The Secure Connection Trap: Why Emailing Your Credit Card Number is Never Safe

“We’ll err on the side of caution and suggest that you never trust email with confidential information.”

A surefire way to make tech-savvy people shudder is to email them your credit card number to pay a bill.

It’s not that they don’t appreciate the transfer of funds to their account, but they understand that with email, you’re not just sending it to them. Any number of people in between (or computers, called “bots” in this context) can intercept, read, store, and potentially use that data.

When you send an email directly to a person, it’s not going directly to them.

We tend to think in terms of “sender” and “recipient” but forget to consider all the points in between. When you send an email, it has to go from your computer to your Internet Service Provider, and then from there, it is passed through possibly several other servers before it reaches the sending server. Once at the sending server, it is passed through the world wide web until it arrives at the recipient’s computer. Because it happens so quickly, we’re tempted to think it’s a direct connection, but let’s think about the origins of the term “world wide web” for a moment and consider what that might look like visually: many thousands of computers all connected together, passing data amongst each other. When you send an email, it is passed through many systems before it reaches the recipient.

Email is not encrypted.

Here’s the trap: when you login to your email, be it through an installed application or webmail service (Gmail for example), you’ll likely see that they are “secure.” Email applications typically require encrypted authentication, and webmail services are actually secure sites themselves, much like online banking.

Email is transmitted in plain text, and can be read, analyzed and stored by any one of the computers it touches along the way.

With your email application, encryption happens during authentication. This means your username and password are encrypted (generally not readable by the systems it passes through), but the email itself is not (because email is not encrypted).

When you login to a webmail service, you may see the “secure connection” notifier–usually a little “lock” icon in your address bar–which may present the illusion that your email itself is secure, but it is not. Only the current browser session is secure. Your username and password are encrypted, and the data being shown on your screen is also encrypted for that session (the connection between the receiving server and your computer). However, all that email in your inbox had to be delivered to your service provider, meaning it went from the sender out to the world wide web in plain text through many computers before reaching your inbox. Similarly any email you send through that service leaves the secure session through email and enters the world wide web to be delivered to the recipient. Since your connection to the service itself is encrypted, what you see on the screen cannot be read directly by someone intercepting the data, however as soon as you hit “send,” it’s anyone’s guess how many people could potentially see it as it shoots out over the web in its unencrypted form.

Regardless of your trust for the recipient, there is no way to know whose servers the email is passing through, nor whether you can trust them. We’ll err on the side of caution and suggest that you never trust email with confidential information.

It’s not necessarily the service providers.

We like to believe service providers are honest and not skimming through emails to find people’s credit card numbers, and hopefully the bulk majority are. But the compromise doesn’t need to come from the provider themselves.

Viruses on infected servers could be monitoring email traffic passing through the server, software tools can be used by “hackers” to sniff unencrypted data as it passes through the coffee shop wifi, and shady “companies” have even been known to setup servers on the web specifically to collect this type of data as it passes through, which they may either use or sell.

The safe alternatives…

I can’t speak for all companies, but I would expect most connected companies offer some way to pay a bill electronically in a safe fashion.

Picking up the phone and calling in your card number is much safer than email, because it is a much more “direct” connection to the recipient.

For our customers, we offer a secure payment gateway at secure.positiveesolutions.com — this can be accessed via the “Pay Online” button on our web site. It is secure, encrypted, and no confidential data is transmitted or stored in an unencrypted form.

Regardless of the how or why, the simple fact remains: email is not secure.

Write your credit card number on a piece of paper and pass it around a full room of strangers. Surely, you would never do such a thing. That’s essentially what you do when you type it into an email and press “send.”

Be educated, be safe.

-Robbie

Convert video to several JPG images on Linux without ffmpeg.

I admit… I do love PHP in the command line. Does that make me a bad person? ūüėČ

Here’s a tiny little script that I wrote to create many JPG screenshots of a video file. I use this each week to create a bunch of stills from our broadcast so I can use them as thumbnails and so-on. I didn’t want it to depend on ffmpeg since I don’t have that on any of my modern systems.

It requires just three packages: mplayer mediainfo php-5

Save it as whatever.php and run it like this: php whatever.php file.wmv

It will create a folder called file-Screenshots/ and will save one picture per 10 seconds for any video source. Just change “file.wmv” to the name of your video. Include the path if it’s not in the current folder.

Hope it helps you out.

-Robbie

Clean Fullscreen Live HDMI from a Nikon D5100

Please Note: A full video tutorial on how to do this will be presented on an upcoming episode of Category5 Technology TV.

