RSAC 2018: Patrick Wardle and Mikhail Sosonkin on Hotel Room Hacking

Patrick Wardle and Mikhail Sosonkin present "When in Russia: Hacking Vice Abroad." Talk presented at RSA Conference USA 2018, recorded and shared with permission

You can follow along with the slides (PDF) while you listen.

You'll also want to view the YouTube video of the duo hacking Gianna Toboni, the producer of VICE on HBO, while in Russia.

Want more computer security podcasts? Subscribe to the Intego Mac Podcast (iTunes | homepage) for weekly Apple and security news and discussion with @theJoshMeister and @mcelhearn!

Follow @patrickwardle (Patrick Wardle, presenter) on Twitter
Follow @hexlogic (Mikhail Sosonkin, presenter) on Twitter
Follow @theJoshMeister for more Apple-focused security content
 

RSAC 2017: Robert Graham on Mirai and IoT Botnet Analysis

Robert Graham's "Mirai and IoT Botnet Analysis" presentation from RSA Conference USA 2017 (recorded with permission)

You can follow along with the slides (PDF) while you listen.

Follow @ErrataRob (Robert Graham, the presenter) on Twitter
Follow @theJoshMeister for more computer security content

RSAC 2017: Amit Serper on OSX Pirrit and Why You Should Care about Malicious Mac Adware

Amit Serper's "OSX Pirrit: Why You Should Care about Malicious Mac Adware" presentation from RSA Conference USA 2017 (recorded with permission)

You can follow along with the slides (PDF) while you listen.

Follow @0xAmit (Amit Serper, the presenter) on Twitter
Follow @theJoshMeister for more Mac security content

RSAC 2017: Patrick Wardle's Meet and Greet with the macOS Malware Class of 2016

Patrick Wardle's "Meet and Greet with the macOS Malware Class of 2016" presentation from RSA Conference USA 2017 (recorded with permission)

Read the slides while you listen; see also Patrick's blog post that aligns with this talk

Follow @patrickwardle (the presenter) on Twitter
Follow @theJoshMeister for more Mac security content
 

Tech Pulse 20071108: Does Mac Security Suck?

Josh and Big-O discuss Google's Android phone platform announcement and the new Mac OS X Trojan spreading through porn sites, and talk at length about the pros and cons of Mac OS X vs. Windows security.

Notes and links related to this episode:

Opening Thoughts

• The iBride and iGroom have posted details about how they met and how they planned crashing the Apple Store
  

Tech News

• Google's mobile phone platform announcement: the Open Handset Alliance and "Android"
• Google is not (yet) building its own cell phone hardware
• Microsoft CEO Steve Ballmer pooh-poohed Google's efforts, calling the Open Handset Alliance "just some words on paper right now" and boasting that Microsoft has "many, many millions of customers" who use Windows Mobile on their phones
• The open, Linux-based nature of Android contrasts sharply with the closed software platform of the iPhone (at least until February when Apple plans to release an iPhone SDK)
• If Google chooses to make it an ad-supported platform, how invasive will it be to the user's privacy?
  
• New Mac Trojan horse (eloquently dubbed "OSX.RSPlug.A") is in the wild and being distributed through porn sites
• Trojan horses do not self-propagate or spread themselves automatically over a network
  
• How to prevent infection: Don't download "codecs" from porn sites (and in general, make sure you thoroughly trust any source before giving it permission to install software on your computer)
• How to check for the existence of the Trojan on a system and remove it

Special Feature: Does Mac Security Suck?

• Similarities between Leopard and Vista security:
• Leopard finally includes digital signatures for applications (and all Apple apps included with the OS are now signed)
• Leopard includes application sandboxing, which offers some level of protection against buffer overflow exploits to affect other parts of the system, etc.; somewhat similar to Windows XP SP2 and Vista's Data Execution Prevention (DEP)
• Leopard and Vista both have memory randomization (Apple calls it Library Randomization), a feature that makes it harder for malicious software to find a memory address to exploit it
  
• Cons of Mac Security:
  
• the Leopard firewall is off by default vs. Windows XP SP2 and Vista's firewalls being on by default
• being off by default makes Macs running any kind of networking services much more vulnerable to remote attacks and exploits
• plus, the Leopard firewall has been criticized as allegedly not working as well as it should
  
