Next NUTKC Meeting January 7, 2012

Its time once again to remind everyone of the next NUT meeting. Saturday January 7, 2012 from 10:00 AM to 11:30 AM
5330 NW 64th Street
Kansas City, MO 64151
Store: 816-505-1311
I plan to continue meeting in the kitchen as it is more relaxed and closer to the food.

Our meetings are simply a chance to get together and talk about technology. We are all happy to help each other in any way we can.

Five Security Resolutions for 2012

The following is from
Please go there for any links or any other information.

Five Security Resolutions for 2012
As 2011 comes to a close and we prepare to usher in a new year it is time to reflect
on transgressions from the past 12 months and on how we can better ourselves in the
coming year. In addition to making resolutions to lose weight or exercise more, we
at Astaro, Sophos Network Security, urge you to consider committing to resolutions
that will help secure your personal and business networks. Below are some suggestions
for resolutions. At the turn of the year, it has become a tradition for many to seize
the opportunity to leave one or the other bad habit behind and start anew. Why not
also deploy this vigor for the best friend of the modern era: your PC, Laptop, Smart
Phone or Tablet will be thankful too (and at the same time, your online world gets
a little bit more secure!). If you want to pledge your commitment simply “like” this post or add a comment at
Resolution No. 1: I will not access the Internet without up to date malware protection and an installed firewall and antivirus
Why? Last year150,000 malware attacks were registered* daily! If only everybody would install sufficient security software, this threat would be minimalized. Insider-Tip: Complete home network protection doesn’t need to cost big bucks. Secure your own network for free with our software!
Resolution No. 2: I will not click on tinyURLs, hyperlinks or links of unknown origin without investigating first.
Why? Even if you think you know the sender or the site, this won’t guarantee your
safety. 80% of these URLs stem from former legitimate pages, which were either hacked or infected.
Insider-Tip: Computer and security threats made easy!
Learn more about what is out there in our threatsaurus! (PDF)
Resolution No. 3: I will update my security software package regularly and with a watchful eye!
Why? Fake antivirus software and SEO poisoning are the number one way malware is
spread. Therefore stay alert and don’t blindly install updates, make sure they are
from your provider. Otherwise, you are opening the door for new security breaches. Insider Tip: Take the threat detection test.
Download our free computer security scan!
Resolution No. 4: I will not wait until my laptop is stolen or lost before I encrypt data!
Why? Loss or theft of hardware makes up 30% of all data loss scenarios. Do your best to physically protect your hardware, but also make sure information is encrypted in case these precautions fail.
Insider-Tipp: Quick and easy encryption for all your data.
Download our free tool here!
Resolution No. 5: I will stop using “password” as my password Why? In 2011, passwords such as “password”, “123456”, “qwerty” and “abc123” were
still topping the most used passwords list*. Moreover, 67% of all mobile device users
haven’t installed any password protection at all. A secure password can go a long way towards protecting your data.
Insider-Tip: Simple tips for better security.
Take a look at this video about the perfect password!
* Sources: Sophos Security Threat Report Mid-Year 2011, Data Loss DB, TNS 2011-12-29 9:23 by Joerg Schindler

Password Haystacks

The following is a copy and paste from the Password Haystacks page at

There is an article about this in the January 2012 edition of Consumer Reports, its been mentioned in Time Magazine, and featured on an ABC station in LA.
Give it a try, its not hard to come up with an easy to remember password that is difficult to guess. I used ;realize#0 in the below example.

