Email and Forum Questions Profiles in IT: Christopher Isaac Stone Anatomy of BotNet Attack on Financial Institutions Trojan armed with hardware-based anti-piracy control (Revisited) Google Chrome OS Print Cloud Website of the Week: What is Reality?
Email from JP: Dear Dr. Shurtz & Jim, I finally got your April 3rd & 10th podcasts today, why are they 10 MB bigger (23MB) than any other podcasts (13MB) you’ve posted in the past?
I am trying to move a hard drive from one desktop computer to another, but after doing so, the second computer does not recognize a second hard drive. I guess if this were a laptop it would be much simpler with an external plug & play, but how can I do that with a desktop? Thanks for your help. JP
Tech Talk Answers: The file was incorrectly sampled at 64 kbps instead of the normal 32 kbps. I use a lower sampling rate to allow the shows to be streamed to a dial-up connection without undue buffering delays. If two hard drives are connected to the same IDE connector, one must be a master and the second a slave. If you have two masters only one will be recognized. Newer drives automatically configure this. Older drives do not. Alternatively, you could connect it to a separate IDE connector.
Email from Listener in Bethesda: Hello Dr. Richard Shurtz, I listen to a local business radio station a lot and there is always some new ad for a home-based business that is going to make you enough $ to quite you day job. With the commutes in the DC Metro area and the cubicles many of us inhabit this always holds allure for me. Many of these opportunities claim all you need is a computer, phone, broadband connection and willingness to learn.
How do I go about separating the bogus scams from the legitimate firms that actually have a viable offering? You’d think someone has done some kind of ranking of these firms. Your help is appreciated. Loyal Listener in Bethesda
Tech Talk Answers: I would check the blogs and discussion groups to third party validation. There are no rating services that I am aware of.
Email from Rafael: Hi Doc, I wanted to know where on the techtalk page is the information you mentioned on today’s show (4/10/2010). I was interested in the reading list that you mentioned, more specifically, the industry magazines and journals you mentioned at the end of the program to learn more about the tech field. I would greatly appreciate it. Rafael, A new found listener of your program
Tech Talk Answers: We do post show outlines each week to the Tech Talk Radio homepage. This show was a “Best of” show, the such an outline was not posted. However, it would have been posted with the originally aired show. You can search the Tech Talk pages for any topic by searching only the Stratford site and requiring that “Tech Talk” be on the page.
Email from Keith: Dear Tech Talk. Recently (within the last couple of weeks) I heard you speak of a virus protection / internet security software that you thought highly of. At the time, I paid little attention to what it was since I didn’t have a need for it at the time. Ooops!…..now I wish I had paid better attention. What was it called ? I recall it had a name I had never heard before. Thanks, Keith
Tech Talk Answers: I was talking about NOD32 from www.eset.com.
Email fromMitch: Howdy Doc Shurtz, When I open iTunes and download your podcasts, the 2010 podcasts are titled with the proper month/day but 2009 instead of 2010. My files get confused. Is this a problem with my iTunes settings or something on your end or Apple? Thanks again for your and Jim’s great show. Mitch
Tech Talk Answers: That for noticing. I can’t believe we catch this error sooner.
Email from Youel: Hello Dr. Richard Shurtz. I listen to you guys every week and truly love the show. I learn quite a bit and enjoy the show all at the same time. About a year ago you where talking about the new on-line shopping website called Alibaba. The Alibaba vendor did not accept credit card transactions and only took wire transfers. I ordered a Nokia N-97 cell phone and sent the money. After 45 day I did receive a package from China but it was a orange kid’s jacket. Alibaba only suspended the account and did nothing to refund my money.
I also have a OOMA and my house and I been having problem with faxing ever since I bought it. I am not sure how you got it to work but for me, I spend days on the phone with them and trouble shoot the unit and still was unable to get to work. I paid for the full package, just like you about a year ago. The service is ok, for a free calling system. It is better than Majicjack that is for sure.
Keep up the great work and Looking forward on listening to every weekend. Thank You, Youel Sarkis
Tech Talk Answers: Thanks for the tip on Alibaba. I never wire money to a vendor. Normally vendors who have been suspended by PayPal and other pay sites require this type of payment. As for OOMA, I configured by fax line for faxing which takes care of incoming faxes. I use the prefix *99 + number for outgoing faxes. Faxing is bandwidth needy. You need a good Internet connection so no packets will be lost.
