marcus Hutchins

  • Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher best known for temporarily stopping the WannaCry ransomware attack.
  • Marcus Hutchins was June 1994 in Devon, United Kingdom.
  • He got in with the wrong crowd and started writing malware code at age 15.
  • One of his registered domains is http://Gh0sthosting.com, which corresponds to a hosting service that was advertised and sold circa 2009-2010 on Hackforums.net.
  • Using one of his aliases, Iarkey, he told fellow Hackforums users in a sales thread for his business hosted on Gh0sthosting was “mainly for black hats wanting to phish.”
  • In 2009, using the alias, Da Loser, he brag about his Messenger password-stealing program is not detected by AV software. He distributes on http://hackblack.co.uk.
  • Gh0sthosting was sold by a Hackforums user named Iarkey and in 2009 Iarkey blogged that Gh0sthosting was “mainly for blackhats wanting to phish.”
  • Many suspect that Hutchins authored or sold the Kronos banking Trojan. According to the government, Hutchins did on the Dark Web marketplace AlphaBay.
  • Hutchins had a significant and prosperous black hat career that he gave up in 2013.
  • In 2013, He became a white hat hacker working for Kryptos Logic, cyber firm.
  • His anonymously authored a white hat malware blog: https://www.malwaretech.com/.
  • In 2017, Hutchins was working from his homes, when WannaCry began spreading like wildfire, encrypting systems and crippling businesses across Europe.
  • The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.
  • Hutchins discovered a domain name in the code that had not been registered. He immediately registered the domain to see what it did.
  • The malware was written to check for this domain name. If it came back unknown, the malware would proceed. If the domain was registered, it activated a kill switch.
  • By registering the domain, Hutchins had “sinkholed” the ransomware.
  • He and a colleague fended off several attacks from an angry operator of a botnet trying to knock the domain offline with junk internet traffic.
  • They fought to keep it online. Cloudflare stepped in to host and protect the domain.
  • As long as computers are infected with WannaCry and are not patched, data remains at risk — and at the mercy of the kill switch.
  • He had been operating in obscurity, but the press wanted to find the national hero who stopped the WannaCry virus. They outed him and then his past began to emerge.
  • In August 2017, three months after the WannaCry attack, Hutchins was arrested in Las Vegas after leaving DefCon on charges of creating malware in his teenage years.
  • On April 19, 2019, Hutchins plead guilty. Hutchins faces up to five years in prison and $250K in fines for two charges related to writing malware as a teen, prior to his successful white hat security career.

Alexa to Offer NHS- Health Advice in UK

  • Users of Alexa devices in the United Kingdom will be able to get expert health advice from the voice-activated smart speakers.
  • This program is a partnership between Amazon and the National Health Service.
  • When health-related queries such as “Alexa, how do I treat a migraine?” or “what are the symptoms of flu?” are put to the devices, Amazon’s algorithm will use information from the NHS website to provide answers.
  • Britain’s NHS says the technology will help patients the elderly, blind and those who cannot access the internet through traditional means, to get professional NHS-verified health information in seconds, potentially reducing the pressure on the NHS and GPs, specifically when it comes to providing information for common illnesses.
  • Currently, Alexa gets its answers to health-related questions from a number of sources, including the Mayo Clinic and WebMD.
  • NHS experts believe half of all health-related searches will be made through voice-assisted technology by 2020.

WhatsApp Malware Infects 25M Android Phones

  • As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with corrupted versions that serve up advertisements.
  • Dubbed Agent Smith, the malware abuses previously known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority.
  • Most victims are in India, where as many as 15 million were infected.
  • There are more than 300,000 in the US, with another 137,000 in the U.K.
  • The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store.
  • Typically, such non-Google Play attacks focus on developing countries, making the hackers’ success in the U.S. and the U.K. more remarkable.
  • This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious.
  • Legitimate apps – from WhatsApp to the Opera browser and more – are then replaced with a corrupted update so they serve the ads.
  • So what can ndroid owners do? If users experience advertisements displayed at odd times, such as when they open WhatsApp , they should take action.
    • Go to Android settings, then the apps and notifications section. Next, got to the app info list and look for suspicious applications with names like Google Updater, Google Installer for U, Google Powers and Google Installer. Click into the suspicious application and choose to uninstall it.
  • Stay away from unofficial Android app stores might help, given Google’s extra protections designed to prevent malware from getting on the site.

AI Analyzes Old Scientific Papers to Make New Discoveries

  • In a study published in Nature on July 3, researchers from the Lawrence Berkeley National Laboratory used an algorithm called Word2Vec sift through scientific papers for connections humans had missed.
  • Their algorithm then made predictions for possible thermoelectric materials, which convert heat to energy and are used in many heating and cooling applications.
  • The algorithm did not know the definition of thermoelectric, though. It received no training in materials science.
  • Using only word associations, the algorithm was able to provide candidates for future thermoelectric materials, some of which may be better than those we currently use.
  • To train the algorithm, the researchers assessed the language in 3.3 million abstracts related to material science, ending up with a vocabulary of about 500,000 words.
  • They fed the abstracts to Word2vec, which used machine learning to analyze relationships between words.
  • The algorithm linked words that were found close together, creating vectors of related words that helped define concepts.
  • In some cases, words were linked to thermoelectric concepts but had never been written about as thermoelectric in any abstract they surveyed.
  • Researchers then scrapped recent data and tested the algorithm on old papers, seeing if it could predict scientific discoveries before they happened.
  • In one experiment, researchers analyzed only papers published before 2009 and were able to predict one of the best modern-day thermoelectric materials four years before it was discovered in 2012.

AT&T will start Blocking Fraud Calls

  • AT&T will start automatically blocking fraud calls and issuing suspected spam call alerts for new phone customers at no extra cost.
  • You will have to opt out if you don’t want the company to screen calls this way.
  • Existing customers, meanwhile, will see the feature automatically reach their accounts in the ‘coming months.
  • If you like the capabilities, you can turn it on right now either by downloading the AT&T Call Protect app or enabling it through your myAT&T account settings.
  • Although AT&T isn’t charging extra, the FCC rules don’t prevent it or others from using the auto-blocking as an opportunity to raise subscription rates.

Hackers breached Greece’s Top-level Domain Registrar

  • State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el.
  • ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology.
  • The hackers behind the breach are the same group detailed in a Cisco Talos report, which the company named Sea Turtle.
  • The group uses a relatively novel approach to hacking targets. Instead of targeting victims directly, they breach or gain access to accounts at domain registrars and managed DNS providers where they make modifications to a company’s DNS settings.
  • By modifying DNS records for internal servers, they redirect traffic meant for a company’s legitimate apps or webmail services to clone servers where they carry out man-in-the-middle attacks and intercept login credentials.
  • Attacks are short-lived, lasting from hours to days, and are incredibly hard to detect due to the fact that most companies don’t watch for changes made to DNS settings.
  • FireEye attributed the attacks to a nexus of the Iranian government, while Crowdstrike and Cisco Talos refrained from making any attribution for the attacks just yet.