Gibson Research Corporation
What we’re about
blog icon
Twitter Icon
RSS Icon
Haystack Logo
… and how well hidden is YOUR needle?
Every password you use
can be thought of as a needle hiding in a haystack. After all searches of common
passwords and dictionaries have failed, an attacker must resort to a “brute force”
search – ultimately trying every possible combination of letters, numbers and then symbols until the combination
you chose, is discovered.
If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later?
This interactive brute force search space calculator allows you to experiment with
password length and composition to develop an accurate and quantified sense for the
safety of using passwords that can only be found through exhaustive search. Please see the discussion below for additional information.
The Password Haystack Concept in 150 Seconds
Los Angeles’ KABC-TV produced a terrific & succinct two
and a half minute explanation of the Password Haystacks
Click this link to view their quick introduction
GRC’s Interactive Brute Force Password “Search Space” Calculator (NOTHING you do here ever leaves your browser. What happens here, stays here.) class0
No Uppercase
7 Lowercase
1 Digit
2 Symbols
10 Characters
Enter and edit your test passwords in the field above while viewing the analysis below.
Brute Force Search Space Analysis:
Search Space Depth (Alphabet):
26+10+33 = 69
Search Space Length (Characters):
10 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password’s length)
Search Space Size (as a power of 10):
2.48 x 1018
Time Required to Exhaustively Search this Password’s Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)
7.89 hundred thousand centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
9.47 months
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
6.89 hours
Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.
(The Haystack Calculator has been viewed 679,637 times since its publication.) ConsumerReportsLogo
The prestigious “
Consumer Reports
” has also picked up on the
simplicity and power of the “
Password Haystacks
” concept. HI!
IMPORTANT!!! What this calculator is NOT . . .
It is NOT a “Password Strength Meter.”
Since it could be easily confused for one, it is very important for you to understand what it is, and what it isn’t:
The #1 most commonly used password is “123456”, and the 4th most common is “Password.”
So any password attacker and cracker would try those two passwords immediately. Yet
the Search Space Calculator above shows the time to search for those two passwords
online (assuming a very fast online rate of 1,000 guesses per second) as 18.52 minutes
and 17.33 centuries respectively! If “123456” is the first password that’s guessed,
that wouldn’t take 18.52 minutes. And no password cracker would wait 17.33 centuries before checking to see whether “Password” is the magic phrase. Okay. So what IS the “Search Space Calculator” ?
This calculator is designed to help users understand how many passwords can be created
from different combinations of character sets (lowercase only, mixed case, with or
without digits and special characters, etc.) and password lengths. The calculator
then puts the resulting large numbers (with lots of digits or large powers of ten) into a real world context of the time that would be
required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet. How can I apply this to my daily life?
Answering that question is the reason this page exists. The whole point of using padded passwords is to adopt a much more
you-friendly approach to password design. On June 1st, Leo Laporte and I recorded our weekly
Security Now! podcast
as part of
(This Week in Tech) audio and video podcasting network. You may download a shortened,
37-minute, excerpted version presenting the padded password and Haystack calculator concepts:

