The evolution of the network protocol sniffer

Last month I caught this news item about Microsoft building in a new command-line feature that is commonly called a network protocol sniffer. It is now freely available in Windows 10 and the post documents how to use it. Let’s talk about the evolution of the sniffer and how we come to this present-day development.

If we turn back the clock to the middle 1980s, there was a company called Network General that made the first Sniffer Network Analyzer. The company was founded by Len Shustek and Harry Saal. It went through a series of corporate acquisitions, spin outs and now its IP is owned by NetScout Systems.

The Sniffer was the first machine you could put on a network and trace what packets were being transmitted. It was a custom-built luggable PC that was typical of the “portable” PCs of that era — it weighed about 30 pounds and had a tiny screen by today’s standards. It cost more than $10,000 to purchase, but then you needed to be trained how to use it. You would connect the Sniffer to your network, record the traffic into its hard drives, and then spend hours figuring out what was going on across your network. (Here is a typical information-dense display.) Decoding all the protocols and tracking down the individual endpoints and what they were doing was part art, part science, and a great deal of learning about the various different layers of the network and understanding how applications worked. Many times Sniffer analysts would find bugs in these applications, or in implementations of particular protocols, or fix thorny network configuration issues.

My first brush with the Sniffer was in 1988 when I was an editor at PC Week (now eWeek). Barry Gerber and I were working on one of the first “network topology shootouts” where we pit a network of PCs running on three different wiring schemes against each other. In addition to Ethernet there was also Token Ring (an IBM standard) and Arcnet. We took over one of the networked classrooms at UCLA during spring break and hooked everything up to a Novell network file server that ran the tests. We needed a Sniffer because we had to ensure that we were doing the tests properly and make sure it was a fair contest.

Ethernet ended up wining the shootout, but we did find implementation bugs in the Novell Token Ring drivers. Eventually Ethernet became ubiquitous and today you use it every time you bring up a Wifi connection on your laptop or phone.

Since the early Sniffer days, protocol analysis has moved into the open source realm and WireShark is now the standard application software tool used. It doesn’t require a great deal of training, although you still need to know your seven layer network protocol model. I have used Sniffers on several occasions doing product reviews, and one time helped to debug a particularly thorny network problem for an office of the American Red Cross. We tracked the problem to a faulty network card in one user’s PC which was just flaky enough to operate correctly most of the time.

Today, sniffers can be found in a number of hacking tools, as this article in ComputerWorld documents. And now inside of WIndows 10 itself. How about that?

I asked Saal what he thought about the Microsoft Windows sniffer feature. “It is now almost 35 years since its creation. Seeing that some similar functionality is now hard wired into the guts of Windows 10 is amusing. Microsoft makes a first class Windows GUI tool, NetMon, available for free and of course there is WireShark. Why Microsoft would invest design, programming and test resources into creating a text-based command line tool is beyond me. What unfilled need does it satisfy? Regardless, more is better, so I say good luck to Redmond and the future of Windows.”

Avast blog: Why is eBay port scanning my PC?

Every week brings more security news and this week is  about an interesting piece of Javascript that can run in your browser if you happen to use eBay under a particular set of circumstances. The code can scan your computer and send information back to a security vendor, which could be used to track your movements across the Internet.

You can read my column for the Avast blog where I explain what is port scanning, what information is being collected, why an eBay contractor is doing it — supposedly to reduce fraud — and how security researchers figured out what was going on.

A brief history of lightbulb manufacturing

Given that we are all at home, I was thinking the other day of some of my favorite museums that I have visited during better times. As long-time readers might remember, I am a big fan of the Henry Ford Museum outside of Detroit. I was reminded of all the treasures in their collection when the news broke this week that GE was finally selling off its light bulb division to  Savant, a smart home company. GE had this division for more than a century, and it had been losing money on it for several years.

The light bulb is an iconic product for the company that was founded by Thomas Edison. But the real innovation happened not when Edison came up with the initial invention, but about improvements to how they were made. Back in the 1880s, glassblowers were able to create a bulb every 30 seconds if they got good at doing them. Moving forward thirty years, engineers had developed machines that could produce perhaps ten or twenty bulbs a minute. But that wasn’t fast enough, particularly as electrification was growing quickly.

It took a master glassblower working with a mechanical engineer from Corning to come up with a truly novel idea. A heated ribbon of glass went through a machine that could stamp out hundreds of bulbs per minute. The resulting equipment literally replaced entire factories, and this is what is on display at the Ford Museum. (Parts of Edison’s Menlo Park lab are also on display there too.) Of course, this machine also put legions of glassblowers out of work.

