Apr 30, 2014

Apr - 23 2014 | By

Additional notes

Notifications of new show notes and edits are tweeted at: twitter.com/ddhart.
– They're tagged with #Zentech.
– When what's said is unclear to me (or I'm unfamiliar with a topic) I tend to quote (" ") verbatim.
– Editor's comments are delimited by < >

The audio for this show has been posted here

Among other topics, the guys talked about the Heartbleed vulnerability, "the greatly exaggerated death of XP" and a security issue with Microsoft's Internet Explorer.

The Pentatonix song was played during the intro, again. Glenn thinks they are a wonderful entertainment group and suggested that listeners check them out on Youtube.

The disclaimer:
The views and opinions expressed on our show are those of the speakers only and not necessarily those of KVMR, its board, management, staff or contributors.

Glenn thanked those who've become supporting members of KVMR. If you'd like to become a member, the local number is 530-265-9073 or you can join at kvmr.org.

Glenn started the Google Hangouts broadcast of today's show but wasn't sure it was actually running. He thought he needed a plugin. Paul said Firefox does need a plugin but thought that the Chrome browser already came with the plugin. Glenn said no, because it's prompting him to install it.

Paul mentioned that Google bought Youtube because their own service, Google Video, didn't work out. He went on to say that Microsoft was late to the social media scene and tried to make up for it with the Metro interface in Windows 8. He complained that the native apps, like Skype, for Win8 take up the entire screen when running.

Recently, Glenn tried to find Microsoft Office on his new touch screen laptop, but couldn't. He knows it's on the computer. Paul said that pressing the Windows Key + Q initiates a search and that there are 3 ways to search, depending on what you're doing at the time: search for an application, a file or the internet.

The Department of Homeland Security suggested that people don't use the Internet Explorer browser because a zero-day exploit was found. It's true for all versions of IE and on all platforms. As late as yesterday, there is no fix for it. The suggestion is to use a different browser. If you have used nothing but Internet Explorer, Paul suggested you switch to Chrome rather than Firefox. Chrome is simpler, smaller, lighter and integrates with Gmail.
<Microsoft Rushes to Fix Browser After Attacks; No Fix for XP Users
But now Microsoft changed its mind. One for the road: Microsoft patches Windows XP for SA 2963983>

At this point, Glenn verified that Google Hangouts is indeed broadcasting this show.

Paul continued explaining the Internet Explorer exploit. What's generally called a watering hole attack is when the bad guys target a popular website: LexisNexis, New York Times, etc. They want to target a site that gets a lot of traffic by installing malicious code on it. Then, when an IE user visits the website, any of various exploits take place: a virus gets on the user's computer, information is stolen, etc. Such an attack can evolve so quickly that an anti-virus program may not catch it because the anti-virus program can't be updated quickly enough.

Paul said that Microsoft Security Essentials has fallen so far behind other anti-virus programs that it's not even on the rating charts. It's "not a valid anti-virus anymore". It's "75% effective at best". In its place, Paul has come to like Avast, while Glenn likes AVG.

If you install Avast it gives you the option to install Dropbox & Chrome. If you don't really need them, it's best to skip them. When installing Avast, There's a customize option where you can configure what features get installed. Paul found that he needs "file update", "file scanner" and "browser fix", but doesn't need "web protection" or "email protection". The browser fix scans the plugins for Internet Explorer and Firefox.

Windows XP is no longer supported.
– Get a newer operating system. <Win7, Win8 or Linux>.
– It's important to remove Microsoft Security Essentials. Not only does it not work well anymore, but it's not supported any longer.
– Don't use Internet Explorer with XP.
<7 tips for keeping Windows XP secure without Microsoft’s support>

If you buy a new computer to replace your XP machine, don't delete the data off the old machine before you've transferred it to the new one. And, leave the XP machine intact for a week or two just in case there's some data you forgot to transfer, like your tax data. Don't rely on backed-up data until you've tried loading it onto your new machine.