37 minute, high-quality, 64kbps MP3 audio file
, 17.9 MB

37 minute, lower-quality, 16kbps MP3 audio file
, 4.47 MB
The main concept can be understood by answering this question: Which of the following two passwords is stronger,
more secure, and more difficult to crack?
You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two
! In fact, since it is one character longer and contains uppercase, lowercase, a
number and special characters, that first password would take an attacker approximately 95 times longer to find by searching
than the second impossible-to-remember-or-type password!
If you are mathematically inclined, or if you have some security knowledge and training,
you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you’ll have noticed that the first, stronger password has much less entropy
than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we
see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!
But wouldn’t something like “D0g” be in a dictionary, even with the ‘o’ being a zero?
Sure, it might be. But that doesn’t matter, because the attacker is totally blind to the way your passwords look. The old expression
“Close only counts in horseshoes and hand grenades” applies here. The only thing an attacker can
know is whether a password guess was an
exact match . . . or not. The attacker doesn’t know how long the password is, nor anything
about what it might look like. So after exhausting all of the standard password
cracking lists, databases and dictionaries, the attacker has no option other than
to either give up and move on to someone else, or start guessing every possible password. And here’s the key insight of this page, and “Password Padding”: Once an exhaustive password search begins,
the most important factor is password length!
The password doesn’t need to have “complex length”, because “simple length” is just as unknown to the attacker and
must be searched for
, just the same.
“Simple length”, which is easily created by padding an easily memorized password with equally
easy to remember (and enter) padding
creates unbreakable passwords that are also easy to use.
And note that simple padding also defeats all dictionary lookups, since even the otherwise weak phrase “Password”,
once it is padded
with additional characters of any sort, will not match a standard password guess of just “Password.”
One Important Final Note
The example with “D0g…………………” should not be taken literally because if everyone began padding their passwords with simple dots, attackers would soon start adding dots to their guesses to bypass the need for full searching through unknown
padding. Instead, YOU should invent your own personal padding policy
. You could put some padding in front, and/or interspersed through the phrase, and/or
add some more to the end. You could put some characters at the beginning, padding
in the middle, and more characters at the end. And also mix-up the padding characters by using simple memorable character pictures like “
<->” or “[*]” or “^-^” . . . but do invent your own!
If you make the result long and memorable, you’ll have super-strong passwords that are also easy to use!
Common Questions & Answers
If only password length matters, why does the “Haystack Calculator” change when my test passwords are all lowercase or have all kinds of characters? A:
The use of every type of character forces the attacker to search through the largest
possible space. We must always assume that an attacker is as smart as possible (and
most are). So, knowing that 41.69% of all passwords consist of only lowercase alphabetic
characters, a smart attacker who is forced to resort to a brute force search won’t initially bother spending time guessing passwords that contain uppercase, digits
and symbols. Only after an all lowercase search out to some length has failed will
an attacker decide that the unknown target password must contain additional types of characters.
So, in essence, by deliberately using at least one of each type of character, we are forcing
the attacker to search the largest possible password space, because our password won’t
ever be found in any of the smaller spaces.
So, from the answer above, that means that our passwords should always contain at least one of each type of character?
Yes, that’s exactly what it means.
Take, for example, the very weak password “news.” If another lowercase character
was added to it (for example to form “newsy”), the total password search space is increased by
26 times
. But if, instead, an exclamation point was added, (making it “news!”), the total search space is increased by a whopping
1,530 times!
That’s how important it is to choose passwords having at least one of every type
of character. If anyone ever does try to crack your password, you will have eliminated all shorter searches.
Is there an optimum character mixture?
Since most users will likely always be choosing all lowercase characters you’ll
want to stay as far away from that as possible. And, similarly, the fewest number
of users will ever be using many special symbol characters. So the wisest attacker
will aim for the herd, searching through lowercase passwords first and symbol-oriented
passwords last. Since this is one race which you want to finish last (meaning never) using more symbol characters is highly recommended.
But remember: Not only
symbols, since you first want to have every type of character represented to force a “full depth” search.
Password Related Links
A Large-Scale Study of Web Password Habits
‑ THOROUGH & interesting 9-page Microsoft Research PDF.
Analysis of the passwords SONY lost
‑ in one of their 2011 network breaches.
The password cracking power of GPU’s
‑ the need to recalibrate our password length thinking.
A homebrew password cracking system
‑ that cracks at 33.1 billion passwords per second!
An analysis from a major site breach
of the passwords users had chosen. VERY interesting!
Top 10 Most Common Passwords
‑ Another interesting snapshot of typical users.
The Top 500 Worst Passwords of All Time
‑ (Profanity Warning) ‑ A list that wasn’t edited.
Why Steve Gibson’s Password Padding Works for Humans
‑ An interesting post about cognitive science.
Click Seal for Details
Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2011 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC’s web and customer privacy policy
Jump to top of page
Last Edit: Dec 12, 2011 at 13:27 (3.15 days ago)
Viewed 2,424 times per day

Windows Update Tuesday

The second Tuesday of the month is also known as Windows Update Tuesday. It is when Microsoft releases patches and updates that make your computer secure and safer to use.
Something I frequently ask people on facebook is, When is the last time you manually checked for a windows update, reguardless of what your automatic settings are set to. I ask this for a couple of reasons.
1. To get people in the habit of going to check, just in case there is an update and your computer isn’t missing out on it. So many of the virus and malware attacks wouldn’t happen if people applied these fixes or patches every month.
2. There are some viruses and malware out there that disable Windows Update preventing your computer from being able to access the fixes and patches. So if you manually check from time to time, you’ll know that this isn’t the case and things are working fine.

Its also a good practice to check on Adobe Reader and Flash updates. One easy way to do this is the easy and free install programs from

Once you select the installers you want, ninite will start a file download for a small program. Save this program you are downloading and you’ll have it anytime you want to check the selected programs for an update.
Ninite will check for updates and if there is one, it’ll update that program. If there is no update, ninite skips that program. One benefit of getting programs through ninite is they remove any of the toolbars or other junk that companies try to sneak in on you.
For example, if you go to adobe’s site and download flash for your computer, there will be a check box somewhere on the page to include a free scan or some other junk that you don’t need. Ninite removes this stuff in their install process.

I do suggest keeping Automatic Updates set to Automatically download and install on Windows computers. That is the best way to keep your computer up to date but do a manual check now and then just to make sure things are working right.

