Dr. Bill.TV #379 – Video – The Dead Drone in a Tree Edition!

PlayPlay

Update for Windows 7 and 8.1 silently installs Windows 10 downloader; has the time come to kill the password? GSotW: Safer Networking – Spybot 2.4, Amazon can (finally) test its delivery Drones in the United States, Google next-gen battery technology!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

Safer Networking – Spybot 2.4


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Dr. Bill.TV #379 – Audio – The Dead Drone in a Tree Edition!

Update for Windows 7 and 8.1 silently installs Windows 10 downloader; has the time come to kill the password? GSotW: Safer Networking – Spybot 2.4, Amazon can (finally) test its delivery Drones in the United States, Google next-gen battery technology!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

Safer Networking – Spybot 2.4


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Google Works on New Battery Tech!

I NEED a battery that lasts longer. And, I have a HUGE battery in my phone!

Google is pursuing the development of next-gen battery technology

Android Authority – By: Jimmy Westenberg – “While it seems as though current lithium-ion batteries in the tech world are slowly improving, it’s becoming increasingly more difficult for companies to build high-end devices that won’t waste precious battery life. A number of research labs and universities are trying to solve this battery problem, but not many have been successful in recent years. One of the latest companies to research heavily into new battery tech is Google, according to a new report by The Wall Street Journal.

The group that is currently working on this new battery tech comes from the Google X research labs and is led by former Apple battery expert Dr. Ramesh Bhardwaj. According to ‘people familiar with the matter’, Google’s team originally began testing other companies’ batteries for use in Google’s own products. Since 2012, the team has shifted its efforts into building battery tech that Google will end up producing itself. The team of Google X lab workers only consists of four members, including Dr. Bhardwaj.

The Wall Street Journal explains:

At Google, Dr. Bhardwaj’s group is trying to advance current lithium-ion technology and the cutting-edge solid-state batteries for consumer devices, such as Glass and Google’s glucose-measuring contact lens, according to the people familiar with the matter.

Whatever Google is working on could progress the state of thin-film batteries to eventually be used in smartphones, wearables and even in devices that could be implanted into the human body.

The report doesn’t comment on the specific technology that Google is working on or when we can expect to see it in the real world. While this whole story is a little scarce on details, we’re happy to hear Google may be putting its resources towards an area that really needs it.”

Amazon to Finally Test Its Delivery Drones In the United States

Amazon Prime AirWe are closer to getting Amazon stuff via drone delivery!

Amazon Can (Finally) Test Its Delivery Drones In the United States

Gizmodo – By: Maddie Stone – “Amazon’s much anticipated same-day drone delivery service Prime Air reached another milestone this week: The Federal Aviation Administration has just given Amazon clearance to begin flight-testing the drones in the United States. Again. For real this time.

This is the second time in as many months that the online retail giant has received a drone testing certificate from the FAA. Last time around, however, the certificate only applied to an already-obsolete prototype. Frustrated by the Feds’ inertia, Amazon recently began testing its delivery drones at a “top secret” location in Canada, just 2,000 feet from the US border.

Now, it seems, the company can finally commence their drone tests domestically. Sez the FAA’s director of flight standards service John Duncan, in a letter to Amazon:

This letter is to inform you that we have granted your request for exemption. The exemption would allow the petitioner to operate an unmanned aircraft system (UAS) to conduct outdoor research and development testing for Prime Air.

The letter goes on to outline the FAA’s terms and limitations, stating that Amazon can only conduct test flights up to 400 feet, that drones must not exceed 100 mph, and that they must remain within the ‘line of sight’ of their operator at all times. No big surprises here—these are similar to the rules outlined in last month’s defunct certificate, and to the proposed rules for commercial drones that the FAA drafted in February.

Amazon CEO Jeff Bezos first announced his vision for Prime Air, a drone delivery service that would transport packages from company warehouses to shoppers’ front doors in 30 minutes or less, in 2013. That vision is still hamstrung by the FAA’s recent regulations, particularly the line-of-sight requirement. Currently, Amazon is also prohibited from flying its drones over ‘densely populated areas.’ Still, the recent move should be taken as progress. From Amazon’s perspective, it may be only a small step toward a much larger goal, but at least we seem to be moving in the right direction.”

Geek Software of the Week: Spybot 2.4! (Update)

Spybot 2.4This is a first! I am posting an update of SpyBot, which I have mentioned before, because it is a very different, and improved product!

Safer Networking – Spybot 2.4

“Why use the Free Edition?

If all you require is to be able to scan and remove malware and rootkits from your system. Or if you want to protect your PC by immunizing your browser and hosts file, the ‘Free Edition’ is the choice for you. If you are a more experienced user you can also check various ‘autostart’ locations using the ‘Startup Tools’. Spybot 2 can scan single files or specific folders and unlike other software it doesn’t matter if the file is located on your local drives or on a network share. Spybot 2 comes with its own whitelist which helps to identify if files are legitimate or not. This useful addition helps to speed up the scan. Even though this fully functioning product is free of charge you can still get free support by emailing our support team.

