Trails End Computer Club

Bulletin for the week of JANUARY 17, 2016

WEEKLY MEETINGS
EACH Wednesday 

Program or Lesson 9:00 - 10:00 AM
One on One Help 10:00-?
In the Library

SPECIAL INTEREST GROUPS:

If you would like to meet in a small group to discuss special computer related subjects or form a Special Interest Group lets discuss it.

Our bulletin is also available on line by visiting tecc.apcug.org and clicking on bulletin.


Our weekly program or lesson is intended
to be of interest to all computer users.
Following the program an allotment of time will
be available for one on one help to those
who want a better understanding of something done
 during the presentation.

Upcoming Events

Wednesday JANUARY 20, 2016 Meeting in the Library
 8:45 AM Set up your computer
 9:00 AM Lesson
10:00 AM One on One help

IraThe "Internet of Things" or IoT - More Common But Hackable

by Ira Wilsker

 

WEBSITES:

http://www.cnet.com/news/internet-connected-homes-open-the-door-to-hackers

https://www.cesweb.org

https://www.cta.tech/Blog/Articles/2015/December/VIDEO-The-Wearables-Making-Us-Smarter-More-Fit-an

https://en.wikipedia.org/wiki/Internet_of_Things

https://nest.com

http://www.forbes.com/sites/josephsteinberg/2014/01/27/these-devices-may-be-spying-on-you-even-in-your-own-home

https://www.shodan.io

 

          A few years at the Consumer Electronics Show (CES) in Las Vegas, I was intrigued by the numbers of both prototype and production items that were evolving into what is now known as "the "Internet of Things", or "IoT".  For the majority of us, when we think of the internet, we think of our internet connected computers, tablets, and smart phones.  What many of us are not well aware of is that the Internet of Things is beginning to be much more common, and the IoT is already around us in a big way.

          When I was last at CES, I was amazed at how internet connections had already made their way into household appliances, and other electronic devices.  At CES I saw products being introduced by major appliance manufactures that had connected intelligence built into them. 

          Among some of the most impressive items that I saw demonstrated were what appeared to be conventional residential kitchen refrigerators that had what appeared to be a flat screen tablet on the front of the door, as well as other types of sensors and readers built into the appliance.  The tablet on the front door could be connected to the internet via Wi-Fi and used to order groceries from participating supermarkets, display recipes, and create shopping lists.  A small bar code reader was installed on the door that could read the UPC codes on products, adding those items to a digital shopping list that could be remotely printed, or sent directly to the chosen supermarket.  The tablet on the refrigerator door would also display digital coupons and other promotions, enabling the owner to instantly add the promoted item to the grocery list. 

Th          This internet connected refrigerator, as well as IoT connected washers, dryers, dishwashers, air conditioners, stoves, ovens, microwaves, and other major appliances also incorporated a "service connection" which monitored the physical operating condition of the appliances.  These appliances utilizing their internet connection, typically Wi-Fi, would report their operating condition, suggest repairs and maintenance, provide or order a list of replacement parts, display do-it-yourself repair instructions, or contact a repair service if necessary.  Most of these devices would actually send an email or text message to the appliance owner alerting him of the issues.

          Many auto manufacturers currently offer "OnStar", "BlueLink", or other types of cellular or internet connected monitoring systems that can report on maintenance issues, service reminders, and other issues, as well as providing a method of emergency communications.  My wife's car periodically sends her an email listing the mechanical condition of each of the major components on her car.

          We are seeing much more of our homes being controlled or secured by the IoT under the general topic of "Building and home automation".  Most modern home security systems can be remotely accessed and controlled by cell phone; security cameras can display their images on remote devices anywhere.  Lamps can be remotely controlled to turn on or off by remote command.  Even our utility usage and thermostats can be accessed remotely.  The very popular Nest thermostat, along with an increasing number of competitors, offers internet connected control of household temperatures, as well as smoke detectors and remote cameras.  My new "smart TV" is connected to my home data network which allows me to use my smart phone as a fully functional remote to not just control the TV, but to also search through dozens of streaming media services to watch countless movies, TV shows, videos, and other content, all connected by my home Wi-Fi network.