Great Tool To Clean Up Your PC

Optimization and Cleaning
CCleaner is our system optimization, privacy and cleaning tool. It removes unused
files from your system – allowing Windows to run faster and freeing up valuable hard
disk space. It also cleans traces of your online activities such as your Internet
history. Additionally it contains a fully featured registry cleaner. But the best
part is that it’s fast (normally taking less than a second to run) and contains NO Spyware or Adware!
Cleans the following:
Internet Explorer
Internet Explorer
Temporary files, history, cookies, super cookies, Autocomplete form history, index.dat files.
Temporary files, history, cookies, super cookies, download history, form history. Google Chrome
Google Chrome
Temporary files, history, cookies, super cookies, download history, form history. Opera
Temporary files, history, cookies, super cookies, download history. Apple Safari
Temporary files, history, cookies, super cookies, form history. Other Browsers
Other Supported Browsers
K-Meleon, Rockmelt, Flock, Google Chrome Canary, Chromium, SeaMonkey, Chrome Plus, SRWare Iron, Pale Moon, Phoenix, Netscape Navigator, Avant and Maxthon. Windows
Recycle Bin, Recent Documents, Temporary files, Log files, Clipboard, DNS Cache, Error Reporting, Memory Dumps, Jump Lists.
Registry Cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX
Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more…
Third-party applications
Removes temp files and recent file lists (MRUs) from many apps including Windows
Media Player, eMule, Google Toolbar, Microsoft Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more…
100% Spyware FREE
This software does NOT contain any Spyware, Adware or Viruses. CCleaner
I suggest the slim version for those using screen reading software. The easiest place to download that is from:

IdentifyingItems With A Bar Code Scanner

For more information about bc scan visit the web site
BCScan: Introduction
BCScan is a new way to organize your life. By using bar codes found on practically
anything you buy, you can identify products, share product directions and information, and inventory items in your house.
How it Works
The main page on BCScan includes a box for you to scan items. Using a bar code scanner,
place your cursor in the box and scan the item. With most scanners, you will hear
a beep, and the page with the item information will be displayed. We get our information from a variety of sources including online stores, online UPC databases, DirectionsForMe,
and many others. There is never a charge for a database update. Additional Features
You can create a free account to use some advanced features. First, instead of just scanning items, you can add them to a personal list which you can view later. We track the number of times you scan each item. Go to the “View my Inventory” link
to see your complete list and make changes. You can also submit updates to the database for items that we don’t have listed.
While logged in, you can also add personal notes to an item. These will be displayed as a part of your inventory or when you scan the same item again. More to Come
Please check back often, as we will be adding more features in the coming months. Bar codes are a powerful tool, and we welcome you to the world of BCScan. BCScan: Available Software
Now available, the Metrologic Fusion 3780 Scanner from A T Guys. This version is especially customized for use with BCScan.
BCScan is more than just a website. Not only can you use BCScan on the web, you can use the software programs below to retrieve and add information to the site. BCScan Window-Eyes App
The BCScan app for Window-eyes 7.2 or newer offers a simple interface to the site. Press Alt+Insert+B to bring up a box where you can scan an item or type in a bar
code. The product information will be spoken within a couple seconds. Version 2.0 adds support for information from Directions for Me.
Visit the App information page
Below are the results of items I have scanned using the app for Window Eyes Item 1
Torani Syrup, Chocolate, Sugar Free
25.4 oz (750 ml)
Info from Directions for Me:
For a delicious sugar-free beverage, add 1/2 – 1 oz Torani Sugar Free Chocolate to caffe lattes, cappuccinos, or steamed milk.
Purified Water, Natural Flavors, Caramel Color, Sodium Benzoate and Potassium Sorbate
(to Preserve Freshness), Citric Acid, Xanthan Gum, Sucralose (Splenda Brand), and Acesulfame Potassium.
Sweetened with Splenda. All Torani syrups are fat-free and a flavorful addition to specialty desserts and culinary dishes.
Item 2
Alka-Seltzer Plus Cold & Cough Formula, Liquid Gels
20 gels
Info from Directions for Me:
Do not take more than the recommended dose. Adults and Children 12 Years and Over:
Take 2 capsules with water every 4 hours. Do not exceed 12 capsules in 24 hours or
as directed by a doctor. Children Under 12 Years: Do not use. Store at room temperature. Avoid excessive heat.
Active Ingredients (in Each Capsule): Acetaminophen (325 mg), Chlorpheniramine Maleate
(2 mg), Dextromethorphan Hydrobromide (10 mg), Phenylephrine Hydrochloride (5 mg).
Inactive Ingredients: Butylated Hydroxyanisole, Butylated Hydroxytoluene, D&C Red
33, FD&C Blue 1, Gelatin, Glycerin, Hypromellose, Mannitol, Polyethylene Glycol 400,
Polyethylene Glycol 600, Povidone, Propylene Glycol, Purified Water, Sorbitan, Sorbitol, Titanium Dioxide.
Acetaminophen/pain reliever-fever reducer. Chlorpheniramine maleate/antihistamine.
Dextromethorphan hydrobromide/cough suppressant. Phenylephrine HCl/nasal decongestant.
Cough. Nasal congestion. Runny nose. Headache + body ache. Sinus pressure. (Liquid filled capsules.) Does not contain aspirin. Made in USA.
Item 3
Hormel Chili, with Beans
15 oz (425 g)
Info from Directions for Me:
Stove Top: Empty chili into saucepan. Stir occasionally while heating over Medium
heat, about 5 minutes or until hot. Microwave: Empty chili into microwaveable bowl; cover loosely. Heat for 2 to 3 minutes or until hot, stirring once. Careful. Let
chili stand in microwave 1 minute and stir before serving. (All microwaves and stoves vary. Times given are approximate).
Water, Beef, Beans, Concentrated Crushed Tomatoes, Corn Flour, Salt, Chili Powder
(Chili Peppers, Flavoring), Flavoring, Modified Cornstarch, Sugar, Green Chiles (Contains Citric Acid), Onions, Spices, Jalapeno Peppers (Contains Vinegar). Notes:
Since 1891. US inspected and passed by Department of Agriculture. Gluten free.

