Ed Stoffel

It's Time For Some Campaignin'

Fri, 18 Jul 2008 18:20:03 -0500

Send a JibJab Sendables® eCard Today!

Tell Me What I'm Thinking

Thu, 03 Jul 2008 10:05:08 -0500

To me, this is one of the most frustrating aspects of education. Over and over again, I've encountered questions akin to "tell me what I'm thinking". I have no idea what they are thinking, the list of what they might be thinking is endless. It doesn't seem productive to list all the possibilities of what they might be thinking, so why don't they just tell me what they're thinking? This could be a form of torture, telling the starving captive that you'll feed him... just as soon as he tells you what you're thinking. "So sorry, that isn't it. Try again." Related to this is the skill of note taking, where I am to write down what they think is important. What part of what they're saying is important to them? I don't know. Why don't you just tell me what you think is important? I can't write down everything... I can't write that fast, and besides, that wouldn't be notes... that would be a transcript. It's not that I don't write down some of what is important, but in the end, some things will be missing. How am I to know? Are there actually other students in the room that magically know what is important and what is not? Do they come with this sense already built in? Or do I have an overactive imagination, seeing too many possibilities when there is only one that stands out to most people? Aren't there always multiple possibilities? Then exam day comes along, and the essay question says to explain the importance of whatever. What is the right answer? What seems important to me? Apparently not. The process seems designed to sift out those who think alike and use them in particular roles. Those who think differently are sent off to find their own way to do what they think is important, which is apparently, any one of an endless list of possibilities.

Getting Vista Running Again

Wed, 04 Jun 2008 12:52:56 -0500

After using Windows XP for three weeks, I'm finally getting Windows Vista up and running again at good, normal speeds. In the end, the culprit turned out to be Nvidia's Vista drivers. In my final install, I used Vista Home Premium OEM on an XFX nForce 680i LT SLI motherboard, XFX GeForce 8600 GT video, Intel Quad-Core processor, 4GB Corsair TWINX RAM, and Seagate 250Gb SATA hard drives. In earlier install attempts, the system would slow down to a crawl just after installation of drivers for the motherboard's chipset, audio, and nTune utilities. I found that installing ANY of these from the included CD would cause the problem. There are newer versions of the drivers available online, but I'm waiting to get all the applications installed to try them out. Then I plan to make an image of the system, which I can revert to, in the event that the new drivers destroy the OS. During this rebuild project, I discovered a number of things about some of the hardware. During Vista's updates, the NIC stopped working, and I needed to run a repair process. My multi-reader stopped working, but I found it no longer worked under XP either, so I believe that to have been a hardware failure. My DVD drives are working again, able to read CD-R, CD-RW, and DVDs. I experimented using a Netgear SC101, a housing for IDE hard drives making them available on my local network. Unfortunately, the device requires installation of software for each computer wishing to access the drive. The device also reformats any drives used in it, changing the drives to a non-standard format. I found the drives often became inaccessible, and ran extremely hot. I also found it annoying to have to wait to make phone calls during normal business hours for reinstallation codes to get Quickbooks, Microsoft Money, and Audible up and running again. In the rebuilding process, I used Seagate's hard drive utility to clone my rebuilt Vista drive so that I could test an install, reverting back if it failed. After the install did fail, I returned to the original hard drive, only to discover that the utility had wiped the original drive, leaving me with nothing to fall back to. I won't be using that imaging software again. When my system rebuild is done, I'll have two hard drives I can boot to, one with Vista, and one with XP. I'll also setup a stricter backup regiment, including a Maxtor One-touch drive, and JungleDisk to upload to off-site storage. Using these, I'll just have to be sure my backup routines are run often enough to preserve anything important.

What Is All This Stuff?

