All Shows

Show of 03-07-2020

Tech Talk

March 7, 2020

Email and Forum Questions

  • Email from Barbie in Reston: Dear Doc and Jim. I am an iPhone and rest of my family has Androids. I can never use their charging cable and I frequently forget mine. Is there any way that I can use a MicroUSB cable to charge my phone? Barbie in Reston
  • Tech Talk Responds: Apple has always taken great pride in making products that are well-built and just a little bit different from the competition, but their decision to use a lightning cable instead of the industry-standard microUSB is simply baffling. Fortunately, there is a simple way to charge all of your lightning compatible Apple devices using a standard wall or car charger. AmazonBasics MicroUSB to Lightning Adapter will let you plug virtually any charger that is equipped with a standard microUSB connector into your Apple device. This adaptor is currently $13.58 on Amazon. Don’t go to the Apple store, you pay at least twice as much.
  • Email from Andrea in Madson, WI: Dear Tech Talk. I just replaced my old desktop computer with a brand new Dell laptop with Windows 10. I like the new computer ok, but I’m having one problem that I hope you can help me solve. Whenever I’m typing something into Notepad, I have a hard time seeing the blinking cursor. Can I do anything to make the cursor bigger so that it will be easier to see? Andrea in Madison, WI
  • Tech Talk Responds: Luckily, Microsoft provides several tools in the “Ease of Access Center” for tweaking Windows to make it easier for those with less than perfect eyesight to use their computers. Follow the simple steps listed below to increase the thickness of the blinking cursor in Windows 10:
    • Click the Start button.
    • Click the Settings icon (it looks like a “gear” or “cog”).
    • Click Ease of Access.
    • Click the Cursor & pointer link in the left-hand column.
    • Find the section labeled “Make the cursor easier to see when typing” and drag the slider to the right until the cursor is large enough to see without struggling.
  • Now your cursor should be much easier to see.
  • Email from Tung in Cleveland, OH: Dear Doc and Jim. I use my Gmail accounts for all of my private communications. What will happen to your Gmail account when I pass away? I don’t want anyone to hack and cause mischief with my contacts. Tung in Cleveland, Ohio
  • Tech Talk Respond: After you pass away your Gmail account will go dormant, leaving it wide open for hackers. Should your dormant Gmail account be taken over by a hacker, the people you love and did business with could be placed in jeopardy.
  • Google has created a tool called the Inactive Account Manager. This tool makes it easy to tell Google how you wish for them to handle your Gmail account after you have passed on. Simply visit this page on the Google website and click the Start button to tell Google how you would like for them to handle your account when the time comes. At the very least you should instruct Google to delete your account after it has been inactive for the amount of time designated in the “Timeout Period” setting. That will take the account offline and make it unavailable to anyone who might wish to use it to create mischief and steal from (or otherwise harm) your contacts.
  • Although I spoke about using the Inactive Account Manager in connection with your Gmail account, its settings will actually affect your entire Google account. I recommend that you keep that fact in mind while you are deciding how you wish to use the tool. Link to this tool: https://myaccount.google.com/inactive?pli=1.
  • Email from Don in Baltimore: Dear Tech Talk. I have to combine multiple Word documents into a single master document. I don’t want to lose any of the formatting and I need to do this quickly. This is a big job involving nearly fifty documents. What is the best way to do this? Don in Baltimore
  • Tech Talk Responds: For most people, the quickest method for combining Word documents is to manually copy and paste them into one. A far easier method is to insert your documents as objects instead. To begin, open a new or existing Microsoft Word document. This is the “master” document where you will combine all of your Word documents into a single file.
    • From the ribbon bar, click the “Insert” tab.
    • Click the Insert tab in Microsoft Word
    • You’ll need to locate the “Object” button in the “Text” section. The icon may be large or small, depending on your screen resolution.
    • Press the downward-pointing arrow next to the “Object” button and then click the “Text from File” option in the drop-down menu that appears.
    • Click the arrow next to the Object button, then choose Insert from File
    • In the “Insert File” selection box, locate the first Word document you want to add to your open document.
    • Select the file and then click the “Insert” button to add it to your document.
    • Select your document, then press Insert to place it in your document
    • The contents of the selected Word document will be combined with your open document.
  • If it is a new document, the contents will appear from the beginning. If you’re merging Word files into an existing document, the contents of your inserted files will appear below any existing content. If you’re moving from a DOC to a DOCX file, you might lose formatting or other content, depending on how recently the file was edited in a modern version of Word.
  • Email from Wendy in Falls Church: Dear Tech Talk. How can I avoid installing junkware and unwanted add-ons when I download free software? These extras are annoying. Love the show. Wendy in Falls Church, VA
  • Tech Talk Responds: There is a problem with installing many free programs and apps: They tend to install a bunch of junkware along with them if you aren’t careful. Why do many freeware programs come bundled with extra junk? In a word, the answer is money. Free software doesn’t earn any money for either the company that wrote the software or the website that’s distributing it. Therefore, to stay in business and make a profit those companies have to earn their revenue some other way. There are various methods they use to make their money, but one very common method is by allowing a third-party software company to bundle their products to theirs in exchange for a fee. In fact, if you’ve ever installed Adobe Flash on your PC you’ve most likely installed an “optional” add-on program along with it!
  • Luckily, it’s usually pretty easy to avoid installing most add-on “junkware” programs when installing free software by always following two simple rules:
    • Always look for and uncheck any check boxes for add-on software that you see on any screen when you’re running a program’s installer.
    • These check boxes will usually be displayed on the first or second screen, but they will sometimes be buried several screens deep in the installation process. Make sure you scour EVERY screen for these check boxes and uncheck any that you find.
    • The really sneaky installers will sometimes hide the opt-out check boxes for add-on software somewhere on the “Terms and Conditions” screen so you’ll need to carefully read that info as well (something you really should be doing anyway).
  • These custom or advanced installation screens will often let you choose to install the program on a different drive than the usual C: drive. This can be a big help if your PC has a small SSD or hard drive as the boot drive and a larger secondary drive for storing your data and the programs you don’t use very often.
  • But there’s a very easy way to ensure that you NEVER install any add-ons or junkware whatsoever! All you have to do is simply download all of your free software from OlderGeeks.com!
  • OlderGeeks doesn’t allow bundled add-ons to be attached their download files. And you won’t have to worry about downloading malware along with their freeware either.