Boxing week saw some great sales, but also, a lot of liquidation of refurb stock. For example, Henry’s had Nikon D5100 cameras with the 18-55mm kit lens on for just $350. You can probably¬†find a similar¬†deal on a used Nikon D5100 at B&H, but also keep in mind that this is a previous-generation DSLR (replaced with the D5200) so you should be able to find it pretty cheap. Please also try our Amazon links at¬†http://shop.category5.tv/?product=nikon-d5100-dslr-camera-with-720p1080i-clean-hdmi-output¬†since purchasing through them helps support the show, or of course, check B&H for used stock too:¬†http://www.bhphotovideo.com/c/buy/0/Ntt/Nikon+D5100+Digital+SLR+Camera+With+18-55mm/usedSearch/1

So, what can this bad-boy do, beyond reasonably decent photography and better-than-entry-level 1080p recorded video? Why, HD clean video over HDMI … with a little know-how.

Tonight is our first test: to see if the D5100 could be used as an A camera for Category5 Technology TV while we continue to save up for the 4K option (which we just can’t afford yet).

Our AC adapter (a clever “battery pack” power unit) arrived today, and so I’m finally able to test if 1 hour of live video is possible… since the batteries it relies on typically only last about 30 minutes when rolling video.

40 minutes in, and the hacked camera continues to feed brilliant, crystal clear video to my TV. I’m running it at 720p since that’s the resolution of the show, but the live view will do up to 1080i.

The color saturation is incredible. Really, really impressive. My maroon shirt look exactly the same on screen as it does when I look at my arm.

So far, it’s looking good. I think we’re going to hit that 1 hour mark. If we do, this is revolutionary. A very affordable stop-gap solution… maybe not even that, since it really does look great. Consumer 1080p cameras have nothing on the D5100 as far as video goes.

The biggest failing of the DSLR form factor is its auto-focus. Fine for shooting nature shots, but useless for video. So if all goes well with this test, the next step will be to find a reasonably priced follow focus rig.

My goal is to be able to secure all we need to put together a decent camera rig and have spent only about $1,000… the cost of an entry level prosumer camcorder. This way, we’ll have the follow focus rig already on hand, and when the money is in the bank to buy a 4K DSLR, we will only have to sub out the D5100, which will make a great stills camera at that point, or could be used for B-Roll.

45 minutes in now… fingers crossed :)

Update: an hour has passed (now about 1 hour 15 minutes) and still running flawlessly. This means we will begin testing the camera on-air, and then will offer a full tutorial on how to hack and use a Nikon D5100 as a live camera source on Telestream Wirecast.

Hacked Nikon D5100 Clean Fullscreen Live View over HDMI

That’s the DSLR sitting on the shelf next to the TV.

Automated cache-buster on images in PHP

I have a particular site I manage where one particular image (a grid of sponsors) gets updated quite regularly.

Rather than edit my source code each time I upload a new image, I thought I’d let PHP do the work for me.

Now, every time I upload a new image, replacing silver.jpg, it will automatically update the image in the users’ cache.

Just a silly little time saver.

Note: I wouldn’t do this on every image on a site since it means an extra hit to the filesystem. That could mean a performance drop if a site is checking the filemtime of 100 images. In my case, it’s just a single image, so it’s okay.

Unify Theme ERROR! on CAPTCHA form.

For the life of me, I couldn’t figure out why the Sky Forms CAPTCHA was showing ERROR! on my Unify Theme Bootstrap 3 development.

Turns out this was just a rookie mistake… I wasn’t looking closely enough at the “how it works” and I was missing some code from the¬†demo-contacts.php sample file that was crucial to the operation of the CAPTCHA. This code generates the CAPTCHA itself and stores it in SESSION data. Since it was missing, the CAPTCHA system’s image.php¬†was turning out an ERROR!

That $_SESSION[‘captcha_id’] is what the image.php file is looking for. If it doesn’t find it, ERROR!

Refresh, and we’re good to go!

-Robbie

How I plan to bring Internet service to Studio D

Qapla’!

On Tuesday, we were able to successfully broadcast a live show from Studio D via LTE Cellular Internet service! Episode 367 went out in 240p, which is gross, but it worked.

Please visit http://cat5.tv/c to contribute.

Why are we using LTE? Simple: there are no consumer-style (eg., Cable) Internet services in reach of Studio D. We are located in an industrial area where you either settle for DSL, or pay for Fibre.

Through our MiFi 2 we were able to get 8 Mb/sec up and about 25 Mb/sec down using LTE Cellular Internet service. It’s fast, but it’s expensive.

My ISP offers the ability to see your bandwidth usage and price, and so I already know the¬†cost to broadcast that one episode live, in extremely low quality (240p), with no Roku feed and no audio feed, is $25. That’s a little more than $100 per month just to be able to send a crummy quality feed.

It’s good enough for the moment, but we can’t keep that up, nor do I want to sacrifice quality or the ability to watch on Roku or listen via the MP3 feed.

Fibre Internet is available at our location for $740 per month plus installation. That is obviously out of the question.

Wireless Internet is available at our location for $780 per month. Wow… we’d go with Fibre if we had that kind of money to toss around.