A GE engineer would go on to invent the LED bulb in the 1960s, which was the eventual undoing of incandescent bulbs. Actually, there were LEDs before this time, but they only output infrared light. This invention figured out how to output visible light, and sixty years later we have LED bulbs that can output thousands of colors controlled from our smartphones, from Phillips and Savant, the company that acquired the GE lighting assets.

Check out some of these innovative LED designs that I came across online. And if you ever get the opportunity to visit the museum, you will find it a delight and well worth your time.

Avast blog: The latest security trends from Verizon’s annual breach report

Today Verizon published the latest 2020 Data Breach Investigations Report (DBIR). What sets the DBIR apart is that it combines breach data from multiple sources using the common industry collection, VERIS, a third-party repository where threat data is uploaded and made anonymous. This gives the report a solid authoritative voice, which is one reason why it’s frequently quoted by the security community. Report citations also come from vendor telemetry sources, so it is also a bit self-referential.

I look at overall SMB and ransomware trends, along with the declining popularity of malware in favor of more web app exploits. You can read more about these trends in my blog for Avast.

RSA blog: Do you know where your firewalls are located?

When I was growing up, the evening news  would start with the tag line, “It’s ten o’clock, do you know where you children are?” I know, it seems quaint now, especially since many of us haven’t left home in weeks. The modern equivalent might be, “It’s whatever o’clock. Do your know where your enterprise’s firewalls are?”

This is not a rhetorical question. Answering it will give you some insight into how your network infrastructure is governed (or not, as the case might be), and what actionable steps to take to fix it. I wrote in a recent blog post that as more of us work from home (WFH), we must go back to basics. One of those basics is understanding our network topology and where the firewalls are located.

In my latest column for RSA’s blog, I discuss this issue and how it can be very timely to know this information. webinar: Managing third-party risk in uncertain times

The world of risk management is undergoing some important changes. Security has become everyone’s concern and is not just the province of the IT department any longer. As our businesses become more dependent upon digital technologies, they become bigger targets for attackers to invade our networks and our endpoints. Understanding where our weakest links are located and how to remove them will become essential to ensure the future health and cybersecurity of our enterprises.

The world of risk management is undergoing big changes, some due to uncertain times with the COVID-19 pandemic. In this webinar done on behalf of Security Scorecard for, I explore some of these best practices to assess these risks.

You can sign up to view the webinar here.

Family tech support questionnaire

As we become more reliant on technology to support our sheltering-in-place, we realize that many older folks are not quite digital natives and don’t feel comfortable with the now-common computing tasks that many of us have jumped on to handle our lives. And that means that more and more of us have become forced into the de-facto family tech support role. As someone in my generation (60-something) who has been a tech family support nerd for more than half of my life, I wonder how many of you are experiencing this situation?

Supporting our non-tech savvy relatives has gotten harder because now so many of us depend on tech to get through the day. The stakes are higher, and the lack of digital literacy can have much higher consequences these days. So to help you out, let’s start by taking stock of the dimensions of digital literacy that you might encounter.

Herewith is a simple questionnaire to give you some idea of how this will all play out in the time of the lockdown.

