Mystery Solved: The Case of the Depleting iPad Battery

Posted on July 1, 2012 by helpmeusetech

I have owned an iPad since the very first day they were available. I pretty much carry it with me everywhere.  It is either in my hand, under my arm, on the desk next to me or in my backpack.  It is hardly ever more than a few feet away from me, at least during waking hours.

For the original iPad, I carried it in a leather clam shell style case. Once the iPad 2 came out, with the stylish yet useful magnetic cover, I have used that to protect my screen.  To Apple’s credit, the same magnetic cover fits both the iPad 2 and the iPad New, released just a few months ago.

Over the last few weeks, I have been noticing that by the time I get to work in the morning, my iPad has already lost a significant amount of charge.  Normally, I charge the device over night so it is ready to go with me the next day.  Over the course of about 90 minutes in the morning, it loses a roughly 10% of the charge.  Hmmm…

A few days ago, as I was folding the magnetic cover back, I noticed that the magnetic cover wasn’t fitting directly over the face of the iPad.

iPad Cover

iPad Cover

It seems that over the 18 months of normal use, the portion of the vinyl cover that rides along the hinge had become slightly squished.  That is, although the cover is still attached properly by the magnets, the actual face of the cover is able to slide slightly off the face of the iPad, as seen in the picture above.  I really didn’t think to much about it until I realized that the iPad was already awake and warm when I propped it up.  As it turns out, sliding the cover as little as 1/4″ in either direction is enough to awaken the iPad from sleep.  The magnets in the cover no longer line up with those on the device which force it to sleep.  As my iPad moved around a bit in my backpack, it would awaken and start the day a bit before me. Mystery solved!

Fortunately, until I can get a replacement cover that fits correctly again, there is a setting under General called “iPad Cover Lock / Unlock”.  When turned off, it requires the use of the power switch to awaken the device.

I wonder if the leather covers will suffer from this same issue?

Now, should I get another magnetic cover or should I get one of the Bluetooth keyboard cover combinations?

Posted in 1 Geek, Apple, iPad, Technology | Tagged , , , , , | Leave a comment

OS X Lion: Fix – Restore Windows When Re-opening Applications

Posted on April 16, 2012 by helpmeusetech

2GOne of the most annoying features I have found in OS X Lion is that when an application is restarted, by default, it tries to reload all of the previous windows that had been open.  For example, if I have several Safari windows open, all with multiple tabs active, if I “Quit” Safari normally through the menu, it will attempt to reopen all of my windows and tabs the next time it is launched.  For all but the most casual user of the system, I contend that this is not the desired behavior.

I tend to leave my main computing machinery “up” all the time and only shut down or restart for specific maintenance events, like software upgrades or hardware problems.  If I “quit” an application, it isn’t because I want it to resume where it left off, but rather, I want a fresh and clean environment to work in.  I don’t want any pages loaded.  I don’t want any scripts running.  I surely don’t want to wait while it “helps me” by doing all this. Reloading 20-30 tabs within Safari can easily take several minutes and grind the system to a halt in the process. Many browser tabs also fail to load if they require authentication.  Not helpful.

One of the easiest ways to quit most applications on the Mac is to use Commnad-Q with the appropriate window active.

In order to make the application “forget” the previous windows that it had open, include the Option key in the sequence– Command-Option-Q.  You may also hold the Option key down when you select “Quit” from the application menu.

If, like me, you often forget to terminate the application that way, you can set this behavior globally in the Settings -> General area as indicated in the screen capture below:

Restore Windows

Settings -> General

Keep in mind that changing this setting in the preferences will impact all system applications.  You will no longer have the option to restore previous windows within any application which abides by this setting.

Several other methods of modifying this setting for specific applications have been discussed elsewhere on the internet.  As my need to completely disable this “feature” are satisfied through the setting, I stopped my investigation here.  Your mileage may vary.

Now, if there was only an easy and sane way for me to turn off the default behavior of reopening windows when I log back in, I would be a happy camper.  I always forget to uncheck the box and I have to wait while my system fully loads everything again. Fortunately, I don’t restart that often.  Apple, please stop helping me this much.  Can we fix this, please?