• lack of anti-phishing in Safari and Apple Mail vs. anti-phishing built into IE7 and Windows Mail
• the Status Bar is still turned off by default in Safari 3 in Leopard; this leaves users completely unaware of where any link will take them, which can make it easier for people to fall into traps such as phishing scams
• Pros of Mac Security:
  
• Leopard uses a proven BSD-based networking stack vs. Vista's virgin stack
• real-world numbers of viruses and spyware for Mac compared to Windows: Sophos reports that by the end of 2006 there were over 207,000 known malware threats (PDF link), and so far there have been fewer than 5 known Mac OS X Trojans in the wild; Windows is still by far the biggest target
  
• Mac OS X comes with a Web filter (as part of its Parental Controls, for non-admin accounts only) vs. Vista includes no Web filter
• Mac OS X knows when to (and more importantly, when NOT to) prompt the user for administrator approval, "without bugging the crap out of you" and "going overboard" like Vista does; Vista users can get so desensitized to these prompts that they simply dismiss them out of habit without paying attention to what's going on
  

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter / follow Big-O on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20071018: Amazon.com DRM-free MP3s, eBay Hacked, Zune Adds Podcast Support, and more!

Lots of news including the Amazon.com DRM-free MP3 store, eBay was recently hacked leading to stolen credit card information, iPhones were unlocked then bricked then unlocked again, Zune adds podcast support, Bungie might split from Microsoft, Mac OS X Leopard is coming, and more!

Notes and links related to this episode:

Tech News

• iUnlock released: the first free, open source iPhone SIM unlock software
• But then Apple announced that iPhone hacks (including SIM unlocking) void your warranty (further reading)
• Firmware 1.1.1 turned a lot of hacked iPhones into shiny, expensive bricks
• New hacks have resurfaced for 1.1.1 - see iphoneSimFree.com (and thus the cat-and-mouse game continues...)
• In related news, Steve Jobs announced via Apple's Hot News page that native third-party applications (i.e. not merely Web-based apps) will be coming to the iPhone (and iPod touch) in due time, and a software development kit (SDK) is planned for a February 2008 release
  
• Google Docs added support for slideshow presentation documents (including the ability to import PowerPoint files)
• Zune adds podcast support
• Bungie might split from Microsoft... which could potentially mean the return of a strong Bungie presence on the Mac
  
• eBay Hacked, personal credit card and contact information of at least 1,200 users stolen
  
• Amazon.com releases its own DRM-free, multi-OS compatible MP3 music download service
• Individual track purchasing is platform-independent (i.e. Linux compatible), but so far album purchasing is only available on Windows XP, Vista, and Mac OS X
• 
  

• Apple seems to have responded to market pressure by dropping the price of iTunes Plus tracks (which are also DRM-free but come in the less ubiquitous AAC format) to 99 cents, the same price as DRM-encumbered iTunes tracks, and down from $1.29
  
• Mac OS X v10.5 "Leopard" is nearing release: Friday, October 26th (get $20 off for a limited time through this link!)
  

Tech Tips
Josh's

• Task Manager tricks for Windows
• What happened to my Task Manager?? If your task manager's tabs and buttons seem to have mysteriously vanished, don't worry—you probably just accidentally double-clicked somewhere in the window. This is a feature, not a bug. Double-click in a blank area of the window to restore the default view.
  
• Can I go straight to the Task Manager in Vista? Yep; the keystroke Ctrl+Shift+Esc instantly brings up the Task Manager in Windows Vista, without going to a list of options first. The same command also works for Windows XP/2000 PCs, which bypasses the option list screen if the PC is on a domain (of course, if your Windows XP or 2000 PC is not on a domain, then the command does the same thing as Ctrl+Alt+Del).

Anthony's

• On newer Macs, if you have the volume muted and then plug in headphones, the Mac will automatically unmute so you can hear through the headphones. Then if you unplug your headphones, the Mac will mute again instantly!
  

Big-O's

• On Macs with volume keys on the keyboard: Hold Shift while pressing a volume key to temporarily disable the volume-change sound effect)

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter / follow Big-O on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20070906: Drobo Review, iPhone Price Cuts, iPod Touch, HandBrake, and more!

