May 22, 2019

May - 22 2019 | By

Browse Securely… Check?
https://www.cloudflare.com/ssl/encrypted-sni/

Crafty Chrome FAke Address Bar!

— End —

 

 


Additional notes

Notifications of new show notes and edits are tweeted at: twitter.com/ddhart.
– They’re tagged with #Zentech.
– When what’s said is unclear to me (or I’m unfamiliar with a topic) I tend to quote (” “) verbatim.
|- Editor’s comments are delimited by < >

For a couple of months, the audio of today’s show is here. Recent shows are here.

The intro & outro music was by Pentatonix.

NOTE: The next Zen Tech show will be next week 5-29-19, the 5th Wed of the month. There was no show on 5-8-19

 

Both Glenn & Paul were both in the studio today.

 

Paul started off by talking about a problem with Whatsapp that was discovered recently. Whatsapp is a communications app that’s more common in Europe where there tends to be cross boarder issues about what your number is when you go roaming. It’s able to do video, text messages, file transfers and other things.

An Israeli company developed tools that can be used to spy on human rights activist and journalists. The tools can be installed on phones using a defect in Whatsapp just by a call to the phone using the app, the call doesn’t even have to be answered. Glenn said that he wasn’t sure if Whatsapp has been patched and cautioned users to keep all of their apps updated.
<From what I was able to determine, the Android version has been fixed. Just update it. The following articles have more info.
WhatsApp Users Targeted By Spyware — Here’s What You Need To Know
WhatsApp flaw let spies take control with calls alone (Update)>

If you want to see what apps are currently running on your phone, tap the square <double rectangle, I think> on the Android or double tap the home button on the iPhone. You can then stop Whatsapp from running. But if you have notification turned on, there’s still a piece of Whatsapp that runs in the background. So you might want to turn off notifications, too.

Glenn found that the contact list in his iPhone has an option to use Whatsapp instead of his phone company to call an individual. But he found a drawback. If he doesn’t give Whatsapp permission to use his contact list, Whatsapp doesn’t let him enter and dial a phone number manually.

Paul read the disclaimer:
The views expressed on this show, and most others for that matter, are those of the speakers only and are not necessarily, although they might be, those of KVMR, our board, staff, volunteers or contributors.

Glenn reminded listeners that they can ask questions or make comments by email at zen at kvmr dot org or by calling into the studio at 530-265-9555.

Paul explained that the Zen Tech web site has basically 2 types of content — posts and pages. Posts are blog entries that are dated, mainly the show notes, Pages are a more static content and contain more general info about the show itself. He also noted that he had to delete the Google calendar on the web site because it was having problems, but he added a search function.

Debra called with a question about saving the audio she’s listening to on the internet from the WTF website <this may be it>. She said the newer audio was downloadable but older contents wasn’t. Debra uses a Mac computer.
– If there is an audio file and it’s not a podcast (if you just click on a link and then hear it), try right clicking it and select “download this link”
– Paul suggested she contact the website for instructions. She already did and was told Stitcher was hosting the old content. Stitcher told her she will have to pay to be able to download.
– Glenn jumped in to say that there is a way to capture video or audio on a Mac as you are listening. Paul said the process is called “audio capture”. It seemed like Paul did a search for words similar to “audio capture mac” but he didn’t say specifically what he found. There are similar options for the PC. <I don’t know about Win7, 8 or 10, but XP has the Sound Recorder to capture audio. Perhaps some useful info here >
– Try a free program called VLC (Videolan). It can play almost anything and has a record function to capture it. It’s for both the PC and Mac. There is a learning period to get the settings right, read the manual or do a search for “record using videolan”.

For people looking to download Youtube videos there is y2mate.com. You just paste the link to the video on their website. Instructions are on the site. Paul thought it might be capable of getting the audio files from Stitcher. <Another Youtube download site was mentioned on the 1-9-19 show>

Ellen called. She wanted to know how to tether her phone using the Cricket phone service. She once heard that it was possible to tether using a particular website, but she couldn’t recall it.
– Up to a few years ago you could jailbreak the iPhone so you could do things Apple didn’t want you to do, presumably tethering. But now Apple has it locked down pretty tightly. Ellen said she has an Android.
– If you use the one of the 5 major carriers (Verizon, AT&T, T-Mobile…), they allow you to tether as part of the premium price you pay for their service. With the next tier of providers like Cricket you won’t have that option.
– Paul said that it was once possible to tether using the website Ellen mentioned, but didn’t think it is anymore. He asked listeners to call in with a solution.
– Ellen added that with Cricket, she gets 5gigs of data and unlimited talk & text for $35.
– Glenn said he uses PuretalkUSA.com. He gets unlimited data (5gigs at high speed & then it’s throttled) and he can use the phone as a hotspot (tethering). It’s $40/mo and you get 10% off if you use auto-pay with your credit card.
– Some carriers have a separate plan that provides a mi-fi hotspot.
– AT&T has a box that creates a hotspot for you.

Paul talked a bit about Mobile Virtual Network Operators (MVNO), which are these lower tier cellular providers, like Cricket. He said there is a great Wikipedia article that explains them and gives a pretty through listing if them. <More about MVNOs in the 8-24-16 show notes>

Nick called to talk about privacy. There was a primetime CBS news segment about the big 5 cellular providers and how they know where your cell phone is. He said there was a misstatement at the end implying that if you don’t want them to know where you are, just turn of location services. Both Glenn and Paul agreed that it’s untrue. The cell towers triangulate to find your location and the carriers can keep a history of where you’ve been. It’s the cell towers that can find you and not that you’re using the web with location services turned on. However, turning off location services when you’re using an app can keep the app from knowing where you are.

Law enforcement is supposed to get a warrant to find out who’s been using a particular cell tower — separate warrant for each tower. Paul thinks that process is routinely abused. And Nick said data from towers is often sold in a somewhat anonymized form, but it’s usually easy to trace down what cell phone belongs to which person. <So, I guess, it’s as easy for the cops to buy the data as to serve a warrant for it.> Nick said if you truly don’t want to be tracked, turn the phone off or put it in a tin box.

Paul also said that switching out the SIM card of the phone won’t help. Each phone has a unique identifying serial number called IMEI
<More about IMEI in the 11-14-12 show notes>

Last night Michael Anderson gave a talk at the Nevada County Tech Center about the fiber optic cables that run thru the county. In summary, there is a lot of fiber in Nevada County that was installed with TARP funds. That fiber is available to neighborhoods that are close to it. But the neighborhoods have to get organized and take the initiative by calling local representatives.

Paul asked what it might cost to tap into the fiber. Nick gave the example of local community of initially 20 but now 30 people. It cost them less than $1000 each and monthly rates that are competitive with the big 5 providers (about $100/mo).

Paul recently got a postcard inviting him to join nextdoor.com. It’s a way for people in a community to connect with each other so they know what’s going on in their neighborhood. The vetting process for joining is substantial and involves sending back personal info via postal mail. Right now he is in lurking mode — he can read but not contribute — as he evaluates the service. He also speculated that it would be a way for a community work toward getting fiber optic cable deployed.

At the end, Paul quickly mentioned zombieload, which exploits of Intel CPU in a way similar to Meltdown and Spectre. <Meltdown & Spectre were covered in the 1-10-18 & 1-24-18 shows>
<New secret-spilling flaw affects almost every Intel chip since 2011
ZombieLoad Attacks May Affect All Intel CPUs Since 2011: What to Do Now
Intel: You don’t need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit>

Last Updated 11:53 PM 5-22-2019

Paul read the disclaimer: