Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Chip and Pin security flaw exposed by Cambridge Researchers

• Chip and Pin technology replaces the traditional magnetic strip and signature method of authorizing a Credit Card or Debit Card transaction
• The technology uses the chip embedded in the card to authenticate itself to the PoS (Point of Sale) terminal, once the PIN is entered, proving that it is not a forged or cloned card
• This provides stronger authentication of the card holder, using the secret PIN rather than comparing signatures
• The original idea behind this concept was to shift liability for fraudulent transactions to the card holder, since the transaction could only go through if the PIN was provided, the transaction must have been authorized by the card holder, or the card holder was careless with their PIN number
• This liability shift was never enacted, due to various flaws found in the system, including one where a blank card, connected to a stolen card, could be used to access the funds on the stolen card with an arbitrary pin number
• The most recent flaw takes the form of a pre-play attack, which allows the attacker to determine the information required to authorize a transaction without the PIN number
• The authentication protocol used between the PoS and the Chip requires the PoS terminate to generate a nonce , referred to in the documentation as an ‘unpredictable number’. The purpose of the nonce is to ensure that the authentication is fresh, preventing an attacker from using an old authentication response
• The problem is in the implementation, many PoS terminates do not generate a random (or even pseudo-random) number for the nonce, but rather use a timestamp or counter
• This allows an attack, that from the logs at your bank, appears as if your card was cloned, which is supposed to be nearly impossible due to the chip embedded in your card
• The researchers discovered this vulnerability while investigating the case of an HSBC customer who was refused a refund from his bank, who stated that he must have entered his PIN at the ATM where his cash was withdrawn, in a different country
• At the behest of the researchers, he demanded the banks logs of the transaction
  Date Time UN
  2011–06–29 10:37:24 F1246E04
  2011–06–29 10:37:59 F1241354
  2011–06–29 10:38:34 F1244328
  2011–06–29 10:39:08 F1247348
• As you can see, the ‘unpredictable number’s do not seem very random at all, infact they appear to be a 17 bit fixed value, followed by a 15 bit counter that is incremented every few milliseconds, and rolls over every 3 or so minutes
• The research discusses how this weakness could use used to execute a ‘pre-play’ attack
• An employee working at a restaurant or retail store, could run your card through a device that would provide the authentication code required to access the card during some specific window of time in the future, allowing them to withdraw funds from your account at an ATM without knowing your PIN number. This attack could also be executed by malware built in to a PoS terminal or vending machine
• The researchers built their own special card that could extract the unpredictable number from each transaction they performed, and by doing a number of ‘balance check’ transactions, where we able to assess the randomness of the UNs
• Research Paper
• Blog post by Reseacher

---

NIST chooses keccak as new SHA–3 hashing algorithm

• Pronounced catch-ack
• The algorithm was designed by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors, and was one of 63 entrants to the NIST competition
• The competition started in 2007 when it looked like there may be issues with SHA–2
• Those issues never surfaced and SHA–2 is still considered secure
• Because keccak is not derivative of SHA–2, but entire different, it means that an attack against SHA–2 will be very unlikely to also be effective against SHA–3

---

Feedback:

• I need help finding the correct chat server

• Openfire Server

• Some information on the Nexus S and NFC

• rsync Hard Links and full backups?

• An easy way to encrypt on the go?

• Why do banks use passwords at all?

• Can we get TechSNAP on Stitcher?

Jupiter Broadcasting on Stitcher

Have some fun:

• What will be in the news the week in October when Allan is at Euro BSD Con? Let make a prediction on the head lines or just make up funny stuff to read

What I wish the new hires “knew”

Round-Up:

• Regulators shut down global PC ‘tech support’ scam
  • “Hello, I’m definitely not calling from India. Can I take control of your PC?”
• Britain in talks on cybersecurity hotline with China and Russia
• New Oracle hacks revealed
• The Most Important Meeting You’ve Never Heard of
• Facebook denied private messages were leaked, messages were old wall-to-wall posts that users misunderstood
• Squirrels account for 17% of all cable damage at Level3 communications
• 10 most bizarre cable cuts
• Server Room Nightmares
• Obligatory XKCD

The post Wire-Shark | TechSNAP 78 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/21117/token-security-techsnap-64/ Thu, 28 Jun 2012 15:37:03 +0000 https://original.jupiterbroadcasting.net/?p=21117 How attackers can defeat an RSA token in as little as 15 minutes. And a botched software update that shutdown a bank for days.

The post Token Security | TechSNAP 64 first appeared on Jupiter Broadcasting.

]]>



How attackers can defeat an RSA token in as little as 15 minutes, FBI has taken down an online fraud ring, we’ve got the details. And a botched software update that shutdown a bank for days.

Plus some great audience questions and our answers.

All that and more on this week’s TechSNAP!

Thanks to:

GoDaddy.com

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offers:

$1.99/mo economy hosting for 3 months – special offer!
Code:  199tech
Expires:  June 30, 2012

$3.99 .US domain!
Code:  399us4

Direct Download: HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

 

Support the Show:

Purchase anything at Amazon.com Purchase anything at Think Geek using this link Purchase anything at Newegg using this link Contribute directly on our donation page or check out our advertising options and reach millions of amazing people! Grab our Chrome Extension and auto-tag your shopping session for us!