Paul suggested replacing XP with a distribution of Linux called Lubuntu. The interface is similar to XP and it comes with the Firefox browser, the Thunderbird email program and it will come with either Open Office or Libre Office. <See the Favorite Programs & Utilities file for more info about these Microsoft Office replacement programs>.

Lubuntu comes with a window manager that allows you to choose the interface you like as a replacement for explore.exe — similar to the file explorer in XP. In particular, The window manager called FVWM (Free View Windows Manager) is most similar to the file explorer in XP.

Paul talked a bit about the Heartbleed defect:
– The Heartbleed flaw is not a virus; it's a defect in some in some open source software — a programming flaw.
– It tends to be used a server (websites) rather that a client (on your local computer).
– It provides the encryption of data moving between your computer and your bank, for instance, when you see "https" (not http) in your address bar.
– Public and private keys are used to encrypt and decrypt the data. <See "Heartbleed explained" below>.
– On some browsers, you can click just to the left of the address bar (left of where it says https://…) to get info about the certificate for the website.
– The defect in the code was introduced in 2011 and was only recently discovered. It's rumored that the NSA has known about it for some time.
– The open source program that provides the Secure Socket Layer transactions (SSL) and is at the center of the Heartbleed issue is called OpenSSL.

How do you find out if a website you use is vulnerable to a Heartbleed attack?
– Go to norton.com/heartbleed and enter the URL of the website. <You'll have to click thru a couple of pages, or just go to http://safeweb.norton.com/heartbleed>
– Norton will tell you if it's vulnerable NOW, but not how long it's been vulnerable or when it was fixed.
– If the website checks out ok, change your password on that site.
– There have been complaints that Norton and McAfee don't perform a thorough check for Heartbleed problems.
<Heartbleed explained>
<Another Heartbleed checker>
<@ProPublica: Report: NSA exploited #Heartbleed security flaw for two years>
<Security Flaw Could Reach Beyond Websites to Digital Devices>

Glenn said AOL recently announced that changing your AOL password is not enough. The company has other security issues.

Glenn heard of a way to fix the Internet Explorer problem <mentioned above>:
– Run IE and go to tools -> manage -> addons. Then under 'Show', select "show all addons" and "under Microsoft third-party application component there's a Shockwave Flash object in Microsoft Windows and it says something 30, and that is supposed to be disabled". <I couldn't make sense of "something 30", but that's what he said>
– This is a temporary fix until there's a patch for IE. <I don't know if you're supposed to change it back after IE is patched, Glenn didn't say>
– Apparently the problem is how IE communicates with its plugins.

KVMR's membership drive starts on 5-5-14 (thru 5-17-14) and as far as what's known now, there will be a Zentech show on 5-14-14. They expect to have Coryon Redd on again at that time.

There is Maker Fair coming up at the San Mateo County Events Center on 5-17-14 & 5-18-14. If you're going to, try to carpool because parking may be a problem.
– Glenn has been promised 2 pairs of tickets to the event. He gave away 1 pair on today's show to a caller named Doug. The other pair will be given away on the next show 5-14-14.
– The local Maker group is The Curious Forge, located on Loma Rica Drive in Nevada City.
– The Maker fair has some things in common with the Burning Man Festival. It has some art projects and superfluous technology, mostly for entertainment. <I think you have to keep your pants on, though>.

Glenn noted that no one had joined the Google Hangouts broadcast of this show. There may have been some technical problems. This is still a work in progress and eventually they hope to get things going. The nice thing is that a video of the show will be posted to Youtube. Glenn said people "can find it at zen tech kvmr at gmail dot com". <I think you should search Youtube for the words: zen tech kvmr>. If you have trouble finding it, write to zen at kvmr dot org.

Paul found classicshell.net for Windows 8 & Windows 8.1 that restores some features found on earlier Windows versions:
– Brings back the Start Button,
– Bypasses the Metro interface

Changelog:
added link: Re: IE patch for XP -> Microsoft patches…
spelling: Lexus Nexus to LexisNexis
added link: post-support for XP -> keeping Windows XP secure
corrected link: to def. of URL

Last update 9:23 PM 8/14/2014