CNET to the Rescue Ep. 23: Darren Kitchen tackles network dilemmasSpecial guest Darren Kitchen from Hak5 joins us to talk through secure WiFi networking, VPNs, SSL, and protecting yourself from the dreaded Firesheep
Hi everyone I'm Rick -- I'm Darren Kitchen welcome to -- -- to the rescue. Our show where we tackle your tech problems. And try to help you out -- out of mess that you've gotten yourself into today that's gonna be technical geeky masses because he got Darren -- From Hak5 that are Dan thanks for joining us now. You can if you have -- technical question consented to rescue at cnet.com. Or call us with your questions. -- on next week's show -- 8774386688. No question is based is too basic and today no question is too geeky and are gonna start with the that he got a tech product again vendors in the give us calls and -- an email we will -- -- that help you out. We're gonna start today with couple of voicemails on network security gonna get right into the meat of this no more pussy footing around though you know. I don't -- I boot my computer what is this in the -- that bush but what if what you're cupholder -- you know. -- Where you get right into it so let's -- the first voice mail today from Jeff in Miami. This is just Nolan in Miami. I have headed to South America to do so. Experiences. Laptop worker going to be living there and lacked firewire five Wi-Fi just about everywhere -- I'm going to be. I'm wondering if you could tell me about banking transactions and need to be able to move money around. In -- morning about something like Ironkey. Or using -- VP in strong VP in our hot spot deep in. Anything like anything that ticket information you give me about being able to reform. Financial transactions not affiliated with the company so just miles thank you. You going to South America and you need to move a lot of money around well okay. It -- Or whatever maybe it would not yet go ahead and maybe he just wants to log into social networks and doesn't want his is -- speedier in the clear because in he brings -- A good point when you're using public Wi-Fi you're using an un encrypted like -- therefore not only is it. Encryption key they used to connect to the Wi-Fi it not only is it just then the keys to that network. But it's also to encrypt that traffic so that anybody in on the network is -- -- to be able to -- -- things in between so. You know it it would be. It'd be good policy to just go ahead and use some sort of tunneling technology some sort of bring your own encryption whenever using a public network like that can bring VO ILE he had -- so what -- Ironkey as well so Ironkey offers a a little gizmo for private surfing it's essentially USB key that hardened version of Firefox within it and then uses. There. Their tunneling service their encryption service and IA uses a virtual private network and and that that's fine if you just want -- turnkey solution that looks like. You know I haven't looked too much into what the service costs are anything but you know if you just want to pick something up double logic -- -- -- that looks like find one. You mentioned hot -- VPN there's a few of those there are many VP and providers -- can get. A V -- virtual private network and this is a way that. If that's a -- in encrypted. End to end connection so from where reais in South America to wherever the VPN is and from there van. Yeah it goes out to the Internet but that that the -- that transmission. Or the traffic between that computer. And the VP and slash I is the is on directly on hackable. Right so so for instance. If I were -- on a public network. Without a VPN and I went to log into my FaceBook -- -- -- -- -- anything anybody that was also on that network can easily using you know. Not only had like really easy tools now could go ahead and see what my passport is stealing cookie things like that right. Say lake ray if you were nice enough to set me up with the VP and you just set up some awesome server your house -- -- You know and -- -- pal Darren up with some VPN access to them got a -- cable modem what you've got like what 35 megabit that oversupply that. Which of course easy on a slow -- Feel like -- shares and -- with with Darren set up that he can't account and then I can make a secure connection to your house needs to everything in between me. You know whatever it is -- rental car wherever I am on a public network and your house is completely encrypted. -- -- Then from your house out it's not right because -- -- -- at some point go back into the public Internet as HTTP. So that the -- can understand it. But if I'm on I'm in South America or at Starbucks here in the corner. On open Wi-Fi. That's very vulnerable so encrypting that part of the connection is a very good idea so. What Jeff is saying here's -- right right way to think about it. -- if you've got a totally on the right track but the reason that I bring up the you know -- such a nice guy sent me up with a VPN is. -- -- -- -- -- -- -- No better way encryption technology you use whether its a VP and or -- five proxy or however you wanna do it. You're. -- -- can your