Show Notes:

Researchers can defeat RSA SecurID 800 tokens in under 15 minutes

• Researchers were able to use a ‘Padding Oracle Attack’ to compromise the plain text of an imported encrypted key in under 15 minutes
• A ‘Padding Oracle Attack’, is a side channel attack that allows an attacker to see if a message was decrypted successfully or not
• By purposely corrupting the encrypted message and/or its padding in different ways, and watching the error message (or even just the amount of time the device takes to attempt the decryption) the attacker is able to gain more and more information about the encrypted message, until they are able to recover the entire message
• The researchers developed a more efficient version of the ‘million messages attack’, that only requires to be carried out with only a few 10s of thousands of messages, and found that some devices can be attacked with as few as 3800 messages
• Researcher Blog Post
• Research Paper
• Don’t Believe Everything You Read…Your RSA SecurID Token is Not Cracked
• RSA contends that the researchers did not ‘crack’ the RSA SecurID Token, but rather that they exploited a flaw in PKCS#1v1.5
• However the researchers show (Table 1 on Page 9 and Table 3 on Page 12) that because the RSA SecurID tokens use a very simple padding check (not checking the length of the encrypted message), they disclose more information about the encrypted message during each attempt, this results in the RSA SecurID tokens taking the least amount of time to compromise
• The researchers were not able to afford an HSM, but postulate that their attack could compromise even the more secure ones in mere hours

---

PayPal starts Bug Bounty Program

• Paypal joins the ranks of Google, Mozilla, Facebook, Barracuda and others with bug bountry programs
• This resolves a potential legal ambiguity where researchers that were attempting to forge or modify data being sent to the paypal site, might be accused of unauthorized access rather than legitimate research
• Colin Percivals BSDCan 2012 Presentation – Crowdsourcing Security

---

FBI run sting operation nets 26 arrests of attempted ‘carders’

• The operation intercepted over 400,000 compromised credit cards
• The FBI estimates it prevented $200 million in losses (likely exaggerated)
• The FBI notified 47 companies, government entities, and educational institutions of the breach of their networks
• Example charges:
• zer0 used hacking tools to steal information from the internal databases of a bank, a hotel, and various online retailers, and then sold the information to others, including an individual he believed to be a fellow carder, but who in fact was an undercover FBI agent
• JoshTheGod (apparently a member of UGNazi) met in Manhattan with an undercover FBI agent to accept delivery of counterfeit cards encoded with stolen information. He was then arrested after attempting to withdraw funds from an ATM using one of the cards
• kool+kake sold stolen CVVs and advertised to fellow carders that he got fresh CVV’s on a daily basis from hacking into databases around the world
  • According to the PCI-DSS (Security standard for processing credit cards, CVVs are NOT allowed to be stored in database, they are specifically designed to make databases of stolen credit cards useless, since the attacker will NOT have the CVV value (which is a 3 or 4 digit numeric hash of the credit card data and the banks secret key)

---

Botched software update as Royal Bank of Scotland freezes customer accounts for days

• On Monday the 18th, a glitch was introduced into the banking system at RBS, that prevented new deposits from being credited to customers’ accounts
• 2012–06–22 – No solution in sight after four days
• 2012–06–25 – Confidence in the bank starts to slide sharply
• 2012–06–25 – Details start to emerge about the cause of the problem, the batch processing software (run by an outsourced team in India)
• 2012–06–26 – Glitch is identified as a problem with an update to the CA–7 batch processing software
• 2012–06–28 – Confirmation that half the team that runs the CA–7 batch processing software were outsourced to india
• Mishandling of batch schedule data while backing out of an update to CA–7 batch processing software last week caused the disruption that led to 16.9 million customers at RBS, Natwest and Ulsterbank being frozen out of their accounts for days, and ongoing issues in some cases.
• “When they did the back-out, a major error was made. An inexperienced person cleared the whole queue … they erased all the scheduling”

---

Feedback:

• Q: Alex Asks about: Mirroring Changes Across Hosts
• Q: Lawal asks: How do VPNs Work Exactly?

Round-Up:

• Millions of Website Passwords Stored in Plain Text in Plesk Panel
• Tech Security Savvy Varies with Age (and Experience Counts), Survey Finds
• EU Commissioner Reveals He Will Simply Ignore Any Rejection Of ACTA By European Parliament Next Week
• Australian ISP causes concern while testing Web Filter

The post Token Security | TechSNAP 64 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/20851/the-syria-scam-unfilter-6/ Fri, 22 Jun 2012 18:06:09 +0000 https://original.jupiterbroadcasting.net/?p=20851 We examine the Syria scam, top level officials caught lying and pushing for war, while deals are made on the sidelines. We'll bring you up to speed.

The post The Syria Scam | Unfilter 6 first appeared on Jupiter Broadcasting.

]]>



We examine the Syria scam, top level officials caught lying and pushing for war, while deals are made on the sidelines. We\’ll bring you up to speed.

Plus: We Unfilter the headlines with a look at secret military mini-shuttles, the censorship data released from Google, and more.

And: It\’s your feedback, and a few follow ups.

All that and more is coming up right now, on Unfilter.

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

HD Feed | Mobile Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Show Notes:

ACT ONE: News

• U.S. Attorney General Found In Contempt Of Congress (First Time Ever!) – YouTube

  • \’Fast and furious\’ has Obama on defensive
  • House Republicans vote to cite Holder for contempt in \’Fast and Furious\’ scandal

• Google reveals \’alarming\’ increase in government requests to censor content

  • The Numbers from Google

• Apple Store In Georgia Refuses To Sell iPad, iPhone To Farsi-Speaking Customer, Citing Company Policy

• Secret military mini-shuttle lands in California submitted by Hoggensteen

• US space plane lands after 469 days in orbit

ACT TWO: The Syria Scam

• Clinton: We Must Do \’Everything We Can\’ in Syria
• McCain: Aiding Syrian rebels would be blow to Iran, lack of help is \’shameful\’
• U.S. buying more helicopters from firm supplying Syria
• C.I.A. Said to Aid in Steering Arms to Syrian Rebels
• Assistant Defense Secretary George Little says shipments are not for Assad Regime
  Obama-Putin Poker Face: No sore points pushed at G20 – YouTube

ACT THREE: Feedback

Song pick of the week:

Bloodlust by Ministry off their new album Relapse

Follow the Team:

• Filterfree.ME show Blog
• Chris on Twitter
• Syracuse Innovators Guild This is where Dan is (most of the time) when we are recording Unfilter
• Chase’s Geek Stuff
• Michael Vail\’s Website

The post The Syria Scam | Unfilter 6 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/17312/email-constipation-techsnap-46/ Thu, 23 Feb 2012 19:17:56 +0000 https://original.jupiterbroadcasting.net/?p=17312 We answer the question: What to do when your email server gets blocked, and why it keeps happening. GSM phones are vulnerable to a simple attack.

The post Email Constipation | TechSNAP 46 first appeared on Jupiter Broadcasting.

]]>



We answer the question: What to do when your email server gets blocked, and why it keeps happening.

PLUS: GSM phones are vulnerable to a simple tracking attack, all you need is some open source software and some spare hardware, we’ll share the details! And we introduce the TechSNAP “Hall of Shame”.

All that more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Super special savings for TechSNAP viewers only. Get a .co domain for only $7.99 (regular $29.99, previously $17.99). Use the GoDaddy Promo Code cofeb8 before February 29, 2012 to secure your own .co domain name for the same price as a .com.

Pick your code and save:
cofeb8: .co domain for $7.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
Deluxe Hosting for the Price of Economy (12+ mo plans)
Code:  hostfeb8
Dates: Feb 1-29

   

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

 

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes:

GSM Networks allow attacks to determine your location without your knowledge

• Researchers at the University of Minnesota have found a way that an attacker using open source software could locate your cell phone to within 1 square kilometer
• The GSM Protocol attempts to mask the identity of individual devices by using temporary IDs, however it is possible to map the phone number to these temporary IDs
• The attack works by placing repeated PSTN phone calls to the mobile number, but disconnecting before the first ring on the handset (~4 seconds)
• This causes the cell towers in the area where the networks believe the user to be to broadcast ‘paging’ requests to the target handset’s temporarily or immutable ID
• By listening in on the radio frequency for this broadcast, the attacker can determine if the target is in range of one of the cell towers near them. A few repeated calls allow the attacker to isolate which temporary ID corresponds to the mobile device they are placing the aborted calls to
• In a large area services by many towers, an attacker can determine if the target is within approximately 100 square kilometers
• This attack could be used by oppressive governments to determine if a person is present at a protest or other gathering without relying on support from the telco, to determine is a victim is away from home before attempting a robbery, or even to locate a high profile individual for stalking or assassination
• Research Paper

---

Feedback:

Q: (Traci) My webhost has been added to an RBL and now emails sent from my domain and from my website cannot be received by some people, can you explain what an RBL is and why it is blocking my email. (Dreamhost servers blocked by Trend Micro RBL )[https://www.dreamhoststatus.com/2012/02/14/mailservers-on-trend-micro-rbl-working-on-removal-from-list/]

A: An RBL or Real Time Blacklist is a list of IP addresses or domain names that the maintainer of the list feels should be blocked from sending emails. There are many different RBLs which different criteria from inclusion and removal from their lists. Most RBLs operate based on DNS due to its light weight and extremely low latency.

So, when an ISP, say, comcast, receives new email directed to one of its customers, it will check details of that email against a number of RBLs they comcast subscribes to. It checks the sending IP, any links included in the email, etc. If one or more of these RBLs returns a positive result, the email may be flagged as spam, or rejected entirely.

Different RBLs cover different problems, Spamhaus.org has lists that cover spam, Trojaned PCs and Open Proxies, Dynamic IP ranges, Spam Domains (sites that spam links to), and compromised servers. Spamcop.net bases its RBL on emails they intercept at honeypot addresses, and sampling the emails that users pay $30/year to have their email filtered via spamcop.net.