Profiles in IT: Judith R. Faulkner

  • Judith R. Faulkner is a mathematician and software developer, best known for founding Epic Systems, a healthcare software company located in Wisconsin.
  • Faulkner was born in August 1943 in Cherry Hill, New Jersey.
  • Her parents inspired her early interest in health care. Her father was a pharmacist and her mother was the director of Oregon Physicians for Social Responsibility.
  • In 1961, she graduated from Moorestown Friends School in Cherry Hill, NJ.
  • She received a bachelor’s degree in mathematics from Dickinson College and a master’s degree in computer science from the University of Wisconsin–Madison.
  • John Greist needed a graduate student to make a call schedule for the hospital and called on Faulkner. She stayed up all night several nights in a week to finish it.
  • Faulkner later developed a computer program called Patient Information, Storage and Retrieval, or PISAR. She, along with Greist, decided to form a company around it.
  • In 1979, Faulkner co-founded Human Services Computing, with Dr. John Greist.
  • Human Services Computing, which later became Epic Systems, began in a basement at 2020 University Avenue in Madison, WI.
  • The company was started with a $70,000 investment from friends and family.
  • She never raised money from venture or private equity investors, will not go public.
  • Epic was originally written as a database management system. Faulkner wrote the original code which put the patient at the center. She developed a clinical system at a time when the health care world had much only billing and lab systems available.
  • She wrote the original code in MUMPS (Massachusetts General Hospital Utility Multi-Programming System), which was created in the late 1960s.
  • She put in many APIs so than customers can easily customize their systems.
  • She gives the source code to customers so they can use these APIs to add features.
  • Epic’s genius has been not just devising a digitized system for patient records but a far broader integrated system of health-care management. Epic’s suite of programs mesh scores of other operations – admission, discharge, pharmacy, specialty care, billing, insurance benefits, referrals and more – in a common database.
  • Judy is introverted, not atypical of math majors. She does not like being in the public eye and rarely grants interviews. She likes going around with people not knowing her.
  • Epic Systems now holds the medical records of over 200 million people. Faulkner and her family currently own 43% of Epic Systems.
  • Originally headquartered in Madison, Wisconsin, Epic moved its headquarters to a suburb of Verona, Wisconsin in 2005, where it employs 10,000 people as of 2019.
  • In 2017, Epic generated $1.2 billion in revenues, which is double the 2014 revenue. It won’t disclose earnings, but says it’s profitable and has no debt.
  • Forbes 2018 list of the world’s billionaires she was ranked #652 and the third wealthiest self-made woman, with a net worth of US$3.8 billion.

