Email and Forum Questions Profiles in IT: Bailey Whitfield Diffie Lost Cell Phone Actions Google Instant sinks raft of search controls Avoid Phishing Sites 'Here You Have' Worm on the Loose Be careful what you tweet Able to unplug from work while you’re on vacation?
Email from Mike: Hey Guys! Caught your last broadcast covering Net Neutrality & iPhone forensics to name a few & wanted to add my 2¢.
Net Neutrality — I completely agree with the tenants of Net Neutrality which essential equate to the non-discrimination/ubiquitous treatment of web content on all platforms (such as landlines & mobile devices). Internet service providers already have a clear method for regulating/metering access through bandwidth & incremental bandwidth limits at various price points without penalizing specific services. The effort by the last mile telecom providers to permit selective content filtering and quality in terms of speed or access at all is purely a yield management play on the telecom’s parts to increase their revenues similar to how airlines price seats at different price points to maximize their revenues. Don’t be fooled by a need to allow these new practices as an attempt to salvage bandwidth – but as a ways to profit from these desired changes which would adversely affect all but the largest content providers.
iPhone Inner Workings — All very interesting on the information saved by iPhones in their day-to-day workings. I believe that these byproducts of functionality are probably more driven by enabling the iPhone to operate and load programs faster and enable better crash recovery then doing so purely for the purposes of providing law enforcement evidence to utilize in solving crimes.
Could you please comment if you are aware of any federal/state laws requiring phone producers to include certain forensics features in phones or other technology platforms? Thanks & always enjoy your show! Mike
Tech Talk Responds: No laws require phone produces to include forensics features in their phones.
Email from Nikita: Hello Dr. Richard Shurtz, I want to be sure I have the exact text from a comment you gave to an email that was helpful and a bit lengthy. What is the best source for this? What is the difference between your website text posts and subscribing to the Podcasts? About when do the website text posts get posted, after a show airs??? Thank You!! Another fan in Bethesda. Nikita
Tech Talk Responds: Go to Tech Talk Online and use the drop down menu to go to a particular show date. I have all of the shows note posted each week. You can also click on the audio link and listen to the show directly at that time. The podcast simply distributes the audio files to subscribers. It also has a brief summary of the show…not the detailed show notes.
Email from Lauren: Dear Dr. Richard Shurtz, You have no idea how thankful I am for your great reply about this issue. I spent Hours trying to resolve this ‘Off Hook’ issue with my HP G85 All In One fax/copy printer. I spoke to HP about it and they didn’t help. I also went to DSL Reports and got a lot of feedback from my post, but, no one nailed it.
First off, I have FiOS so the bandwidth is not an issue. All the speed tests I’ve ever ran show good results.
I live in a Single Family Home in Bethesda, built in 1951 with many of phone jacks installed and the basement. Vonage arranged for a tech to come from a company called Zip Installation to get a dial tone in my basement. This was a fiasco.
First did get into my phone wiring box on the side of the house and ‘rearranged’ some of the wiring. A second guy came out and could not fix it. After attempted rewiring job, the fax never worked again. Now that you’ve identified the ‘Off Hook’ message on my HP printer/fax display as a wiring issue, I know it is what these Zip Installation guys did with my phone wiring–they have disabled something that use to work!!
Do you have a suggestion about what now is needed to get this working, as I do believe it IS a wiring issue and not a VoIP issue. Thanks, Lauren
Tech Talk Responds: You need a phone installer who has the equipment to trace wires. This should be a simple fix one you identify the correct wire and connect to the phone system in the house. All circuits in the house are connected in parallel. You need a low voltage wiring contractor with a pair tracing kit…or you can buy your own kit for around $75.
Profiles in IT: Bailey Whitfield Diffie
Bailey Whitfield ‘Whit’ Diffie is a US cryptographer and one of the pioneers of public-key cryptography.
Whitfield Diffie was born June 5, 1944 in New York City.
Later that year his teacher at P.S. 178, Mary Collins spent an afternoon explaining something that would stick with him for a very long time: the basics of cryptography.
Diffie found cryptography a delightfully conspiratorial means of expression
In high school he was an unruly studentOnce a calculus teacher, fed up with his noise-making, remarked, "One day you’ll be roasting marshmallows in here!" and the next class Diffie brought Sterno to toast the marshmallows.
He received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965.
Diffie had exotic animal collection included a nine-foot python, a skunk, and a rare genetta genetta, and a mongooselike.