One of the most common ways for a webhost to get added to an RBL is when one or most customers run insecure CGI or PHP scripts that send email. When that happens, and attacker can cause your site to send email, or install a script that sends email. Sending large amounts of spam from the web host’s servers will cause it to be listed in the RBLs until the webhost resolves the issue. Many RBLs are automated, where they will add an IP when it is detected as a source of spam, and remove it once it has stopped sending spam for 24 hours. The other common cause of listing in an RBL is hosting sites that are the target of the spam messages (rather than the source). When a web application such as wordpress is compromised, the attacker may be able to install their own site in a subdirectory, using your hosting to host the link that send out in their spam messages. The target of the spam could be a page directing the user to buy something, a phishing site designed to look like paypal or a bank, or even malware, hosting the executable or javascript that the unsuspecting user will run. This last example is similar to the exploit we saw with cryptome last week, if other websites on the internet were infected and made to load a javascript file from a domain hosted at your host, then anti-virus vendors such as Trend Micro may add your webhost to their block list.

In the past, there have been a number of legal battles against RBLs where senders have tried to prosecute the RBL for blocking their communications, however, in the end, it is up the individuals ISPs to decide which RBLs to use and how to interpret the results returned by the RBL.

Email Blacklist Check – See if your server is blacklisted

---

War Story:

Another in our continuing series of War Stories submitted by the other other Alan (Irish_Darkshadow)

*
This incident took place in mid-April 1999 about two months into my technical support career with the US Thinkpad desk. Despite my rocky start I had managed to establish a reputation for myself as an agent who liked to tackle the more difficult calls. In addition, I had also managed to avoid having a single customer “escalate” on me. That is where a user demands a superior or someone who knows more about their issue to take over the call. That all changed with a single call.

I arrived to work that day for my 16:30 to 01:30 shift and settled in to take my first call. It was a relatively easy one where the user had picked up their laptop from a servicer and was having boot problems. It turned out to be a simple case of the servicer having left a driver disk in the floppy drive. Top to bottom the call took about 13 minutes including typing up the documention for it in our ticketing system. I sat in Avail on my phone for the next few minutes before my next call arrived.

Once I managed to get the initial greeting script out I was slammed with a guy screaming down the line about wanting to speak to a manager. I was resigned at this point to losing my “no escalation” record but I still needed to follow procedure and determine what grievance had the user so irate before putting a team lead or manager on the line with him. It took me a few mins to calm him down enough and to vent sufficiently for me to start gathering some information. It turned out that he had returned his laptop to IBM on three separate occasions in the first nine weeks he had owned it for various compatibility issues with 3rd party devices he had purchased. I could see his point of view perfectly in wanting an escalation and I placed him on hold to go look for someone in authority to help the guy out.

My team leader (TL) at the time was easily located and once I had explained the situation he decided to delegate the matter to his assistant team leader (ATL). I took her to my desk where she started speaking with the user and I strolled back to my TL to get some ribbing for my first customer escalation. Normally when a TL or ATL takes over a call it results in the user being placated in some manner or else the customer gets transferred to Customer Relations to be dealt with appropriately. Either way, once an agent handed off a call like that they simply waited for a resolution before taking the next call. No such luck this time. The ATL walked up to where I was standing and started to explain the situation to the TL and how the user had returned the machine three times with no faults found but he still could not get his 3rd party devices to work. Nothing too new there but then she dropped the bombshell that she had promised the user that I would troubleshoot the hardware issues for him immediately! This was unheard of, the customer had four devices that I had no familiarity with and this ATL had just thrown me under the frickin’ bus. I looked at the TL for some sanity to be brought to the situation but he had to acknowledge that the ATL had committed a course of action to the customer and I was going to have to pay for her generosity. Back to my desk I went whilst cursing the ATL, her lineage and any future offspring…..but in a harmless way

Once I was back on the call with the user I started to gather some details on exactly what I was dealing with. The user had a Thinkpad 560 which is termed a “single spindle” machine in that it only had a hard drive within the chassis and no floppy or optical devices. The external floppy drive was attachable via an IBM proprietary connector and the machine was a Pentium 120 with 32mb RAM, a 2.1 Gb HDD and an IrDA 1.0 header.

Now that I had some idea of the core hardware I ventured into the realm of 3rd party peripherals that the user was struggling with. He had a backpack cdrom (parallel port optical drive), a PCMCIA modem, a PCMCIA network card and a HP printer that he wanted to connect to via Infrared. I knew I was screwed at that point but figured I couldn’t really make the problem worse since none of the hardware operational anyway.

I began working with the backpack cdrom which was attached to the printer port. Windows 95 v2.1 was not detecting any new hardware once the drive was switched on. I tried the usual places like device manager for clues but all I could determine was that the parallel port appeared to be operational. I put the cdrom to the side and started working on the two PCMCIA cards. Despite the user having the proprietary CardMagic software installed that acted as a crutch to Windows 95 plug & play (*pray) neither card was detected and a pattern was beginning to emerge. The IR printer suffered from the same lack of detection and so I asked the user if he had any other device that we could attach to the laptop just to see if Windows was detecting anything at all. He connected up the external floppy drive and instantly it was detected and accessible in Windows Explorer. SHIT!!! My instincts were telling me that the OS was corrupted in some way and a reload was imminent and I hated having to do that to any user.

