• High-Tech Industry News
• Internet phishing scams getting more devious
• Philadelphia working on becoming the first major US city to offer wireless broadband access
• Financial organizations are testing higher levels of security for online transactions
• Computing Tips: Editing vs. Comments
• Crossword
• Masthead

High-Tech Industry News

For a few years now tiny chips have been used as a secure method to ID livestock & pets. They are actually in use in the millions. Now a new radio frequency ID (RFID) chip has been developed for implanting just below the skin & just above the elbow. The US Food & Drug Administration (FDA) has cleared the RFID chip implant for general use. The chip does not contain any medical information but does contain a 16-digit code that can be read by a low priced scanner. The reading scanner would be hooked into a computer system that would be able to bring up any information that was specified to be available by the patient. Getting the chip inserted into its position just below the skin usually costs between $150 & $200. At this time the plans are for the patient would have to be a subscriber to a registry service that would make their medical history available at the medical facility. The estimated cost for the registry service is just under $10 a month. The maintenance of the medical database that is accessed via the RFID chip would be the responsibility of the patient. That could be done the patient himself or herself via the Internet. Keeping the database up to date would of course be very important if the system is to be highly effective. It is feared that many patients will not be diligent about maintaining their database therefore greatly reducing the value of the system.

Some computer security experts are now questioning whether Microsoft should be issuing patches for minor security holes. Although this sounds strange most of the attacks against IE occur after Microsoft has issued a fix for a hole in the browser. The reason for this is that most holes in IE are not found by some hacker but by a computer scientist at a university. They will then notify Microsoft who will then issue a patch to plug the hole. At the same time Microsoft will usually issue technical details about the hole as well. It is at that time hackers usually find out about the hole & write their malware. They have the patch & technical data to aid them. They also rely on the fact that it takes three weeks after a security patch is released by Microsoft until 50% of the world’s computers have it installed. One answer to this problem is to insure all Windows XP computers have Service pack (SP) 2 installed. It closes about 50 known holes in Windows XP & IE. Windows XP also has a function that allows Microsoft to automatically install patches & SPs. It is called Automatic Updates & the problem is that most people have it turned off. If you have SP2 installed then the automatic updates function is turned on by default. With Automatic updates turned on you should receive any new patches for either Windows XP or IE within twenty-four hours of it being issued. SP2 also turns on the Windows firewall by default & that can also be part of your computer’s defense against any type of mal ware. If you do not use the Windows firewall most security experts recommend that you use a firewall from one of the many that are available from third party vendors.

Now, for the first time, the Internal Revenue Service (IRS) has opened its Internet site to allow all taxpayers to prepare & file their returns electronically without a fee. At this time the user must go to the site www.irs.gov & click on the link called Free File. It is important that the user link through the IRS site as if they do it through another site they may be imposed a fee. This government action could prove to be a major blow to Intuit the maker of the largest selling tax preparation software package, Turbo Tax & their number one competitor, H&R Block. Intuit has removed all limits from its free filing program while Block is limiting it to those with adjusted gross incomes of less than $34,000. Two other income tax preparation software companies, eSmartTax & Tax ACT have also announced that electronic filing will be free to all. The offer of free filing does create some risk for the companies that are offering it. They are hoping to make money due to many of the filers being willing to pay for additional services such as state income tax returns & other income tax related products that will be for sale. State returns are not included in the free offers. Some of the tax preparing services will also try to sell refund anticipation loans that carry very high interest rates.

A new report based on a study conducted by the Better Business Bureau (BBB) & Javelin Strategy & Research has found that the Internet is not the main cause of identity (ID) theft fraud. The 2005 Identity Fraud Survey Report found that Internet-related fraud problems may actually be less severe, less costly & not as widespread as previously thought. The study was based on 4,000 recent telephone interviews with end users. The study also found that:

• The most frequently reported source of information used to commit ID fraud was a lost or stolen wallet or checkbook
• About half of all ID fraud is committed by a friend, family member, relative, neighbor or in-home employee—someone usually known very well by the victim
• A variety of standards confirm that ID fraud problems are not worsening, with the total number of victims in decline
• The annual dollar volume of identity fraud in 2004 was similar to 2003’s figure at about $53 billion

As more & more consumers are getting heavier we are seeing a proliferation of Internet sites that will aid those trying to shed that extra weight. As the demand for these types of sites many have seen an opportunity to charge a fee for use of the site. There are still some very good ones that are basically fee free. Some are significantly supported via advertising so the users will have to weed their way through a myriad of ads. The four sites listed below are considered to be among the best for dieters & are mainly fee free:

• www.intelihealth.com
• www.mayoclinic.com
• www.nhlbi.nih.gov/health
• www.obesity.org

• diet drugs
• experts to answer your diet questions
• food & activity diary
• information on the new food pyramid
• low fat menu planing
• news in the world of dieting
• support groups for dieters
• weight loss clinical trials
• weight loss surgery

Most dieters welcome any help that can get in their quest to lose weight & the Internet can provide that little extra bit of help.

