A better way to reduce file size in Preview with a tutorial at podfeet.com/blog/how-to-reduce-the-file-size-of-a-pdf-using-preview/. Interviews from CES: Tobii from tobii.com with assistive technology for people with communication an mobility disabilities, Black Box Biometrics shows us the Linx Impact Assessment to track head impacts in youth sports from b3inc.com, the AmpStrip heart sensor from Fitlinxx learn more at ampstrip.com and Synaptics talks about their touch screens and fingerprint scanners over at synaptics.com. in Chit Chat Across the Pond Bart and I talk about David Cameron’s brilliant plan to try to stop secure communications in Britain and we get into a heated debate on whether Google did the wrong thing exposing a vulnerability in Windows when Microsoft missed their deadline. Finally we get to do the second half of Taming the Terminal part 27 of n, all about DNS.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday January 18, 2015 and this is show number 506. We have a MASSIVE show for you today. I’m going to start off with a cool tip I found on how to reduce file size in Preview (it’s not what you think), then we’ll plow through four more interviews from CES. By the way I’m skipping ones that either I didn’t think were that relevant or maybe they aren’t that interesting in audio only, but we’re posting all of Steve’s videos on Podfeet.com. Then in Chit Chat Across the Pond Bart and I talk about David Cameron’s brilliant plan to try to stop secure communications in Britain (note sarcasm) and we get into a heated debate on whether Google did the wrong thing exposing a vulnerability in Windows when Microsoft missed their deadline. We end as friends as always but definitely have different opinions on the matter. In Chit Chat Across the Pond we get to do the second half of Taming the Terminal part 27 of n, all about DNS. Finally we get to play with the terminal again! Ok, we’d better dig in!
Oh wait! one quick thing – I was on the Daily Tech News Show with Tom Merritt again this week – talking about Google Glass, dead or alive! link in the shownotes of course. NOW we can dig in!
She called me back and got another guy on the phone who walked me through a completely unintuitive path. I told him I might go just a smidge slower than he would hope, because I was going to take screenshots along the way.
Again I snapped away using just the standard Clarify keystroke as he told me what to do and the good news is it worked. The better news was after I got off the phone I was able to annotate THAT document with the buttons to push so I could give it to Steve so he could do it too.
Neither of these documents was a masterpiece filled with elegant step numbers or descriptions, but they were both really useful to helping me get on with my life. If you’d like to help yourself and others, check out the free trial of Clarify over at clarify-it.com.
Chit Chat Across the Pond
UK Prime Minister David Cameron Attacks Cryptography:
- British PM David Cameron has exploited the Paris attacks to propose a ban on all encryption that does not have a back door for his government – https://nakedsecurity.sophos.com/2015/01/14/david-cameron-wants-to-ban-encrypted-apps-like-imessage-and-whatsapp/
- RELATED – The Guardian newspaper in the UK reported on a secret US report that concludes that encryption is vital to protect private data – http://www.theguardian.com/us-news/2015/jan/15/-sp-secret-us-cybersecurity-report-encryption-protect-data-cameron-paris-attacks
- RELATED – The NSA admits that pushing the use of the back-doored Dual_EC_DRBG encryption standard through NIST was a mistake – http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/