I sent an IM to the Team Leader to let him know that I was going to have to do a reload and he told me to stay on the call with the customer until the reload was complete and then resume working on the 3rd party hardware. As I was preparing the user for the reload I had a sudden realisation of how bad the situation really was. A single spindle machine comes with a specific reload solution where a user starts up Windows for the first time and they get prompted to insert floppy disks onto which the reload disk images will be “burned”. At first the customer didn’t recall any such prompt and I began to get a sinking feeling that I would need to have this laptop shipped to IBM for the 4th time just for a reload and then once it was returned to him, I would need to pick up with troubleshooting the 3rd party hardware. The user had a Eureka moment and told me that he believed that he had a shoe box with the floppy disks that had been in his office closet since the day he made them. He managed to locate the shoe box and the 37 floppy disks inside. 26 of those were the base OS and 11 were for the application layer.

I reckoned that the reload was going to take about two hours to complete which presented me with another challenge due to the team leader telling me to stay on the phone through to completion. One of the rules was that there should not be any dead silences during a tech support call so I was going to have to find a way to get this guy talking for the two hours in between me asking him about what was on the screen and how many disks he had left to go through. This was gonna be fun!

For the two hours of the reload, as the customer went through his 37 disks, I managed to lure him into topics like his job and prior computer experience and pretty much anything else I could come up with to keep things flowing. I was trying to hit on a topic that would allow for lots of conversation with minimal input from my side. It turned out that he was a Judge in NYC who handled criminal cases. The only common ground there is that I could explain to him that I loved My Cousin Vinny which I figured would not go down very well. Eventually he mentioned that his son was at soccer practice and he needed to arrange someone else to pick him up while we reloaded the laptop. That was my angle, I started talking to the guy about every possible soccer item that came to mind and the rest of the reload flew by without incident. I got him to go into the BIOS and I set up the the parallel port and PCMCIA slots before dealing with Windows.

Once the operating system was back on there and up and running I got him to attach the backpack cdrom and I heard the detection sound over the phone. That meant I had at least found one issue and corrected it. Device manager showed the cdrom with an exclamation mark and it looked to me like this thing needed to be installed from a DOS perspective before it would work in Windows. He had a driver disk for the cdrom which I was able to get running in DOS mode so that it added the driver to the config.sys file and called it from the autoexec.bat file. A quick reboot later and the cdrom was usable from within Windows 95. Problem #2 solved. Time for the PCMCIA fun and games.

I decided to go with setting up the modem first as it would be easiest to test. Upon insertion the card was instantly detected and I was able to talk him through configuring it in the CardMagic application. He hooked it up to his fax line and was able to connect to his ISP at a staggering, no, blistering 28.8kbps! Either way, problem #3 solved.

The network card was up next and once more upon insertion it was detected and was able to find a driver on the backpack cdrom drive. There was no network near the user that I could test with but I was able to talk him through some ping tests and winipcfg.exe tests that implied the TCP/IP stack was operational and the bindings to the card were good. So we agreed to call that problem #4 solved. I felt that I was in the home stretch now and when I looked at the clock I realised that the call was coming up on three and a half hours already. Now it was time to get the printer operational.

The printer was able to print a self test page from the buttons on it and so it appeared to be working from a hardware perspective. I got the user to test it using the parallel port by removing the backpack cdrom and that was also successful. The problem came when trying to get the IR link to the printer to work. No matter what configuration I tried I just could not get a connection between the IrDA header on the laptop and that on the HP printer. The customer refused to believe that it was the printer and was adamant that the IrDA header on the Thinkpad was at fault. I was completely stuck for a way to prove otherwise. At some point during that desperation to come up with a troubleshooting idea after nearly four hours of work I hit upon an idea that made sense…at least to me. I asked the user to confirm what COM port the IrDA was configured as and then I had him connect to that COM port via the Hyperterminal application. My next request was a weird one, I asked him to get a remote from a TV or a VCR for me. He rummaged around for a while and then found one for some small TV he had in his office that was barely used. I asked him to point it at the IrDA header on the laptop and keep pressing random buttons on it while watching the hyperterminal window. He said that gibberish symbols came up in the window whenever he pressed a button on the remote. EUREKA! I had solved problem #5 by proving that the issue was with the IR port on the printer and not the one on the laptop. He agreed with my conclusion and he asked me if I would set up the printer on the parallel port so that he could just hook up a cable if he needed to. As we were going through the steps of hooking up the backpack to install the driver he told me that he got a blue and then a black screen. The text said “registry not found”. Apparently he had decided to pull out the PCMCIA cards while the LPT printer driver was installing and it had thrashed Windows.

My first attempt at a solution was a reboot into safe mode but that failed with the same error and I was only able to get the system to reboot into DOS mode. From there I backed up the existing registry files and restored the user.da0 and system.dao clean registry files. When he booted back into Windows, we were back where things started….no hardware was detected once attached. EPIC USER FAIL!!!
With just over four hours on the timer, the whole procedure had to be done all over again. I asked the user if I could put him on hold and he agreed. Firstly I dealt with my bladder and then I went to the TL and told him what was happening and the sadistic bastard told me to go back with the user and see it through to completion. Fucker.

I got back onto the call and we started going through the whole process all over again from the ground up with one caveat – don’t do anything with the computer unless I authorised it. During the two hour reload portion of the call I got him to give me his AOL email address and I sent him a copy of a tool from the Microsoft site called E.R.U. (emergency recovery utility). This time around once we had managed to get all of the hardware and software to where it needed to be and we had done enough tests to convince us both that everything was operational. At that point I ran the ERU application and made him store that recovery set in his shoe box of floppy disks. We exchanged pleasanties and parted ways. I checked the timer and 8 hrs 38 minutes had passed.

