POI: August 2007

Sunday, August 26, 2007

Show #44 - 08.26.2007

[Download Show #44 as MP3]

News

Hotmail Increases Default Storage to 5Gb (2x Gmail)
Teen Girls Play with Technology at IBM Tech Camp

IBM held a Tech Cap last weekend where junior high girls got to learn about technology
This is an outreach that IBM has been doing for the last few years in hope to get girls interested in technical jobs
They got to play with Liquid Nitrogen, Second Life, and other new technologies
There is also a mentoring program which many of the "counselors" (IBM employees) participate in, to keep in touch with the students throughout the year
This is a great idea to get more young women interested in careers in technology

Artificial Life Likely in 3-5 YEars?
SourceFire Buys ClamAV

SourceFire bought the most popular open source anti-virus utility currently available
ClamAV is the backend to several open source anti-virus programs including ClamWin (a person favorite of Derek and myself)
SourceFire plans on offering ClamAV products and support by the fourth quarter of 2007 and
Has plans to add ClamAV based products as part of the companies Enterprise Threat Management portfolio in late 2008.

History of Bluetooth

Harald Bluetooth was King of Denmark between 940 and 985 AD (45 years)
Harald's sister, after loosing her husband to battle, asked Harald to secure control of Denmark
Harald took this opportunity to sieze control himself.
By 960 he was in the height of his power ruling over both Denmark and Norway
Harald was killed in battle in 985 AD
While he may have no longer ruled the two countries, he had united them.
Today Bluetooth is named after him and it will unite the worlds of computers and telecommunications
Wikipedia: Bluetooth was named after a late tenth century king, Harald Bluetooth King of Denmark and Norway. He is known for his unification of previously warring tribes from Denmark (including now Swedish Scania, where the Bluetooth technology was invented), and Norway. Bluetooth likewise was intended to unify different technologies, such as computers and mobile phones.

The name may have been inspired less by the historical Harald than the loose interpretation of him in The Long Ships by Frans Gunnar Bengtsson, a Swedish Viking-inspired novel.

The Bluetooth logo merges the Nordic runes analogous to the modern Latin H and B: hagall and bjarkan from the Younger Futhark runes forming a bind rune.
In 1994 Ericsson Mobile Communications initiated a study to investiage the feasibility of a low-power low-cost radio interface between mobile phones and their accessories.
In February of 1998 Ericsson, Nokia, IBM, Toshiba, and Intel formed a Special Interest Group (SIG) that now had two market leaders from mobile telephony and laptop computing as well as one from the digital signal processing industry.
Bluetooth has exploded and is a built-in technology in hundreds of millions of cell phones, cars, computers, gaming consoles like the PS3, and there are more devices to come.

What can you use Bluetooth for?

Mobile phone ear piece
Car hands-free speakerphone
Mobile-to-mobile file transfer
Computer-to-computer file transfer
Mobile-to-computer file transfer
Controllers
Connecting Devices

Computers / Laptops

Personal Area Networks

Print using Bluetooth
Connect to the internet via bluetooth
Sync data between devices

Connect Computer Peripherials

Bluetooh Mouse
Bluetooth Keyboards

Cell Phones

Headsets

Motorola
Plantoronix
Sony Erricson

Jabra

Hands-free

Licoln
Audi
Lexus
Mercedes

Gaming Systems

Playstation 3

Bluetooth Printers
Video/Photo Cameras
Remote Controls
Game Controllers

Penny Pinchers

Security & Privacy

2003:
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security may lead to disclosure of personal data.^[18] It should be noted, however, that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds, showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.^[19]

2004:
In April 2004, security consultant firm @stake (now Symantec) revealed a security flaw that makes it possible to crack conversations on Bluetooth based wireless headsets by reverse engineering the PIN.^{[citation needed]}

This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared on the Symbian OS.^[20] The virus was first described by Kaspersky Lab and requires users to confirm the installation of unknown software before it can propagate.

The virus was written as a proof-of-concept by a group of virus writers known as 29A and sent to anti-virus groups. Thus, it should be regarded as a potential (but not real) security threat to Bluetooth or Symbian OS since the virus has never spread in the wild.