So I feel that the best option right now is to look at extending our home Internet (around $150 per month with unlimited bandwidth) to the studio, and we can do that using Ubiquiti Wireless Devices

First of all, in order to extend the Internet service wirelessly using Ubiquiti devices, we need to know if we have line of sight.

There¬†is a really cool tool online for finding out if you have line-of-sight between two or more locations. You can see the tool [here]. According to its output, we’re looking¬†pretty good. We may have to put a small tower on the roof of the studio (represented on the right side of this topography diagram), but all in all, it looks possible.

Using LTE, our cost would break down as follows:
YouTube Feed in 480p: $50 per episode, $200 per month
Roku Feed in 480p: $50 per episode, $200 per month
MP3 Feed in 96kbps: Negligible
Cost per month: $400
Cost per year: $4,800 for 8 Mb/sec up, 25 Mb/sec down

Using Ubiquiti Wireless Devices our up front cost would be:
2x Ubiquiti Rocket AC Lite Transmitter/Receiver Units: $300
2x Ubiquiti Rocket Dish Antennas: $400 (Remember, I’m paying CAD)
2x Mounting Kit, Needed Wires: $200
Total Up Front: $900 + tax ($1,017)

Then, our service fees would be:
Internet Connection, Unlimited Bandwidth: $150 per month, $1,800 per year for 450 Mb/sec direct wireless connection to our home Internet, which is 20 Mb/sec up, 200 Mb/sec down.

Total for first year: $2,817
Total for subsequent years: $1,800

Thank you for your supportAs you can see, sharing our home Internet just makes more sense. It is much faster, and much cheaper, even with the initial expense of hardware. This also carries additional benefits, such as being able to backup to our home server via a wireless LAN connection.

So the inevitable question is to our community. Can you help with this expense?

Initially, we just have to get the hardware. I will install it myself (and show you the process step-by-step).

I know we also need a camera, and we’re still a ways off from that, but at the moment, this is pressing, as you can see from the numbers above.

If you can support this project, please donate at http://cat5.tv/c or send a cheque made out to me (Robbie Ferguson) with the memo “Studio D Internet” to PO Box 29009, Barrie, Ontario, Canada L4N 7W7.

THANK YOU for your support! Here’s to establishing a great, solid Internet connection at Studio D.

-Robbie

Windows 10 First Impressions – A Scrolling Start Menu?!

Well, Microsoft has decided to skip Windows 9 altogether and jump to Windows 10. Could it be that they are so ashamed of Windows 8 that they wanted to separate themselves from it? Is it that they think they’ve finally got a “perfect 10″?

I installed the preview and must say, it feels a lot more like the old desktop paradigm, but the start menu is still garbage. At least in the first preview.

Windows 10 Start Menu

Seriously?

Yeah… let’s look a little closer…

Windows 10 Start Menu - Closeup

Yep: I’ve got a single line where each “app” appears, and an up/down button to allow me to flip through them.

I’m guessing this is a glitch, or a bug, or an oversight, but you’d think they would have gotten the one selling point right. I mean, anyone who hates Windows 8 for the “start screen” is testing Windows 10 specifically to see if Microsoft got it right.

They didn’t.

Not even close.

But hey, Goldwave installed and runs well! ¬†Good thing it adds an icon to the desktop since I don’t want to have to scroll down to “G” one line at a time, let alone a program starting with X, Y or Z.

-Robbie

Studio D: Day 33

Day 33 was exciting! While Hillary recorded Tuesday’s show, I worked hard to pack up all the gear. Yes, this meant her poor microphone got disconnected and I heard non-stop complaints in the chat room about the on-board camera audio for Episode 366, but hey… it had to be done.

The moment Hillary signed off, I tore apart the studio desk, and we moved everything over to Studio D.

Tali tagged along to help with the video portion, and while it’s a bit “herky jerky”, I enjoyed giving her the chance to learn how to use a video camera… one day she’ll be part of the Category5 on-air crew, so it’s a good experience for her. And some of her commentary really made me laugh. And some of her commentary really impressed me. It struck me as I listened back to the recording that she’d actually been absorbing the things I’d taught her through this process. That really impressed me.

So, enjoy the video! More to come as we setup the room, and inevitably paint before our first live show in Studio D on September 30th.

Thanks for all your love and support!

-Robbie

Studio D: Day 26

Wahoo! I did my first “real” drywalling! I mean, I¬†cut the drywall… I didn’t even have Christa cut it for me. ¬†Haha!

That’s right, I got some scrap pieces of drywall and built the window sills. They may not be lovely pine or oak sills, but they were free! ¬†The Landlord will like that.

I think I did an okay job, to be honest. We’ll see how they look once the adhesive dries, and then [gasp] I will have to mud it.

Sasha stopped in to see how things are shaping up, and my daughter Tali looked in the brush for frogs. I think because we found one a while back, she expects she’ll find one every time she visits Studio D. I hate to see her disappointed, so I might have to buy a few frogs and hide them like Easter eggs – haha!

Here’s the video from Day 26:

-Robbie