On an average day I would deal with twenty to twenty five calls in a single shift. On this day I managed a grand total of two calls with 1 pee break and no food as I hadn’t taken any of my breaks. However, I was able to leave the office two hours earlier than expected. That didn’t really help with my complete burnout after that long of a call but at least I had a new record for the longest tech support call in the history of the call center and that record still stands today as far as I know.

Try to get a 8hr plus support call in a current day call center. Aside from the focus on 7 minutes per call I doubt you will find the will and dedication to send a customer away satisfied with the experience.

And I never even got a medal but if I ever get into nefarious matters in NYC, I will be calling in a favour from a certain Judge I know there.

---

Round Up:

• SSDs have a ‘bleak’ future, researchers say
• Government Pressures Twitter to Hand Over Keys to Occupy Wall Street Protester’s Location Data Without a Warrant
• Dutch government rejects ACTA as a Human Rights Violation
• Anonymous accuses NSA of fear-mongering
• NSA declassifies rejected proposals for a cryptography system submitted by Dr. John Nash (A Beautiful Mind) in the 1950s
• Obama unveils Consumer Privacy Bill of Rights
• EU court rules that hosting companies cannot be force to run anti-piracy filters as it violates privacy of the users and hinders the right to freedom of information
• Australian police spying on web and phone usage without warrants
• [Hall of Shame] Exposed: YouPorn passwords in all their plain-text glory

The post Email Constipation | TechSNAP 46 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/3706/korea-strikes-jn-112310/ Tue, 23 Nov 2010 21:49:43 +0000 https://original.jupiterbroadcasting.net/?p=3706 So, it snowed in the Seattle area. And as happens every year, everyone in the area forgot how to operate a car. Tuning into the news to watch folks skidding on ice, sliding into ditches, and complaining about the delays is usually one of the highlights of the first snowfall in this region. BUT NO. […]

The post Korea Strikes! | J@N | 11.23.10 first appeared on Jupiter Broadcasting.

]]>



So, it snowed in the Seattle area. And as happens every year, everyone in the area forgot how to operate a car. Tuning into the news to watch folks skidding on ice, sliding into ditches, and complaining about the delays is usually one of the highlights of the first snowfall in this region.

BUT NO. This morning, North and South Korea decided to SHOOT at eachother, causing a flare-up in ACTUAL news coverage that’s gotten in the way of enjoying our annual “Metro On Ice” showing. So you get to share our pain. We’ll be discussing the Korean conflict as well, cuz we just can’t get enough!

Show Feeds:

• HD Video RSS
• Large Video RSS
• iPod Video RSS
• MP3 RSS
• iTunes Feeds

Show Notes:

BUT NO.  This morning, North and South Korea decided to SHOOT at eachother, causing a flare-up in ACTUAL news coverage that’s gotten in the way of enjoying our annual “Metro On Ice” showing.  So you get to share our pain.  We’ll be discussing the Korean conflict as well, cuz we just can’t get enough!

Early Tuesday morning, North and South Korea exchanged shots, shelling eachother with large artillery, raising tensions between the rivals to their highest level in more than a decade. (picture)
* Began as a threat from N. Korea for S. Korea to stop military drills near the maritime border between the two nations.
* S. Korea refused and began firing shells into the waters offshore of N. Korea.
* N. Korea responded to this by shelling the small island of Yeonpyeong, which houses a military installation and a small civilian population. (2 killed, 15 injured, no civilian casualties).
* S. Korea retaliated by scrambling fighter jets and firing howitzers across the border. (casualty numbers unreported)

Impact:
Stock Prices are the first thing people discuss this impacting.  Currency exchange and gold.
— WHAT THE FUCK, WORLD!?
— Allan (Listener) says, “That’s what war has always been about – the influence of political and economical change, by force.”
<Peregrine_Falcon> It was just six weeks ago that North Korean leader Kim Jong Il unveiled his youngest son Kim Jong Un as his heir apparent. In order to prove to the rest of the old guard that his son can handle leadership he wants to show that he’s a ‘tough guy.’ That’s why he allowed his son to order the attack on the island of Yeonpyeong.
<Peregrine_Falcon> He figures that now is a good time because the North Koreans all believe that the Obama adminstration lacks the guts to take any military action against them.

WAR??:
South Korean President Lee Myung-bak, said an “indiscriminate attack on civilians can never be tolerated. Enormous retaliation should be made to the extent that (N. Korea) cannot make provocations again,” he said.

Gen. Walter Sharp, commander of U.S. forces in South Korea and the U.S.-led U.N. Command, said in a Facebook posting that the U.S. military is “closely monitoring the situation and exchanging information with our (South Korean) allies as we always do.”
** Sidebar:  Facebook!?!?

Experts agree that Korean conflict is a major risk to the US
https://www.usatoday.com/news/world/2010-11-23-korea-reaction_N.htm

This act of aggression comes right on the heels of:
1) Kim Jong Ill appointing his son as heir apparent
* His son has no military experience – this attack may have been used as propaganda to improve the public’s view of his abilities as a military leader.
2) News was released of a new uranium enrichment plan that could further N. Korea’s nuclear program in violation of UN sanctions.
* Historically, smaller nations are prone to acts of aggression when their nuclear capabilities are made public.

