Fullscreen HTML5Med Res (??MB)HTML4

Net Work Alan Winstanley This month, Net Work looks at the never-ending problem of online security. From domestic fridges to critical national infrastructure, everything is online and we are all vulnerable. R ecently the author’s ten- year-old deep freezer decided to throw a tantrum: although the digital display on the door panel showed ‘–18°C’ as normal, breaking out my digital thermometer I found the temperature inside was actually +5°C. The whole interior had defrosted over the weekend but unfortunately the freezer had no low-temperature alarm. A lingering chemical smell alluded to a refrigerant leak, so the hunt was on for a new one from the usual online sources – preferably a European one, but I couldn’t help noticing the Chinese Haier brand popping up everywhere I looked. Haier is a major manufacturer of white goods and electrical appliances, and claims to own 10% of the world market, having bought America’s GE appliances business in 2016 and the Candy brand in 2019 (which includes the Hoover brand, popular in Europe). Haier’s Chinese-made appliances undoubtedly have a high ‘showroom appeal’ when viewed online; they are feature-laden and competitively priced. Some models feature Haier’s ‘Instaswitch’ that converts it from a deep freezer to a refrigerator at the touch of a button. (I mused that my old South Korean freezer had done the same thing, all by itself.) More to the point, Haier Instaswitch freezers are Wi-Fi connected, which they claim alerts users of abnormal temperature rises caused by an open door or a power cut, for example. Owners can also control the temperature through their smartphone, Haier says. This appealing idea sounded like a deal-maker – at first, anyway. Online reviews seemed generally favourable, although some users felt that the app wasn’t very effective in practise. There’s always a question-mark hanging over the lifespan of such apps, given that many smart TVs, radios and PVRs outlive the essential apps that help owners to control them. Apps can go obsolete all too soon, leaving dissatisfied owners high and dry. Personally, I wasn’t willing to suck it and see and, after downloading the freezer’s manual, I saw that changing the door hinge over was a complicated and fiddly two-man job. Keep it local Being unable to check the build quality either, I eventually opted for a German brand, sourced from a local independent store instead. Working like my personal shopper or Daigou (see Net Work, February 2019), the store cheerfully compared the online specs. which saved me all the trouble, they suggested a suitable freezer, reversed the door in their workshop, delivered and installed it, and took away the old freezer and packaging all at a competitive price. Life shouldn’t just be about price: if one factors in the many hours China’s Haier lays claims to 10% of the world market for that one spends fruitlesswhite goods. ‘Instaswitch’ models (two shown) have Wi-Fi ly searching online before (fingers crossed) buying and can double as a fridge or freezer. 12 at arm’s length, in my view any premium paid in ‘buying local’ is worth it just for the personal time freed up, and it helps keep the local economy ticking over too. Surprisingly though, the German-designed unit still has some odd compromises: it seems that few freezers have digital displays showing the temperature inside in real time, and my new freezer hadn’t one either. The LCD merely shows the desired set-point instead, although at least mine has a high temperature audible alarm built in. It also has a blinding LED light inside, and you have to open the door to check the digital display anyway, which is mounted above at head height! The force needed to pull the door open was enough to drag the freezer across the vinyl floor, something I cured by placing some discs of Scotchbrite material under the front feet, or bicycle puncture repair rubber could be used. (To help, the freezer was raised off the floor using a small inflatable ‘air wedge pump’ from eBay.) For a European appliance costing over twice the price of the Haier, these avoidable shortcomings were both ridiculous and frustrating. One can see why Chinese brands such as Haier are fast making ground in the marketplace, and online shopping puts them within easy reach of consumers. Haier appliances are available on Amazon and major UK appliance websites. Alternatively, South Korea’s LG offers a wide range of Wi-Fi enabled appliances for the smart home, controlled by LG’s ThinQ app. Readers might enjoy some nostalgic glimpses of the electric appliances of yesteryear, particularly some quaint film presentations of American domestic appliances from a century ago. GE’s electric cookers (stoves) and refrigerators were very advanced for their time when compared with British post-war equivalents. Enjoy the show, starting with life in the ‘GE electrical home’ in 1915 at: https://youtu.be/ gU2G9Frxyi4 (with awful music); ‘A Design for Modern Living’ (1935) at: https://youtu.be/SVfZCKCzEWg and Practical Electronics | August | 