          A review of local industry, health care facilities, public utilities, transportation systems, and other commercial enterprises are rapidly becoming more involved with the IoT.  Look at your water, gas, and electric meters; many are already internet connected in order to speed automate "meter reading" saving time and money.  In the medical field, health monitoring and diagnostic equipment is becoming more connected to the internet.  According to Wikipedia, "These health monitoring devices can range from blood pressure and heart rate monitors to advanced devices capable of monitoring specialized implants, such as pacemakers or advanced hearing aids. ... Other consumer devices to encourage healthy living, such as, connected scales or wearable heart monitors, are also a possibility with the IoT. ... Doctors can monitor the health of their patients on their smart phones after the patient gets discharged from the hospital."

          While much of this current IoT technology is infringing on what used to be in the realm of science fiction, there is also a dark side to the IoT.  Already hackers are breaking into internet connected devices other than the traditional computers and data networks in order to illicitly control these IoT devices, alter or steal data and personal information, or shut them down on demand.  In terms of connected medical devices, there have been some serious concerns expressed about complying with HIPAA and other privacy and security rules and regulations. 

          It has been well documented that some common household smart devices, most notably smart TVs, have actually spied on their owners.  This was reported about two years ago in Forbes magazine by Joseph Steinberg, in his expose' "These Devices May Be Spying On You (Even In Your Own Home)"  On January 27, 2014, this article in Forbes said, Televisions may track what you watch. Some LG televisions were found to spy on not only what channels were being watched, but even transmitted back to LG the names of files on USB drives connected to the television. Hackers have also demonstrated that they can hack some models of Samsung TVs and use them as vehicles to capture data from networks to which they are attached, and even watch whatever the cameras built in to the televisions see."  Internet connected coffee makers, which can be remotely programmed to make morning coffee may disclose to hackers when you may be waking up, and even what time you might be returning home, valuable information for residential burglars.  The smart refrigerator may be selling your shopping information to third parties.  In an unexpected and unusual case, Joseph Steinberg reported that a smart refrigerator was used to send out spam emails, " ... (P)otential vulnerabilities have been reported in smart kitchen devices for quite some time, and less than a month ago a smart refrigerator was found to have been used by hackers in a malicious email attack. You read that correctly – hackers successfully used a refrigerator to send out malicious emails."  Also in that Forbes article, companies providing DVR, satellite, and cable service have been alleged to have sold information of shows and other content watched in the household in order for advertisers to better target their advertising.  It is also widely known that many internet service providers compile lists of websites visited; since may people get their TV and internet from the same provider, these companies could combine that information, which Forbes warns, "a single party may know a lot more about you then you might think."

          Another popular target for hackers and other miscreants is common household video capture equipment, such as a webcam or a home security camera; remote baby monitors are similarly targeted.  Forbes disclosed that malware on a computer can remotely turn on and off the internet connected cameras.  In one notable case referenced in the Forbes article was how a Miss Teen USA was allegedly blackmailed by a hacker who controlled her laptop's integral webcam, " ... and photographed her naked when she thought the camera was not on."  The images of home security cameras, often transmitted unencrypted over the internet, can be captured by burglars, informing them that not just is the home currently unoccupied, but also the location of the potentially incriminating cameras!

          Information about specific items connected to the internet is readily available, and even searchable as easily as any other internet data.  The Shanghai based website Shodan (shodan.io) describes itself as, "Shodan is the world's first search engine for Internet-connected devices."  On the front page of Shodan is a self aggrandizing statement that says, "Explore the Internet of Things.  Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.", followed by, "See the Big Picture - Websites are just one part of the Internet. There are power plants, Smart TVs, refrigerators and much more that can be found with Shodan!"  Just as an experiment, I registered on Shodan with a disposable email address, and did a quick search of my neighborhood; I found nine potentially vulnerable IoT connected devices within a small radius of my house.  I also found that some local service stations monitor their gasoline inventory in real time, transmitting their data in real time over an unencrypted internet connection.  For example, when searched, one particular major refiner branded station reported, "IN-TANK INVENTORY Regular 7263 (gallons), Temperature 51.74 degrees" as well as other inventory information.  This was one of 45 "Automated Tank Gauges" reported by Shodan in this area. This gasoline tank information was just a very small snippet of the millions of such internet connected devices that most of us have no idea even exists.