Reopen Windows When Logging Back In

Reopen Windows When Logging Back In

Update 5/10/12: With the release of 10.7.4, the “Reopen windows when logging back in” bug has been fixed. It now properly stores the last selection when the menu is displayed. We all need to celebrate the little victories in life…

Posted in 2 Geek, Mac, Shortcut, Technology | Tagged , , , , , , , , | Leave a comment

iPad New: Unboxing, First Impressions and a Fix for the Verizon Data Signup Email Issue

Posted on March 16, 2012 by helpmeusetech

After patiently waiting for more than a week, the new iPads have arrived!  Packaging for the new version of the iPad is quite similar to the old one.  Unless you look closely, the box is almost indistinguishable from the previous version.  The one thing I did notice is an iCloud emblem on one of the sides of the box. The box contained the iPad, USB cable, charger block and instruction book.

New iPad Box

New iPad Box

Unboxing - Photo 1

Unboxing - Photo 1

Unboxing - Photo 2

Unboxing - Photo 2

Unboxing - Photo 3

Unboxing - Photo 3

In the wild, it will take a trained eye to determine whether you are carrying an iPad 2 or the new version.  The new version is a bit heavier and just a smidge thicker than the previous version.  The new version has a SIM slot as indicated by the red circle below. In addition, the camera opening is just slightly larger.  In the pictures below, the iPad2 is on the left and the New iPad is on the right.

iPad 2 to iPad New Front Comparison

iPad 2 to iPad New Front Comparison

iPad 2 to iPad New Back Comparison

iPad 2 to iPad New Back Comparison

On to the features…  So far, I have only spent about an hour actually using the device.  It took almost two hours to synchronize 64 GB from my previous device. I haven’t actually restored from a backup in a while. I was happy to see that Apple forced you to re-enter the passwords for your email accounts after the restore. It would probably be considered a pretty severe security risk if the email accounts were immediately active upon restore. To my knowledge, the fact that you restored a device isn’t tracked anywhere within iTunes.

The screen is gorgeous.  I have not had the opportunity to try any real HD content on it yet.  That will be a task for this weekend.  So far, I have noticed that text is much more crisp and clean. This should make reading, web browsing and email (my main three tasks on this device), much more enjoyable.

During my time with the device so far, I have noticed that it gets warmer than the iPad 2 does. I don’t believe it will be an overheating issue, it is just a bit warmer.  With the more power hungry components like the screen, processor and 4G electronics, this should probably be expected.  I have also noticed that the device charges much more slowly than the previous version. This falls in line since the device has a larger battery and essentially the same battery charging system as the previous version.

I am looking forward to using the cameras on this device. Both the front-facing and rear-facing cameras have been upgraded.  They are not perfect, but for a portable device, I believe they are quite good.

I did run into one issue when attempting to sign up for Verizon 4G LTE service.  I had used my primary email address to sign up with Verizon for the data on my iPad 2.  When I attempted to use the same address for the data plan on the new iPad, I received the message “That email address is already taken, please choose another.”

Email Issue

Email Issue

Fortunately, I have several email addresses I could choose from.  Since I still wanted my primary email address to be used on my new device, I modified the email address associated with the data plan on the iPad 2, changing it from my primary email to another. I was then immediately able to use my primary email address to sign up for the data service on the new device. As soon as I am comfortable with the installation on the new device, I will disable the service on the previous device anyway.  No harm, no foul. I do think that Verizon could have handled this better though. It seems like they never planned for someone to have two device in service at the same time.

For those who have accessories, I have found that all of the ones I have from the iPad 2 still work, including the Apple folding vinyl magnetic cover and the Apple keyboard dock. I believe the only accessories that will have problems will be those that were designed to fit tightly on the iPad 2. Although the connectors are the same, your mileage may vary with accessories from the original iPad.

Another issue with the data plan is that I should have probably looked at when it was set to renew on the old device.  As it stands, it just renewed for another billing cycle a few days ago. As I am transitioning this device off to another person, I will be disabling the service. Verizon, at least send me a Christmas card for the extra $35 I just gave you…

Posted in 1 Geek, Apple, Gadgets, iPad, Security, Technology, Verizon | Tagged , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

NFC: Near Field Communication – A Primer

Posted on March 11, 2012 by helpmeusetech

2GNFC or Near Field Communication is a technology where small amounts of data can be transferred from one NFC-enabled device to another. In many ways, NFC is similar to RFID (Radio Frequency Identification) which has been in use for many years in the retail industries and package tracking as well as being used to track lost or stolen pets. NFC provides extremely low data transfer rates. Transmission of significant amounts of data should be done using other means if possible.