To avoid the draft, Diffie accepted a job at the Mitre Corporation, which, as a defense contractor. Diffie’s team worked in Marvin Minsky MIT artificial intelligence lab.
In 1969, Diffie left Mitre and went to work the Stanford Artificial Intelligence Lab.
The government, under the aegis of the Defense Department’s Advanced Research Projects Agency (ARPA), had recently begun a program to link major research institutions. They needed to find a way to send encrypted packets.
0ne day in 1975, Whitfield Diffie greeted his wife at the door with the words "I think I’ve made a great discovery."
Diffie, a brilliant had spent the past few years wandering around the country in a beat-up Datsun 510 thinking about cryptography, the study of codes and ciphers.
His discovery was a revolutionary technique called public key encryption…. Some would say, the most revolutionary concept in encryption since the Renaissance.
Diffie and Martin Hellman’s paper New Directions in Cryptography was published in 1976. It introduced a radically new method of distributing cryptographic keys, that solved one of the fundamental problems of cryptography, key distribution.
It has become known as Diffie–Hellman key exchange. This is used for SSL, VPN, IPSec, and most encrypted communication.
Diffie was Manager of Secure Systems Research for Northern Telecom, where he played a key role in the design of Northern’s first packet security product for X.25 networks.
In 1991 he joined Sun Microsystems Laboratories (in Menlo Park, California) as a Distinguished Engineer, working primarily on public policy aspects of cryptography.
In 1992 he was awarded a Doctorate in Technical Sciences by the ETH Zurich.
Diffie remained with Sun, serving as its Chief Security Officer and as a Vice President until November 2009. He is also a Sun Fellow.
He is also a fellow of the Marconi Foundation and visiting fellow of the Isaac Newton Institute. He has received various awards from other organizations.
Diffie and Susan Landau’s book Privacy on the Line was published in 1998 on the politics of wiretapping and encryption..
In May 2010, Diffie joined the Internet Corporation for Assigned Names and Numbers (ICANN) as Vice President for Information Security and Cryptography.
Lost Cell Phone Actions
Last week my Blackberry cell phone was stolen.
I was forced to take the following actions.
Since I had installed tracking and wiping software on my Blackberry Storm prior to it being stolen, I triggered the remote wipe feature to remove all personal and password data.
I immediately changed all compromised passwords (Email, Facebook, Skype, etc.)
After waiting two hours so the data could be wiped, I requested the Verizon disable the phone number and put the phone on the stolen list in case they to reactivate it.
The phone was insured by Asurion. I called the insurance company. They had a replacement cell phone in the mail within two hours.
I received my cell phone the next day.
Everything worked perfectly until I tried to restore the cell phone data from my Blackberry desktop manager. The backup failed. Now I have to put in all of my contact by hand! Lesson learned here.
Google Instant sinks raft of search controls
Google Instant is a significant improvement to search and required a number of minor changes on the homepage and results page," a company spokesman tells us. "Overall, we think people will really enjoy the new experience."
Most notably, with Google Instant, you can no longer change the number of results that appear on a page. The number of results is always set to ten.
No doubt, this is an effort to maintain the speed of the new service – and keep it from overloading the Google’s back-end.
If you turn off Google Instant, however, you can once again customize the number of results per page.
Second, you can no longer disable Google Suggest – the tool that suggests other searches based on what you type. Google Instant dovetails with Google Suggest, but even if you turn off Instant, you can’t turn off Suggest.
Incidentally, Google has also capped the number of Google Suggest suggestions at five. In the past, you may have seen more. The Google Operating System blog also said that Suggest was no longer proposing results based on your search history, and though this is currently true, Google says it will soon be changed.
What’s more, when serving result pages, Google has removed the search box that used to appear at the bottom of the page. To change a query, you have to scroll back to the top of the page.
Avoid Phishing Sites
During a three-month study of its global malware database, Panda Security found on average 57,000 new Web sites created each week with the aim of exploiting a brand name in order to steal information that can be used to drain peoples’ bank accounts.
About 80 percent of those were phishing sites designed to trick people into entering their login credentials or other information on what they believed to be a legitimate bank or other Web site.
The remainder were URLs associated with command-and-control servers used in Western Union-related e-mail phishing attacks that trick people into opening an attachment that downloads a Windows-based data-stealing Trojan.
The study found that 375 high-profile brand names were being used for the fraud, with eBay (23 percent) and Western Union (21 percent) together comprising 44 percent of all the malicious Web sites discovered.
Rounding out the top 10 list of exploited brands were: Visa, United Services Automobile Association, HSBC, Amazon, Bank of America, PayPal, Internal Revenue Service, and Bendigo Bank (Australia).