2021 Westinghouse foretold the advent of the video doorbell in this 1950s film – but not cordless telephones! The object resembling a toaster is the screen. (Image: YouTube / History comes to life). ‘Pushbutton Magic’ (1948) at: https:// youtu.be/sfiFFYpOB9Y In comparison, there is a 1930s museum piece of a British cooker at https://tinyurl.com/yvhc6wcx – while Westinghouse envisioned the ‘Total Electric Home’ of the future in a fascinating 1950s film, see: https://youtu. be/jyrTgtPTz3M Incidentally, these links are readymade for you to click on in my Net Work blog at: www.electronpublishing.com/ net-work-blog/ Phishing without mercy We’ve all had them – authentic-looking ‘phishing’ emails from fraudsters that try to lure you into clicking a link, perhaps leading to a bogus copy of an authentic website where your personal details or logins can be captured by criminals, who will then proceed to drain your bank account without mercy. Alternatively, the phony website might install malicious scripts on your computer, then connect to servers run by crooks which unleash ransomware on your system. A ‘spearphishing’ email can be especially tricky to spot, as they look deceptively genuine; cyber criminals can steal names and email addresses for use in a convincing mailshot, supposedly coming from a recognised and trusted institution. Savvy users soon recognise bogus spam mails that start with a generic ‘Dear Recipient’ or ‘Attn. userx<at> gmail.com’, but on a busy computer it’s all too easy to click malicious links without thinking. A technique called ‘Domain-based Message Authentication, Reporting & Conformance’ (DMARC) is gradually being implemented. This authenticates emails and stops bogus ones from masquerading under a genuine domain or sub-domain name owned by, say, a bank or state institution. Practical Electronics | August | 2021 GE ‘Pushbutton Magic’ – demonstrating coloured pushswitch controls on a 1948 GE ‘Stratoliner’ oven (Image: YouTube / Museum of Innovation and Science) At the time of writing, the author their only desire was to ‘make money’ has been hit by waves of phony UK and not inflict damage on society. Government emails advising about eligibility for the fifth SEISS grant A plague on our houses (funding for the self-employed during Ransomware is undoubtedly a 21st Covid-19). They are easily recognised century scourge, and the threat is beand can be forwarded, preferably with coming so severe that this form of the headers, to the UK Government’s cybercrime is potentially being elevated National Cyber Security Centre for to the status of a terrorist threat. Alattention. The NCSC says that they though official guidance is not to pay act on every report, and as of 31 May a ransom because that merely encour2021, they had received more than ages more attacks, sometimes Bitcoins 6,100,000 such reports, allowing them will change hands under the table in to remove more than 45,000 scams and the hope of receiving a valid decryptake down 90,000 malicious URLs. tion tool from the criminals, although In the UK, the email address to for- it can take many days to unlock and ward phishing emails (not spam) is: get systems online again. In the Colonial Pipeline case, it appears that report<at>phishing.gov.uk In both private and state-owned sec- some $4m in Bitcoin was paid due to tors, sophisticated social engineering the urgency of the fuel problems but, methods can be used by impostors in what is probably a first in the cyberwho sometimes spend months gar- security industry, most of this ransom nering the confidence of individuals was subsequently recovered by the before slipping an infected payload FBI using some undocumented techonto their network. Apart from visit- niques. A phishing campaign from a ing compromised websites, malicious ‘help desk’ then tried to trick Colonial file attachments such as a PDF or a workers into downloading more mal.zip file containing executables, or ware disguised as a ‘system update to innocent-looking Word or Excel files protect against ransomware’. The world’s largest meat protein that contain harmful macros, can unleash devastating damage on networks producer, JBS, recently paid an $11m and bring organisations crashing to a halt. Recent targets of ransomware attacks include the US firm Colonial Pipeline in May, which caused shortages in fuel supplies coinciding with spikes in demand as homeworkers started returning to the office. The attack was pinned on the DarkSide ransomware group, which reportedly ‘apologised’ Colonial Pipeline – just one of the latest high-profile critical afterwards, stating infrastructure victims of ransomware. 