A guest review of Drobo, plus tons of iPhone- and iPod-related news, details about recent Monster.com and Mobipocket server hacks, Josh offers security tips, Josh picks the multi-OS free DVD ripper HandBrake, Kyle discusses iWork and iLife 08, and more!

Notes and links related to this episode:

Tech News

• New Apple stuff:
• iPod Touch, 160 GB iPod Classic, new iPod nano with video, new colors (no more white iPods of any kind, which along with the no-longer-white iMac makes Kyle wonder if Apple will drop the white MacBook design soon)
  
• $200 iPhone price cut, which led to Steve Jobs' open letter to all iPhone customers and a $100 store credit for early purchasers
• You can now purchase iPhone ringtones via the iTunes Music Store for 99 cents—but only after you purchase the full-length song for another 99 cents first
• While it's annoying to have to pay for it twice, it's still cheaper than most ringtones for other phones, plus iTMS allows you to select the specific part of the song that you want to use as your ringtone
• iTunes Wi-Fi Music Store for iPod Touch and iPhone
• Apple and Starbucks are beginning to roll out a system to allow consumers to purchase the currently-playing song in Starbucks from their iPod Touch or iPhone
• Anthony suggests that the new Starbucks system might be similar or related to the Apple-Polk iTunes Tagging system
• Follow-up on last episode's "Monster.com Hacked" story
  • From an e-mail sent to Monster users: "As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records. The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites"
  • Apparently, no passwords were stolen in this heist, although this is not specifically stated one way or another
    
  • More related problems have cropped up since, including Monster.com servers hosting malware
• Mobipocket Account Passwords Possibly Stolen
• Mobipocket is a very popular document reader application for Palm and Windows Mobile PDAs
• From an e-mail send to Mobipocket.com customers: "We reset your password because we recently learned of an attempt to gain access to a Mobipocket server. Files containing name, account name, password, address and e-mail address for some Mobipocket customers were kept on this server. Although we have no evidence that these files were accessed, we changed your password and are notifying you out of abundance of caution."
• This is a very good reason to use unique passwords for each of your Web site accounts! Ideally, use an encrypted password database unless you're skilled enough to memorize all your passwords
• Palm OS: Strip (freeware, open-source) is an excellent encrypted password vault
• Mac OS X: you can create an encrypted disk image using Disk Utility and store passwords in a file on that disk image, or use 1Password (shareware, U.S. $29.95)
  
• Windows XP Professional: if you're using a secure password for your Windows account and you don't share the account with others, and if your file system is NTFS, you can encrypt a file containing passwords from the file's Properties screen (Windows Vista users must have the Business, Enterprise, or Ultimate edition to encrypt files)
  
• Impressive new technology: content-aware image resizing using "seam carving" technology
• stretch out or compact an image on-the-fly while preserving important parts of the photograph
• it can be used to edit people out of photographs!
  
• watch a video demonstration on YouTube
  

Special Segment

• Review of Drobo by Ken Leslie
• Drobo is a "data storage robot," basically a very intelligent, incredibly easy alternative to RAID
• Overall Ken had very positive experience; Data Robotics provided great tech support, and the Drobo product works great as long as long as you make sure to test your hard drives before initially setting it up
• (Listen to the podcast for the full review, including an explanation of what Drobo is, what it does, why it's useful, and more)
  

Tech Tips
Josh's

• Show all file extensions, even for known file types
  • Glaring security hole in Mac OS and Windows: you can give anything a custom icon, and by default "known" file types do not show their filename extensions. Example of why this is a problem: a file that appears to be an innocuous plain-text file may actually be a Trojan horse application with a custom icon
  • You can know what type of file it really is by manually enabling a feature in Mac OS X or Windows
    • Mac OS X: Click on the desktop, click on the Finder menu, click on Preferences..., click on Advanced, put a check next to "Show all file extensions"
    • Windows: Click on Start, Control Panel (or in some cases Start, Settings, Control Panel), then open the Folder Options panel, remove the check next to "Hide file extensions for known file types" (or "Hide MS-DOS file extensions for file types that are registered"), then click OK
  • Mac OS 9.2.2 and earlier doesn't necessarily use filename extensions, and instead uses four-character "type" and "creator" codes to determine what kind of file it is and how to open it. Thus, leaving a file without a filename extension (or by adding a false extension), it's even easier for malicious users to spoof file types. I'm unaware of any workaround that prevents file type spoofing in Mac OS 9.2.2 or earlier
    