communications needs to terminate to an encrypted at some place and that termination point is where you need to be concerned because sure. There's services like Ironkey and hot -- VPN or -- to set me up with an account how much you trust that end point -- -- -- need to be. -- -- -- so what is the best easiest most cost effective whatever way for a global traveler. Or justices and of the the planet to use -- VPN to do secure web browsing from anywhere. Personally what I like to do is since I already have you know residential cable or DSL connection at home. -- have computer that's turned on all the time. I just simply set up either an SSH server client or a VPN server on it and those are both. I -- sounds kind of scary but they're actually really easy to do that's -- you trust yourself. It's because yes well I have this I would never do. What you got -- you've got a -- and went somewhere right well when I'm when I'm at home on the my Comcast cable. Yeah -- and a half to just trust that mean the the alternative there I'm not on a public network right -- I Comcast's you know private in a residential cable network right. If I was really paranoid I guess I could VP and all my traffic through to -- my server in the cloud hosts Hak5 dead or -- But then the question comes to -- terms that I speak well I think that what you've just gotta maintain that -- there's some trust there relative that Jeff is going to be in South America for awhile and cantor doesn't want to set up Adam. A machine at a location back here Miami yeah. To connect through so we've -- -- use -- commercial service your iPod doesn't want to roll his own agenda in the commercial service like Ironkey would do just fine and there's also hot spot DP and dot com. -- but you can dot org an issue with that. -- -- All right good -- good question we have another security question from mark in Chicago. This is kind of related and. Yes this is mark from Chicago. I use Firefox. And I use it to. Google ourselves it's. Union school sharing. How does that he had some nice security. While also opinion on the Internet. Thank you. So these are two things I haven't heard of -- They are parents Groupe -- the most uninteresting because what it looks like it does is it Anonymizer is your. Google queries and the return results kind of like -- does. For all your web browsing and I haven't installed it -- It's new but of new to me. But that seems like -- thing way to make sure that people aren't snooping on what you're doing on or that Google rather isn't snooping on what you're doing which of course otherwise -- notre. Right I mean it's too good point if you wanna make all of your searches on Google. You know completely private not only do you and a half to the keep yourself logged out but potentially -- -- You know correlate the data based on the IP address those all of your searches come from the same IP address potentially there that. I don't know -- -- -- That being subpoenaed at some point it could I -- get put together to say oh well. All of these searches in this amount of time were performed from this this IP essentially with approval does is it's set up. The system by which. You or. Searches happen through their server and they are. There -- -- and optimize by. Clearing up a cookie and they say that they delete the log files every hour dump analogue yet. And and again that's that's the thing is they say they delete the law so the question is yeah touch this group pool more than Google yeah. Interest in question you know and it's very much like this the -- things very much like poor and if you played with the onion routers very cool piece of technology that potentially. A lot of people join its network and offered to share their -- -- way. That for me to request -- website I have to go through -- -- so you know I would say. That -- -- -- -- I need this website and then you would tell Kelly and and Kelly would tell you in the -- -- the -- -- me the Kelly never knew that. I bet you that asked for the website double bullet right. And there's there's multiple hops and that's what creates an anonymous except for then again at some point have to become. This the theme of the day at some point have to become an encrypted. And if you're unscrupulous you could may be fit on war as a super node if you will and just listen to the traffic that's coming at the other -- I'll also say this I've been experimenting with Tor and manage -- slow down your -- yeah totally there. We and onto the the the emails we got a question from -- -- -- is actually Anthony wrote to the buzz out loud email box. Because we were talking of a day about the fire she extensions which has been in the news for the past couple days. He says you guys brought up the fire -- extension being used hijack people's FaceBook log on some public in an encrypted Wi-Fi networks. I -- definitely become more aware of this and have started using alerts and Firefox and when I am using encrypted and an encrypted pages went out when I am on my school's Wi-Fi. Obviously the release of this extension will allow for students at colleges to uses -- easily steal other