Tip of the Week: Magnetizing Your Screwdriver

  • If you have ever worked on a laptop computer you know how tiny some of the screws can be, and working with those tiny screws is often frustrating at best.
  • But the job is a LOT easier if your screwdriver is magnetized.
  • There are several ways to magnetize a screwdriver (or most any metal tool for that matter), but the easiest and safest method is to rub a powerful magnet along the shank of the screwdriver a few times, starting at the handle end.
  • By the way, you can easily magnetize other types of tools as well. In fact, pretty much any metal tool that isn’t either copper or aluminum can be magnetized!

FBI: Over $140 million handed over to ransomware attackers

  • By analyzing bitcoin wallets and ransom notes, the FBI has determined that cybercrime victims paid over $140m to ransomware operators over the past six years.
  • FBI Special Agent Joel DeCapua presented explained how he was able to use bitcoin wallets and ransom notes collected by the FBI, shared by private partners or found on VirusTotal to figure out how much victims paid in ransom payments.
  • According to DeCapua, between October 2013 and November 2019, approximately $144,350,000 was paid in bitcoins to ransomware actors.
  • This figure does not include operation costs related to these attacks but just the ransom payments that were made.
  • FBI warns that hackers are targeting software supply chain providers
  • When it came to the most profitable ransomware families, Ryuk brought in the most money for ransomware operators at $61.26m followed by Crysis/Dharma at $24.48m and Bitpaymer at $8.04m.
  • DeCapua revealed that the Windows Remote Desktop Protocol (RDP) is the most common method that ransomware attackers are able to gain access to a network before deploying ransomware.
  • In fact, RDP accounts for 70-80 percent of network breaches which is why he recommends that organizations use Network Level Authentication (NLA) for additional protection.
  • With NLA, clients are required to authenticate themselves with the network before they can actually connect to the remote desktop server.
  • This provides increased security against preauthentication exploits though, DeCapua also suggested that unique and complex passwords should be used for RDP accounts.
  • Additionally, DeCapua suggests that businesses and individuals be careful of phishing attacks, install software and operating system updates, use complex passwords, monitor their networks and have a contingency plan with backups to prevent falling victim to a ransomware attack.

Memory Lane: 40th Anniversary of IEEE 802 Group.

  • Our life is surrounded by internet services and it is hard to imagine not being connected to the web one way or another.
  • It is also worth thinking about technologies such as Wi-Fi and Ethernet, which are responsible for sending messages to our friends around the world in a split second.
  • These standards are defined by an organization known as the IEEE (Institute of Electrical and Electronics Engineers) 802 group.
  • It was formed 40 years ago in February 1980 to standardize network protocols and provide device makers a clear path to create peripherals that are compatible with each other across the industry.
  • Before 802 existed, in the 1970s, equipment suppliers began to manufacture networking hardware to connect computers more widely.
  • However, a lot of these networking standards were proprietary, which meant that it was hard to connect systems that weren’t using the same gear.
  • So, executives from different companies thought it would be beneficial for the industry to standardize certain protocols and have more devices play well together.
  • Initial discussions took place in 1979, and then the first formal meeting was held in February 1980. The next month, a project request submitted to IEEE was approved, and the group was off and running.
  • In the 90s, the folks at 802 started to explore the possibility of creating wireless connection standards under the 802.4 token bus group. This group was looking into standards for a kind of network that used a ring formation of computers (which acted as nodes) for use in manufacturing facilities.
  • However, it was quickly spun off into 802.11 — a standard known today as Wi-Fi.
  • In 1997, the group released the first standard, but in 1999, it released the popular 802.11a and 802.11b standards, which powered the first wave of commercial wireless products.
  • After a proposal is submitted, the 802 group’s working committee studies it and votes on it. If it gets the approval of more than 75% members, it’s either incorporated as a project under one of the existing groups, or spun off into a new working group.
  • IEEE 802 also works with commercial bodies maintaining and marketing certain standards: 802.11 group works with Wi-Fi.org and 802.3 works with the Ethernet Alliance. Both Wi-Fi.org and the Ethernet Alliance work to market the standard and help the peripheral makers certify products under related standards.
  • Hardware makers have a keen interest in shaping the protocols in their favor to sell more software or hardware products. So, it’s important for IEEE to ensure that no organization influences these decisions.
  • The 802 group makes sure that no one company takes control over the voting of a protocol. If the committee finds a company using a position of power, it reduces the voting power of people representing that firm:

