Oct 25, 2017

Oct - 25 2017 | By

Notifications of new show notes and edits are tweeted at: twitter.com/ddhart.
– They’re tagged with #Zentech.
– When what’s said is unclear to me (or I’m unfamiliar with a topic) I tend to quote (” “) verbatim.
|- Editor’s comments are delimited by < >

For a couple of months, the audio of today’s show is here. Recent shows are here.

The intro and outro music was by Pentatonix.


Both Glenn and Paul were in the studio today.


Glenn thanked new and continuing members of KVMR. If you’re not yet a member, you can call the office number at 530-265-9073 and make a contribution.

The local organization animalplace.org is a place to adopt all sorts of animals, and in particular, ones who were displaced by the recent fires, but no dogs or cats.

Wireless communications like wi-fi have been with us in some form for about 20 years, Paul said. Security protocols for wi-fi have changed over the years, too. Originally, there was no security. Then came WEP (wired equivalent privacy). It was cracked some time ago and is no longer in general use. The more secure WPA followed, but it’s had a long-standing flaw in its implementation that has been brought to the media’s attention recently. It’s been shown to be subject to the ‘man in the middle attack‘. With this exploit it’s not possible to determine the passwords used on the wireless network but it is possible to snoop on the wireless data itself. The snooper has to be within range of the wireless (radio) signal to accomplish this.
<New Wi-Fi Crack can Intercept Your Data: What You Need to Know
Keep Your Wi-Fi off KRACK
This is suppose to be the research paper that exposed the vulnerability>

Nobody needs to worry, but everybody needs to be aware of the threat, Paul said. He went on to warn users of potential scams enticing people to download supposed fixes for the problem. It’s a great opportunity to play on people’s fears and get them to download malware. Instead, do some Google searches specific to your particular hardware to find the recommended remedy. If you have Apple equipment, be sure to get your advice from the apple.com domain (like support.apple.com) rather than discussion groups devoted to Apple products.

After addressing the problem with your phone, the next step is to see if there is an upgrade to your wireless router. Not all routers can be fixed. Paul said. The defects may be in the hardware. He asked listeners for any feedback about solutions they’ve found for their particular situation. He said you may be out of luck if your equipment is no longer manufactured. He went on to say that when you buy equipment the law says it’s supposed to be supported for up to 7 years after it’s taken off the market, but what ‘support’ means isn’t well defined.

Also, consider using wired a connection instead of wi-fi. It’s a lot less trouble, a lot more secure, there’s less interference and it’s faster. You can then just turn off the router’s wi-fi.

Paul has come across the word ‘nonce’. It’s a single serialized number that’s used for mathematical calculations. It sounded like he was describing a seed number for a random number generator. When equipment is reset, it may go back to 0 but the nonce makes it start at a different number, which makes it more difficult to steal the wireless data.

Glenn told listeners to note the model number of their router and check with the manufacturer for upgrades. Paul said that if your router is within its warranty period, call tech support. If you do a search for “linksys 800 number” (assuming you have a Linksys router) you’ll likely get a bunch of search results that go to some 3rd party, not Linksys, who will then try to sell you what you don’t need.

When you think you have reached the website of for your hardware, check the address bar for the green portion to the left. It’s a validation that the name of the site corresponds with the name in the certificate. It doesn’t mean you’ve reached the correct website, it means that “your information is encrypted and certified to be the property of a site that calls itself” by the name in the address bar.

Buzz, the KVMR engineer, called. He said the WPA exploit really doesn’t matter for most people unless you’re using the wi-fi to access some other equipment in your house. If you’re only accessing the internet, look in the address bar to be sure you’re using https not http. That way you data is encrypted using something other than WPA. The exploit takes advantage of poorly configured websites and can change a https connection to one that’s merely http, leaving your data unencrypted. Pay attention to your address bar to be sure it says https. If you use wi-fi to access in-home equipment, you’re not using https. The data is not encrypted and can be seen as plain text by this exploit. Paul said if you have visiting guests who want to use your wi-fi, create a guest network for them so they don’t have access to your primary network. Not all routers are capable of doing this.

Sheree called about scareware. How does it get on your computer and does that mean your anti-virus failed?

There are 2 flavors of scareware, software that gets on your computer and a scare web page that looks like your computer generated it. The 2nd type can appear when you mistype a popular URL (like facebook.com), which can then proceed to scare you into downloading malware. An anti-virus can’t deal with the 2nd type. Google can catch web pages of the 2nd type and mark them in red. A scare page may be difficult to close because its control buttons are made not to work. In this case use Control+Alt+Delete (Option+Apple+Escape on a Mac) and close your browser. <I’ve had success by just closing the tab.> Also, be sure you’re running the latest version of the browser. In Firefox go to ‘Help’ -> ‘About Firefox’ to check for updates.

Glenn got an email yesterday from Nick. He asked for the “best method of getting emergency audible phone text email without spam on mobile devices and landlines.” This relates to the recent fires and to the fact that many people turn their phones off at night to avoid spam phone calls. Glenn said he doesn’t get spam calls at night and keeps his phone on. Paul said that Android and Apple have a ‘do not disturb’ (dnd) setting that mutes all but emergency calls. Search for the word: dnd.

Glenn did a quick search for “amber alerts on cellphones” and found that for Android the dnd options are under settings -> more options (under the wireless network section) -> scroll down to ‘cell broadcast settings’

Jonathan called. He has a late 2012 Mac Book Pro. About a month ago the wi-fi reception had gotten worse and wondered if the wireless card inside can go bad.
– As more people use wi-fi you may be subject to interference. But he said he’s been having the problem at work and at home. At home there are no other users nearby.
– Wireless cards can indeed go bad and they are pretty easy to replace.
– It can cost a lot if you buy from Apple.
– On some Macs it’s painfully difficult to replace.
– Upgrade to the latest operating system, High Sierra. However, he’d rather not because he’s afraid some of his software would stop working.
– Update but not upgrade the operating system to maintain software compatibility. Go up to the Apple logo -> check for updates. It may offer Sierra but somehow (he didn’t say how) just do an update.
– Check places like Ebay for used (parted) wireless cards.

He also asked Paul for his opinion of the latest operating system.
– “There’s a lot more going on under the hood than on the surface.” There are a more features for software developers to use, like biometrics.
– Paul said it can speed things up a little.
– Older Adobe products have trouble running on the new operating system.

Glenn read some questions from Marilyn. Is there a way to make PC laptop, running Win10, open and close document files without delay. They take time to fade in and fade out, she said. Since she didn’t say what program she is using, the guys couldn’t help her.

She also asked if there’s a way to hook up on a network 3 separate computers each running a different operating system — XP, Win7 & Win10. Paul said they will join a network fairly naturally. Ideally, use a cable rather than wi-fi. Each shouldn’t care about the others if you just want to use the internet. If you want to share file between them, make sure XP has the latest patches and strong passwords. If you add a Mac to the network, they can talk to each other as long as the PCs have file sharing turned on.

Peter Wilson called. He tuned in late and asked about the security issue already discussed earlier in the show. The guys referred him to the archive of this show.

Paul added that if your router is older than about 6 months, consider replacing it with a newer one. They are pretty cheap. Be sure the new router is upgradeable. If you choose to upgrade your router, be sure the upgrade specifically states it’s for the WPA exploit.

Paul also said it’s worth looking at dd-wrt, the Linux router project.

The Flea Market is on tomorrow from 1 to 2pm.

Last Updated 1:06 AM 10-26-2017

Leave a Reply