For home users who want spyware protection for their own or their families Windows based Personal Computers and do not need additional antivirus protection.

Users manually look after own updating.

Can be upgraded to the ‘Home Edition’ if required.”

Should Passwords Die?

This article pitches the idea that passwords time has come. I have to admit, it would be nice to have a better token, but what would work well and still be secure?

Has the time come to kill the password?

Open Source – By: Scott Nesbitt – “How many passwords do you have? Probably more than you can easily remember or comfortably manage on your own. And I’m willing to bet that you dread coming up with new ones when you sign up for something online.

Jonathan LeBlanc of PayPal is on a mission is to replace the password with something more secure and easier to use.

He’s not a head-in-the-clouds dreamer or theorist, either. LeBlanc is head of developer advocacy for PayPal and Braintree, and has an abiding interest in security, identity, and social technologies. He’s also the author of Programming Social Applications and helped architect the developer authentication technology used by companies like PayPal and Yahoo.

At POSSCON 2015, LeBlanc will be giving a talked titled Kill All Passwords. I spoke to him to learn more about what’s wrong with the password and what can replace it.

What’s the problem with passwords?

The problem itself isn’t necessarily the password. The problem is that human beings are horrible at creating passwords that have any measure of complexity. If we look at the statistics on leaked passwords in 2014, approximately 5% of all people use password as a password. About 10% of the population uses either password, 123456, or 12345678. If we look at the top 1,000 leaked passwords, those account for 91% of leaked passwords.

We can build systems to perform device fingerprinting, location verification, and identification through usage habit identification, but all of that becomes secondary if password choices are weak.

How did we get to this point with passwords?

We’re human. We are inundated with technology and accounts day in and day out, and most people will choose a password that they can easily remember. That makes sense, but no matter how much we tell people that their password choices are incredibly insecure, people will still continue to use weak passwords and the same password on all of their accounts. We got to this point because we expected people to pick a convoluted series of multi-case characters, numbers, and symbols that means nothing to them in order to secure their accounts.

How did you get involved in this drive to kill the password?

This came naturally with the work that I have been involved in within the security and identity industry. About six years ago, when I was working at Yahoo, I was working with their OAuth 1 (later 1.0a) and OpenID integrations as well as some of the more experimental authentication technology that was used for their social logins and social application environment. This gave me my first real foray into some of the security architecture behind a login and has led to me helping to architect the authentication systems behind the PayPal developer products.

What I realized throughout all of this is that there is a fine line between the security of the systems and the usability of the systems. We had to find a balance where the user was protected as much as possible, but we were also able to give them an easy experience. This drive towards password-less authentication is an evolution of that.

Is there a way to make passwords secure that’s easy for everyone?

Absolutely. On the consumer side, password manager systems like 1Password or LastPass are becoming more prevalent and allow you to only remember one master password. Beyond that, your other accounts can have highly secure passwords that you have no way of remembering, and the system just remembers for you. Both personally and professionally, I use 1Password.

On the system side, we can further bring security to users by employing device and browser fingerprinting, region detection, and identification based on typical usage habits, all without the user having to be impacted the additional levels of security.

What can replace the password?

If we break down the concept of a username and password, they are an identification of who you are (the username) and then a verification of that fact with something that only you should know (the password). Any technology that provides these facilities can do that, so it’s not so much about keeping the username and changing the password, but really just about picturing these systems in a different way.

How will open source technologies play a role in replacing passwords?

On the data security side, to further secure username/password authentication, you have a number of open source key hashing and salting implementations. When used properly, they allow for the secure storage of user information, including those passwords.

Authentication and authorization technologies like OAuth 1.0a, OAuth 2, and OpenID Connect all provide a more secure implementation for logging a user in and allowing applications to do things on their behalf. They do more than secure information like passwords back and forth between an application and the login host.

As we start to explore biometrics, wearables, embeddable, and other technologies, they potentially become another factor in telling a system who you are. They can use multiple authentication factors to turn that into a valid login. Open source hardware, especially microcontrollers and sensors, is being used to build these next generation prototypes.

How secure are those technologies?

It really depends on what you’re trying to secure.

Let’s look at hashing for password security first. General purpose hash algorithms like MD5 and SHA1 are built for speed—to be able to handle as much data as possible in as short a time as possible. The problem with using those in password security is that since an attacker can’t reverse the hash, they might simply launch a brute force attack with different potential inputs until they generate the correct hash. The faster the hashing algorithm, the more viable this attack is.

Algorithms like bcrypt and PBKDF2 use a technique called key stretching. They allow you to determine how expensive (in terms of time and/or size) the hash function will be. We choose to make the decryption slower to prevent these potential attacks, but still make it fast enough to not impact a valid user. These algorithms are slow, but incredibly strong and secure.

With biometrics, one concern is something called a false positive rate. That’s how often an invalid user is seen as a valid user, and allowed access. Since most new studies on biometric authentication vary wildly, it’s difficult to determine exactly just how secure most of them are. Biometrics are a great mechanism for identifying you, but a second factor of authentication is needed. Of course, some biometrics sources are far superior than others when it comes to having low false positive rates. For instance, vein recognition technology, which measure vein uniqueness through blood flow, offers a higher level of security than fingerprint identification.