Phishing—in which computer scammers lure users to fake Internet sites that appear to belong to trusted entities for the purpose of stealing their personal information—continues to grow. The fraudsters are getting better making it increasingly difficult to determine if the site is really valid. According to the anti-phishing working group the attacks have been increasing at an average monthly rate of about 38% for the last few months. Now an email security company—Mail Frontier—has created an Internet site that contains an educational test that provides parts of genuine & phishing emails & you must determine which is the fraud. The site can be found at survey.mailfrontier.com/survey/quiztest.html. The test consists of ten pages that you must identify as fraud or not. The companies represented in the test are:

• Amazon
• Bank of America
• Capital One
• Chase
• Earthlink
• eBay
• Microsoft Network
• Network Solutions
• Pay Pal
• Washington Mutual

The anti-phishing working group also has an Internet site that contains helpful information to fight the scam. It is felt that the best way to slow the onslaught of phishing attacks is through consumer awareness.

Some computer hackers have taken to stealing data by eavesdropping on telephone & email conversations. They have used this method to find the keys to seemingly impregnable networks, some security experts say. The danger of attacks of this type was illustrated recently with the arrest of a California man accused of breaking into mobile telephone network provider T-Mobile's database & reading emails & files of the US Secret Service. Another hacker used this method to breach a hospital's database & change mammogram results. The nature of threats to network security has changed as sophisticated hackers learned to tap into sensitive information flowing through telecommunications servers, especially those that provide wireless & Internet access. They will then assume the identity of the person whose id they have stolen & enter a network as a legitimate user. Even with the passwords & login ids available most hackers are mainly after personal information—names, social security numbers & birth dates. They then sell the information to those who end up performing ID theft.

Wireless networks are beginning to make life a lot easier for hackers who are looking to steal data. Wi-Fi networks are leaving computer users open to unprecedented levels of security breaches. Most wireless networks come with security features to prevent snoopers reading emails & other documents, but many people don't use them because they can be difficult to implement. Some users don't change default passwords set by manufacturers, which many hackers may already know. Company wireless networks may also not be any safer from hackers. A 2002 poll that showed about 70% of company networks weren't encrypted. Encryption is one of the best ways to defeat hackers who try to eavesdrop.

Most people are not aware that the standard DVD format is pretty far from high definition. It contains but 480 horizontal lines of resolution while HDTV is made up of 720 to 1,080 horizontal lines of resolution. If you are using the DVD player through a standard TV that resolution is fine as it matches the TV. Now that HDTV is becoming commonplace in the home you are losing a great deal of picture quality using a standard DVD player. A new class of DVD player is beginning to appear in stores that helps solve the 480-line problem. It is called a HD up converter & it will be selling for about $100 more than a standard progressive scan DVD player at this time. What an HD up converter does is changes the DVD video, digitally enlarging each movie frame to 720 or 1,080 lines of resolution from the standard 480 lines. It then sends the information, still in digital form, to the TV, which displays it as a high-definition signal. Until HD up converters arrived, most DVD players turned digital video to analog to send it to the TV (by composite, S-video or component jacks). The high-definition TV would have to change it back to digital data to fit the picture to its screen. Until we see true high definition DVDs this might be the best solution for showing current DVDs on a HDTV. Note that high definition DVDs should be for sale by the end of this year.

Internet phishing scams getting more devious as cyber criminals are devising new tricks to get people to reveal sensitive data

Internet phishing scams are becoming more difficult to detect as criminals develop new ways to trick consumers into revealing passwords, bank account numbers & other sensitive personal information. Scam artists posed as banks & other legitimate businesses in tens of thousands of phishing attacks last year, sending out millions of Spam emails with subject lines like account update needed that contained links to fraudulent Internet sites.

These attacks now increasingly use worms & spyware to divert people to fraudulent sites without their knowledge. Phishing attacks have reached at least 57million US adult Internet users & have compromised at least 122 well-known brands so far, according to several reliable estimates. At the end of 2004, nearly half of those attacks contained some sort of spyware or other malicious code.

One attack misdirects Internet users by modifying a little-known directory in Microsoft Windows machines called a host file. When an Internet user types an Internet address into a browser, they are directed instead to a fraudulent site.

Another more ambitious attack targets the domain name servers that act as virtual telephone books, matching domain names with numerical addresses given to each computer on the Internet. If one of those computers is compromised, Internet users who type in www.bankofamerica.com, for example, could be directed to a look-alike site run by identity thieves.