Email from Dennis: Email from Dennis: Hello Dr. Shurtz and Jim, What can you recommend for a program that can convert word documents to pdf ? Thanks, Dennis
Tech Talk Answers: Portable Document Format (PDF) is a file format developed by Adobe Corporation. It is used to easily transfer documents via the Internet. PDF files are protected from changes and retain the exact elements of a presentation thereby avoiding problems like missing fonts or broken layouts. PDF files can be viewed by using Adobe Acrobat Reader.
There are many applications that can be used to view and convert Word, Excel, and PowerPoint files to PDF like Adobe Acrobat, Open Office, and Word to PDF Converter V3.0 among others. There are also sites like www.doc2pdf.net and www.ExpressPDF.com that offer easy Word-to-PDF conversion without downloading any program. Upload the file you want to convert, and you can get it back in PDF format within minutes.
Profiles in IT: Christopher Isaac Stone
Biz" Stone is a co-founder and Creative Director of Twitter, Inc and also helped to create and launch Xanga, Blogger, Odeo, and Obvious.
Biz Stone was born March 10, 1974 in Boston, MA.
He graduated from Wellesley High School in Wellesley, Massachusetts.
In high school, he was entrepreneurial, founding a lacrosse team and stepping in to coordinate a senior play when the school decided not to have one.
He attended Northeastern University on a scholarship and majored in English studies but disliked the urban campus. He dropped out in less than a year.
Biz Stone then received Chancellor’s Scholarship for Excellence in The Arts, a full 4-year scholarship to University of Massachusetts in Boston,
He had a part-time job at Little Brown publishing. One summer, while carrying boxes at Little Brown, he assisted a supervisor who needed computer help with a Mac.
The supervisor, the art director, was working on book jacket design. While everyone was at lunch one day, Stone designed a cover and tucked it into a pile of outgoing designs without telling anyone.
In 1994, when his cover was selected, the supervisor made Stone a designer and he dropped out of college. When the design division moved to NYC and he quit.
In 1999, a childhood friend of Stone’s discussed a friend’s idea: starting a Web company called Xanga.com.
He and Marc Ginsburg launched it in 2000. It was like MySpace before MySpace.
In 2001, unhappy with the direction Xanga was taking, he quit and moved to LA to work in TV with another childhood friend, TV director Greg Yaitanes ("House").
When Yaitanes moved to Prague, Stone quit and wrote a book on blogging.
He considered returning to publishing but, instead, decided to move to Rockport working for Wellesley College’s alumni association.
In 2003, Google acquired a company called Blogger, founded by Evan Williams.
Although they’d been competitors, Williams invited Stone work on Blogger.
In November 2003, he joined Google as Senior Specialist. Assigned to product development, community outreach, and product marketing management.
In 2005, Williams left and Stone went with him to form Odeo, a podcast company.
He said he gave up his Google stock options because he wasn’t vested.
Twitter was a side project that turned out to be more interesting to them.
In 2007, Twitter Inc. was formed. Twitter’s prototype was written in about two weeks.
He has published two books about blogging, Blogging: Genius Strategies for Instant Web Content (New Riders, 2002) and Who Let The Blogs Out? (St Martins, 2004).
He was added to Time 100 Most Influential Person in 2009, named GQ Nerd of the Year, in 2009, and declared Entrepreneur of the Decade by Inc. Magazine
He’d met his future wife at Little Brown. They married in June 2007 in Mendocino.
Stone lives with his wife, Livia, in an 800-square-foot William Wurster cottage in Berkeley with scarcely any furniture. He has a Maggie, a rescue terrier; Pedro, a one-eyed Chihuahua; two cats; a turtle; and two opossums.
Twitter is not about the triumph of technology but the triumph of humanity, according to Stone.
Anatomy of BotNet Attack on Financial Institutions
Last month NetWitness, a Herndon, Va.-based IT security firm, uncovered a new hacking attack that successfully targeted 2,500 companies and government agencies, leaving large amounts of sensitive data susceptible to theft.
The attack was discovered by Alex Cox.
The attack was powered by Zeus, a botnet for hire, which we discussed last week.
The bots connect to a server to upload their information. Cox noticed that the registry information on several domains contained a single email address, firstname.lastname@example.org.
When he did cross reference those servers, he came up with another list of email addresses that are related and registered among those servers.
So it went from this one registration to a big net of unique IDs. The server locations were global, there were some in China, some in Eastern Europe, some in Panama, some in the U.S., so it shows a concerted, global criminal effort.
Cox has the IP addresses of institutions which were compromised and has notified them.