Software/Hardware/Site etc. Picks
Josh's

• HandBrake - Simple yet powerful DVD ripping software for Mac, Windows, and Linux, with presets for iPod, iPhone, Apple TV, PSP, etc.
• Oh, and did I mention it's free (as in both money and source code)?
• It does NOT convert files from one video format to another. iTunes can do this for some file types, but not all. If you, dear reader, know of any good video converter apps for Mac or Windows, please e-mail us at josh at techpulsepodcast dot com, or bookmark the application's homepage on del.icio.us with the tag "techpulseideas"

Kyle's

• iWork '08
• Keynote is pretty much the same
• Numbers rocks by being an attractive alternative to Excel
• Pages got some much-needed upgrades
• iLife '08
• GarageBand - seems like the wave of coolness is over for it; the new features didn't impress me
  
• iDVD - is it really needed anymore?
• iMovie - bleh... I wasn't impressed by the overhauled design and loss of certain functionality, but certain new things like the cursor-rollover previews are cool
  
• iPhoto - finally decent Web albums (requires .Mac, though - thumbs down)
• iWeb - Google AdSense and maps, Web snippet widget thingys, usable with my own domain name! (FINALLY!)
• Josh discusses the possibility of unethical people creating illegitimate Apple Web Widgets for use in phishing scams
  
• New Apple keyboard
  
• Zune!!! (just kidding)

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20070823: Monster.com Hacked, 700 MHz and Google, Open Letter to Palm, and more!

Josh talks about Monster.com user data being stolen, Google preparing to bid on the 700 MHz spectrum, Engadget's open letter to Palm: get with the times, full screen mode in QuickTime Player without 7.2 or Pro, and the Mac browser Camino!

Notes and links related to this episode:

Tech News

• Monster.com Hacked through Spear Phishing, User Data Stolen
• Google May Bid on 700 MHz Spectrum
• Minimum Bid: U.S. $4.6 Billion
• "In the United States, TV stations are changing to digital broadcasting and giving up 700 MHz airwave spectrum by 2009." (source: Wikipedia)
• the frequency can travel long distances and penetrate through walls (source: Engadget)
• some speculate that it could be used for a unique version of WiMAX—basically a very long-distance alternative to Wi-Fi
  
• Wal-Mart now offers 94¢ DRM-free tracks, with many advantages over iTunes Music Store:
• 256 kbps MP3 format, which is compatible with lots more devices than iTMS's 256 kbps AAC
• 94¢ instead of $1.29
• Tracks from both EMI and Universal (so far only EMI sells DRM-free tracks on iTMS)
  
• Wal-Mart's downloads are "clean" versions of tracks (e.g. "radio edited" versions)
  
• Engadget's open letter to Palm: Get with the times already!
  

Tech Tips
Josh's

• How to get QuickTime to display movies in full-screen without QuickTime 7.2 (or buying the Pro version)
• tell application "QuickTime Player"
  present front movie scale screen
  end tell
  
  Save the above script as an application (you can do this with either Script Editor or Automator). The next time you open a video file in QuickTime Player, just run the AppleScript, and violà! Full-screen mode.

• useful for systems that can't upgrade to 7.2, or when using restricted accounts without installation privileges
  

Software/Hardware/Site etc. Picks
Josh's

• Camino browser for Mac OS X
  
• uses the same engine as Firefox (Gecko)
  
• built-in ad blocking and Flash blocking options (which are two of my favorite Add-ons for Firefox anyway)
  
• built using Apple's Cocoa API rather than Carbon (i.e. it's a more modern-style Mac app under the hood)
  
• seems to be more stable than Firefox in my very limited testing (more stable, at least, than Firefox with a few third-party Add-ons installed such as Adblock and Flashblock)
  
• cons: not as extensible as Firefox, and fewer choices in Preferences
  

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20070809: Netflix Hacked, Uninterruptible Power, Sweet Firefox Add-ons, and more!