The real difference between NFC and RFID is that in most NFC cases, both devices are powered which provides the ability to transfer data in both directions. In the case of RFID, tagged items, like clothing or books, only emit their data stream when passed through a magnetic field, like those found at the exit of many retail stores. In the retail case, unless the specific RFID tag is cleared by the cashier, alarms will sound as you pass the RFID tag through the magnetic field. Another significant difference is that NFC devices must come within extremely close proximity to operate (touching or within several inches). RFID, on the other hand, can be read from much larger distances. Being able to read RFID from further away has raised privacy concerns. NFC-enabled devices can read RFID tags.

NFC Certified Logo

NFC Certified Logo

Many companies are embedding NFC technology in their devices. Generally, any portable electronic device would make a good candidate since NFC requires a power source. Many smart phones, tablets and laptop computers are already being produced that take advantage of NFC. Some companies like Yubico, are producing authentication devices, like the Yubikey NEO, with NFC built right in. Hak5 had a story about this device in episode 1103. The logo on the right will be found on NFC certified devices.

So why would I consider getting a device with NFC capabilities?  Here is a short list of possible uses, some of which are already in place today.

  • Point of Sale purchases, like your coffee at Starbuck’s (already in operation in some areas) and Google Wallet.
  • Part of a multi-factor authentication system like described above with Yubikey NEO.
  • Passing small bursts of information from one device to another like calendar entries, business cards, phone numbers or maps.
  • Healthcare and tracking of medical information.
  • Coupons and other customer loyalty programs.

The current standard for NFC doesn’t contain any real specifications for security.  It is up to the implementor to secure the data transmission with encryption or other techniques. This lack of security may lead to eavesdropping on your transactions or, worse yet, modification of your transmitted or received data. This would require special antennas and additional hardware and would still only be possible from several feet away.

Another possible drawback of NFC is that if the device is your only authentication method and it is lost or stolen, you have lost the keys to your kingdom. Anyone who possesses your device can access or use your data. It is strongly encouraged that NFC be one part of a multi-factor authentication system. Adding a PIN or a password would significantly increase the security of the system.

Another common method of increasing the security of NFC is to define a timeout period for the transaction to occur.  This would prevent others who follow behind you from intercepting your NFC session and accessing or using your digital rights or resources.

Additional information about NFC can be found at http://www.nfc-forum.org.

 

Posted in 2 Geek, Gadgets, Google, Hardware, Medical, Security, Technology | Tagged , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

The New iPad: Initial Thoughts and Data Plan Information

Posted on March 8, 2012 by helpmeusetech

2GIt has finally been announced!  The “New iPad”.

I’m not sure I’m a fan of the naming convention, but the device specifications seem to have been well accepted. I don’t believe Apple went beyond what has been expected, but they did deliver a solid set of updates that I’m sure will continue to do well against the competition. Apple must really plan the features of their new devices carefully since they really only update their product line in each area once per year.  I won’t bother listing all of the new features again here.  You can find a list of the updates almost anywhere else.  The one update I did expect to see that wasn’t present is a larger storage capacity.  I suspect the sweet spot for previous versions of the iPad was at 32 GB. I am a self-proclaimed packrat and when coupled with the ability to display true HD quality graphics, I did expect to see a 128 GB version of the device.  I would have gladly paid $100 or more for the privilege of carrying an extra 64 GB of stuff.

Although I am pleased with the new features that the device will have, I do have a small concern over the screen resolution.  The new device boasts a screen resolution of 2048 x 1536. This resolution is not really that much smaller than the standard 27″ iMac (2560 x 1440). My concern isn’t really in the displaying of graphics or pictures.  Those should be phenomenal.  As an aging gadgeteer, my concern is over the size of the text that will be available in applications like mail. I found a high resolution to be a very negative feature in an earlier Kindle Fire review because the mail app on that device didn’t offer the ability to scale text or alter the font in any usable way.  I’m hoping they have taken this into consideration in the updates to the native apps on the device.