13 Kaspersky Anti-Virus – the author’s online weapon of choice which works across multiple devices. There are plenty of alternatives, so do shop around. ransom, it is reported, after suffering a cyberattack on its networks. With food production and fuel shortages now threatened by ransomware, the UK security services have held exercises to test the resilience of key infrastructure against such risks. Ireland’s HSE (Health Service Executive) was also hit by a major ransomware exploit attributed to the Conti criminal group. Serious disruption to healthcare was caused, but the villains reportedly had a change of heart and gave the HSE the file decryption tool for free, along with a menacing threat to publish private medical data if the HSE failed to further engage with them. One technique that cybercriminals use to ramp up the pressure is to threaten to also release data onto the web, a method called ‘double extortion’ because both data encryption and data theft are involved. An emerging trend is ‘triple extortion’ where the cybercriminals also go gunning after the data subjects whose private information they have stolen, in the hope of raking in smaller ransoms from those whose personal information has been compromised. Just a few weeks ago two University of Florida hospitals had to shut parts of their IT network after being struck by ransomware. Two schools in the county of Kent, England were also hit and had to close in June when pupil data was encrypted by hackers. It may be cheaper just to rebuild and restore systems from scratch. Japan’s Fujifilm also suffered a major ransomware attack in June, but reportedly refused to pay a ransom and, commendably, 14 restored its systems from backups within a week instead. Vulnerabilities lurk everywhere, and the cyberthreat intelligence company Check Point Research (https://research. checkpoint.com) recently described possible weaknesses in certain staple Windows components that seldom receive any sort of make-over. Some could impact the security of systems running Microsoft Office software, for example. Hence, several Microsoft patches were released in May and June to fix the latest problem, but it also shows how our computers could be storing up headaches for the future as older Windows components that are taken for granted may contain as-yet undiscovered vulnerabilities. Some versions of Windows 10 are now at end of life or heading that way, and will not receive any more updates or security patches. The website https://endoflife.date/windows gives a useful summary. Windows Update will gradually push the latest (21H1) onto systems to keep them going till December 2022. You can confirm your current Windows version via: Settings/ System/About. In case users aren’t aware, you can simply press the Windows key and then immediately type a keyword like ‘version’ or ‘update’ and Windows 10 will give you the necessary links to follow. There’s much talk of the next release of Windows: prior to the annual Microsoft Event that was held on 24 June, Microsoft uploaded a video of ‘meditative sounds’ based on old Windows system sounds at: https://youtu.be/fMr4Qm5ZWrI – it’s exactly 11-minutes long, is that a clue about things to come? Antivirus choices An antivirus product is part of everyone’s online armoury and will hopefully intercept and quarantine any infected files, or block access to a suspicious website, before any harm can be done. Many anti-virus packages have the odd irritating foible or two, and the author’s choice of Kaspersky Anti-Virus is no exception, but it’s competitively priced and seems to offer good all-round protection on multiple devices, including mobile platforms. Other anti-virus brands are popular with their loyal users, and some may bundle a VPN, password management, cloud storage or ‘safe money’ security to protect online banking transactions. Try searching for ‘Symantec’ and you’ll end up on Broadcom’s website instead, which sells enterprise-level security software. Symantec’s former consumer products are now sold under the familiar Norton brand (www.norton.com) owned by Norton Lifelock and, at the time of writing, Norton 360 Deluxe (5 devices) costs £19.99 in Year One and £84.99 a year thereafter. Watch out for costly automatic renewals that sleep-walk you into subscribing for another year if you don’t cancel. In comparison, Kaspersky Internet Security (5 Devices) is discounted to just £18.14 for one year for a downloadable version, if bought via Amazon. The software licence is delivered flawlessly, and serial numbers are emailed and also stored by Amazon in the user’s Games and Software library for future reference. Multi-device, multi-year licences are available. Alternatively, Avast Software still offers a free ‘lite’ version that’s better than nothing and might be enough for occasional users (download it from: www.avast.com). Paid-for versions cost £39.99 (Year 1) and £79.99 per year thereafter (10 devices). Other reputable brands include McAfee, Panda Cloud Security, Eset and BitDefender. Many of these anti-virus programs can be bought and downloaded via Amazon, but there will undoubtedly be discount offers on the web so it’s worth checking around. In previous Net Work columns, I’ve suggested, and would repeat the advice here, that it is worth taking an ‘air gapped’ backup of valuable data onto an external hard disk or possibly a pocket SSD. For storing lower volumes of data, plenty of cloud-based storage is available, including Microsoft