Josh talks about Apple's new iMac and other product upgrades, Netflix getting hacked, future huge-capacity notebook drives, the safety of using an uninterruptible power supply (UPS), Firefox add-ons to block ads and increase Internet safety, and more!

Notes and links related to this episode:

Tech News

• Apple's Tuesday event stuff:
• New iMac, redesigned to look more like the iPhone with a glass screen, and a new, much flatter keyboard
• iLife '08 with new automatic "Events" in iPhoto, redesigned iMovie, and more
• iWork '08, now with Numbers (Apple's answer to Microsoft Excel), simpler word processing with Pages, and more
• .Mac now has 10x the storage and bandwidth (increased to 10 GB storage and 100 GB/month bandwidth)
  
• Netflix's streaming movie service (which relies on Microsoft DRM) has been hacked
• Fujitsu developing 1.2 TB notebook HDs

Tech Tips
Josh's

• Hacking Safari 3.0.3 Beta to work on Mac OS X 10.3.9
• Josh couldn't get it to work. =(
  
• Consider getting an uninterruptible power supply (UPS) for your desktop PC
• What should you plug into the battery backup outlets? (Anything that might cause data loss if power is lost unexpectedly)
  
• Desktop PC
• External hard drives, NAS
  
• Networking equipment (router, modem, and/or switch)
  
• What only needs surge protection?
• Monitor (would suck a lot of power from the UPS, and you can set up your PC to shut down automatically when UPS power is running low)
  
• Printer
• Speakers
  
• Laptop (has its own battery backup!)
  

Software/Hardware/Site etc. Picks
Josh's

• Favorite Firefox Add-ons (aka extensions):
• Make the Web enjoyable
  
• Adblock
• Adblock Filterset.G Updater
• Flashblock
• Manage bookmarks across multiple computers and browsers
  
• del.icio.us buttons
• Add-ons that are useful to install and train people to use after cleaning up spyware infections:
  
• McAfee SiteAdvisor
• *FAR* from foolproof, but can be useful to identify many harmful sites
• Shows its ratings next to sites in search results
  
• Netcraft Anti-Phishing Toolbar
• The same people who get a lot of spyware are often likely to click on phishing links as well. Firefox and Internet Explorer 7 have anti-phishing features built in, but it doesn't hurt to add another layer of protection
  

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter / follow Big-O on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20070802: Google Galore, Apple Profits and Patches, USB vs. FireWire, IPv6, and more!

Josh, Anthony, and Kyle chat about Apple news, Google Phone rumors, Google apps, securing VNC, multi-service IM clients, USB vs. FireWire, Intel Core 2 Quad price drops, IPv6, the annoyance of required reboots, and more!

Notes and links related to this episode:

Tech News

• Apple's earnings conference call
• $818 million net profit in Q3 2007, highest revenue in June quarter in Apple's history
• Record-breaking Mac sales; 33% year-over-year growth overall (1.76 million Macs sold in the quarter), with Mac notebook sales increasing by 42% year-over-year
• Mac business represents about 60% of quarterly revenue
• iPod sales grew 21% year-over-year, with 9.8 million iPods sold in the quarter
• 270,000 (over 1/4 million!) iPhones sold in first 30 hours
• iTunes Music Store has sold over 3 billion songs
  
• Security patches for Mac OS X, Safari, and iPhone security patches
• The great Mac Mod Challenge 2007 (4th annual!)
• Google Phone rumors via the Wall Street Journal
  

Tech Tips
Josh's

• Follow-up on the previous VNC tip: How to do it securely via SSL
• VNC is not secure by default; entering passwords and transmitting data insecurely over an open wireless network, or any untrusted network for that matter, is unsafe and can potentially leave your passwords and data exposed to hackers, identity thieves, etc.
  
• How-to for Mac OS X
  
• easy instructions can be found here
• no third-party software required; Mac OS X has SSH server and client functionality built in
  
• How-to for Windows
• SSH server software: OpenSSH via Cygwin (instructions can be found here)
  
• SSH client software: PuTTY, or PuTTYPortable (usable from a USB flash drive)
• Again, I recommend configuring your router to accept SSH connections through an IANA Unassigned port, since hackers may potentially look for open SSH ports (TCP port 22) to try to break into systems
  

Kyle's

• (Waiting for iWork '08 before doing his tip.)