In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that the range of Class 2 Bluetooth radios could be extended to 1.78 km (1.08 mile) with directional antennas.^[21] This poses a potential security threat because it enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation. However, such experiments do not work with signal amplifiers. The attacker must also be able to receive information from the victim to set up a connection. No attack can be made against a Bluetooth device unless the attacker knows its Bluetooth address and which channels to transmit on.

2005:
In April 2005, Cambridge University security researchers published results of their actual implementation of passive attacks against the PIN-based pairing between commercial Bluetooth devices, confirming the attacks to be practicably fast and the Bluetooth symmetric key establishment method to be vulnerable. To rectify this vulnerability, they carried out an implementation which showed that stronger, asymmetric key establishment is feasible for certain classes of devices, such as handphones.^[22]

In June 2005, Yaniv Shaked and Avishai Wool published the paper "Cracking the Bluetooth PIN1," which shows both passive and active methods for obtaining the PIN for a Bluetooth link. The passive attack allows a suitably equipped attacker to eavesdrop on communications and spoof if they were present at the time of initial pairing. The active method makes use of a specially constructed message that must be inserted at a specific point in the protocol, to make the master and slave repeat the pairing process. After that, the first method can be used to crack the PIN. This attack's major weakness is that it requires the user of the devices under attack to re-enter the PIN during the attack when the device prompts them to. Also, this active attack probably requires custom hardware, since most commercially available Bluetooth devices are not capable of the timing necessary.^[23]

In August 2005, police in Cambridgeshire, England, issued warnings about thieves using Bluetooth-enabled phones to track other devices left in cars. Police are advising users to ensure that any mobile networking connections are de-activated if laptops and other devices are left in this way.^[24]

2006:
In April 2006, researchers from Secure Network and F-Secure published a report that warns of the large number of devices left in a visible state, and issued statistics on the spread of various Bluetooth services and the ease of spread of an eventual Bluetooth worm.^[25]

In October 2006, at the Luxemburgish Hack.lu Security Conference, Kevin Finistere and Thierry Zoller demonstrated and released a remote root shell over Bluetooth on Mac OSX 10.3.9 and 10.4. They also demonstrated the first Bluetooth PIN and Linkkeys cracker, which is based on the research of Wool and Shaked.

Bluejacking:
Bluejacking allows phone users to send business cards anonymously using Bluetooth wireless technology. Bluejacking does NOT involve the removal or alteration of any data from the device. These business cards often have a clever or flirtatious message rather than the typical name and phone number. Bluejackers often look for the receiving phone to ping or the user to react. They then send another, more personal message to that device. Once again, in order to carry out a bluejacking, the sending and receiving devices must be within range of each other, which is typically 10 meters for most mobile devices. Phone owners who receive bluejack messages should refuse to add the contacts to their address book. Devices that are set in non-discoverable mode are not susceptible to bluejacking.

Bluebugging:
Bluebugging allows skilled individuals to access the mobile phone commands using Bluetooth wireless technology without notifying or alerting the phone’s user. This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. As with all the attacks, without specialized equipment, the hacker must be within range of the phone, typically 10 meters. This is a separate vulnerability from bluesnarfing and does not affect all of the same phones as bluesnarfing.

Health Concerns
Bluetooth uses the microwave radio frequency spectrum in the 2.4 GHz to 2.4835 GHz range. Maximum power output from a Bluetooth radio is 1 mW, 2.5 mW, and 100 mW for Class 3, Class 2, and Class 1 devices respectively, which puts Class 1 at roughly the same level as cell phones, and the other two classes much lower.^[26] Accordingly, Class 2 and Class 3 Bluetooth devices are considered less of a potential hazard than cell phones, and Class 1 may be comparable to that of cell phones, for which health risks are well known.

Emerging Bluetooth Technology

Home Control Systems
Eventually Replace All Cables?

The next version of Bluetooth after v2.1, code-named Seattle, that will be called Bluetooth 3.0, has many of the same features, but is most notable for plans to adopt ultra-wideband (UWB) radio technology. This will allow Bluetooth use over UWB radio, enabling very fast data transfers of up to 480 Mbit/s, while building on the very low-power idle modes of Bluetooth.