DuckDuckGo Tracker Radar Exposes Hidden Tracking

  • DuckDuckGo Tracker Radar is a best-in-class data set about trackers that is automatically generated and maintained through continuous crawling and analysis.
  • This data set is now publicly available to use for research and for generating tracker block lists. And, the code behind it is now open source.
  • This database is used in the DuckDuckGo Privacy Browser mobile apps and DuckDuckGo Privacy Essentials desktop browser extensions.
  • Using the Internet these days feels like being haunted by the ghosts of browsing past.
  • Creepy ads are powered by hidden trackers, lurking behind most websites. Moreover, unfortunately, your shopping habits are just the tip of the iceberg of what they know and can exploit.
  • In addition to shopping history, trackers can pick up your location history, search history, browsing history and more, and from those infer your age, ethnicity, gender, interests, and habits. Companies collate this personal data into a detailed profile, continually auctioning you off to the highest bidders.
  • One of the best things you can do to protect yourself is to use a quality tracker blocker.
  • DuckDuckGo Privacy Browser mobile apps (for iOS/Android) and DuckDuckGo Privacy Essentials desktop browser extensions (for Chrome/Firefox/Safari contain what call the “privacy essentials” — tracker blocking, private search, and upgraded website encryption.
  • The Tracker Radar database contains the most common cross-site trackers and includes detailed information about their tracking behavior, including prevalence, ownership, fingerprinting behavior, cookie behavior, privacy policy, rules for specific resources (with exceptions for site breakage), and performance data.
  • Developers can use it to make their own custom tracker block lists. Researchers can use it to research the tracking universe.

West Virginia Will Not Use Smart Phone Voting App

  • Residents with disabilities in West Virginia won’t be voting with their smartphones in the state’s primary in May.
  • Instead, they’ll be able to use a system that prints out their completed ballot, which they can then mail in.
  • Friday afternoon, West Virginia Secretary of State Mac Warner announced that disabled and overseas voters will be able to use a service by Democracy Live, which lets users log in to fill out a ballot online or print one and mail it in.
  • The state will not use Voatz, a smartphone app that aimed to boost turnout by letting people vote from their phones but that has been heavily criticized by cybersecurity experts.
  • A handful of counties across the U.S. have offered Voatz to overseas and military voters in federal elections, as the city of Denver did in its 2019 mayoral election.
  • A Massachusetts Institute of Technology audit that presented evidence of multiple flaws in Voatz.
  • Voatz has commissioned several independent security audits, but has issued only their own company summaries of some, and not the audits themselves.

Backdoor Malware Spread through Fake Security Certificate Alerts

  • Backdoor and Trojan malware are being distributed through a phishing technique that attempts to lure victims into accepting an “update” to website security certificates.
  • Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server.
  • On Thursday, cybersecurity researchers from Kaspersky reported that the new technique has been spotted on a variety of websites.
  • The earliest infections date back to January 16, 2020.
  • Visitors to a domain compromised by the campaign are met with the following screen:
    • The alert claims the website’s security certificate is out of date, but rather than this being the domain owner’s problem, victims are urged to install a “security certificate update” to proceed.
  • The jquery.js script overlays an iframe that is exactly the same size as the page. As a result, instead of the original page, the user sees a seemingly genuine banner urgently prompting to install a certificate update.
  • If the victim chooses to click the update button, the download of a file, Certificate_Update_v02.2020.exe, is initiated.
  • When unpacked and installed, the executable will deliver one of two malware variants to the victim, either Mokes or Buerak.
  • Mokes is a macOS/Windows backdoor, deemed “sophisticated” by the cybersecurity firm, which is able to execute code, take screenshots, steal PC information including files, audio, and video captures; install a backdoor for persistence, and use AES-256 encryption to disguise its activities.
  • Buerak is a Windows-based Trojan able to execute code, tamper with running processes, steal content, maintain persistence through registry keys, and detect various analysis and sandboxing techniques.