It’s the first armed conflict of this scale in the region since the Armistice Agreement of 1953.

Follow my train of thought:
N. Korea is near-allies with China, and are also friendly with Iran.
If N. Korea decides to escalate and invade or further attack S. Korea, the US will respond.
Unless folks keep their heads and are CAREFUL and DIPLOMATIC about this situation, it could quickly boil over into a worldwide armed conflict.
(This is how World War I started, ya’ll.  Alliances and provocations!)

Some ‘experts’ that have been interviewed today are already talking about nuclear deterrent to large-scale conflict (that is, bombing Seoul).  Others are saying that China needs to be pressured to take a firmer hand in North Korea’s wellfare, since they currently supply a huge portion of the nation’s foreign aid.

It’s estimated by the UN that more than 10,000 N. Koreans have died of starvation over the past year.

Infographic on Korean Military figures

If you’re curious how a war between the US and Korea might go down, check out this nifty piece of fiction: “Red Phoenix” by Larry Bond

Download:

The post Korea Strikes! | J@N | 11.23.10 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/1784/ship-energy-levels-and-you-stoked-s02e09/ Tue, 30 Mar 2010 08:03:42 +0000 https://original.jupiterbroadcasting.net/?p=1784 We cover all the news around the Season 1 content update, chat about a hilarious PVP bug, and then MATH your face off with a our segment: Ship Energy Levels and YOU!

The post Ship Energy Levels and YOU! | STOked s02e09 first appeared on Jupiter Broadcasting.

]]>



STOked Season 2 Episode 9: We cover all the news around the Season 1 content update, chat about a hilarious PVP bug, and then MATH your face off with a our segment: Ship Energy Levels and YOU!

PLUS – Our first look at the new C-Store items, the tribble Borg pet, and our first look at The Big Dig mission!

And much, much more

Direct Download Links HD | Medium | Small | OGG Video | MP3 | YouTube

[ad#shownotes]

Our STOked App:

Grab the STOked iPhone/iPod App and download STOked plus bonus content on the go!

This Week’s Show Notes:

Season One: “Common Ground” has landed! 

Patch Notes:  https://forums.startrekonline.com/showthread.php?t=142766

Launch Day FAQ:  https://forums.startrekonline.com/showthread.php?t=143065

– A billion changes!

    * Respecs! WOO!

    * Additional starship skills, and a 25% carry-over rate for T3 and T4 ship skills.

– New Content!

    * Fed vs Fed pvp maps

    * Off-duty space pajamas

    * Klingon T2 Cruiser + additional KDF ship customization

    * “Big Dig” and DS9 Fleet Actions

    * THE CURE (STF)

– C-Store items

    * Bridge Variants

    * Fed ship variants (+more coming soon)

– More Lifetime Sub perks

    * Captain’s Table private social zone

    * Special Title (“Career Officer”)

    * Blue Name on forums with special rank

 

March 22nd Engineering Report:  https://forums.startrekonline.com/showthread.php?p=2417369#post2417369

Monthly targets added to items “in development” including the following listed for April:

– Difficulty Sliders

– Death Penalty

– Memory Alpha / Crafting revamp

– Joined Trill for KDF

 

BIG BAD PVP BUG:  Several maps deleveling people to level one (Captain -29, RA -39)

https://forums.startrekonline.com/showthread.php?p=2454348#post2454348

“Post-Mortem Report” from Coderanger:  https://forums.startrekonline.com/showthread.php?p=2464377#post2464377

Jack Emmert interview @ thebigfreaks.com:  https://thebigfreaks.com/?p=276

Also an audio interview:  https://thebigfreaks.com/?p=263

    * “Well over 100,000 subscribers”

    * He comments a lot on how WoW has shifted the MMO audience into an “immediate satisfaction” state of mind, rather than the pre-WoW environment where people judged them on their potential / scope.

    * “Season Two” will be based 100% on the surveys and forum responses they have gotten over the past month+ since release.

MATH:

 

Ship Energy Levels and YOU!

 

UI Explanation:

Postures:  Attack, Defend, Speed, Balanced

Type I:  Current Energy / Energy Setting

Type II:  Visual representation, updated live

Type III:  Same as II, but with customization and Save/Reset buttons for presets

 

What They Effect:

WEAPON ENERGY:  Energy Weapon damage output (Torpedoes and Mines are unaffected by current level, but unable to fire when at 0 power)

SHIELD ENERGY:  Shield regen rate (note:  Does NOT affect total shield strength)

ENGINE ENERGY:  Movement speed

AUXILIARY ENERGY:  Hull Repair, Turn Rate, Stealth Detection, and many “Sciencey” abilities’ amplititude (e.g. Tachyon Beam, Tyken’s Rift, etc.)

 

WEAPONS SYSTEM:

Power Level = % of affect

100 – 200

75 – 150

50 – 100

25 – 50

 

In other words = 2% difference (up or down) per point of Power above or below a setting of 50.