For the phishers, banks were obviously the most popular choice to mimic, at 65 percent of the total, followed by online stores and auction sites, investment funds and stockbrokers, government organizations and payment platforms.
How the attacks work
Typically, phishing attacks arrive in an e-mail message that looks like it comes from a popular bank or other institution. The link directs to a fake site where the user is prompted to provide information like login credentials.
It might sound like a lot of work creating all the new fake Web sites, but actually it can be done fairly quickly by copying the source code of the Web site they want to fake.
And there are toolkits to help do this.
And there is a phishing attack targeting Bank of America customers that downloads malware on the victim’s computer that adds additional fields to the bank login page asking for debit or credit card number and PIN and sends that information back to the criminals, he said.
Unlike the Trojan attack, which targets Windows users, most phishing attacks designed to trick a user into revealing information affect all computer users regardless of what operating system they are using.
‘Here You Have’ Worm on the Loose
The "Here you have" worm that clogged e-mail systems on Thursday briefly caused one of the worst spam outbreaks of 2010, according to Cisco Systems.
For a few hours — between 17:45 and 20:30 GMT — the worm accounted for between 6 percent and 14 percent of all spam measured by Cisco’s IronPort group.
It was the biggest spam outbreak since scammers pounced on the iPad launch back in March to try to trick people into visiting malicious websites.
Google, NASA, Wells Fargo, Comcast, ABC/Disney, Coca-Cola and the Florida Department of Transportation are among the many organizations whose services reportedly have been disrupted by the "Here you have" worm.
A worm dubbed "Here you have" — the subject line of the email it hides in — is spreading wildly across the Internet.
The attack comes in the form of a link purporting to take the reader to a PDF file, but instead leads to an executable that tries to send copies of the worm to people listed in the victim’s email address book.
Several variants of the worm are out on the Web, according to McAfee.
While the email attack has been crippled, infected hosts continue to spread the worm.
About the ‘Here you Have’ Worm
The "Here you Have" worm consists of an infected link sent in an email with the subject line that gave it its name.
The body contains this message: "This is the document I told you about, you can find it here" followed by what looks like a link to a PDF.
The message asks the reader to check the link and "reply as soon as possible."
Alternatively, the message reads: "This is the free download sex movies, you can find it here" followed by a link purportedly leading to a Windows Media Video file with the .wmv extension. "Enjoy your time," the message concludes.
In both cases, the URL leads to an executable in disguise served from a different domain. This URL is no longer active.
Users who click on the link will be prompted to download or execute the worm, which then installs itself in the Windows directory as CSRSS.EXE.
The worm will then try to email the tainted message to everyone listed in the victim’s email address book. It can also spread through accessible remote machines, mapped drives on a network, and removable media, through the "Autorun" replication feature.
The worm tries to stop and delete various security services, including Web and mail scanners. t also tries to download several files.
Who created the worm?
The worm may be linked to a cyber jihad organization called Tariq ibn Ziyad, according to security vendor SecureWorks.
Much of the worm’s code is identical to an earlier piece of malware that was released last month, and both worms refer to a Libyan hacker who uses the name Iraq Resistance, who has been trying to form a hacking group called Brigades of Tariq ibn Ziyad.
The goal of Tariq ibn Ziyad is to penetrate U.S. agencies belonging to the U.S. Army.
Be careful what you tweet
Nothing said online is really private, says Bill Thompson
Online tools and services such as Twitter and Facebook create a social space that encourages informality, rapid responses and the sort of conversation that typically takes place between friends in contexts that are either private or public-private, like the street, pub or cafe.
Unfortunately, online interaction has other characteristics which are very different from those of a casual conversation in a cafe.
Not least the fact that many services make comments visible to large numbers of people and search engines ensure that a permanent record is kept of every inane observation, spiteful aside or potentially libelous comment on a respected public figure.
Tweeting in haste may leave you to repent at leisure”
Able to unplug from work while you’re on vacation?
An Expedia.com survey from earlier this summer found that nearly a third of workers — up from about 25 percent the previous year — admitted to checking their work e-mail or voicemail while sitting by the pool, hiking in the hills, or otherwise trying to take some time off.
The rise in connected vacationers could explain another worrying statistic from last month’s Expedia survey: the 55 percent of workers who say they’re not "feeling rejuvenated" after they come back from their vacations.
I am in the third who check email when on vacation….using a Blackberry.
Do you check your work e-mail while you’re on vacation? How about your office voicemail?