students log in session on such things as -- while logging in. On the college's network. But -- an encrypted are all on password and networks not encrypted even if they are using -- security. Also is there a way to force at this health certificates. While using Firefox. So that when students are on public networks at school we don't have to worry about our log -- sessions being hijacked. Where there be from FaceBook Twitter or other an encrypted sites. But in the first two the first point there. Treat all of your connections on public networks as if someone were listening and because regardless of whether or not there's encryption there's also. Other techniques by which someone can eavesdrop you know whether it's some sort of -- attacker -- cache poisoning some sort of man in the middle there are ways in which. All of your traffic can go. Through someone else's connection before against the outside Internet so if you. Begin to think that way and then you're you're on the right track by saying hey you know what I just set up my browsers so that you know Firefox always used to the HT -- version and recite a -- FF has thought about that and and if you go to -- dot -- -- HTTP -- -- everywhere. There's a nice little plug in -- that you can find that will look force. They will force your browser to always use HT TPS on. On sites that it that it knows when it's not the 100% solution I still recommend setting up you know a as the cell. Tunneling or a VPN. -- That's something pretty low over low overhead solution -- you just wanna get a Firefox plug in all he -- here is called HT TPS everywhere EFF dot org. -- -- -- -- -- Cool -- And you know it's collaboration between the Tor project Nia so hey there you go now -- -- -- back. Ben Smith says I'm -- to see you guys and any insight into what a Skype's super node is. I use Skype extensively at work but my employers adopting a policy of not allowing it. -- security audit recommended blocking -- because of the possibility of one of our computer's becoming -- super node could you explain what a super node is. And if there is a way to prevent becoming one on both Macs and windows. Right so a super node is essentially just everybody that joins -- Skype networks -- to peer to peer network. They handle all of the traffic in the background stuff and some of these computers that are there and handling that and with. Need to keep a record of who's to where they are and and so such like that it's almost like -- and it then you can force your computer not to be a super node since Skype three point oh there's actually registries which if you head over to. What is its Skype accomplish securities -- universities they have details on disabling that as a as a -- university can you can disable it on a client also if you are at the network provider you can. Restricted on your firewall. And also it's kind of interesting to note that any Skype connections going through Sox five proxy which we just mention won't act as a supernova at all. Now one of the action things -- -- the reason that Skype works of the reason that it is free is because their infrastructure unlike the global phone system in the regular phone system. Or even most VoIP providers. Is entirely distributed when you fire -- if you happen to be on a fast computer with a lot of spare horse power and spare bandwidth. There's a chance that your computer could become one of the super -- which. Means that you're basically traffic cop or a route or -- -- -- -- -- it Skype the NS server for a lot of other people on the network. That's how Skype works there is no easy way there is no option inside Skype in the preferences to say disable super node because of people were to do that. The hold non determine this -- go automatic auto magic. Network building of Skype would fail. But you can do it if you're on a system -- security protocols or bandwidth limitation or something. Partner in the admin -- it's not allowed it's just it's kind of -- and and that -- that it disabled super yet. A that's an important it -- part of the infrastructure and -- -- part works it's automatically distributed yeah. That stuff. Finally okay -- you've been waiting for a basic question Raymond in Athens Georgia says this goes under -- no question is -- basic category. Can people who are not on FaceBook C updates on FaceBook. My parents have started a winery and they need to be able to post pictures of the vineyard the cabin they're building next the winery -- they've created a FaceBook account for the business. Thinking that would be an easy way to put pictures and updates on the web without having to call their son to meet for tech support all the time. However not knowing much about FaceBook I'm worried that only people that FaceBook accounts will be able to see the information they're posting is this true. If so is there another web to a solution that would allow them to ease the maintain a web presence that the whole world NC. So. The quick answer is that. FaceBook is actually a very good solution for the problem after the where the issue that you have. People who are not logged on to FaceBook