iPhone information

Voice Over can be adjusted so that it turns on or off by triple tapping the home button. To do this: You can configure the device to display options for VoiceOver, Zoom, or White on Black when you triple-click the Home button. This feature is off by default; to enable it, tap Settings then General then Accessibility then Triple-click Home. (Note that some of these options may be off the screen, so if someone is looking at it visually, they will need to scroll down towards the bottom).
Here is a guide for Voice Over (this includes information for Mac computers as well, so you may want to skip to the section that discusses gestures:
Here is a good website about iPad accessibility (also applies to iPhone). Here is the website from Apple on iPhone accessibility:
In addition, you can practice VoiceOver gestures by tapping Settings then General then Accessibility then VoiceOver then Practice VoiceOver Gestures. When VoiceOver is on, this feature provides audio feedback describing the gestures you are performing, and what action they perform on the device. For more information on adjusting settings, go to:
Some other excellent websites are:
(they have information on accessible apps for the iOS
(they have over 30 audio tutorials for using the
iPhone and most apply to iPod touch or iPad!).
Here is a list of gestures for the iOS devices:
Navigate and Read
Tap: Speak item.
Flick right or left: Select the next or previous item.
Flick up or down: The effect varies depending on the Rotor Control setting. Change the rotor setting y using two fingers to turn a “virtual” knob. Two-finger tap: Stop speaking the current item.
Two-finger flick up: Read all, from the top of the screen.
Two-finger flick down: Read all, from the current position.
Three-finger flick up or down: Scroll one page at a time.
Three-finger flick right or left: Go to the next or previous page (such as the Home screen or Safari).
Three-finger tap: Speak the scroll status (which page or rows are visible). Four-finger flick up or down: Go to the first or last element on a page. Four-finger flick right or left: Go to the next or previous section (for example, on a webpage).
Select and Activate
Double-tap: Activate selected item. Touch an item with one finger, tap the screen with another finger (“split-tapping”):
Activate item. Double-tap and hold (1 second) – same as a long press on an item. This can be used to move or delete items on the home screen. After this gesture, you can delete with a single finger double tap or move an item by dragging to another location.
The double-tap and hold gesture tells iPad to interpret the subsequent gesture as standard. For example, you can double-tap and hold, and then without lifting your finger, drag your finger to slide a switch. You can use standard gestures when VoiceOver is turned on, by double-tapping and holding your finger on the screen. A series of tones indicates that normal gestures are in force. They remain in effect until you lift your finger, then VoiceOver gestures resume.
Two-finger double tap: Play or pause in iPod, YouTube, Voice Memos, or Photos. Start or pause recording in Voice Memos. Start or stop the stopwatch.
Three-finger double tap: Mute or unmute VoiceOver.
Three-finger triple tap: Turn the display on or off. (This is known as the “screen curtain
< > ”
feature. Be careful! It’s too easy to go from mute/unmute VoiceOver to blanking the screen.)
Here is a link to the iPad PDF Manual:
There are also some great videos available on YouTube. I would suggest you search for iphone accessibility or ipad accessibility. You may also want to add the term Voice Over, Blind or low vision in the search field. Sincerely,
Rachael Trinkowsky, CRC, Ed.S
Technology Training and Vocational Coordinator
Lighthouse for The Blind of the Palm Beaches
(561) 586-5600 ext. 3510