One of the other features that was discussed in the Apple keynote presentation was that the new iPad would be hotspot-capable. Having a device be “hotspot-capable” means that it can act as your internet connection for other Wi-Fi devices. In this case, the iPad would provide a very fast connection for up to five additional devices at a time over the 4G LTE network. Although the operating system software on the device can provide this feature, it looks as though this feature will only be available through Verizon at product launch on March 16, 2012. AT&T currently doesn’t plan to offer this feature, at least not right away. Details of the announcements by both companies can be found here. It should also be noted that Apple’s announcement touted the theoretical maximum speed for this technology.  Although it should be generally faster than existing 3G service, customers in the real world should not expect anywhere close to the 73 Mbps that was discussed in the presentation.

One thing that I have not seen much discussion on so far is the cost of the actual data plans on the 4G network access.  After a bit of digging, I found these plan descriptions.

"New iPad" - Verizon Data Plans

"New iPad" - Verizon Data Plans

"New iPad" - AT&T Data Plans

"New iPad" - AT&T Data Plans

As you can see, the lower tier plans on AT&T are cheaper. Although $14.99 is enticing for a data package, please realize that it is such a small amount of data that you will likely be purchasing additional data anyway.  If you will be using data at all, don’t even bother with the 250 MB plan from AT&T. I was unable to find out what the cost of additional data would be if you exceed your plan level. Traditionally, additional data is sold at $10 per GB.

For those of you interested in using the hotspot feature, it should be noted that Verizon will include this capability in the cost of the data. It is likely that AT&T will charge an additional fee for this feature, if and when they actually roll it out.

Although the iPhone is now available on Sprint, there was no mention of the iPad being available on Sprint’s high speed network.  Has Sprint fallen from Apple’s graces?

For those of you upgrading from an iPad 2, if you own the Apple folding case, don’t give it away with your old device.  It is supposed to still fit on the new device. Also, as you might expect, the standard 30-pin dock connector is still in use.  There is no need to change out any additional charging or connecting accessories.  Although the old chargers should work, we might see the new one that comes with the device have the ability to charge the larger battery on the device faster. This is purely speculation on my part.

If you need me, I’ll be out on the porch waiting for the Fedex delivery…

Posted in 2 Geek, Apple, AT&T, iPad, Kindle Fire, Mac, Technology, Verizon | Tagged , , , , , , , , , , , , , , | Leave a comment

The Do Not Call List: Has It Stopped Working?

Posted on February 24, 2012 by helpmeusetech

It has happened to you before. You are enjoying time with your family, eating dinner or participating in a business meeting when you phone rings. It is a number that you don’t recognize. It isn’t a local number. It could be from Phoenix, Chicago, Dallas, Cincinnati, or anywhere else for that matter. You think to yourself, “Uncle Joe lives there. Maybe he is trying to get in touch with me about something important. I wonder if he is OK?”  You answer the phone only to hear 3 seconds of silence and an automated voice from “Card Services” that tells you that you can reduce the interest rate that you pay on your credit cards. You are angry that these people have stolen away your time and attention. You may be even more angry when you realize that you paid for their distraction with your limited pool of cell phone minutes. Rightly so.

In recent weeks, the number of these “robocalls” has increased for me. I receive them not only on the home phone, but most often on my cell phone. I probably get 3-4 a week right now. All of the phone numbers associated with me are on the National Do Not Call Registry. Most have been on the list since the day it was available. For those not aware of this list, it is a list maintained by the FTC (Federal Trade Commission) and is enforced by the  FCC (Federal Communications Commission). It allows people to “opt out” of receiving unsolicited telemarketing calls. Apparently, I’m not the only one having this issue, as you can read here.

National Do Not Call Registry Tidbits

  • Adding your number to the registry is FREE.
  • You should only register numbers that you are personally responsible for. Let family and friends register their own numbers.
  • You may add personal home phone and cellphone numbers to the registry. Business lines and fax lines are not covered by this protection.
  • Once you add a number to the registry, telemarketers have 31 days within which they may still call you without violating the law.
  • Businesses that could show that they have an “established business relationship” with you are exempt from this law. Any interaction with the company or any of its subsidiaries can be considered grounds for establishing this relationship. This loophole has recently been closed by requiring your written permission to receive these types of calls.
  • Your phone number will never expire and need to be re-added to the registry. It will only be removed from the registry if you request it, the phone number is disconnected or reassigned.
  • Through the website, you can verify that your number does appear on the registry.
  • You will never receive a legitimate call from someone offering to add your name to the registry. These calls are a scam. Do not share your personal information with them.