 

This only affects the power of the weapon when it leaves your ship, and not when it impacts the enemy.  All energy weapons are also affected by the distance between yourself and your target, to varying degrees and will deal more damage the closer you are to your target. (cannons seem to be more affected than beams)

 

Your current available Weapon Energy is drained each time you fire an energy weapon.  The amount of drain depends on the type of weapon you are firing, and the number of weapons firing simultaneously.  Watch your power level in combat, and make sure you’re not over-draining your weapon power, as you will end up doing LESS damage over time if your Weapon Energy dips too low on a regular basis.  If you regularly see your Weapon Power dipping well below the level it is set at, it may be a good idea to swap in a lower-power weapon type.

 

Weapon Power Drain amounts per shot:

Beam Arrays and all cannon types = drain 10 power (beams drain more frequently than cannons, allowing less time to regen)

Turrets = drain 8 power 

 

You can offset the drain of Energy Weapons by investing in EPS Flow Regulator (Engineering Consoles).  You can also use batteries or Emergency Power abilities to quickly recharge.

 

SHIELDS SYSTEM:

Power Level = % of base regen

100 – 300

75 – 200

50 – 100

25 – 0 (!!)

 

In other words = 4% difference (up or down Bryan’s Penis) per point of Energy Level above or below a setting of 50.

 

Unlike weapons, shield tooltips do not update on the fly along with your Shield Power.

 

SUB-TOPIC: Rebalancing Shield Quadrants, to maximize Regen…

 

Shield regeneration is applied to all four quadrants of your shields, every 6 seconds (aka, per tick).  Let’s say you have a regen rate of 100.  If you have 3 maxed out quadrants, and one that is damaged, you are only regenerating 25 shield power / tick.  However, if you rebalance your shield power so that all 4 are slightly damaged, you will regenerate essentially 25*4 = 100 shield power / tick.  Obviously it’s not always a good idea to weaken ALL of your shields.  However, doing so when you are not under direct fire is ALWAYS recommended.  Especially before using an ability that increases your Shield Regen (e.g. Emergency Power to Shields, Science Team, etc).

 

ENGINE SYSTEM:

The math to figure out your exact speed is complicated and involved, and I don’t have time to go into all of it right now.

 

Suffice it to say that your energy level directly impacts your speed, but the following are also factors that will always figure into it:

 

– 0 Engine Power (system offline) will cause you to stop, AND cut your turn rate to almost nothing.

– For Feds, each ship type has a different variable that causes them to go different speeds, with the same engines (Cruisers and Science are slower than Escorts)

– For KDF, check the “Impulse Modifier” listed in the ship stats at the Shipyard consoles.

– Engine types have different base modifiers.  Fastest to Slowest = Hyper Impulse, Combat Impulse, Impulse

– Your max bonus is controlled and normalized by the Tier of ship.

– Engine Power does not appear to have any affect on your Warp Speed (in Sector Space).

 

AUXILIARY SYSTEM:

TURN RATE – Just like Engine speed, it’s very complicated.  But here’s a few quick tips:

 

– 0 Aux Power (system offline) will cause you to be almost completely unable to turn.

– Tier 1 and 2 ships are easier to get to turn faster.  Tier 3+ ships have a built-in modifier that is meant to normalize the “high-end” ship bonus skills.  (In essence, they force you to invest points in the ship type, to get them to move comparably to lower-tier ships).

– Turn Rate is calculated in “Degrees per Second” which is unaffected by your Engine SPEED.

– Turn Rate modifiers (such as those on consoles and engines) are % bonuses to your ship’s turn rate, and are not directly additive.

– The total possible bonus (or penalty) of a high (or low) Aux power level is never going to turn a Cruiser into an Escort (or vice versa).

– Escorts will benefit far more from Aux, due to a higher innate Turn Rate.

 

HULL REPAIR – Bryan’s Penis Calculations unknown.  Sorry! 

 

– Also affected by Crew Levels, and passive skills.

– The longer the battle, the more Hull Repair will matter.

– Hull Repair is always % based, so larger/beefier ships will repair more per tick than smaller ships, with the same Captain.

 

STEALTH DETECTION –

 

– Base is determined by ship type:  Escorts/Cruisers are 33% that of Science Ship detection rate.

– Also based on all of the following:  Starship Operations Training, Starship Sensors stat (from items + skills), Starship Sensor Array stat (from items + skills)

– After the “base” detection rate is found (using the above + innate based on ship type), MULTIPLIED BY AUXILIARY in same manner as Weapon Power.

 

ABILITY MODIFIER –

 

– Determined on a per-power basis.  Can affect Duration and/or Magnitude.

– Does NOT always affect abilities.  To check:  Tooltips will update on-the-fly if they are affected by Aux (but not always in Sector Space)

 

IN CLOSING:  https://theenginescannaetakeit.wordpress.com/

 

MEDIA:




Pics of one of the new C-Store ship skins:  https://forums.startrekonline.com/showpost.php?p=2438996&postcount=6

 

Tribble of BORG:

Was rewarded to people that participated in a Dev event on the Tribble server during the weekend prior to Season One release.

Pic:  https://www.wegame.com/view/star-trek-online-screenshot-by-ermest-2010-03-26-15-33-01/sizes/

Info:  https://www.wegame.com/view/star-trek-online-screenshot-by-ermest-2010-03-26-15-34-18/sizes/






The post Ship Energy Levels and YOU! | STOked s02e09 first appeared on Jupiter Broadcasting.

]]>