According to Cox, current security technologies, antivirus software and firewalls, aren’t working anymore. 10 years ago they worked pretty well, now the thieves have discovered that they can beat these security technologies. He advocates the use of deep packet inspection to monitor traffic within the network.
Egypt and Mexico were most heavily targeted, then Saudi Arabia, then Turkey, then the U.S. The reason for this distribution is that the sophistication of the computer networks and security technologies in some countries is not as high as in the U.S.
One of the things Zeus does is inject form elements into banking web pages. For example, I’ll go to a bank’s web site, log in and it will ask for my user name and password. The way that Zeus steals information is it will add a couple of form elements, so not only will you have a user name and password field, you’ll also have a credit card number and CCV code field.
So the customer should be aware that when they see form elements that they haven’t seen before, they should immediately call their bank.
Trojan armed with hardware-based anti-piracy control (Revisited)
The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what’s found in Microsoft Windows.
The newest version with bare-bones capabilities starts at $4,000 and additional features can fetch as much as $10,000.
The new feature is designed to prevent what Microsoft refers to as "casual copying" by ensuring that only one computer can run a licensed version of the program. After it is installed, users must obtain a key that’s good for just that one machine.
The hardware-based licensing system isn’t the only page Zeus creators have borrowed from Microsoft. They’ve also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.
For a mere $500 more, users can get a Zeus module that will allow them to received pilfered data in real time using the Jabber instant messaging client. A module that grabs data out of fields typed into Firefox fetches an extra $2,000, and a virtual network computing module that allows users to establish a fully functioning connection to an infected computer costs $10,000.
The VNC functionality fetches such a high price because it allows criminals to bypass some of the most advanced security measures, such a smartcards and other pieces of hardware that are used to authenticate high-value victims to a bank or other financial institution.
The latest version of Zeus is 188.8.131.52.
But the authors are already version 1.4, which is being beta tested.
It offers polymorphic encryption that allows the trojan to re-encrypt itself each time it infects a victim, giving each one a unique digital fingerprint.
As a result, anti-virus programs, which already struggle to recognize Zeus infections, have an even harder time detecting the menace.
Google Chrome OS Print Cloud
Google has explained how it intends to print from its Chrome OS.
It will send all your jobs across the net, through its servers, and back down to a PC elsewhere in the room.
The company has open sourced the code for its online print service, hoping to encourage other outfits to duplicate this contraption hat takes print jobs across the world and back again.
We would argue it would be easier to create a common protocol that lets any machine talk to any printer.
The Chrome OS puts all applications and data inside the browser, and Google has no intention of building and bundling print drivers.
Instead, the company is designing an online service dubbed – predictably – Google Cloud Print.
Rather than rely on the local operating system (or drivers) to print, apps can use Google Cloud Print to submit and manage print jobs.
Google Cloud Print will then be responsible for sending the print job to the appropriate printer with the particular options the user selected.
The service is meant for use not only with the web apps running on Chrome OS, but any breed of desktop or mobile app as well.
The ultimate idea is that things called "Cloud Aware Printers" will connect directly to this service. Under this model, the printer has no need for a PC connection.
Welcome to "What Is Reality?", the site which investigates the very deepest and most profound questions about the nature of physical reality.
According to Scientific American, the best online introduction to quantum theory.
Quantum Mechanics: An Introduction — Introducing the peculiar world of the quantum, where a particle is a wave, and a wave is a particle.
The Quantum Casino — At its most basic level, nature appears to be fundamentally random. Are we all players in a game of chance at the Quantum Casino?
Quantum Entanglement — Quantum states can become entangled in astonishing ways. Welcome to the strange world of "qubits", faster-than-light communication, and Einstein’s first definition of reality.
Quantum Decoherence — At last it would appear a solution has been found to the riddle of the apparent collapse of the wave function. Includes an interactive simulation of decoherence in an ensemble of particles.
Quantum Reality — A review of our study of quantum mechanics, the Copenhagen Interpretation, and the first indications of a deeper "veiled" reality.
It’s a Small World — Introducing the Standard Model of particle physics, and string theory.
The Cosmic Universe –How can we explain the origin of the universe? What happened before the "Big Bang"?
The Anthropic Principle–Some of the fundamental physical constants in the universe appear to have been fine-tuned, otherwise life could not exist. Are "multiverse" solutions the answer to this mystery?
The Arrow of Time — All fundamental physical processes appear to be time-reversible – so why don’t we see broken eggs mending themselves? And why can’t we remember the future?
The Mathematical Universe — The universe appears to have an uncanny connection with the world of mathematics. Why is this? And do mathematical structures have a reality all of their own?