Email and Forum Questions Profiles in IT: Jon Postel Digitizing Books with CAPCHAs Eleven Charged in Sale of 40 Million Card Numbers Army To Develop Thought Helmet Happy Birthday Google California Favors Open Source Software for Voting Machines Food Science: Fats
Email from Arnie: Hi Dr. Shurtz, As feedback, I listen to TechTalk on 1500 AM on Saturday mornings. I never could get TechTalk on FM for some reason here in Davidsonville, MD. Arnie McKechnie
Tech Talk Responds: Thanks Arnie. Arnie has been a listener for since WMAL days.
Email from Rita: Dear Dr. Shurtz, I am using the VoIP service Vonage. I think that the government may be tapping my phone. How safe is VoIP from government surveillance? I need to know. I have not done anything wrong. I am concerned of my job. Thanks, Rita
Tech Talk Responds: Tracking VoIP calls is a technical challenge, much more difficult than simply tapping a telephone wire. But it can be done.
In Voice over IP, your phone call is converted to a series of data packets, each of which carries a portion of your call. The VoIP client at the other end reassembles the packets and recreates the audio stream. The packets can travel different paths over the Internet. However, the connection from your house to the VoIP server is a single route. Tapping you call requires that someone identity each of your call packets within the overall Internet packet stream. It is most easily done by your ISP.
Communications Assistance for Law Enforcement Act (CALEA) of 1994 mandates that all telcos provide a backdoor to law enforcement for wiretapping. This applies to VoIP too. This includes: Cox, Verizon, Cisco, Vonage, Packet8
Vonage does not encrypt their packet stream and must comply with CALEA. Any VoIP service with central servers must comply with CALEA. Furthermore, if they provide streaming encryption, they are required to provide the keys.
Peer-to-peer VoIP are not required to comply with CALEA. Although they could be forced to provide encryption keys to government officials.
Skype (ww.skype.com) is a very good option. It provides encryption and since it is located outside of the US, it does not have to provide any CALEA support. It takes lots of computer power to crack the Skype encryption prior to the end of the phone call. Law enforcement is trying to use Trojans (with keyloggers) to get the key.
You could also use Bruce Zimmerman’s Zfone (www.zfoneproject.com). It is a program that can be used with any VoIP software client. It uses PGP encryption. It must be installed on both clients in order to function. It provides a very robust encryption. It can only be used with a software client and not with VoIP service like Vonage. It does support Asterisk, an open source VoIP PBX server.
Thanks for listening to the show. For now, your best is Skype.
Profiles in IT: Jon Postel
Jonathan Bruce Postel made many significant contributions to the development of the Internet, particularly in the area of standards.
According to Vint Cert, Father of the Internet, Jon has been our North Star for decades He was the Internet’s Boswell and its technical conscience.
Jonathan Bruce Postel was born August 6, 1943 in Van Nuys, California.
He received his BSEE in 1966 and MSEE in 1668 from UCLA
He completed his PhD in Computer Science in 1974 also at UCLA.
While at UCLA, Jon was part of a group of graduate students working for Professor Leonard Kleinrock on the ARPANET project. Vint Cerf was also part of that group.
He later moved to the Information Sciences Institute at the University of Southern California, where he spent the rest of his career.
Postel was the RFC Editor from 1969 until his death, and wrote and edited over 200 RFCs, including RFCs 791-793, which define TCP/IP
When the ARPANET team needed to keep track of all the hosts and protocol identifiers, Jon volunteered to be the Numbers Czar and later the IANA (Internet Assigned Numbers Authority) once the Internet was in place.
Jon was a founding and continuing member of the Internet Architecture Board.
Postel’s Law: Be conservative in what you do, be liberal in what you accept from others.
He was the first member of the Internet Society. He was also its Board of Trustees.
His primary job was Director of the Computer Networks Division ("Division 7") of the Information Sciences Institute at the University of Southern California.