  1. Can your family members receive and read an email attachment? This is a basic requirement for many online activities, such as reading recipes and receipts from online orders, obtaining documents and other items. While you may be adept at email, your older generation might have difficulty.
  2. How often does your family member check their email? Many of our family members haven’t developed a regular email habit. This could be generational: older folks never learned touch typing and young ‘uns prefer texting. Without regular email scans, these folks can miss important notifications generated by their other online activities too.
  3. Do you and your spouse share a common email or Facebook account? Many elderly folks like to share accounts, but then who does what and when? If they don’t have a regular email habit, this makes the medium much less effective.
  4. Email isn’t the only connecting tech we all use these days. Does your family member use any common messaging app such as texting, Slack, Facebook Messenger, or WhatsApp? This can be a great way to stay in touch with multiple generations if you can agree on a single family platform. I have seen families that can’t find common ground, which makes communication difficult.
  5. Does your family member own a smartphone and can they install a new app on it? Many elderly have older-model “dumb” phones that date from the last century and don’t do anything other than make and receive phone calls. That can limit their effectiveness. If your elderly member has a more modern phone but still  can’t install or configure apps, you’ll have to assign someone for that support role who is located nearby.
  6. Have your family members used Uber or equivalent ride-sharing services? One of the first uses for a smartphone is with mobility: having a ride-sharing service is especially important for those that can’t drive or who don’t have cars. I know plenty of elderly who love their Ubers just as much as millennials. But usually someone has to show them the ropes.
  7. Have your family members done any restaurant curbside pickup or meal delivery? Many restaurants are asking customers to order online or via their smartphone apps. Being able to do this in these lockdown times is a way to help bring a little variety into someone’s life, as long as the family health protocols allow for meal deliveries.
  8. Have you ever read any Twitter posts? Uploaded any Snapchats and Pinterest photos? Often the grandchildren pix are the first mission-critical app for my generation and the learning curve to figure out these social network services can be frustrating.
  9. As we stay at home more, the center of entertainment is the TV, and today’s TVs are really computers in disguise. Does your family member watch any streaming service on their TV, such as Netflix, Hulu, YouTube TV, etc.?  Do they know how to set it up? If not, you will have to support that activity. My own smart TV sometimes loses its network connection, and a hard power cycle is the easiest way to fix that. Something is wrong with that.
  10. Let’s talk about paying for various things online. For many elders, cash is still king. I recall how my dad would never leave the house without hundreds of dollars in his pocket. But these days, cash is often not accepted for fear of viral contact. So seeking non-cash methods is important. One of the first things one of my family members did was get help to set up her online bill paying. She liked it and was happy to be rid of the chores of finding stamps and printed checks. Your family members may not be interested in this process, or they may want to dive in further and use contactless payment cards and online payment processors such as PayPal and Venmo to make it easier to move their funds around and send birthday gifts to the grandkids.
  11. The next step is buying all sorts of things online, including groceries and medicines. You might have a lot of support work needed to help your family member figure out where to do their shopping and how to navigate the piss-poor user interfaces of Instacart and others that are barely functioning right now.
  12. The elderly are big library patrons and these days libraries have moved to their digital efforts. Can your family members check out an ebook from their local library, or purchase an ebook for their Kindle? Many elderly would still prefer printed books and newspapers, but can they order them online from their local booksellers?
  13. One of the more popular apps to virtually meet is Zoom, and it is certainly a lot easier to join in a Zoom than some of its competitors. But how about if grandma wants to run her own book club virtually on Zoom? She might need some help getting it all setup.

As you can see, there is a lot of technology to master and manage. Being the family IT support person has gotten a lot more complicated. And as we depend on tech to get us through these times, it can be frustrating for all of us to solve the issues. Just take a step back, see how much tech we have acquired over the years, and take a deep breath.

FIR B2B Podcast #137: Invoca CMO Dee Anna McPherson on Building Strong Customer Advocacy Programs

We talk today with Dee Anna McPherson, the CMO at Invoca, an AI call tracking and conversational analytics vendor. That is a mouthful and one of the things she is doing is trying to define and own a new product category. That could be a daunting prospect, except she has done this before when she worked at Yammer (before they were engulfed by Microsoft) and then at Hootsuite. When Yammer began, no one had heard about microblogging, as it was called then. McPherson managed to define “enterprise social networking” as Yammer’s category and the company was off to the races from there. With working from home now the norm, that kind of technology has become the de factor standard for communications among remote team members.

Paul wrote about Invoca last year for Silicon Angle on how they use machine learning to transcribe and classify calls.

McPherson tell us about the importance of customer communication in building strong customer advocacy programs. You need to figure out a way to tell their stories without using the words “customer case study” or “reference account.” Customers really do want to help as long as they aren’t seen as shilling, she believes.  This is a topic we’ve touched on before, such as FIR B2B #118’s discussion about how customers should be your best advocates as well as Paul’s written work on social media marketing. We close out the podcast talking about how things have changed for marketers in the pandemic, how customer supply chains are evolving and how marketers can benefit from this transition.

Listen to our podcast here:

Tracking your browsing using HTML canvas fingerprinting

Every time you fire up your web browser your movements and browser history are being leaked to various websites. No, I am not talking about cookies, but about a technology that you may not have heard much about. It is called canvas fingerprinting.

In this post, I will tell you what it does and how you can try to stop it from happening. Beware that the journey to do this isn’t easy.

The concept refers to coordinating a series of tracking techniques to identify a visitor using what browser, IP address, computer processor and operating system and other details. Canvas is based on the HTML 5 programming interface that is used to draw graphics and other animations using JavaScript. It is a very rich and detailed interface and to give you an idea of the data that the browser collects without your knowledge, take a look at the screenshot below. It shows my computer running Chrome on a Mac OS v.10.13 using Intel hardware. This is just the tip of a large iceberg of other data that can be found quite easily by any web server. 

HTML Canvas has been around for several years, and website builders are getting savvy about how to use it to detect who you are. In the early days of the web, tracking cookies were used to figure out if you had previously visited a particular website. They were small text files that were written to your hard drive. But canvas fingerprinting is more insidious because there is no tracking information that is left behind on your computer: everything is stored in the cloud. What is worse is that your fingerprint can be shared across a variety of other websites without your knowledge. And it is very hard once to eliminate this information, once you start using your browser and spreading yourself around the Internet. Even if you bring up a private or incognito browsing session, you still are dribbling out this kind of data. 

