An Ordinary User’s Adventures In Linux
by Lawrence D'Oliveiro
I helped an elderly friend set up his new PC yesterday. His
previous machine, over a decade old, was running Windows XP. I had set
up an Ubuntu dual-boot a few years back, and he liked playing the games.
But then the Linux boot stopped working--there was a message to the
effect “hd0 out of disk”, which sounded like a GRUB problem (“hd0”
being a GRUB disk name, not a Linux disk name). I booted up
SystemRescueCD, and found that disk space was ample. I did an fsck on
the Linux volume, and found no filesystem problems. I ran a badblocks
scan, and it reported several bad sectors, though oddly they only seemed
to be in the Windows partition (if I interpreted the numbers
correctly).
Naturally I searched online, but the hits I found for that error
message didn’t seem very helpful. Reinstalling GRUB didn’t help, so I
concluded there were likely other hardware problems, so time for a new
machine.
He got an entry-level dual-core AMD box from PBTech--their own house
build, in a CoolerMaster case--for well under a grand. Nothing fancy,
but good enough for his needs--mainly Web browsing, e-mail, a little
bit of word processing, and those games.
The PBTech box came without an OS. He could have got Windows 10 for it,
but considering he would be facing a learning curve coming from XP
regardless, I suggested going 100% Linux for all his daily needs, to
see if that would work. He could always spend the $160-odd extra on
Windows later if need be.
So I set it up with Linux Mint, since that seems to be everybody’s
favourite :). He was already using Firefox on Windows, so moving all his
Web bookmarks across was easy. The Mint install put an icon for
Thunderbird on the desktop by default, so I decided to try that for
e-mail. Getting his address book across from Outlook Express was
fairly straightforward, once I figured out how to map the exported CSV
field names correctly. The mail messages were slightly more fiddly, but
I found this extension
<https://addons.mozilla.org/en-US/thunderbird/addon/importexporttools/>
which directly loads Microsoft’s .dbx files, and that seemed to work OK.
Then he wanted to play CDs. When we put in an audio CD, it came up with
options to run Banshee (media player) or Brasero (disc burner). The
Banshee media player wouldn’t play the CD directly, it insisted on
ripping it to the hard drive first. This was not really what he wanted.
I had a look round, and found KsCD, which will indeed play audio CDs
without trying to rip them to audio files first. As far as I know, this
is the only GUI Linux app that can do so.
So, day 1 ended on a reasonably successful note. He was already
noticing how much faster the new machine was. So we’ll see how it goes
from here...
2 years, 8 months
Firefox Zero-Day Can Be Used To Unmask Tor Browser Users
by Peter Reutemann
'A Firefox zero-day being used in the wild to target Tor users is
using code that is nearly identical to what the FBI used in 2013 to
unmask Tor-users. A Tor browser user notified the Tor mailing list of
the newly discovered exploit, posting the exploit code to the mailing
list via a Sigaint darknet email address. A short time later, Roger
Dingledine, co-founder of the Tor Project Team, confirmed that the
Firefox team had been notified, had "found the bug" and were "working
on a patch." On Monday, Mozilla released a security update to close
off a different critical vulnerability in Firefox. Dan Guido, CEO of
TrailofBits, noted on Twitter, that "it's a garden variety
use-after-free, not a heap overflow" and it's "not an advanced
exploit." He added that the vulnerability is also present on the Mac
OS, "but the exploit does not include support for targeting any
operating system but Windows." Security researcher Joshua Yabut told
Ars Technica that the exploit code is "100% effective for remote code
execution on Windows systems." "The shellcode used is almost exactly
the shellcode of the 2013 one," tweeted a security researcher going by
TheWack0lian. He added, "When I first noticed the old shellcode was so
similar, I had to double-check the dates to make sure I wasn't looking
at a 3-year-old post." He's referring to the 2013 payload used by the
FBI to deanonymize Tor-users visiting a child porn site. The attack
allowed the FBI to tag Tor browser users who believed they were
anonymous while visiting a "hidden" child porn site on Freedom
Hosting; the exploit code forced the browser to send information such
as MAC address, hostname and IP address to a third-party server with a
public IP address; the feds could use that data to obtain users'
identities via their ISPs.'