A tribute to Jon by ISI put it this way, Jon’s influence is felt throughout the Internet, in its protocols, in their documentation, in the DNS names we use and the ‘dot’ we use to separate them, and, in no small way, in the ‘good engineering’ that helped the Internet thrive. Jon was essentially a shepherd of the Internet
He was awarded the International Telecommunication Union’s silver medal in 1998 for his central role in the success story of the Internet.
On January 28, 1998, Postel, on his own authority, redirected eight of the non-government regional root name servers to dnsroot.iana.org. This was immediately undone at the ?request? of Ira Magaziner, senior science advisor to Clinton.
Postel died of complications following heart valve replacement surgery in Los Angeles, on October 16, 1998, 9 months after the DNS Root Authority incident.
After Jon’s untimely death, Vint Cerf wrote in RFC 2468 (I remember IANA), Jon inspired loyalty and steadfast devotion among his friends and his colleagues. For me, he personified the words "selfless service". For nearly 30 years, Jon has served us all, taken little in return, indeed sometimes receiving abuse when he should have received our deepest appreciation.
The Internet Society’s Postel Award is named in his honor, as is the Postel Center at Information Sciences Institute.
The Internet was not just a job for Jon. It was his hobby and his mission in life.
Computer users are digitizing books quickly and accurately with CAPTCHAs.
Millions of computer users collectively transcribe the equivalent of 160 books each day with better than 99 percent accuracy.
Few spend more than a few seconds on the task and that most do not realize they are doing valuable work.
These research results were reported by Carnegie Mellon University researchers reported in Science Express.
Carnegie Mellon computer scientists led by Luis von Ahn have taken a widely used Web site security measure, called a CAPTCHA, and given it a second purpose ? digitizing books produced prior to the computer age.
When Web visitors solve one of the distorted-letter puzzles so they can register for email or post a comment on a blog, they simultaneously help turn the printed word into machine-readable text.
Their version is called reCAPTCHA (http://recaptcha.net/) and is used on thousands of Web sites worldwide.
During the reCAPTCHA system’s first year of operation, more than than 440 million words have been deciphered, which is equivalent to more than 17,600 books.
Eleven Charged in Sale of 40 Million Card Numbers
Federal prosecutors charged 11 people last month with the theft and sale of more than 40 million credit and debit card numbers from at least nine U.S. retailers in what they said was one of the largest and most complex hacking and identity theft cases.
Officials with the Department of Justice said the people indicted were part of a criminal ring that stretched from the United States to Eastern Europe to East Asia, highlighting the global nature of computer crime.
Charges of conspiracy, computer intrusion, fraud and identity theft have been brought against people from Estonia, Ukraine, China and Belarus, as well as the United States.
One person, known only by an online alias, Delpiero, has not been located.
Using sophisticated hacking techniques that included cruising for wireless networks, officials said the accused breached security systems to obtain credit and debit numbers from shoppers at major retailers such as T.J. Maxx and Marshalls, which are owned by TJX Cos.; Barnes & Noble; BJ’s Wholesale Club; and Sports Authority.
A grand jury yesterday indicted Albert "Segvec" Gonzalez of Miami on charges of computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy.
Gonzalez and his co-conspirators obtained the credit card numbers by "wardriving," or driving around in commercial areas of Miami looking for accessible WiFi networks. They hacked into those networks on their laptop and installed "sniffer" programs that captured card numbers, passwords and other personal information.
The thefts began in 2003 and continued through this year. But it was not until February 2007 that the largest incident came to light — that TJX had suffered a data breach of at least 45 million credit and debit cards from customers in the United States, Britain and Canada going back to 2005.
Army To Develop Thought Helmet
U.S. Army has just awarded a $4 million contract to begin developing "thought helmets" that would detect silent brain waves for secure communication.
The Army hopes the project will "lead to direct mental control of military systems by thought alone."
Improvements in computing power and a better understanding of how the brain works have scientists hunting for the distinctive neural fingerprints that flash through a brain when a person is talking to himself.
The Army’s initial goal is to capture those brain waves with incredibly sophisticated software that then translates the waves into audible radio messages for other troops in the field.