          In a December 28, 2015 article published by Cnet, "Internet-connected homes open the door to hackers", with the subtitle, "Baby monitors, thermostats, kitchen gadgets and other "smart" devices add convenience to our daily lives. What are manufacturers doing to make sure they don't make life easier for criminals too?", the author, Laura Hautala, explained the vulnerabilities of our household IoT.  In the opening of the article, employees of a Sunnyvale, California cybersecurity company, Fortinet, used the Shodan search engine to find a video stream in Saudi Arabia, 8100 miles away.  Using the too common factory default username and password of "admin", they were able to view the streaming video.  According to Fortinet engineer, Aamir Lakhani, the Shodan search engine can display, " ... a huge trove of Internet-connected devices, from baby monitors to cars, cameras and even traffic lights."  Sadly, many of these devices still use factory default usernames and passwords, and transmit their data over unencrypted internet links.  The Cnet article goes on to state, " Billions of sensors will soon be built into appliances, security systems, health monitors, door locks, cars and city streets to help manage energy use, control traffic, monitor air quality and even warn physicians when a patient is about to have a stroke."

          The Cnet article stated that a well respected market forecaster, Gartner, predicted that in 2016 there will be 6.4 billion internet connected devices in use.  Many new IoT devices will be displayed and demonstrated at this year's CES in Las Vegas.  Among some of the risks of an insecure IoT could be a variety of malicious vandalism, as well as outright identity theft, terrorism, and crimes of opportunity.  Tanuj Mohan, co-founder of Enlighted, gave one such potential example of vandalism. He was quoted in Cnet as saying, " That connected coffee maker in the office -- it wouldn't be much of a stretch for a hacker to put it into a continuous loop and brew coffee throughout the weekend, flooding the office. ... When computers hold the reins, criminals can grab control in unexpected ways."  At present, there is no coordination or uniform standard for IoT security, and many manufactures of IoT devices do not incorporate adequate default security into their devices, making the aggregate vulnerability of the devices potentially catastrophic. Mohan warned that manufacturers are not paying attention to the potential security vulnerabilities of many of their products. "They're not yet aware of how everything they build can be exploited.  Safety last."

          We, as users of IoT products need to take some personal responsibility for the use of our connected products.  We should never use any default usernames and passwords such as the "admin" used to give total access to video link mentioned above, but instead use difficult to guess passwords.  Since many of the devices offer some form of encryption as an optional setting, it would be wise for all users to engage that option, and set a complex pass phrase for a decryption key.

          The Cnet article closes with a very prophetic statement.  "Baby monitors, thermostats, kitchen gadgets and other "smart" devices add convenience to our daily lives. What are manufacturers doing to make sure they don't make life easier for criminals too?"


Downloading Vs. Streaming – What’s the Difference?

By Phil Sorrentino, Contributing Writer, The Computer Club, Florida

http://scccomputerclub.org        Philsorr.wordpress.com          philsorr (at) yahoo.com

Downloading is something most of us do, almost without thinking about it. Streaming is something we rarely do, unless we watch a lot of movies from YouTube or another such video streaming service. Downloading refers to receiving data from a remote computer. The data comes “down” to you from another system. The received data is typically a data file of some specific type, like a picture or a video, which is then stored on the local computer, for use in the near or distant future. The received file is called a download. The downloading process will progress as fast as the server computer can send the data to your computer.

That process will be affected by (1) your computer’s capability, (2) the communications equipment between the server and your computer, and (3) how busy the server computer is at that specific time. The download really comes in many pieces, and the network protocol software in your machine reconnects all the pieces so the received file is identical to the original.