Anthony's

• Things you didn't know Google could offer you
  
• Google Docs & Spreadsheets
• 1-800-GOOG-411
• Josh mentioned another phone-based service (not from Google): TellMe (1-800-555-TELL) which has news (including tech news), sports, driving directions, movie descriptions and tickets, blackjack, and more—all for free
  
• Google Notebook - make notes and Web clippings while browsing in Firefox
  
• Google SketchUp - 3D modeling/CAD-type software
• Kyle recommends avoiding Google Web Accelerator because it can cause problems with some sites (not to mention the privacy issues)

Software/Hardware/Site etc. Picks
Josh's

• Adium - multi-service IM client for Mac
• There is some disagreement even within the Adium development team on how Adium should be pronounced, although it's pronounced like the word "stadium" in the videos on the official site
• Adium supports numerous services (AIM, Yahoo!, MSN/Live Chat, Google Talk, Jabber, ICQ, Gadu Gadu, and many more), is highly customizable and very Mac-like, with an intelligent Dock icon, Growl integration, and much more
  
• Trillian - multi-service IM client for Windows
• doesn't support as many IM services as Adium and Pidgin, but has a nice interface and has video support
  
• also: Pidgin (formerly known as Gaim) - for Windows and Linux, uses the same engine that powers Adium

Anthony's

• USB 2.0 vs Firewire 400 hard drives enclosures: Which one should I get? Which is faster?
• FireWire 400, according to tests—in spite of the fact that the USB 2.0 specification of 480 Mbps indicates that USB should be faster
  

• Firewire
• Faster with both read and write especially when transferring fewer, but larger files.
• http://www.newegg.com/Product/Product.aspx?Item=N82E16817145138
• USB 2.0 and Firewire
• Best option for best of both worlds.
• http://www.newegg.com/Product/Product.aspx?Item=N82E16817145128
• eSATA and USB 2.0
• Best option for performance
  
• http://www.newegg.com/Product/Product.aspx?Item=N82E16817145167
• USB 2.0 and RJ-45 (Ethernet)
• Best option for multiple user access at a time
  
• http://www.newegg.com/Product/Product.aspx?Item=N82E16817392008
• Models listed are a wide variety of styles offered by Vantec. Each style may offer additional models to encompass each of the above connection options. For example, the Mac mini-like enclosure may also come in a model that offers FireWire, but Kyle likes the Nexstar2 enclosures, best for quality and durability as well as aesthetics
  

Kyle's

• Best deal for speedsters: Intel Core 2 Quad Q6600, 2.4 GHz, 2x 4 MB cache, LGA775 socket, recently priced at $289 on zipzoomfly
• Intel Core 2 Duo E6600, 2.4 GHz, 4 MB shared cache, LGA775, recently $223 on zipzoomfly
• AMD Athlon 64 X2 6000+ Windsor, 3.0 GHz, 2x 1 MB cache, AM2 socket, recently $169 on mwave
• Intel Pentium Dual Core E2160, 1.8 GHz, 1 MB cache, LGA775, recently $96 on newegg
• AMD Athlon 64 X2 3800+ Windsor, 2.0 GHz, 2x 512 KB, AM2, recently $68 on zipzoomfly

Listener Questions
What is IPv6, and how does it differ from IPv4?

• IPv6 is the next version of the Internet Protocol, and is already supported by major operating systems
• One of the main advantages over IPv4 is the huge number of addresses IPv6 supports: an estimated 5,000 IP addresses per square micrometer of Earth's surface (far more than necessary for the foreseeable future, thus providing a lot of room for growth)
• IPv4 addresses are much shorter and much easier to memorize, so it's much more practical to use it for LANs
  
• See https://en.wikipedia.org/wiki/IP_address and https://en.wikipedia.org/wiki/IPv6 for more information
  

Log Out
Is there any way to disable the annoying nag message in Windows XP that incessantly prompts the user to restart after installing critical updates?