On June 12, 2007, Nokia and Bluetooth SIG announced that Wibree will be a part of the Bluetooth specification as an ultra low power Bluetooth technology^[15]. Expected user cases include watches displaying Caller ID information, sports sensors monitoring your heart rate during exercise, as well as medical devices. The Medical Devices Working Group is also creating a medical devices profile and associated protocols to enable this market.

The main contributor to the development of the Wibree standard is the Norwegian company Nordic Semiconductor. ^[16]

Sunday, August 19, 2007

Show #43 - 08.19.2001

[Download Show #43 as MP3]

News

75% of People Downloading Firefox Do NOT Become Long Time Users

Basic reasoning suggest that IE7 is doing well and doesn't suffer from the same problems as IE6 did
IE suffered fewer problems in 2006 than Firefox (according to IBM)
The article goes on to say that the Mozilla guys need a better marketing strategy for their browser
Mozilla is making strides in improving their retention rates

Judge Rules that Novell Owns the Rights to Unix, NOT SCO

Brief Recap: The company SCO sued IBM stating that IBM had released pieces of code from SCO's Unix into Linux. IBM allowed SCO to take them to court knowing that SCO did not really have a case. Novell eventually came out and said, "we retained the rights to UNIX" and sued SCO. A judge put the SCO/IBM case on hold because the SCO/Novell case would determine how much validity there were to SCO's claims against IBM.
Around a week ago, a judge ruled in favor of Novell, stating that Novell retained the copyrights in a license agreement made with SCO
This is big news on the Linux front in a case that has been going on for near 4 years now

Official Vista "Performance" & "Compatibility" Packs Released

Updates to poor memory management performance
Hibernate/Sleep now works
Printer spooling bug fixed
These were rolled out via Windows updates this past Tuesday so make sure you run your Windows Updates.

Software / Hardware / Power Web Picks

WiMax

We talked about WiMax a little last week, so as a follow up,
Sprint/Nextel Announces 4G Wireless Broadband Initiative
What is WiMax? A quick recap:
Doing this, gives Sprint a HUGE lead in 4G (4th Generation) wireless data speeds
If they can roll this out without the hiccups their 3G launch had, they will be ahead of the game for at least a year.

Wireless Hotspots

What is a Wireless Hotspot
Some Typical Hotspots
Hotspot Finder (Hotspotr)

Wireless Routers

What is a Wireless Router
Who Makes Them

Netgear

Price Ranges $40-$150

Linksys

Price Ranges $50-$180

Others

Why Such a Large Price Range

Features, Some have "Hi-Speed" options, some have VPN services that allow you to connect to your home PC securely. Some even have hard drives and bittorrenting software built into the device. Point is, you can probably find a device to handle whatever your needs might be.

Security & Privacy

Keep your Data Private on Public WiFi Hotspots

When on a public network, someone can packet sniff your data. That means that they can sniff the actual data going to through the "pipes" and read your email, IMs, or even see what websites you are visiting. We are going to quickly look at some methods to secure your data when using a public wireless network.

The Onion Router

Securing Your Wireless Router

Turn off SSID Broadcast
Use Encryption (WEP or WPA

WEP
WPA
Which is "better"?

Limit Access by MAC Address

Sunday, August 12, 2007

Show #42 - 08.12.2001

[Download Show #42 as MP3]

News

Rockstar Announces Future GTA IV Sequal Projects Exclusive to PS3

While neither Sony or Rockstar have officially announced this, Michael and I felt it important because of the kind of pull GTA has on gamers
Gamers love their Grand Theft Auto.
If Sony really does have exclusives on the GTA IV sequals and any other Rockstar games, then they have a serious leg up on Microsoft and Nintendo

SoundExchange Entrenches Position as IREA Faces Music

Quick recap: The recording industry got a law passed that requires the folks who run internet radio stations to pay royalty fees for songs play on their stations.
The problem with this is, a lot of those popular internet streaming radio stations are run out of some person's garage, and they do not have the funds that a real radio station would have. This means that a lot of them would have to shut down
A group known as SoundExchange are working to change the agreement a little to relieve the smaller radio stations of the fees, at least temporarily.

Huge Black Holes Sighted Through Dust

Scientists have discovered some new black holes on the other side of some space dust
Using X-Ray telescopes to see through the thick dust they have discovered several black holes
The newly discovered black holes are being defined as "massive"
This is an exciting new discovery using a relatively new technology
I wonder what they'll find next.