Downloading is done for many reasons. New software is typically acquired by downloading. (I’m sure you already have Google Earth or Picasa on your computer. Both of these were acquired by a download.) Email attachments are obtained by downloading. (Isn’t it is nice to have those pictures of grandchildren and pets?) Documents are transferred by downloading. (Remember the User’s Manual you downloaded when you bought your camera?)

Just as a little aside, here. Downloading and Streaming are both supported by network software included as part of the Operating System. There are many network protocols used on the internet, two of which are HTTP (Hypertext Transfer Protocol) and FTP (File Transfer Protocol). HTTP is the predominant protocol used on the internet and really defines the World Wide Web. Most of our computing activities are on the WWW, so it is HTTP that allows our computers (clients) to connect to web server computers in order to accomplish things like checking our email, making hotel reservations, purchasing something on line, downloading a picture or video file, or streaming a movie. FTP is used mostly to transfer computer files from one computer to another, and most of us will rarely, if ever, use it.

So, now we know that downloading is the acquisition of a file, from a remote server computer, for future use. You may be thinking; if downloading is receiving a file, is there a way to send a file? Well, you guessed it, as you might have thought, it is called uploading. Until recently, the only uploading most of us may have done was to attach a document or picture to an email.

The act of “attaching” was actually uploading a file (the attachment) to the email server, so it could be sent with the body of your email. But now with Cloud Servers like OneDrive, Google Drive, and Dropbox, the way you get your files to the cloud is by uploading them. Uploading your pictures and videos, or any file that you want to share with others, is probably the first thing you will do after you have set up an account with one of these Cloud services. (By the way, if you haven’t tried a Cloud Service yet, give one a try. OneDrive and GoogleDrive will give you at least 15GB of storage space, free. OneDrive is hosted by Microsoft, and you guessed it, GoogleDrive is hosted by Google.)

Downloading is receiving a file from a remote server for future use. (In fact, the file cannot be used until the complete file is received and stored.) Streaming is similar, in that it is the transfer of a file from a remote server to your local computer. But the difference is that the file pieces, as they are received, are immediately used and typically are not stored for future use.

So, as you can imagine, the software to handle streaming is different in that it must process the pieces of the file, in real-time as they are received, and do it fast enough so no pieces of the file are lost. So, streaming is the process of receiving sequential pieces of a file and using those pieces immediately as they are received while the transmission continues its progress to the end of the file. Streaming data is provided by video and audio file streaming services. YouTube is an example of such a video streaming service, as is Netflix and Vimeo. (By the way, you can upload your favorite videos to YouTube and Vimeo for sharing.)

So, streaming is used to view, in real-time, a video file, like a movie, or listen to music in real-time from a music source. In video streaming, each of the file pieces is a frame of the video and the frames are sequentially displayed on the computer monitor, thereby providing motion to the picture on the monitor. Video frames may have to be displayed at rate of 60 frames per second, so the streaming software has to get all of its work done within 1/60th of a second so it can be ready for the next frame. If the hardware and software cannot process the frames fast enough, frames may be dropped and the resultant picture will stutter or jump. Audio streams are slower than video streams but they too have to produce the audio sound from each file piece before the next piece arrives. (Pandora is an example of an audio streaming service.)

So, now you can see the difference. Downloading is receiving a complete data file and storing it for future use, while Streaming is receiving a file and processing the contents, piece by piece, sequentially from the beginning to the end of the file transmission. Now to experience them, first hand, try both a download and a streaming video or audio. Try downloading Synctoy from Microsoft, a utility that will help you handle your data backup (http://www.microsoft.com/en-us/download/details.aspx?id=15155), and Stream something from YouTube to help you with setting up your data backup

(https://www.youtube.com/watch?v=GiNZPzFxoSc).


Submit Your article; deadline for next bulletin is Friday noon each week. Only what you write may be published. We cannot publish other peoples work without written permission. Simply click here EDITOR AT TECC and paste your write-up to submit it.
Share your computer experiences with other members. We need articles to publish in the TECC Bulletin each week.

UPDATE YOUR MEMBERSHIP INFORMATION Change your e-mail address, unsubscribe to this bulletin, etc.  Use link below.
UPDATE YOUR MEMBERSHIP