Circuit Writer Version 7.4 by Jim Scheef Open Office 3.1 I'm writing this column using OpenOffice Writer from the newest release. The “normality” of the menus and toolbar are reassuring, and it is so close to Word before 2007 that you forget it’s not from Microsoft. When I get some time, I want to try my fuel oil usage data in Calc. This file is my most complex and sensitive Excel file with graphics and a custom function written in VBA. That will likely be the deal breaker, but there must be an alternative to write such complexities. So far my only annoyance is the fact that it does not use the same spelling dictionary as Microsoft so it does not yet understand how some words are spelled in Chicago. An Honest Census How honest would you be on your census form if you thought that your answers could land you in jail or worse? Fortunately the Census Bureau understands this. So the “Commerce Department, the agency that runs the census, recently concluded that Title 13 -- the law under which the Census Bureau operates and which guarantees the confidentiality of individuals' census information -- trumps the Patriot Act, which granted law enforcement the power to collect otherwise personal information such as banking and library records. The act doesn't specifically exempt census records.” (tinyurl.com/y8zqbb7) While not specifically anti-Patriot Act, I hope this ruling stands as a precedent to show that not everything is open to the warrant-less searches of the Patriot Act. Patient Medical Records A year ago the New York Times had an article about how the City of New York was subsidizing doctors (tinyurl.com/729lpx) and related articles) who move to computerized patient medical records. The doctor featured in the articles was one of a few to allow patients direct access to their data. When I found my note on this article I was reminded of how John Patrick said he had access to his health records minutes after visiting his doctor. John is a hospital board member, so what about the rest of us? Why Obscurity is not Security There are three stories here... Story Number One: Have you read about how insurgents in Iraq and Afghanistan have been able to intercept video from Predator drone aircraft? A rather sensationalized version of the story is on the Wall Street Journal (tinyurl.com/yeqrjp2). As the WSJ story goes, the insurgents use “off the shelf” software called SkyGrabber (skygrabber.com/en/skygrabber.php) from SkySoftware, a Russian company. This is a packet sniffer than reads and stores packets from an Internet satellite down-link.Apparently the Pentagon has known about this for many months, but of course cannot fix it overnight. Instead they have “taken steps.” To make the capture, you need to be in the cone of the satellite signal and point your antenna at the satellite. A fix requires encryption software on all the various endpoints. One of those ends is the drone itself. I would imagine that making changes to the drone software is, shall we say, less than straightforward? Another endpoint is the battlefield facilities where the intelligence (the military calls it “intel” to not confuse it with brain power) is used. There are many of these and they would all need to be updated before the encryption could be used. Apparently the Pentagon knew of this possibility but thought the insurgents were too dumb to figure it out. Surprise! A more technical analysis is on the HackedOff blog on DarkReading (tinyurl.com/yb4xcwm) which says the WSJ article is incorrect. SkyGrabber is a packet sniffer than reads and stores packets from an Internet satellite downlink. Its true purpose is free porn that is being downloaded or viewed by satellite Internet service users. According to HackedOff, the drones use different technology (l-3com.com/csw/Product/docs/07-ROVER-III-Receiver.pdf) plus I would think that the satellites involved are all military and not those that carry Internet service. Regardless, somehow video captured from Predator drones was found on laptops captured from insurgents so the fact is, while it is probably more complex that buying a copy of SkyGrabber, somehow they made something work. Story Number Two: Let’s say that you are a cracker and you would like to find an easy-to-hack server somewhere. Wouldn't it be handy if there were a search engine that let you search for machines (servers) connected to the Internet that had the characteristics you want? Well, last month your prayers were answered in the form of Shodan. This URL (shodan.surtri.com/?q=country:us+port:23) returns a list of all the servers in the US running the telnet service - approximately 2500. By its nature telnet is a security vulnerability which is why the results is “only” 2500. Full use of the search requires a browser helper or add-in which I did not install. This tool was not created for the bad guys and is intended for all sorts of security research. So far it does not include all servers everywhere, but they seem to be working on it, so you might think you're invisible in the vastness of the Internet, but in reality, you can't hide. Story Number Three: Some people (CNN) called it a “how-to manual for terrorists” and the “biggest security leak since 9/11” (tinyurl.com/y9tql5n). The Department of Homeland Security intentionally posted a redacted version of the procedures manual used by Transportation Security Administration (TSA) for preflight screening. The CNN article above is headlined “TSA puts 5 on leave after security manual hits Internet.” A big problem was that the manual was edited using the shapes tool in Adobe Acrobat which can be broken by just about anyone. Eventually an unrevised version made its way to WikiLeaks (wikileaks.org). In response, DHS said that the manual was several versions old and that most of what was revealed could be gathered by watching the screening line at any airport. So, are the five TSA employees suspended because they blew the process of blocking out the text, or because they posted the wrong version of the manual? Droid Does Update Last month, I gave a blow-by-blow as I began to use my first app-phone, a Motorola Droid. App-phone is the term voted by David Pogue's readers in the New York Times for the iPhone and similar phones that are more than just “smart”. The password challenge remains and this will become a serious problem over time. As you may recall, I use RoboForm to encrypt, store and manage the 586 passwords I use wherever it is that I use passwords. Now RoboForm has a new online service that looked like it could be my salvation, but no, it is not compatible with the Droid's browser. The people at Siber Systems brazenly had the timidity to suggest that I “copy and paste” user ID's and passwords from one browser view into another – all on a 3.7-inch screen! They recently introduced an app for the iPhone, so I suggested that they port this to the Droid with all possible haste. While passwords remain an issue, another hurdle that seemed so daunting last month that I barely dared to mention it, has been solved. My Exchange Server email now syncs automatically with the Droid using the latest “push” style of update and this brings along my calendar and contacts! Way cool! The phone is finally becoming the tool for which I had hoped. After receiving the phone last month I followed the instructions to set up email. First I had to set up a Gmail account (what, my 20th email address?) because the Droid, and probably all Android phones, has pretty tight integration with Google. That went as smooth as butter on a hot summer afternoon. Next, I followed the instructions for Exchange email and nothing happened. After doing this more times than I can count, I called Verizon support and they agreed I had it right, so they passed me off to Motorola support. Motorola also agreed I had everything just right and it should work, but neither offered any tips to help find the problem. Since Exchange Active Sync (EAS) is the same server software used to support Microsoft Windows Mobile-based phones and the Apple iPhone, I started searching the Microsoft Knowledge Base for similar problems. As I searched, I found that I had not installed an Exchange service pack. So I installed Exchange Server 2003 SP2 hoping that this would be the cure. It wasn't but at least I now had the latest version of EAS. More searching and I found an article about Windows Mobile phones not working with EAS on Small Business Server 2003. I won't go into the gory details of the fix, but moments after I clicked to close RegEdit on the server, the Droid went nuts! The default notification sound is a low robotic-sounding voice saying: “Droid...” The first “Droid” was followed by another and then they came so fast that the phone was stuttering. When it stopped, there were all my contacts and a full calendar plus that day's email. Mercy me. Next month I learn to use the navigation – maybe.
|
 Click Here |
 |
 |
DacsGear!
|