Domain name servers are thought to be a tougher nut to crack, but hackers can sometimes find a way in by posing as a company's tech-support department & asking new employees for their passwords. Domain-name hijacking is suspected in incidents involving Google, Amazon.com, eBay Germany & HSBC Bank of Brazil.

Even straightforward phishing attacks are getting more sophisticated. Spelling errors & mangled Internet addresses made early scams easy to spot, but scam artists now commonly include legitimate-looking links within their Internet addresses. People who click on links like www.citibank.com in these messages are directed to a fraudulent Internet address buried in the message's technical code.

MasterCard International has caught at least 10 phishing scams involving www.mastercard.com over the past few months. Consumers can protect themselves with software that screens out viruses, spyware & Spam. But online businesses will have to take steps as well, perhaps by issuing customers a physical token containing a changing password.

Philadelphia working on becoming the first major US city to offer wireless broadband access to all its residents at low cost

Within a year the 135-square-mile city of Philadelphia in the south eastern end of Pennsylvania should become one gigantic wireless hot spot, offering every neighborhood high-speed access to the Internet at below-market prices in what would be the largest experiment in municipal Internet service in the US.

City officials envision a seamless mesh of broadband signals that will enable the police to download mug shots as they race to crime scenes in their patrol cars. It will also allow truck drivers to maintain Internet access to inventories as they roam the city, & allow students & low-income residents get on the Internet.

Experts say the Philadelphia model, if successful, could provide the tipping point for a nationwide movement to make broadband affordable & accessible in every municipality. More than 50 local governments have already installed or are on the verge of creating municipal broadband systems for the public. But Philadelphia's plan has prompted a major debate over who should provide wireless Internet service, & whether government should compete with private industry, particularly in hard-to-reach rural areas or low-income urban communities.

Telecommunications & cable companies say that wireless municipal Internet networks will not only inhibit private enterprise, but also result in poor service & wasted tax dollars. They have mounted major lobbying campaigns in several states to restrict or prohibit municipalities from establishing their own networks whether wired or wireless.

The city of Philadelphia will recruit private companies to help operate the system. They hope to earn enough revenue from the fees to make the system self-sustaining. Although details of Philadelphia's plan are still being developed, the city expects to install 4,000 wireless antennas along lampposts across the city in the next 18 months, creating a network of broadband signals.

City officials also hope to extend service into homes & businesses in poor neighborhoods, using nonprofit organizations to provide low-cost equipment, training & service. There is already a nonprofit group in Philadelphia that provides refurbished computers to eligible residents for $125.

Most municipalities that run Internet systems are in small rural towns. They usually provide the service at below-market rates. Philadelphia is proposing to charge $15 to $25 a month for its broadband service. That is about half of what private servers now charge. They also plan to have an even lower rate for low-income users.

Philadelphia officials say that will try to raise corporate & foundation financing so the strapped city does not have to pay the estimated $10million startup costs.

A recent survey found that nearly 40% of residents did not have Internet service. But telecom industry officials say that virtually every neighborhood in the city is wired for broadband & that many people are just not choosing to buy it. Of course a large number of the non-subscribers may be a non-subscriber because of the fairly high cost of the service at this time.

Many other large cities as well as much of the telecom industry are closely watching the actions of the city of Philadelphia. The effort in Philadelphia is probably greater in scope that all the other municipal Internet service provider efforts in the US combined.

Standing in the wings is the system of providing broadband Internet access through AC power lines. That may very well prove to be the lest expensive way to provide broadband access to the masses. Many municipalities already own the power lines that provide the AC power to their residents.

Financial Organizations are testing higher levels of security for online transactions

Because of increasing Internet fraud some banks & brokerage firms are starting to issue a small new device to their customers. This device could help their customers prove their identities when they log on to online banking, brokerage & bill-payment programs.

The devices, which are hand-held & small enough to attach to a keychain, are expected to cost roughly $10 each. They display a six-digit number that changes once a minute: people seeking access to their accounts would type in that number as well as a user name & password.

The devices are freestanding; they do not plug into a computer. Industry insiders say that virtually every major bank is considering this device or something very similar to it. Although there are drawbacks in terms of cost & conveniences—as well as questions about what would happen if a customer lost the device or it were stolen—there is growing pressure from bank regulators to add safeguards of this type to online financial transactions.

In a report the Federal Deposit Insurance Corporation (FDIC), which insures bank deposits, said that existing authentication systems were not secure enough & that an extra layer of security should be added to the sign-in process. The financial service industry’s current reliance on passwords for remote access to banking applications offers an insufficient level of security, the FDIC’s report said.