- Editorial (Bart): I’m strongly reminded of the old adage – “never let a good crisis go to waste” – Cameron wants a state where nothing is beyond government reach (a police state in other words), and the tragedy in Paris is the perfect excuse to strip UK citizens of the ability to secure themselves digitally. It is impossible to have security if you have a back door. Now, if the UK get a back door, you can rest assured other nations will want one too. So, if crypto with one back door is already unsafe, imagine crypto with hundreds of back doors! In effect, Cameron is proposing the outlawing of effective security. This is nothing less than an attempt to make it impossible for us to secure ourselves in a digital world, and it strikes me as a supreme irony that it is being marketed as a security measure. I’m reminded of attempts to do something similar in the US a decade or two ago. In the end, sanity won out, and proposals to mandate backdoors were dropped. Speaking of the US – I’m also reminded of the failed policy of treating crypto as a weapon, and banning it’s export. That export ban crippled the US tech industry for years, until the government saw sense and ended it. It seems to me that the Cameron is determined to repeat America’s mistakes, and worse, to try to actually follow through and make a mistake American narrowly avoided. What makes it even worse is that even if the British were given a back door into all communications, it wouldn’t achieve much. People have been sending secret messages over insecure channels for centuries – if you know the government can read your iMessages, then you simply use a code, and they are locked out again! I can’t think of an innocent interpretation of this policy – as I see it it’s either unacceptable technological ignorance (it’s 2015 for goodness sake!), or an attempt to create a police state. In his response to this news (http://daringfireball.net/linked/2015/01/12/cameron-privacy) John Gruber quoted the great American Benjamin Franklin, and I think it’s the perfect quote to end my thoughts with “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
Google & Microsoft go to war, and Windows users are the victims:
- At the heart of this controversy is Google’s Project Zero – http://googleonlinesecurity.blogspot.ie/2014/07/announcing-project-zero.html
- Google’s policy is that vendors have 90 days to fix bugs before they are published. When Google publish, they really do publish – proof of concept exploit code and all!
- The controversy really kicked off when Google published a vulnerability, complete with proof of concept code just days before Patch Tuesday – http://arstechnica.com/security/2015/01/google-sees-a-bug-before-patch-tuesday-but-windows-users-remain-vulnerable/
- Microsoft were enraged (and rightly so IMO), that Google knew a patch was on the way in just days, and that they needlessly put all Windows users at risk regardless – https://nakedsecurity.sophos.com/2015/01/12/microsoft-swings-punch-at-google-accuses-project-zero-of-a-gotcha/
- Google went on to release two more zero-days later in the week, one is relatively inconsequential, but the other is more serious, and results in data not being properly encrypted in some circumstances. MS had a patch, but testing found an incompatibility, so the patch was held back to be fixed, and is slated for release in the February patch Tuesday. – http://arstechnica.com/information-technology/2015/01/google-drops-more-windows-0-days-somethings-gotta-give/
- Given their high-handed approach to Microsoft, it’s not surprising many are pointing the finger at Google’s failure to patch a bug affecting 60% of Android phones – http://arstechnica.com/security/2015/01/google-wont-fix-bug-hitting-60-percent-of-android-phones/
- Editorial (Bart): I don’t see Google’s inflexibility as being in any way helpful or responsible. I’m not sure what’s behind it – mis-guided principles? Anti-Microsoft marketing? Paternalism – a feeling that Google knows what’s best for the internet, and should enforce it’s views for the internet’s own good? In isolation I’d be inclined to assume the first option, but combined with their recent unilateral action on certificates, I’m leaning towards paternalism with a dash of hubris. I don’t like the amount of power Google now have, or how they are using it.