• Yes, although of course it's recommended to restart since the security provided by the updates may not take full effect until after rebooting
• If you want to disable it anyway, you can try Auto Reboot Remover from IntelliAdmin or these manual instructions

Don't forget to Digg us, blog about us, and tell friends about us!
Add us on MySpace / follow Josh on Twitter / follow Big-O on Twitter
You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us

Tech Pulse 20070718: New "Mac Worm," Connect to Your PC or Mac for Free, Batch Image Resizers, TextWrangler, and more!

Josh and Big-O discuss the alleged new "Mac worm" and Mac security in general, how to remotely connect to your PC or Mac for free using VNC, batch photo resizing freeware apps for Windows and Mac, TextWrangler, and more!

Notes and links related to this episode:

Opening Thoughts
We have a regular recording schedule for the time being! You can listen LIVE on Wednesdays* at 8 PM Pacific / 11 PM Eastern (except July 25th). Just look for us on talkshoe.com during the hours when we're recording. *UPDATE, 1 August 2007: We've decided to change our regular podcast schedule to Thursday nights instead.

Tech News

• Alleged Mac worm by Information Security Sell Out
  
• allegedly there's an unreleased exploit that has been tested in private—this is the so-called worm
  
• so far, this is no more a real threat than "Inqtana," another proof-of-concept "worm" for Mac OS X that was never in the wild
• there's no real evidence that it even exists; the original source is just a Blogger page that claims there's a new Mac worm
• even if it exists, it's allegedly based on a previous hole in Bonjour that Apple already patched, so Apple would simply have to release another security patch to fix it
  
• even though this thing isn't even in the wild, people are already suggesting ways in which you could prevent this from spreading to your computer
• If you're really paranoid, turn off AirPort when in public
• If you're really paranoid but you need to use a shared or public network, go to Apple menu, System Preferences, Sharing (then if desired, take note of your settings under the Services and Firewall tabs so you can restore them later). Uncheck everything under the Services and Firewall tabs, and under the Firewall tab make sure it says "Firewall On"
  
• See the comments on Slashdot and Ars Technica for more technical ideas (but try them at your own risk—especially if they involve changing system file ownership or permissions)
• Sony releases YouTube wannabe called Crackle
  

Tech Tips
Josh's

• Connect to your home computer from anywhere in the world for free using VNC
  
• Why pay for commercial software when you can do it for free?
  
• Software:
• UltraVNC (server and client apps for Windows)
• Vine Server (server app for Mac OS X, and a minimal version for Mac OS 9)
• Chicken of the VNC (client app for Mac OS X)
• PalmVNC (client app for Palm OS/Garnet), or .NET VNC Viewer (client app for Windows Mobile)
• Choose a custom port (for security through obscurity)
• Prevents casual would-be hackers from identifying that you have VNC running on your computer
  
• Any port listed as "Unassigned" by IANA should be okay; refer to http://www.iana.org/assignments/port-numbers
• Choose a strong password
• Configure your software, set up port forwarding in your router, open the port in your software firewall
• Test and troubleshoot while you're at home to make sure it's working properly
  

Big-O's

• Getting magnets out of hard drives

Software/Hardware/Site etc. Picks
Josh's

• Freeware batch image resizer apps - handy if you e-mail a lot of photos
  
• Resize! for Mac OS X and Mac OS Classic, by K Studio - very simple interface, works great for basic batch resizing needs
  
• works on Windows, too, but...
  
• BIMP Lite for Windows, by Cerebral Synergy - totally awesome, TONS of features
• batch convert between image formats (BMP, PNG, JPG, GIF, TIFF, etc.)
  
• batch resize, rotate, rename, output to FTP, and lots more
• Big-O's related pick: Paint .NET for Windows
• great replacement for Microsoft's Paint app
• free as in money and source code

Big-O's

• TextWrangler from Bare Bones Software
• freeware text editor for Mac OS X with lots of nice features
• advanced search and replace features
  
• great for HTML, XML, Perl, etc. coders because it automatically color-codes for many programming languages
  

Log Out

• Don't forget to Digg us, blog about us, tell friends about us
• Add us on MySpace / follow Josh on Twitter / follow Big-O on Twitter
  
• You (our listeners) can submit story ideas by tagging pages with "techpulseideas" on del.icio.us