J.K. Rowling Answers TONS of Harry Potter Questions

Don't worry I'm not going to spoil anything for you, if you haven't finished the Deathly Hallows
But if you have finished the 7th and final Harry Potter book, then you'll definitely want to check out this link I found where J.K. Rowling answers some of the unanswered questions from the series
Some non-spoilers questions involve a description of the Huffelpuff common room, the importance of socks, and a definitive answer on the question on a lot of people's minds, "Is Snape a bad guy"
Again, only check this out if you've finished the last book, otherwise you'll be hit with several spoilers.

Amazon Releases Payment Service to Rival PayPal

This is mainly a payment service (from Amazon Web Services) for the back-end of websites rather than a way to send money to individuals
This is a fairly extensive tool-set (API) that developers can use to send payments through Amazon, giving them a way to easily set up a way to take payments on their website in a much easier manner than the current PayPal tool-set allows for
If you are designing shopping cart based websites, you might want to look into this as an alternative to PayPal or Verisign

Software / Hardware / Power Web Picks

Cellular Data Cards

All companies offer both PCMCIA and USB connection devices with the exception of T-Mobile

Verizon

$49.99 - $129.99

Download speeds range from 400kbps to 2Mbps
NationalAccess - Slower but decent (up to 1.4Mbps down)
Broadband Access - Faster (up to 2Mbps down) available in less locations overall

Sprint

$9.99 - $179.99
"Broadband like speeds where available"
Currently some of the best wireless broadband speeds/location ratio on the market

AT&T/Cingular

All Laptop Cards currently on Special at $49.99 (interesting)
Works in almost as many places as Sprint's Broadband, but not quite as fast at the moment.
Speeds up to 1.5Mbps, with plans to reach the 7Mbps range in the next year and a half

T-Mobile

$149
Only one option
Edge Data access Only, no 3G high speed access on T-Mobile currently
Has a WiFi (b/g) option though, this was the only card that seems to offer this option

WiMax

What is WiMax

a telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full mobile cellular type access.

Designed to be widespread with signal reaching several miles
Highly scalable
Currently being looked at as a wireless alternative to Cable/DSL as well as providing nomadic connectivity
According to the WiMax Forum, there are over 350 current WiMAX trials and deployment
While WiMax is not widespread at the moment, the technology does show promise.

Penny Pinchers

Cellular Data Plans

In addition to the data card, you will need a data plan
Most companies offer data plans that start around $40

Sprint

$40 - 40MB/month
$60 - Unlimited/month

Verizon

$60 - ??/month
Verizon does not make the data amount for their Broadband Access data plan overly apparent, so you might want to check with your local Verizon representative for more details.

AT&T

$30 - 10MB/month
$80 - Unlimited/month

T-Mobile

$50 - Unlimited/month

When you consider that you are getting internet anywhere you have cell phone service, a price of $60-$80/month is not that bad. All of the major cellular providers run deals on their data plans from time to time which can allow for an even better price. So check your provider's prices & specials regularly.

Security & Privacy

How do Secure Yourself on Your Cellular Data Network

Since a Broadband card is similar to a home broadband internet connection (DSL/Cable Modem) you will need to follow similar rules when surfing and transferring data over the internet as you would if you were on your home computer
A software Firewall is essential, Windows XP SP2 and Vista both have a Firewall that is on by default
Keep in mind that things like IM and Email are clear text so people can still read what you send if they are packet sniffing the networks
Like I said earlier, you need to follow the same rules you would when surfing the internet at home.

Gamer's Corner

Playing Games over the data cards

Is it possible

In theory and for some games most definitely
You have an internet connection

Some things to keep in mind

There is going to be latency invovled
You'll get some pretty slow ping times as a result of this latency
So playing games like Unreal Tournament via this connection could prove to be a bad idea

Sunday, August 5, 2007

Show #41 - 08.05.2007

[Download Show #41 as MP3]

Software / Hardware / Power Web Picks

Operating Systems

Windows

Windows XP

Minimum Requirements (From Microsoft)

64MB RAM
1.5GB HD
233Mhz Processor

Suggested Requirements

128MB RAM
1.5GB HD
300Mhz Processor

Longevity
Its strength lies in that it is tried and tested
Great game support
Lots and lots of updates