Important Security Updates:
- There were patch Tuesday updates from Microsoft and Adobe this week – http://krebsonsecurity.com/2015/01/adobe-microsoft-push-critical-security-fixes-6/
Important Security News:
- It appears that the UK police, working closely with US authorities, have arrested another member of the Lizard squad, in connection with both the Christmas DDOS attacks as well as ‘swatting’ – http://krebsonsecurity.com/2015/01/another-lizard-arrested-lizard-lair-hacked/
- RELATED – the Lizard DDOS-for-hire service, the Lizard Stresser, has been hacked, and the customer DB revealed (including plain-text password!) – http://arstechnica.com/security/2015/01/hack-on-ps-and-xbox-attackers-leaks-ddos-customers-plaintext-passwords/
- Good news – the Marriott throws in the towel and stops trying to block wifi in their hotels – https://nakedsecurity.sophos.com/2015/01/16/marriotts-stopped-blocking-your-wi-fi-hotspots/
- Yet another practical example of why password re-use is bad – usernames and passwords leaked in various attacks were re-used to steal air miles from people’s accounts with American and United – https://nakedsecurity.sophos.com/2015/01/16/thieves-hijack-miles-from-american-and-united-airlines-accounts/
- A warning to any listeners in Spain who use Movistar as their ISP – you may have a router with the most spectacular security bug in history – the administration pages are visible TO THE WORLD, and WITHOUT PASSWORD – https://nakedsecurity.sophos.com/2015/01/15/ouch-home-router-security-bypass-actually-means-no-security-at-all/
- Instagram sort-of fixed a bug that made private photos public (there are still circumstances in which supposedly private photos remain public, even after the ‘fix’) – https://nakedsecurity.sophos.com/2015/01/15/insta-sham-instagram-fixes-its-no-so-private-photo-bug-well-sort-of/
- A PSA for Grindr users – the app has serious privacy implications, and although the developers have been notified, they have decided only to fix the problems in some countries – http://arstechnica.com/security/2015/01/how-dating-app-grindr-makes-it-easy-to-stalk-5-million-gay-men/
- Card breach at Park ‘N Fly – http://krebsonsecurity.com/2015/01/park-n-fly-onestopparking-confirm-breaches/
- Sophos have released a free online tool to help you figure out if your business complies with new EU Data Protection laws which are expected to come into effect later this year. The laws apply to any company ANYWHERE in the world which stores the personal data of any EU citizen – https://nakedsecurity.sophos.com/2015/01/16/hold-data-on-eu-citizens-check-if-youll-be-compliant-with-the-new-data-protection-regulation/
- A good analysis of the Thunderstrike bug (mentioned in last week’s show) by Rich Mogull – http://tidbits.com/article/15331
- A good description of I2P, a possible successor to the much maligned TOR – http://arstechnica.com/information-technology/2015/01/under-the-hood-of-i2p-the-tor-alternative-that-reloaded-silk-road/
- The Obama administration announce two new sets of proposals for cyber-security related laws: https://nakedsecurity.sophos.com/2015/01/13/barack-obama-calls-for-stricter-data-privacy-disclosure-laws/ & https://nakedsecurity.sophos.com/2015/01/15/barack-obama-proposes-shielding-companies-that-share-cyber-threat-data/
- RELATED – a thoughtful piece from Brian Krebs looking at the practicalities of tackling the breach disclosure problem through legislation – http://krebsonsecurity.com/2015/01/toward-better-privacy-data-breach-laws/
Main Topic – DNS Part 2
Correction from last week: DNS records for IPv6 addresses AAAA not AAA (thanks to the Richard Machida, Bert Yerke and others who spotted my mistake)
The Domain Name System is a hierarchical naming scheme that allows names to be mapped to values of a number of different types using different types of DNS record:
- A records map names to IPv4 addresses
- AAAA records map names to IPv6 addresses
- CNAME records map names to names (think of them like aliases)
- MX records map names to the domain names of email servers
- NS records map domain names to authoritative DNS servers
There are two types of DNS server, authoritative servers host the records for a domain, and DNS resolvers query the authoritative servers on behalf of clients. Some resolvers merely pass requests on to others, and these are known as stub resolvers. All resolvers, including the stub resolvers, cache the answers they receive. How long an answer may be cached is defined by the TTL (time to live) metadata provided by the authoritative server the record was retrieved from.
True DNS resolvers (not stubs) contain a list of the root DNS servers. The root serves ‘delegate’ responsibility for the different top-level-domains, or TLDs, to authoritative servers using NS records. More NS records are used to delegate control down the hierarchy. Resolvers follow this delegation chain until they find an authoritative server than can give them a definitive answer to their query.
Owners of a domain must host their collection of DNS records, or DNS zone, on an authoritative DNS server. Large organisations will often run their own authoritative DNS servers, but home users will tend to use either their domain registrar, or their web hosting provider’s authoritative DNS servers to host their DNS zone.
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.