More questions and answers about the National Do Not Call Registry can be found here. On February 15, 2012, the FCC made changes to this law.  Details of the changes can be found here.

Even though you may still get some some of these unwanted calls, it is still a really good idea to register. To register phone numbers, you will fill out a form like the one shown below which can be found online here. You may also call 888-382-1222 to have your phone number added.

National Do Not Call Registry: Register A Phone Number

National Do Not Call Registry: Register A Phone Number

If you do continue to receive these unwanted calls, I urge you to file a complaint for each occurrence. If consumers don’t continue to make some noise and let the FCC know there are problems, they will assume that there aren’t any problems. You can file a complaint directly from the National Do Not Call Registry link above.  The following screen captures show the information that will be requested when you file a complaint.

National Do Not Call Registry: Complaint Screen 1

National Do Not Call Registry: Complaint Screen 1

National Do Not Call Registry: Complaint Screen 2

National Do Not Call Registry: Complaint Screen 2

Posted in 1 Geek, Technology | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

Secure Shell: Part 1- The Basics

Posted on February 20, 2012 by helpmeusetech

4GIn our technological infancy, no one really was very concerned about security. Use of the telnet application was the common method used to establish text-based connections to remote systems. The downside of telnet is that all of the traffic (usernames, passwords and data) are transmitted in what is known as plaintext or cleartext. That is, it is completely visible to anyone who can watch the traffic on your connection. As we became more aware of the security risks and as “bad guys” became more aggressive in trying to obtain and use personal information, we developed a need for a more secure method of connecting to remote destinations– Secure Shell.

For those of us who work in an environment with many different flavors of Linux, UNIX, Windows and Mac computers, being able to securely access and interact with different machines, transfer data and run command-line applications is essential to our productivity.  One very valuable tool which provides much of this functionality is Secure Shell (ssh). Secure Shell is a standards-based, secure network protocol which can support remote command execution, data transfer or tunneling over otherwise insecure networks. The ssh system follows a basic client-server model where an ssh server is running on the machine you wish to connect to. An ssh client is used to validate your identity and establish a secure connection to the server on the remote system using public key cryptography mechanisms. All modern operating systems support ssh client software and virtually all non-Microsoft operating systems come with an ssh package already installed. Within Windows, you must install third-party software to provide ssh client and server support. The default port used for ssh is 22. Configuration of ssh and associated port forwarding will be considered beyond the scope of this post.

Lets assume that you have access to a remote machine that has an ssh server installed and properly configured.  The first time you attempt to connect to the server, you will see something like this:

$ ssh sample@10.0.1.37
The authenticity of host '10.0.1.37 (10.0.1.37)' can't be established.
RSA key fingerprint is d3:7f:16:f8:5c:55:9b:63:c4:c7:4d:ad:df:ff:1f:ea.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.37' (RSA) to the list of known hosts.
sample@10.0.1.37's password:
Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-15-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

*** /host/ubuntu/disks/home.disk will be checked for errors at next reboot ***

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

sample@ubuntu:~$

This very simple connection allows you to now work interactively with the remote system. For all practical purposes, it is as if you were sitting at the console of the other machine. The very first time that you connect to an ssh server, the authenticity of the remote machine cannot be verified. The RSA key fingerprint exchange that is done during the first login allows you to be certain that in the future, you are talking to the same host that you initially made contact with.  If not, you will receive a warning that the identity was not correct and you won’t be able to proceed. When working from a UNIX-based system, a hidden directory called .ssh will be created in your home directory when you use ssh for the first time. It stores information about known hosts that you have successfully connected to in the past (known_hosts) as well as public and private RSA keys that help verify your identity.

In addition to bringing up an interactive shell, you may issue specific commands that will be executed on the remote system, like this:

$ ssh sample@10.0.1.37 date
sample@10.0.1.37's password:
Mon Feb 20 12:59:29 PST 2012
$ 

$ ssh sample@10.0.1.37 df -h /
sample@10.0.1.37's password:
Filesystem            Size  Used Avail Use% Mounted on
/dev/loop0             29G  3.7G   24G  14% /
$

Granted, the examples above are not the most useful commands, but they do show how to pass commands directly to the remote system for execution. Once the command is executed, the connection is broken and you again receive a command prompt on your local system.