Which is the most promising of these technologies?

The work being done within the realm of biometrics through wearables, embeddables, injectables, and ingestibles, has a lot of promise. Realistically, it’s going to be the wearable devices and computers that maintain short term advances, as anything in the embeddable realm is not really seen as culturally acceptable by most of the population.

I think what we’re going to see are numerous mechanisms around personal identification, which uses a second factor of authentication that is accessible and known to the user, in order to target the username and password for potential dismissal. This realm, and the technology that powers it, is currently being explored in commerce, medical applications, and a number of other industries.

Where else are these technologies being used?

A lot of the work that is being done with the future of biometrics is coming from the commerce and medical industries.

Within PayPal, for instance, we’re working with partners who are building vein recognition technology, heart beat identification bands. We’re also part of the board of the FIDO Alliance, which seeks to create a unified specification for the future of identification. Within the medical industry, we’re seeing embeddable sensors and wearable computers as some of the first human-incorporated technology of a new potential future identity.

Are humans still the weakest link in the chain?

Yes, humans will always be the weakest link because the vast majority will always choose the path of least resistance over the one that provides them the most security. Really, though, technology implementations are just as much to blame in many cases. Secure methodologies, such as using a complex password that is not easy to guess, means that the person has to remember something that is meaningless to them, and it’s much harder to have our brains remember something that has no association to anything else.

Technology such as key managers, and others such as biometrics, are on the right path. The correct solution is to find the most secure way of providing authentication for the user without putting the onus on them for remembering the complexities of that authentication.

When do you see the password dying (if ever)?

The password won’t die, it will just change. Much of the identification technology that is being worked on in internet security, biometrics, or elsewhere, is looking at what a username and password actually are: identification of who you are and verification of that. Biometrics triggered through wearables, embeddables, or ingestible, second factor authentication systems, and many other technologies, are all rising to meet this challenge.”

Microsoft Preps for Auto OS Update!

Microsoft REALLY wants to move you to Windows 10 when it is available!

Update for Windows 7 and 8.1 silently installs Windows 10 downloader

Myce – By: Jan Willem Aldershoff – “Microsoft has released an optional update that ‘enables additional capabilities for Windows Update notifications when new updates are available to the user’. We discovered the update is actually a downloader for Windows 10 which will notify the user that Microsoft’s upcoming operating system can be downloaded.

Windows Update KB3035583 doesn’t reveal much about itself, only that it adds additional capabilities to Windows Update and applies to computers running Windows 8.1 or Windows 7 Service Pack 1. The update is offered as a recommended update since March 28th and because it’s a recommended update users have to manually put a checkmark next to the update in order to receive it.

Once the update is downloaded it adds a folder to System32 called ‘GWX’ which contains 9 files and a folder called ‘Download’. One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, ‘Download Windows 10′. This explains the X in the name, the X is the Roman number 10.

The folder also contains ‘config.xml’ which contains some URLs that at the moment of writing didn’t work. The config file mentions ‘OnlineAdURL’ that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/.

The section ‘Phases’ describes how the downloader should behave when the Windows 10 release date nears. Initially, during phase ‘None’, all features are disabled, then during phase ‘AnticipationUX’ advertising banners will be shown, presumably on a homescreen tile and additionally a tray icon will appear.

The next phase is called ‘Reservation’ which according to the config file will show the advertisement tile, the tray icon but also a reservation page. Further phases are the first publication of the final RTM (release to manufacturing), version the general availability (GA) as well as various phases of the upgrade process such as UpgradeDownloadInProgress, UpgradeDownloaded, UpgradeReadyToInstall, UpgradeSetupCompatBlock, UpgradeSetupRolledBack and UpgradeSetupComplete.

It appears Microsoft is serious when it comes to upgrading Windows 7 and Windows 8.1 users to Windows 10. The upgrade will be free in the first year and it appears Microsoft will take that time to convince users to upgrade. Users that don’t want to receive the upgrade ‘advertisements’” should simply not install the recommend update. If Microsoft however decides to make KB3035583 an important update it will install automatically with other Windows update.”

Dr. Bill.TV #378 – Video – The 2Gbps Internet Service Edition!

PlayPlay

Comcast to have 2Gbps Internet service, Google’s ARC Beta runs Android apps on Chrome, Windows, Mac, and Linux, Delphi’s Self-Driving Car, Open Source Windows? GSotW: Pandora Recovery, April Fool’s pranks, Bill Gates writes a 40-year anniversary letter!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

Pandora Recovery


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Dr. Bill.TV #378 – Audio – The 2Gbps Internet Service Edition!

Comcast to have 2Gbps Internet service, Google’s ARC Beta runs Android apps on Chrome, Windows, Mac, and Linux, Delphi’s Self-Driving Car, Open Source Windows? GSotW: Pandora Recovery, April Fool’s pranks, Bill Gates writes a 40-year anniversary letter!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

Pandora Recovery


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


1 2 3 295