How big an issue is canvas fingerprinting?  In a study done by Ghostery after the 2018 midterm elections, they found trackers on 87% on a large sample of candidate websites. There were 9% of sites having more than 11 different trackers present. Google and Facebook trackers appeared on more than half of the websites and Twitter-based trackers appeared on a third of the candidate webpages.

So what can you do to fight this? You have several options

  1. Make modifications to your browser settings to make yourself more private. The problem with this is that the mods are numerous and keeping track of them is onerous.This post gives you a bunch of FIrefox suggestions.
  2. Use a different browser that gives you more control over your privacy, such as Brave, or even Tor. In that linked post I mention the usability tradeoffs of using a different browser and you will have to expend some effort to tune it to your particular needs. I tolerated Brave for about two days before I went back to using Chrome. It just broke too many things to be useful.
  3. Install a browser extension or additional software, such as PrivacyBadger, Ghostery or Avast’s AntiTrack. I have already written about the first two in a previous post. AntiTrack is a stand-alone $50 per year Windows or MacOS app that works with your browser and hides your digital fingerprint  — including tracking clues from your browser canvas — without breaking too much functionality or having to tweak the browser settings. I just started using it (Avast is a client) and am still taking notes about its use. 
  4. Only run your browser in a virtual machine. This is cumbersome at best, and almost unusable for ordinary humans. Still, it can be a good solution for some circumstances.
  5. Adopt a more cautious browsing lifestyle. This might be the best middle ground between absolute lockdown and burying your head in the sand. Here are a few suggestions:
  • First, see what your HTML Canvas reveals about your configuration so you can get a better understanding of what data is collected about you. There are a number of tools that can be used to analyze your fingerprint, including:

    Each of these tools collects a slightly different boatload of data, and you can easily spend several hours learning more about what web servers can find out about you. 

  • Next, assume that every website that you interact with will use a variety of tracking and fingerprinting technologies
  • Always use a VPN. While a VPN won’t stop websites from fingerprinting your canvas, at least your IP address and geolocation will be hidden.
  • Finally, limit your web browsing on your mobile devices if at all possible. Your mobile is a treasure trove of all sorts of information about you, and even if you are using any of the more private browsers you still can leak this to third parties.


Figuring out data transparency

Those of us of a certain age might recall when Barbie could utter the phrase “Math class is tough.” A good example of this is how to figure out the data transparency in the time of the Covid.

One of my go-to sites is the Covid Tracking Project, which is a group of computer scientists that daily scrape and interpret the thousands of county health stats for testing and infection data. You might have noticed that for each state’s data summary they issue a letter grade for transparency. How they arrive at that grade is instructive, and we should all take a moment to understand the calculations. Even if our business isn’t involved in public health, it can help inform and improve our own transparency efforts.

Just look at some of the recent transparency disasters from last summer, when Facebook and Equifax couldn’t be trusted with showing the truth behind their numbers. We want to be more transparent, because that means we have the ability to create trust with our customers and partners. So let’s look at how the Covid Tracking Project assigns these grades to each state and US territory.

Their transparency grade uses16 different metrics. These include factors such as: is the state’s official health website the best data source and consistently updated? Does the state report patient outcomes, such as how many patients are on ventilators? Does the state break down the demographics into ethnicities, race and pre-existing ill patients? How about total hospital capacity for the state? For each metric, the data quality can vary and the details matter. For example: some states just report positive tests and deaths. For some states, you have no way of knowing how many negative tests were obtained, or how many of those who tested positive then went on to consume an ICU or ER bed or other hospital resources.

The transparency grades are calculated each day: I have noticed that the grade for my state, Missouri, has varied from A to C. Today Nevada, Nebraska and Puerto Rico all have failing grades.

But wait, there is more. The project team also has a Slack channel and a GitHub public project where you can dive deeper into what is going on here. The former is used to address reporter’s questions and the latter is used to call out support or bug issues. The team also has taken pains to explain exactly what they are counting — for example, they look at where people are being tested, which is not necessarily where people first became ill. Every state reports these numbers somewhat differently: some use online dashboards or hyperlinked data tables, while others announce their stats at daily press conferences or via social media posts. The team has taken pains to double-check everything and annotate where things are ambiguous or unclear.

I should mention that the project relies on dozens of volunteers too: so managing all this collaboration is key. Clearly, there is a lot we all can learn from their excellent transparency efforts.