-- source: https://yro.slashdot.org/story/16/11/30/2156218
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
3 years, 6 months
More Than 1 Million Android Devices Rooted By Gooligan Malware
by Peter Reutemann
'A new version of an existing piece of malware has emerged in some
third-party Android app stores and researchers say it has infected
more than a million devices around the world, giving the attackers
full access to victims' Google accounts in the process. The malware
campaign, known as Gooligan, is a variant of older malware called
Ghost Push that has been found in many malicious apps. Researchers at
Check Point recently discovered several dozen apps, mainly in
third-party app stores, that contain the malware, which is designed to
download and install other apps and generate income for the attackers
through click fraud. The malware uses phantom clicks on ads to
generate revenue for the attackers through pay-per-install schemes,
but that's not the main concern for victims. The Gooligan malware also
employs exploits that take advantage of several known vulnerabilities
in older versions of Android, including Kit Kat and Lollipop to
install a rootlet that is capable of stealing users' Google
credentials.Although the malware has full remote access to infected
devices, it doesn't appear to be stealing user data, but rather is
content to go the click-fraud route. Most users are being infected
through the installation of apps that appear to be legitimate but
contain the Gooligan code, a familiar infection routine for mobile
devices.'
-- source: https://tech.slashdot.org/story/16/11/30/1720202
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
3 years, 6 months
expanding Europe's Linux Presentation Day to New Zealand
by Hauke Laging
Hello,
in May 2015 Berlin's Linux user group (BeLUG) has started a new type of event
which has spread quickly all over Europe: the Linux Presentation Day (LPD)
2015.1: Berlin only
2015.2: 72 cities in three countries
2016.1: 110 cities in 10 countries
2016.2: 150+ cities in 14 countries (on October, 22nd)
I contact you because we intend to expand the LPD beyond Europe next year.
The aim of the LPD towards the general public is to provide biannual and
comprehensive information events about Linux for private users who would like
to get a first impression of Linux.
The aim towards the media is to make the event so big (both nationally and
internationally) that the nationwide non-IT media cover it regularly.
The aim towards the Linux community is that an LPD event can be so small and
easy to organize (even without costs) that really everyone can try to organize
an event with good chances of success. The local organizers decide on their
own what their event shall be like; we just make suggestions and offer
support.
You can find a longer description of the concept here:
http://www.linux-presentation-day.org/idea/
Are you as an organization interested in participating in the LPD? If not: Are
any of your members interested in helping us bring the LPD to New Zealand?
This event is very useful for finding new LUG members.
Best regards,
(Mr.) Hauke Laging
--
http://www.linux-presentation-day.org/
International phone contact for the Linux Presentation Day:
tel:+49-30-55579620 (13:00–23:00, German and English)
XMPP (Chat with OTR): linux-presentation-day(a)jabber.ccc.de
OTR: 91626899 1C06F2BD 75EC2441 35C696CE 38F75997
3 years, 6 months
Westpac one and online banking
by Ron Dean
Apparently I was in error that Westpac would be closing its browser based
online banking. Its still available through a browser just not the original
Online banking.
Thanks for all your comments
--
Ron Dean
3 years, 6 months
Jolla's Sailfish OS Now Certified as Russian Government's First 'Android Alternative'
by Peter Reutemann
'The future for one of the few remaining alternative mobile OS
platforms, Jolla's Sailfish OS, looks to be taking clearer shape.
Today the Finnish company which develops and maintains the core code,
with the aim of licensing it to others, announced Sailfish has
achieved domestic certification in Russia for government and corporate
use. TechCrunch adds:
In recent years the Russian government has made moves to encourage the
development of alternatives to the duopoly of US-dominated smartphone
platforms, Android and Apple's iOS -- flagging Sailfish as one
possibility, along with Tizen. Although Sailfish looks to have won out
as the preferred Android alternative for Russia at this point. The
government has said it wants to radically reduce its reliance on
foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of
the market garnered by Android and iOS in 2015. Sailfish's local
certification in Russia also follows an announcement earlier this year
that a new Russian company, Open Mobile Platform (OMP), had licensed
the OS with the intention of developing a custom version of the
platform for use in the domestic market. So, in other words, a
Russian, strategic 'Android alternative' is currently being built on
Sailfish.'
-- source: https://yro.slashdot.org/story/16/11/29/208245
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
3 years, 6 months
Westpac insisting that Banking be done with Android or IOS
by Ron Dean
I always do my banking with a Linux Desktop and keep the system up to Date
and do it through a web browser.
It seems less secure with my android devices as they don't provide frequent
updates as Ubuntu does.
Should I change Banks?
--
Ron Dean
3 years, 6 months