"It’d be radio without a microphone, " says Dr. Elmar Schmeisser, the Army neuroscientist overseeing the program.
The five-year contract was awarded last month to a coalition of scientists from the University of California at Irvine, Carnegie Mellon University, and the University of Maryland, seeks to "decode the activity in brain networks" so that a soldier could radio commands to one or many comrades by thinking of the message he wanted to relay and who should get it.
Initially, the recipients would most likely hear transmissions rendered by a robotic voice via earphones.
But scientists eventually hope to deliver a version in which commands are rendered in the speaker’s voice and indicate the speaker’s distance and direction from the listener.
Think of the cell phone application. What if instead of their Bluetooth earpiece it was a Bluetooth headpiece and their mouth is shut and there’s blessed silence all around you?
Happy Birthday Google
In August, 1998, Sun co-founder Andy Bechtolsheim writes a check for $100,000 to an entity that doesn’t exist yet: a company called Google Inc.
In September 1998, Google sets up workspace in Susan Wojcicki’s garage at 232 Santa Margarita, Menlo Park.
On September 4, 2008, Google files for incorporation in California on September 4.
Shortly thereafter, Larry and Sergey open a bank account in the newly-established company’s name and deposit Andy Bechtolsheim’s check.
So Google views September 2008 as its 10th Anniversay
California Favors Open Source Software for Voting Machines
California’s secretary of state, Debra Bowen, believes that open-source software should be used in elections involving electronic voting machines, to protect against error and fraud.
Bowen has a history of pushing for greater transparency and accountability in election technology.
After taking office in November 2006, she commissioned a top-to-bottom review of e-voting systems, including detailed analyses of source code, documentation, security, and usability. "
The study revealed a variety of problems, from software vulnerabilities that could let an attacker install malicious software that changes the outcome of a vote, to opportunities to tamper with the devices while they are held in storage.
When asked about future elections, Bowen said the one technology she’d like to see integrated into voting systems tomorrow is open-source software for creating ballots and tabulating votes.
Both tasks are horrendously complicated, she added, and so need to be very carefully monitored.
MIT computer science professor Ron Rivest, who has studied the security and privacy of voting systems, says that these systems should be designed to work even if the software underneath is somehow flawed.
San Francisco will experiment with new software in November. It’s one of the few cities already using instant-runoff voting, a system that lets voters rank candidates in order of preference instead of choosing just one.
The rankings data can be used to determine a winner if no candidate receives a majority of the vote
Food Science: Fats
Fats are a group of chemical compounds that contain fatty acids. The terms fat and fatty acids are frequently used interchangeably. There are three main types of fatty acids: saturated, monounsaturated and polyunsaturated.
All fatty acids are chains of carbon atoms with hydrogen atoms attached to the carbon atoms.
A saturated fatty acid has the maximum possible number of hydrogen atoms attached to every carbon atom.
It is therefore said to be "saturated" with hydrogen atoms, and all of the carbons are attached to each other with single bonds.
In some fatty acids, a pair of hydrogen atoms in the middle of a chain is missing, creating a gap that leaves two carbon atoms connected by a double bond rather than a single bond.
Because the chain has fewer hydrogen atoms, it is said to be "unsaturated."
A fatty acid with one double bond is called "monounsaturated" because it has one gap.
Fatty acids having more than one gap are called "polyunsaturated."
Basically, trans fat is made when manufacturers add hydrogen to vegetable oil–a process called hydrogenation.
Hydrogenation increases the shelf life and flavor stability of foods containing these fats.
Trans fat can be found in vegetable shortenings, some margarines, crackers, cookies, snack foods, and other foods made with or fried in partially hydrogenated oils.
Saturated and trans fats raise LDL (or "bad") cholesterol levels in the blood.
Unsaturated fats, such as monounsaturated and polyunsaturated, do not raise LDL cholesterol and are beneficial when consumed in moderation.
Therefore, it is advisable to choose foods low in saturated fat, trans fat, and cholesterol as part of a healthful diet.