can actually see fan pages if the fan pages that public which is -- whole point that the fan page. I you can try yourself the search for movie -- log off and search for movie on FaceBook and you can and he can check it out this is actually very good solution and up until but up until I recently it wouldn't have recommended it I would -- it. You don't get -- A free word press blog. Or something like that yeah. And simple blog you can do that for free -- blogger. Word press the dollar mortgage on FaceBook but that's the thing these days I'm with you you I would -- to face with because of the by rally of because -- -- like that simply because of like button yes. Now granted your FaceBook. Fan page for the for the the winery will look like every other FaceBook fan page. But people -- just look like and then it just spreads like a creeping virus of the social networks though. I think that's a very good solution and you will not have to do much tech support hopefully. So let's see. -- -- Wrote to -- to say I download -- Microsoft security essentials. On my windows XP run desktop and when I started up in a seat takes 100% CP usage and doesn't let it go. I by the way still recommend M -- He says I tried waiting it out I even went to -- -- came back. We need to go to the store this further -- trial Wal-Mart. But it doesn't let go and nothing runs right if -- runs at all is their way to see if something else is trying to run at the same time. I open the task manager and checked the processes but I don't see anything. But he thing. Task manager you know what I think -- -- task manager socks for seeing what your computer is really doing there is a much better solution and it's from Microsoft. And it is called. Process explore by mark mark -- percent of its right. In yes this -- Microsoft there was this little company -- internals and had these great apps for seeing what your computer's doing other -- CPU or the network or whatever. And processes explores one of them Microsoft bought it. And get this -- you can get on download com or from Microsoft. And it shows everything that's running and that will show you what it's sucking up your CPU cycles. If it is NFC you've -- -- conflict another part of emails that that there might be a conflict with the Blackberry connect software etc. I don't know what it is in this particular can't I can't tell. You know it you could you can also try turning off the the real time protection under settings and -- -- -- Didn't know just what I'm finding -- -- when you when you search for hi CP usage on the -- security essentials is you're not the only person that's having this problem. Unfortunately the the solutions that are being offered here. Aren't that great other than like a have you tried rebooting it and turning off the real time protection in which case and I think -- the whole point right. -- You could try another antivirus utilities plenty of good free ones via. AVG -- asked if I still like -- -- -- but if you're having problems. Uninstall it completely for -- put in another one. Yeah but first try process explorer to see if you can identify the culprit that -- -- -- your -- your CPU. Mike the diplomat from Uganda wrote us. And said your review up -- sounded so great little sidebar here last time we talked about pray which is a a a stealth. Product that'll run on your windows or your Mac. That if your computer stolen will geo located against Wi-Fi and tell you where it is and you -- the sentinel -- to the user. When their log on thing you're using a -- computer health of the -- take pictures from the webcam. Awesome free app yet spirits of code to find it pretty project dot -- So anyway Mike says so I rushed out -- put it on my Mac laptop I came across the problem I'm in Uganda for the next few years -- land line and the Wi-Fi connectivity is a rare. Everyone here works off of three GUSB dongle. If my laptop gets stolen I don't see it as a viable solution -- -- that can do geo location via the three G network any idea if there's any functionality do this. So I called up the -- -- -- and Carlos wrote me back he said. -- three GUSB dongle need to be connected through cellular antenna it may be possible to triangulate location based on the antenna cell ID info. Just that non GPS -- -- but unfortunately prayed doesn't provide that feature to the computer version. I'm not church technically possible to get -- ID info from three GUSB dongle. So kind of a -- there however you know there are. USB three G dongle sprint makes one I think Verizon as well that have GPS built in and will provide it would drag -- -- The -- doesn't get it and so that is not the solution you're looking -- sorry about that. I -- -- the I will say though that. We'll pray also doesn't it also find it like nearby Wi-Fi access points even if it's not connected to them and by about kind of give you an idea so if your laptop -- stolen. Even if they were using a three G connection to. Get at the Internet. If there around other hotspots you know kind of like. You know when you you have himself on the doesn't have a GPS but it can still like Google Maps and -- -- about where you are. Yet now not everybody with that uses pre has of wonderful you know seamless experience but hmm a lot of people do and I like it and I would say even. In this particular situation -- may not geo located stolen laptop immediately based on Wi-Fi which is pervasive -- here in the US yeah the but you also can get a picture -- the webcam from it and there's a chance that it might go in range of a deal capable Wi-Fi. And give you that information it's better to have at -- not yet it's it's free. It is useful. Why not yen and hopefully eventually they'll find some way to to work in some way to track with three -- -- well now when seven provides location services right. And praise an ongoing project -- so maybe this. Selling the information information and someday make in the -- location services in their mind to pray it's an ongoing thing yeah let's keep -- -- -- that'd be funding for us to exploit. But at least every -- turned on that -- Yeah. Pretty is scary it's good stuff yet. -- -- I you know Hewitt -- belt and suspenders -- I've got like three kinds back up plus think. And I've got LoJack for laptops and pray -- yet subtle yet -- prey on your Android. You can get that been allied government standard. And if they don't have a friend. Now they -- And now methods -- not that you have to do that by -- -- boon to it is and I'm a loser yet. Brent wrote to us another -- -- questions that I have a problem that has perplexed me for years I have noticed this and every computer system with an OS which is computers and Smartphones and never on an embedded system. Why does -- computer give you an occasional. Blank stare for simple request from the system appears to be idle. Here's an example for windows Pristina on -- the -- When you right click on the desktop 99 out of a hundred times the menu is displayed within milliseconds. But from time to time it takes three to ten seconds -- a -- to appear what is happening here computer do. You know what I think it is. Although since he said this is also happening -- iPhone Android I I don't know but I but I see this happening from time to time on desktop OS is. He says here that this is when the system is idle. The hard disk drive light is not flashing through the system is completely with low power state and you right click and most the time will your menu pops up -- pentagon because because everything's in ram. Right -- point so it doesn't have to. To do anything it's just it's right -- next in the process but there are times and especially in windows which you know may not have the best memory management. That if the if the hard drive the system hard drive or one of the external the secondary -- prices on down not spinning that's all low power harder path come back at the speed for anything can happen well that's -- -- -- Because the animation you're requesting by doing that right click -- that contacts menu maybe maybe just. You know your computer -- number of what are the items -- context mean exactly. And then you know so remember than ram but then you're like -- when opened Photoshop and -- a while -- lot of stuff have to remember when I think it's something like not that important right now that I just. Put off to the hard drive right. I don't know the list of things in the context menu when you right click on the desktop is sure we'll put that in a little file on -- on the hard drive right. And exactly like you said things -- you right click. I don't know why this would happen we can right -- -- -- on what talk about but not I know on a real low less than on Donna Mulder ho ho. That's what I would say -- halo now on my computer the hard drive it's that I too hard drives and secondary hard drive is very noisy in -- the data drive and internal time. So when I right click and nothing happens. I'm I get I would get really frustrated and not know what they are typically hears things and in the -- okay and its title auditory warnings and you wouldn't get that with a solid state drive. -- -- -- -- -- -- Exactly that's what I'm saying you know if that with -- -- you and I tell you things within -- now what I would -- -- -- you -- what he -- artificially put the noise in just like -- people say the -- -- know exactly they'll beep -- yes in fact. I want I want a Prius just with so that I could have with the millennium falcon noise. We're like the typewriter noise right we think you know you get as an atom I want that as an add on from a solid state drives that I know when it's spinning up. -- will quote a data general drive -- there are right. Mark from Toronto says -- -- quarter. I'm really happy to -- -- boot sound. He's asked. If that -- taking me back. We're mark from Toronto. Just wondering what speaking of describes what your opinion is on whether there's -- need to. UN. She to -- up a raid zero drive. Yeah that is coming up that upbeat tracks are pattern of that flake. Asking should use buyer. But really as far as the operating system is concerned there's -- difference. Between -- and regular hard drive you know to animate -- as a window here the marks on windows because he he backed