Now, suppose that your mission was to report on how much disk space was available on a large number of systems. You could easily write a script that would just pull the available disk space from the output of the command that was executed remotely.  The example below runs the ssh connection command in a sub-shell by putting it in parenthesis. In this case, it assures us that all of the output of the command is returned over the ssh connection so it can be processed on our local machine.  Without the parenthesis, the entire command would have been executed remotely. The command below shows a UNIX pipeline which, in my opinion, is one of the most powerful concepts in computer science. In short, the output of the first command is passed as input into the second command, the output of the second command is passed to the third, and so on. Each additional piece of the command pipeline can further process or alter the results as they pass by. This alleviates the need to store the output of each operation in a temporary file. This example pulls the fourth field from all lines that contain the string “loop”.

$ (ssh sample@10.0.1.37 df -h /) | grep loop | awk '{print $4}'
sample@10.0.1.37's password:
24G
$

As you might imagine, entering your password every time you want to connect to a remote system can become quite a chore. Many experienced users establish an environment which will allow them to connect to remote machines without entering a password for each connection attempt.  This is known as passwordless-ssh. Essentially, you share a copy of your RSA public key with the host that you would like to connect with. This allows the remote system to verify your identity by matching the shared key with your account information.  Some benefits of passwordless-ssh include the ability to automate interaction with the remote machines without the need to hard-code passwords within the scripts.  On the negative side, if any one of the machines becomes compromised, the perpetrator may impersonate you as they connect to any other machine in your network where your key has been shared. This may be considered a security risk by some organizations. Several different methods exist for creating and sharing these RSA keys. Specific implementation details for each type of system are beyond the scope of this particular post.

One of the things that makes ssh so useful is its simplicity.  Any command that you can run from the command line on the remote system can be executed over ssh.

So far, we have covered remote access, remote command execution and passwordless-ssh. A future post will cover tunneling over ssh, data transfer using the ssh protocol and some tips and tricks to allow you to make the most out of using ssh.

Posted in 4 Geek, Linux, Mac, Security, Software, Software Engineering, Technology, Windows | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

WPS Security Vulnerability: Ease of Use -> Less Secure

Posted on February 7, 2012 by helpmeusetech

3GSeveral weeks ago, a security researcher by the name of Stefan Viehbock identified a pretty serious vulnerability in the WPS (Wi-Fi Protected Setup) protocol that is supported by most consumer-grade wireless routers produced over the last several years. Although I don’t believe this feature is used very often, the fact that it is supported and is turned on by default in most access points increases the importance of this discovery. A very good and detailed explanation of this vulnerability was done by Steve Gibson on episode 337 of the Security Now! podcast (transcript) on Leo Laporte’s TWiT (This Week in Tech) network. In a nutshell, having this feature enabled on your access point may allow a brute force attack to be carried out which could give a bad guy access to your network. A brute force attack is nothing more than trying many combinations of passwords or PIN numbers and, over time, successfully guessing the right string. As described by Steve Gibson, the flaw here is that the person entering the PIN number for the router is provided feedback after only part of the PIN number is entered. This significantly reduces the number of guesses required to gain access successfully.

In order to be certified by the Wi-Fi Alliance (the governing body for Wi-Fi certification of devices), this feature must be supported and turned on by default. As identified in this publication from the US-CERT (United States Computer Emergency Readiness Team), most manufacturers are impacted by this vulnerability. Conspicuously missing here is Apple. Their implementation of the WPS protocol generates random PINs upon request and, therefore, their products are not impacted. Adding even more security, the only way to request a WPS connection be established is to be connected to the AirPort Utility and initiate the connection attempt. Additional information about this vulnerability can be found here.

What can we do about this? Really, there are two options:

  1. Disable the WPS functionality – Most modern access points give you the opportunity to disable this feature from the web interface. I would suggest turning it off and just leaving it off. Really, you don’t need it.
  2. Upgrade the firmware – Many of the manufacturers of wireless access points have already released firmware updates which should fix this issue. Those who have not yet released updates will do so shortly.