Wed, 28 May 2008 11:58:07 -0500

There is a flurry of activity on social networking sites in recent years. I have found each of them to have a different focus, and serve a different purpose. MySpace serves the youngest crowd, and I originally joined to keep an eye on my kid's activity. But I soon found the site also spotlights emerging artists, including musicians, actors and comedians. Facebook is more for the college and workplace crowd, and where you connect to the people you really know as adults. Twitter is where you send and receive status updates, which can announce new posts and submissions, as well as just letting everyone know what's happening. Delicious is a bookmarking service allowing me to save and tag a long list of sites and articles I've found. Flickr is to share photos and YouTube is to share videos. I use Google Share to point out important emerging news from the world's hot spots and news of specific interest to the intelligence community. I post more general news including media industry stories to Facebook. You'll also find links to various websites which I've established, and rss feeds from several of them. EdStoffel is my personal blog, FlyingReports is a journal I wrote when learning to fly, and David Stoffel is a tribute to the memory of my brother. Homesat Installation Help is a technical help site I wrote to consolidate the advise I gave to help homeschooling families setup satellite systems to receive the broadcast video curriculum. In the end, what you see here is a selection of what I see each and every day from many of the sites and services, a collection of Stuff I've Heard.

Vista (not responding)

Mon, 26 May 2008 20:50:55 -0500

Vista and I have gotten along well for the past few months, but all that has come to an end this week. Vista was installed and running fine until the failure of the computer two weeks ago. Around the time of some critical updates, the system just stopped working. Was this an OS failure, a motherboard failure, or a bad processor? The hard drive tested fine with Spinrite. Installing that hard drive in another computer still wouldn't boot the OS, and using the Vista install disc to attempt a repair failed to cure the problem. Was that because it was now mated with a different motherboard/processor combination? I don't know. I purchased everything to build a new system: new Nvidia motherboard, Nvidia graphics card, an Intel Quad-core processor, a pair of Seagate SATA hard drives, new case and power supply. After installing Vista, the first problem I noticed was that it is painfully slow. This shouldn't be, with an Intel Quad-core processor, but it is. Things weren't slow with my previous Intel single-core 3.33Ghz processor. Vista turned my DVD-RW/CD-RW drive into DVD only, and failed to recognize my multi-media reader. Installation of a network drive failed (Netgear SC101), using Netgear's latest firmware and management utility version for Vista. The install disc for HP's office printer took over an hour to complete, and Quickbook's online update feature took nearly 3 hours to complete. But the biggest, most frustrating problem was that Vista literally wouldn't let me do two things at once. With an internet browser open (either Explorer or Firefox), clicking on any link when the machine was otherwise busy would produce the (not responding) error to appear on the browser's title line. This even occurred when viewing a disk directory in Windows Explorer. If I clicked again, Vista produced a white-out mask across the screen, further indicating that the application was too busy to respond. I was able to somewhat speed up Vista by following the recommendations of Black Viper to turn off unnecessary services. Problem is, it is difficult to be certain which services I really don't need. After stewing about the problem overnight, I decided to pull the hard drive, insert a new one, and install Windows XP-SP3. It didn't take long to get the OS up and running, and I immediately noticed how fast all the applications installed themselves... much faster than with Vista. My DVD/CD drive works again, as well as my multi-media reader. I'll miss Vista's sidebar gadgets, but this machine now flies along with XP. I'll pack away my Vista OS disc, and we'll see if Microsoft ever gets the operating system working well before the emergence of Windows 7.