Windows Vista

Minimum Requirements (From Microsoft)

512MB RAM
20GB HD with 15GB of free space
800Mhz Processor

Suggested Requirements

1+ GB RAM
100+ GB HD
1.5+ GHz (AMD 1800+)

Comes on computers already!
Windows Aero

"Elegant, more visually compelling desktop experience, greater ability to visualize and work with your information and a smoother, more stable desktop experience."
It's pretty, yes.
More functional? Depends on whether you're used to XP. If you've learned XP, upgrading to Vista is likely not worth it, unless you are really all about pretty.
Conversely: If you have never used XP, you've only used it a little bit, or are more familiar with a Mac, then Vista might be right for you.

Instant Search

"Helps you find whatever you need quickly and easily, whether it's on your PC<>
New technology? I think not.

Copernic Basic Agent
Yahoo Desktop Search (X1)

Lots of File Formats

Google Desktop
X1 Professional Desktop Search

Lotus Notes
Shared Network Drives
Exchange Public Folders
Archived PST Files

Complete PC Backup and Restore

Shadow Copy
Self Healing Technology

Windows Fax and Scan
Windows SuperFetch

Preload Applications into Memory

New Network Center
Windows Flip 3D
Internet Explorer 7
Windows Sidebar / Gadgets (vs. Widgets)
Windows Photo Gallery
Upgrade as you go

Windows Server 2003 / XP Professional 64bit

What is the deal with this 64bit stuff? I have a 64bit processor, should I get a 64bit OS?

Mac OSX

Locked Hardware from Apple, Pros and Cons

Pro: Knowing the hardware you're developing an OS for makes that OS run exactly as expected when you run it
Pro: It does come with a large amount of the software that someone might need to say, download and print their photos, capture, edit, and burn a DVD of a home movie, browse the Internet, type a document, or other similar common actions...
Con: ...But when you want to get a piece of software that maintains your bank account information for your business, host a website off of your machine, or even make a podcast.... sure, the software exists, but your options are severely limited.
Con: The hardware and software is bundled.
Con: It's expensive.
Con: Upgradability compared to a PC is limited, and expensive.
Con: There's not as wide an array of software available.

iMovie
iPhoto
Expose
Dashboard
Time Machine
Spaces
Opera / Internet Explorer

Linux - A free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License, the source code for Linux is freely available to everyone. As their site puts it: "Linux is causing a revolution in the world of computers."

Minimum Requirements

8 MB RAM
50 MB HD
3 1/4" Floppy
i386+
Keyboard + Mouse

Recommended Requirements

512 MB RAM
80 GB HD
CD/DVD ROM
USB Ports
1.5 GHz+

What is a distribution?
What are some of the more popular "distros"?

Why Linux instead of OSX or Windows?
What's the difference between Linux, OSX, and Window

Security & Privacy

Windows XP Security vs. Windows Vista User Account Controls

What are User Account Controls

From Wikipedia - "aims to improve the security of Windows by limiting applications to standard user privileges until an administrator authorizes an increase in privilege level. In this way, only applications that the user trusts receive higher privileges, and malware is kept from receiving the privileges necessary to wreak havoc on the operating system."
Basically it allows the user to give programs they trust access while denying access to those they do not
This means that the users stay in a non-administrative mode for doing day to day tasks and only gives admin privledge when they are needed.

XP Security

XP before Service Pack 2 did not have much security and the first user was immediately an Administrative user
Most people used this default user to do all their tasks which meant any program they ran had full access to the computer
Pre-SP2 XP did not have a Firewall, and the installation of the Firewall and turning it on by default was considered a major step in security for Windows PCs
FYI, you are better running XP as a non-administrative user without anti-virus than you are when running as an admin with anti-virus

Which one is better?

Verdict is still out.
While Vista keeps you in a non-admin mode by default, the UAC popups when trying to do even the most simplistic of tasks makes it a little annoying.
Seeing how most people will run XP as an administrator, the default non-admin user in Vista can be viewed as better even if the UAC makes it annoying.
Also, if you really know what you are doing, you can turn off the UAC alerts, but we would not recommend the average user doing this as it takes a level of security away that might otherwise prevent the installation of malware/spyware.