up to a W access right and so if he's using you know raid lately. But is it's going to be larger than like. Forget the two gigs there 127 gigs or whatever it is that he has to use NT FS and steadily in old files as much fat 32 and a lot of people claim that and -- that's just doesn't need to be. Think that with a grain of salt but. So so you feel a deep dragging. Go ahead I can't hurt her if I heard it it just takes some time yet now if you're on a -- that Steve though don't -- for. Right and that -- extra right you don't need and and as as these but they handle that automatically yeah. Okay. It near the end of all these great questions -- teacher asks us. With all the silly apps that functionality Twitter I'm amazed that I have Mabel the final metal comb back from a tweaks and scrape all the URL -- shared. You know the graceful way to do this. Com. For -- Stuff you've already posted there is a contains links option on search dot twitter.com how ever. Twitters own archive -- is. You know this limited -- belief that goes from you know a data a couple of days depending on what Twitter decides to -- to it. That doesn't really work. For future. For things to your posting now to Twitter and you want -- search for them later. I would use are recommending that whenever you post the link he'd do it on it it -- account and you can post to Twitter from Bentley analog in the building to that. It -- keeps link of everything. Darren what do you think well he -- -- is like a backup service back up apply. Is a free one and what they do is essentially and you grant access to your Twitter account through a weapon or movement -- anyway the the open -- -- is it a lot thank you. And they they just suck down your tweet and keep an archive of them and you can download I believe it's him like a CSV formats -- you've got some excel two. You could probably you know in encrypted -- a -- well. Grip and excel in the same sentence you know that they'd. Yeah yeah I'm just I'm gonna go with that I'm -- that -- -- that I have there have to both. I was thinking like -- as -- like that the procedure not necessarily the. Pacifica and the concept the concept of rep I grab I grab you -- the -- like rock and I hit when that we've got ultra nerdy. I will put aside as a listener challenge though for it because that data is out there and cloud somewhere in a Library of Congress is keeping we know we've got in the -- I tried looking Google advanced options figured how to search for links in Twitter. So as a listener challenge how do you get through any Twitter account. All the links that -- -- posted into that -- let us know it rescue team and dot com. And -- -- them -- about. Or maybe and you turn wealthy we can find. We have a comment from a listener -- in Omaha and said. Chandra was looking for a solution to prevent her from getting log data for e-book site. The last past solution we talked about seem like -- problem if you need to navigate to specific page after logging. My recommendation is the re -- every plugin for Firefox -- will simply refresh it at every X minutes. There's no more sick of -- security risk than having last passed a log in and keeps you on the page you're looking and there's -- -- in show notes. Pair this with a portable edition of fire up Firefox and USB drive and -- should handle some of the public computer acts on both if security musically and they're from Omaha thank you very much -- the -- that's exactly what we're looking for as the way to solve the problem. That is it for the questions the show. Daryn thank you so much for joining -- You we've mentioned a lot here about to be cans -- that's its own stuff and if you wanna know if it was a hot spot PP an Ironkey isn't the solution for you when you're actually to -- -- rolling your own. We've got a great tutorial on Hak5 at Hak5 HUK the number five dot org slash 607. That's that's the episode number and that will you know what that. Half hour you'll be set up -- a VP and horrors talks by proxy it's really a lot easier than you think. Yet windows or Linux don't -- Hak5 stuff it is yes. All the best thank -- it's really cool -- now speaking of cool stuff. Next week we're -- have a special guest on -- to the rescue Jeff potter who who is the author of cooking for geeks this is a special pre Thanksgiving episode for all -- -- cooks out there who are trying to impress your future in laws. Send us your question and how to hack the kitchen rest and at cnet.com. Not that it's in a hat -- the -- not the Darren Kitchen. The real kick in the stuff remake stuff Milliken I don't know if you know I didn't think it myself and yeah I I get to -- -- when they go and program. Anyway Jeff potter at the O'Reilly book looking for geeks will be here on the show send us questions -- rescued cnet.com about. Cooking or about any -- she might have. 8774386688. -- catch all the links to this episode and past episodes at cnet.com. Slash rescue and a caller of course you can catch -- stuff and hacked but that -- and catch on Twitter at. Each decade the number five Darren -- -- Delorean and I am he would. And I am -- -- -- he'll. Only.