When Motherboards Fail

Mon, 12 May 2008 14:50:55 -0500

While I was out Thursday, our maids were cleaning in my office, vacuuming, and moving things around. After knocking my keyboard and mouse cables out, they plugged them back in, but crossed them into the wrong sockets. When I returned, I found my keyboard and mouse both unable to wake up the computer. So I tried to reboot. The PC wouldn't respond to holding down the power button for 7 seconds... what I usually do if the PC freezes up. So I switched off power in the back and turned it back on, finally causing the PC to begin the rebooting process. Windows began to load, but froze part way in. I attempted a safe boot, but this too froze up. I tried installing my hard drive in an old Dell computer, but Vista wouldn't boot there, telling me I needed to run recovery from the original OS disc. After several minutes of this, it told me it couldn't recover anything. So I installed this hard drive as a secondary drive on an XP system. Here, I was able to view the drive just fine, and ran Spinrite to see if the drive was failing in some way. After running in recovery mode overnight, Spinrite reported that there were no problems with the drive. Back in its original case, I attempted to boot the system, and it loaded the desktop, but after running the processor at 100% for about 30 seconds, it froze up again. I'm thinking it's a heat-related problem since it went further booting from a cold machine... but after warming up, it still failed. I removed the processor's fan and applied new thermal grease, but the failure still occurs. Could the maids' plugging my keyboard and mouse in wrong have shorted out the motherboard? Could plugging in a vacuum close by have caused a fatal power surge? I have the equipment in a UPS, but if they also plugged into the UPS, a surge could have occurred inside of the protection, therefore reaching the computer. I picked up a new power supply, jumping from 300W up to 450W, to see if it just needed a little more juice. That didn't solve the problem. I don't think it's an OS problem because sometimes, it won't even power up unless I wait a bit. That seems like a heat related problem, not a total failure. This is occurring even before the computer starts loading the OS. I've ordered a new barebones kit with a new motherboard, processor, memory, and video card. I've also picked up a new SATA hard drive, and will use Seagate's disk wizard utility to clone my existing drive onto the new one. If that works, then I'll have my primary system up and running later in the week. Will it work to clone the drive and use it with new hardware? Or will Vista fuss about the change of a motherboard? Will it deactivate itself? I'd rather not reinstall everything if it can be avoided, but will do so if I must. Then, I'll experiment to see what it takes to get the old one going again later. If a new processor doesn't do it, I may just scrap the computer, along with its video card and memory, which are incompatible with the new system.

Switching to Vista

Fri, 04 Apr 2008 10:18:59 -0500

Early last year, I was testing Linux as an alternate OS. While it has some security advantages, I found I wasn't able to easily perform many of the things I do in Windows. So I took another look at Vista. Watching security issues closely over the last year, more and more critical alerts have dealt with Microsoft XP vulnerabilities that don't occur in Vista. And while I'm sure Vista vulnerabilities exist, the way Vista is designed is already offering protection that is absent in XP. I purchased the upgrade version of Vista, and found it required that I install it over an installation of XP. (Showing it my XP CD was inadequate.) However, once Vista verified that I was eligible to use the upgrade version, I was able to select a "clean install" option, which formatted the hard drive and started fresh. I then installed the applications I use which did not require upgrades for Vista: Microsoft Office XP, Quickbooks Pro 2007, and Macromedia Dreamweaver MX 2004. I also installed the following software without issues: Firefox, AVG-AV, iTunes, Audible Download Mgr, dB PowerAmp Music Converter, efax, Cyberpower, and JungleDisk. Before installing Vista, it had scanned my applications and informed me that I should upgrade Microsoft Money, Nero, and Adobe Acrobat to Vista-compatible versions. To upgrade Nero, I purchased a DVD drive which came with Nero 7, instead of buying Nero alone for about the same price. Vista discovered my printers and installed the appropriate drivers (HP Deskjet D1420 and Brother MFC240C). However, Brother has not released a Vista version of their printer control suite for scanning, faxing, etc. So I installed another HP printer, which integrated both of HP printers nicely in the "HP Solutions Center" control suite. The HP Officejet 6310 is a nice networkable all-in-one printer which was very easy to install on everyone's Vista laptops without using the CD. However, those in the house still on XP had to use the CD and create a local IP port for connecting to the new printer. In the past, I would install printers on my computer and share them, requiring that my computer stay on for others to use those shared printers. With a true network able printer (one that has its own IP address), others can access it directly, and my computer doesn't have to stay on. I was using the Logisys KB608BK, an illuminated keyboard with shortcut buttons for Office, Internet and Multimedia. The standard keys continued to work in Vista, but to date, they do not offer Vista drivers for the shortcut buttons. Attempting to install their XP drivers in Vista crashed the OS. After using Vista for a few months, I tried reinstalling Linux Xandros 4.1 on the same drive, using a boot loader to choose which OS to run. Xandros ran fine, but something about it KILLED Vista. After spending hours trying to repair it, I ended up reinstalling Vista by itself. I wish that Xandros offered an easy uninstaller that would remove entire installation including the modified MBR, but the Xandros CD didn't offer this as an option. Today, our family has four computers running Vista, and four still running XP. Over the last few months, the machines with problems have been the XP machines. At my desk, I still keep an XP machine standing by, just in case, but I haven't needed it. While I'm not ready to eliminate all the XP machines just yet, I'm quite happy with Vista's performance.