Two-factor authentication, which typically includes a memorized password & a hardware security device, has the potential to eliminate, or significantly reduce, account hijacking that has the potential for costing their member banks a good deal of money. There are many ways to add the kind of security that the FDIC is seeking to have their member banks use.

The FDIC evaluated some possible alternatives including:

• smart cards, which are plastic cards with embedded microprocessor chips
• biometrics, which identify people by their fingerprints, voice or physical characteristics
• shared secrets, in which a customer is asked a question that, in theory, only he or she could answer

The system that has so far taken root in the market is the one that relies on these number-changing hardware tokens, which have the shape & feel of the plastic security devices that people click to unlock cars that have built-in security systems. Several large banks in Europe & Australia already issue these tokens to customers, sometimes making them bear the cost of the device.

Late last year America Online introduced a program, AOL Pass code, that lets subscribers buy the keychain device for $9.95 & use it for authentication purposes, at a subscriber fee of $1.95 to $4.95 a month, depending on the number of screen names linked to it.

Proponents of these devices are aware that they present other problems. Financial companies are concerned about making online banking less convenient & about adding fees for the hardware token.

Customers with accounts at several institutions may wind up with an unwieldy number of tokens or swamp call centers with questions about the new systems. Several non-US banks have made the tokens mandatory for online customers.

E-Trade, which is expected to be the first US financial institution to introduce the program for retail customers, will make it optional & charge for the device. E-Trade has been testing its program for several months, giving the devices free to 200 interested customers. So far, the tests have attracted customers with high incomes who conduct many transactions & tend to be knowledgeable about technology.

Based on the feedback from these customers there seems to be a wide acceptance of the system. One way or the other it looks like more security will be coming to any financial transaction that are conducted via the Internet in the near future.

Computing Tips

A lot of users of Microsoft Office are not aware that collaborating has been made very easy because of the ability to either edit or place comments in the document. The methods that we will now discuss apply to all late versions of Word, Excel & PowerPoint.

• Editing—allows you to make suggested changes to existing text. If you choose Tools | Track Changes then your changes will appear separately from the original text. The author of the document can accept or reject your changes when you send the document back.

• Comments—allow you to add text that does nothing but provide a comment for the author of the document. To add Comments to a document you go to Insert | Comments or look for the Comments icon on the Reviewing toolbar. It will add a comment at the current cursor / insertion point. Comments will appear as either balloons in the margin of a document or inline—you get to choose at Tools | Options | Track Changes.

• Implementation—If you get a document as an email attachment to review, you just open the attachment, make sure that Tools | Track Changes is on, then make your edits or comments. When you are finished just send the document back to the sender. The sender will open the document & it should detect that it’s a copy of an existing document. If it does then the original author will be offered to merge the new document with the one already on the sender’s computer. After merging you can then see the edits & comments that have come in. In recent versions of Word you can go to Tools | Options | Security & there’s an option to add a random number to improve merge accuracy. This helps Word identify a document to merge even when the file name has changed. Tip: it is often tempting to rename a document before sending it back to the author—resist that temptation. Renaming the document makes it more difficult for the software to automatically compare documents.

Crossword Puzzle

ACROSS 1. These chips have recenlty been cleared for use in humans 4. This Microsoft release closes 50 known holes in IE & XP DOWN 2. HDup can convert this device to an HDTV player 3. This agency recently dropped fees for electronic filing Instructions: Solve The Puzzle Call 1-800-555-8139 to enter your answers or Print your answer and fax it to 1-800-533-2329 or Complete the Web Edition Entry Form (left and below) Reminder: any answer may contain letters, numbers, or a combination thereof. The standard U.S. telephone keypad is the reference for number/letter combinations. (ex: Keypad #8=TUV) Your Name: Your Email:

Crossword Puzzle

Editor in Chief: Stan Marder smarder@iname.com
Editor & Webmaster: David Shanes
Online Editor: Stuart Smiler smiler@san.rr.com
Associate Editors: S Buffington, G Crofts, T Kreckman, M Marder, A Rozenberg, M Shanes
Copy Editor: Jefferson Swycaffer
Event Coordinator: Ed Mullins
External Distribution: Warren Miller, Telecompute Corp warren@telecompute.com

To subscribe or unsubscribe: mike@telecompute.com, FAX 800-533-2329, or Voice 800-242-5885.
Please provide which edition, San Diego/National, & if you desire delivery via email or fax. We also can send you email notification of our new issue being posted to our Internet site.

Copyright © 2004-2005, High-Tech Users News, 510 First Avenue #2203, San Diego, CA 92101-6765. All rights reserved
This publication may be copied & distributed but only in its entirety, without modification (including this masthead), & not for a fee. The respective companies own all trademarks