Unfortunately, neither of these options pass the sniff test for implementation.  That is, would the average consumer be able to easily accomplish either of these options on their own? Would they even know where to start? Do they even know the admin password on their wireless router or the URL to visit to access it? Was that little scrap of paper with the password written on it thrown out long ago? If the average consumer doesn’t know how to fix it, they won’t. The repercussions of this vulnerability will be felt for years because of un-patched access points. The flip side of this is, do consumers even know there was a problem? I don’t recall seeing any coverage of this vulnerability in the main stream media. A handful of tools have already been written and made freely available on the internet which exploit this vulnerability.

So, how did we get here? The major reason is due to the desire of the Wi-Fi Alliance organization to simplify how consumers use products with Wi-Fi connectivity. They are walking a tight rope between ease of use and security of our products. This time, they fell off. As consumers, we need to realize that by simplifying things, we reduce how secure they are. I would never let anyone on any network I maintain using the WPS process.

As I passed information about this vulnerability to family and friends, I received some feedback which implied confusion between WPS, WPA, WPA2, WEP, WDS, etc… Hopefully, someone at the Wi-Fi Alliance will wake up and realize that using acronyms that are all very close together does not make it very easy for consumers to make sense out of these things.

For you tech-savvy readers of this blog, please reach out and help some others secure their networks properly.

Update: 2012-02-12 – Hak5 aired an interview in episode 1024 found here which covers the WPS issue with even more detail.

Posted in 3 Geek, Apple, Gadgets, Hardware, Security, Technology | Tagged , , , , , , , , , , , , , | Leave a comment

Apple Upgraded the AirPort Utility to 6.0 for Lion Users: A Blessing or a Curse?

Posted on February 4, 2012 by helpmeusetech

3GI always thought that one of the negatives of using Apple products in my network was the fact that you could not configure them through a browser.  All other consumer-grade routers that I am aware of provide a browser-based network interface for configuring the security, WAN and LAN settings of the router.  Apple requires the use of an application that they provide now called “AirPort Utility” to accomplish this same set of operations. This utility is available for Microsoft Windows and, of course, OS X, but has never been available for any flavor of Linux.

Apple recently pushed out version 6.0 of the AirPort Utility to Lion (10.7.X) users. Users of earlier versions of OS X are not offered this software upgrade. This utility allows you to configure AirPort base stations, Time Capsules and other Apple networking gear. Although the interface is much simpler to use, they have drawn a line in the proverbial sand, leaving some older Apple networking devices and some previously existing features by the wayside. CNET did an analysis of the features missing from the new version of the AirPort Utility.  The results of their investigation can be found here. As an individual who uses many of these features that are now inaccessible, I am a bit concerned.  In addition to removing the ability to configure a number of previously existing features, the new version also no longer allows you to configure 802.11g and earlier versions of their network products. Fortunately, they have provided a new version, 5.6, which can be found here which can be used to configure aging devices.

On the bright side, one of the advantages of running OS X is the ability to run multiple versions of an application.  I took advantage of this ability so I could have both versions of the AirPort Utility installed.  These steps should be done BEFORE updating to version 6.0. Perform the following steps to have access to both versions.

  • Since the AirPort Utility is a system file and is owned by root (the ultimate and all powerful user on a UNIX system), we must assume the power of root to make these changes.  That is accomplished by executing the following “sudo” command and entering your password when prompted.

NOTE: In the step that follows, you become the “root” user. At that point, you have full power and authority to damage your system and make it inoperable. If you are not comfortable with that, stop now. I accept no responsibility for damage done here.

sudo su -
  • We next need to find out the location of the Applications/Utilities folder on your system.
ls /Volumes/*/Applications/Utilities
  • Make a note of the string that is returned to you. Next, we want to change our working directory to the location we just identified that holds your AirPort Utility. Replace <string> with the path that was returned by the previous command. If the path returned includes spaces, enclose the <string> path entered below in quotation marks.
cd <string>
  • Next, we want to make a copy of your existing version of the AirPort Utility. The “-r” option of the cp (copy) command requests that the copy be made recursively.  That is, copy the item requested and all of its contents including files and subfolders. Under OS X, applications are actually represented as folders that contain all (well, most anyway) of the information and resources needed to execute the program. The “-p” option tells cp to maintain file attributes like access time, modification time and permissions.
cp -rp "AirPort Utility.app" "AirPort Utility Old.app"

Since we no longer need the power of the root user, exit.

 exit

If you now look in the Utilities folder within Applications, you should see two versions of the Application utility there, named as above. Double-click the “AirPort Utility” application and feel free to upgrade it to the new version 6.0.  If you run the old version, you may be prompted to upgrade it.  Just decline the upgrade to maintain the old version, as is.