Report: Hussein's Terror Not 'Directly Linked' to al Qaeda

Fri, 14 Mar 2008 07:03:27 -0500

A report released by the Joint Forces Command confirms Hussein supported a number of terrorists and terrorist activities inside and outside Iraq. The report failed to identify a "direct link" between Hussein and terrorists calling themselves "al Qaeda," but found that Hussein co-operated with them.

The Iraqi regime was involved in regional and international terrorist operations prior to Operation Iraqi Freedom. The predominant targets of Iraqi state terror operations were Iraqi citizens, both inside and outside of Iraq. State sponsorship of terrorism became such a routine tool of state power that Iraq developed elaborate bureaucratic processes to monitor progress and accountability in the recruiting, training and resourcing of terrorists.

The report cited such examples as training for car bombs and suicide bombings in 1999 and 2000, both of which U.S. and Iraqi forces have struggled to contain since the rise of the insurgency in summer 2003.

Pentagon Report Finds No Direct Saddam-al-Qaida Connection, VOA

Also see: Saddam's Dangerous Friends: What a Pentagon review of 600,000 Iraqi documents tells us, Weekly Standard

Insecurity of VMware

Thu, 13 Mar 2008 23:09:05 -0500

While virtualization offers advantages over traditional software deployment, it also offers new security challenges. Processes that extend beyond the container's boundaries introduce risks that what happens in VM might not stay inside VM. Don Simard, the commercial solutions director at the U.S. National Security Agency, explained the problem to InfoWorld...

...NSA realized that this benefit of virtualization also introduced a new potential threat. After all, Simard said, "graphics cards and network cards today are really miniature computers that see everything in all the VMs." In other words, they could be used as spies across all the VMs, letting a single PC spy on multiple networks. Although he's not aware of any such spyware today, it's not a problem the NSA wants to experience or see happen in other intelligence agencies.

Virtualization's secret security threats, InfoWorld

Anti-Terrorism Software

Sat, 01 Mar 2008 09:59:40 -0500

Researchers at the University of Maryland have developed software to aid in the prediction of terror behavior around the globe. The SOMA Terror Organization Portal (STOP) uses existing data to get ahead of possible future events...

SOMA has generated tens of thousands of rules about the likely behavior of each of around 30 terrorist groups, including major terrorist outfits such as Hezbollah, Hamas, and Hezb-I-Islami. In addition to offering accurate behavioral models and forecasting algorithms, STOP can act as a virtual roundtable for terrorism experts to gather around and form a rich community that transcends artificial boundaries.

STOP Terrorism Software Developed, Techtree

Insecurity of Disk Encryption

Thu, 21 Feb 2008 18:06:22 -0500

It looks like many disk encryption schemes are vulnerable if someone has physical access to your drive, thanks to researchers with Princeton University and the Electronic Frontier Foundation. They've discovered a flaw and published their findings...

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM. The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

Sounds like it's best to use an encryption scheme that doesn't preserve anything in RAM once you shutdown... at least not in readable form.