OneDrive (5GB free), or Google Drive offers which 15GB free (Google account required). Apple’s iCloud offers Windows users a program for syncing data hosted on a PC with their Apple devices. Phone security experts Certo Software recently published a blog about hackers targeting the iCloud in order to gain access to victims’ phones. Certo tested a number of spyware products to see if it is still possible for hackers to gain access to the iCloud via these apps, as well as sharing advice on what you can do to protect yourself. iCloud users can read more at: http://bit.ly/pe-aug21-cert Many of us still stash data away on optical disks as well, but perhaps re-read last month’s Techno Talk column in which Mark Nelson described major problems that CDs and DVDs suffers during long-term storage: sadly, optical media isn’t as reliable or robust as we’d all like it to be, so perhaps check out those archived disks sometime. Last, on the subject of taking backups, Windows computer enthusiasts may like Macrium Reflect (free edition Practical Electronics | August | 2021 www.poscope.com/epe Ealing, London now boasts the UK’s fourth Amazon Fresh ‘Just Walk Out’ store. available from www.macrium.com) or the interesting-looking Casper 11 from Future Systems Solutions. Macrium is a sophisticated, fast and powerful backup program that does a fine job of running backups on schedules over a network (onto a Synology NAS in my case), but it is quite a handful to configure at times. Casper 11 is designed mainly with disaster recovery in mind. It creates a full image copy of your system drive that can be used as an external boot disk, so you can carry on working as normal while a system is rebuilt in the background. Its maker claims that you can be back up and running immediately if disaster strikes. This could be an ideal backup application for a pocket disk or USB 3.0 drive, although FSS warns that not all PCs support booting from USBtype devices. Casper 11 for Windows costs from $59.99 and both 32-bit and 64-bit versions are provided. I hope to test Casper myself in due course, also to test how well a boot disk might function on a different PC altogether. You can download a free trial from: www.fssdev.com/products/casper/ Other news Recent Net Work columns have described the groundswell in electric vehicle production with numerous European and Chinese brands launching EVs, despite there being a paucity of public EV charging points. Owners are likely to face another menace as EVs become a more familiar sight: the theft of a car’s charging cable itself. Stolen ones are quite valuable for scrap metal, but are also finding their way online as ‘replacements’. No doubt cables will become an attractive nuisance for vandals or bored kids. I found some useful practical advice on how to safeguard your EV cable when it’s in use on a YouTube video at: https://youtu.be/mYHhqekij3E Practical Electronics | August | 2021 Ofcom’s annual report, Online Nation 2021, cited some trends in UK internet usage in a 185-page analysis. In September 2020, UK internet users spent nearly four times as much time on smartphones (averaging 2 hours 19 minutes a day) than they did on computers (37 minutes). Youngsters aged 7 to 16 spend almost four hours a day online, mostly for gaming or watching streaming video, while young people in the 7-17 age group named YouTube as their favourite. By the age of 11, some 59% of children were hooked on social media, even though the minimum age limit was 13, Ofcom says, and 95% of kids used it by the age of 15. Google and Facebook consumed some 40% of the entire traffic across the board, though younger users aim for Instagram, TikTok and Snapchat. The full report is online at: http://bit. ly/pe-aug21-ofc Amazon Fresh has opened its fourth ‘Just Walk Out’ store in the UK. Located in Ealing, London, it uses a combination of advanced technologies to check what shoppers actually put in their basket, and simply charges the total to their account without them needing to go through a checkout. The sale of halogen bulbs is finally being banned in Britain as part of the move towards using more fuel-efficient LED bulbs. If your favourite light fittings use dimmable halogen bulbs, for example, now is the time to consider stocking up if you don’t want to scrap them just yet. The ban takes effect on 1 September. High-energy fluorescent tubes are in the firing line as well – from 2023. Don’t forget to check those readymade Net Work links on our website, and, as always, remember that I can be reached by email: alan<at>epemag.net. See you next month! The author can be reached at: alan<at>epemag.net - USB - Ethernet - Web server - Modbus - CNC (Mach3/4) - IO - PWM - Encoders - LCD - Analog inputs - Compact PLC - up to 256 - up to 32 microsteps microsteps - 50 V / 6 A - 30 V / 2.5 A - USB configuration - Isolated PoScope Mega1+ PoScope Mega50 - up to 50MS/s - resolution up to 12bit - Lowest power consumption - Smallest and lightest - 7 in 1: Oscilloscope, FFT, X/Y, Recorder, Logic Analyzer, Protocol decoder, Signal generator 15