It is worth noting that running multiple instances of some programs is more complicated than implied here.  In this case, the AirPort Utility is reasonably well-behaved and self-contained. Some applications, like browsers or other applications that use customizable user profiles for their settings require more planning to support concurrent versions. It can still be done, however.

In my opinion, unless you desperately need to use version 6.0 of the AirPort Utility, I would decline the upgrade. At some point in the future, users may be forced to take an upgrade, however. For the sake of the advanced users, hopefully a new version of this utility will be made available soon which restores the functionality that has been removed.  I wouldn’t expect older devices to be supported though. Unlike Microsoft, Apple does not always provide backward compatibility in their products.  That is sometimes a blessing and sometimes a curse.

Posted in 3 Geek, Apple, Linux, Mac, Technology, Utilities, Windows | Tagged , , , , , , , , , , , , , , | Leave a comment

Removing Microsoft Windows Updates: A Temporary Solution to Restore Productivity

Posted on January 30, 2012 by helpmeusetech

3GAlthough most often harmless to existing installed software and computer configurations, occasionally, Microsoft Windows updates can negatively impact your system. It isn’t possible for Microsoft to test every combination of hardware and software prior to shipping these updates. Often, these updates are time critical due to security issues and they are released as fast as possible to prevent serious vulnerabilities from spreading throughout the internet community.

Recently, a client of mine ran into a situation where a specific Windows update (KB2585542 discussed here) caused issues with connectivity between Outlook and Kerio Connect mail server.  Mail could be received, but not sent.  Although I’m not advising to remove Windows updates as a long term solution, it can be an effective short term solution when business productivity is at stake.

Most people are very aware that Microsoft releases periodic updates to their operating systems. Users have several choices about how these are installed:

Windows 7 - Update Choices

Windows 7: Update Choices

From a computer security perspective, selecting “Install updates automatically” is definitely the way to go.  Although the user can select when these updates occur, they are most often scheduled in the middle of the night.  If the installation of the update requires a system reboot (which many do), you may lose any unsaved work when the reboot occurs. It is a good practice to save all work before you leave your computer for any length of time, especially at the end of the day.

In our scenario here, we have investigated and found that a Windows update was installed which breaks existing functionality in Outlook.  Although a fix from Kerio was available, it would require installing a new version of the mail server and appropriate testing. I chose a short term fix of temporarily removing the offending Windows update from the impacted systems until the Kerio update could be properly deployed.

So now that we know we want to temporarily remove a Windows update, how do we do that? Windows updates are treated very much the same as any other piece of software installed on your Windows system. This example uses Windows 7. From the Control Panel, select Programs.

Windows 7 - Programs View

Windows 7: Programs View

Next, select View installed updates.

Windows 7 - View Installed Updates

Windows 7: View Installed Updates

Finally, select the Windows update you would like to remove and click Uninstall.

Windows 7 - Uninstall Update

Windows 7: Uninstall Update

Windows should follow the normal software removal process from this point.

Although the process is similar for all modern versions of Windows, there is a slight change to how this is implemented if you are still running Windows XP.  In Windows XP, from the Add or Remove Programs area in the Control Panel, click Show updates as shown below with the red circle. From there, select the update to be removed and click Remove.

In no way am I advocating the removal of Windows updates as a long term solution to any issue. When in a pinch, where productivity and the ability to operate a business are at stake, temporarily removing an update is probably a reasonable course of action.

It is also worth noting that if the installation of Windows updates is set to happen automatically, the next time it runs it will reinstall the problematic update.  For slightly longer time frames, adjust the frequency of checking for updates or modify your settings to download the updates, but manually choose when to install them. To restore the removed updates, you may manually run Windows Update at any time.

 

Posted in 3 Geek, Security, Software, Technology, Windows | Tagged , , , , , , , | Leave a comment