Researchers: Disk Encryption Not Secure, Wired

Cold Boot Attacks on Encryption Keys, Center for Information Technology Policy, Princeton University

Update: RAM Hijacks, Security Now, Episode 137

Insecurity of Wireless Headsets

Sun, 17 Feb 2008 14:46:15 -0500

In a recent security audit of a typical American company, investigators found it to be child's play to obtain confidential information about the company's secrets. Positioned across the street, they intercepted a large number of telephone conversations transmitted in the clear because a significant number of employees were using wireless headsets.

To perform the work, we purchased a commercially available radio scanner. These devices are available at any local electronics retailer at prices ranging from $80 to several thousand dollars. We chose a scanner capable of monitoring frequencies from 900 to 928MHz and the 1.2GHz ranges, which is where many of the popular hands-free headsets operate. We took a position across the street from the facility and started up the scanner. Within seconds of turning on the device, we were able to listen to conversations that appeared to be coming from our client's employees. Several of these conversations discussed the business in detail, as well as very sensitive topics... Within minutes of this discovery, we contacted our customer and explained the vulnerability... To demonstrate the sensitivity of what we discovered, we used the conversations we recorded to social engineer our way into the facility.

Transcript of Episode 130, Security Now

The Clintons' Terror Pardons

Wed, 13 Feb 2008 12:07:11 -0500

Debra Burlingame revisits the Clintons' pardon of terrorists. What message did these pardons send to other terrorists around the world? The pardoned terrorists never renounced violence, and Hillary said she supported the pardons... until the public outcry began.

The perpetrators were members of Armed Forces of National Liberation, FALN (the Spanish acronym), a clandestine terrorist group devoted to bringing about independence for Puerto Rico through violent means. Its members waged war on America with bombings, arson, kidnappings, prison escapes, threats and intimidation. The most gruesome attack was the 1975 Fraunces Tavern bombing in Lower Manhattan. Timed to go off during the lunch-hour rush, the explosion decapitated one of the four people killed and injured another 60. ...By 1996, the FBI had linked FALN to 146 bombings and a string of armed robberies -- a reign of terror that resulted in nine deaths and hundreds of injured victims.

The Clintons' Terror Pardons, WSJ

Iran's Small Boats Pack a Punch

Sun, 20 Jan 2008 08:26:00 -0500

David Crist writes in today's NY Times that Iran's small boats are actually a big problem that we've known about for years.

In December, the Whidbey Island, a Navy dock-landing ship, fired warning shots at small Iranian craft that came too close. Three days later the frigate Carr was forced to use its ship’s horn to ward off three Iranian small boats, two of which were armed, according to Navy spokesmen. While these incidents may not seem alarming to those who’ve never served on a potentially vulnerable modern warship, they fit into a worrisome pattern, a two-decade-old military strategy by Iran intended to counter the United States presence in the Persian Gulf.

Iran's Small Boats Are a Big Problem, David Crist, NY Times

Opera Mini Browser Insecurity

Thu, 17 Jan 2008 21:52:24 -0500

Opera Mini is a browser people are running on their PDAs. Problem is, they are modifying all the webpages, and decrypting your SSL traffic. Doing so, they're causing webpages pages you thought were secure to travel in the clear, exposing your passwords, credit card information, and everything you thought was encrypted on the net...

Steve Gibson: Now, the reason they're doing this is that this server that the Opera Mini browser connects to is really doing a lot of good work for the user. It is rewriting pages, web pages on the fly, rewriting JavaScript on the fly, essentially turning web pages that were never designed to be seen on a very small screen on a very lightweight and lower powered browser, making them work. ... If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile. Opera Mini users a transcoder server, as they call it, to translate HTML, CSS, JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation the Opera Mini server needs to have access to the unencrypted version of the web page. Therefore, no end-to-end encryption between the client and the remote web server is possible.

Transcript of Episode 126, Security Now