wlug November 2017

wlug@list.waikato.ac.nz

14 participants
73 discussions

by Lawrence D'Oliveiro

"The laws of Australia prevail in Australia, I can assure you of that," [Malcolm Turnbull] said on Friday. "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." <https://www.techdirt.com/articles/20170714/10385237789/aussie-prime-ministe…>

2 years, 9 months

Munich Council: To Hell With Linux, We're Going Full Windows in 2020

by Peter Reutemann

'The German city of Munich, which received much popularity back in the day when it first ditched Microsoft's services in favor of open-source software, has now agreed to stop using Linux and switch back to Windows. If the decision is ratified by the full council in two weeks, Windows 10 will start rolling out across the city in 2020. From a report: A coalition of Social Democrats and Conservatives on the committee voted for the Windows migration last week, Social Democrat councillor Anne Hubner told The Register. Munich rose to fame in the open-source world for deciding to use Linux and LibreOffice to make the city independent from the claws of Microsoft. But the plan was never fully realised -- mail servers, for instance, eventually wound up migrating to Microsoft Exchange -- and in February the city council formally voted to end Linux migration and go back to Microsoft. Hubner said the city has struggled with LiMux adoption. "Users were unhappy and software essential for the public sector is mostly only available for Windows," she said. She estimated about half of the 800 or so total programs needed don't run on Linux and "many others need a lot of effort and workarounds." Hubner added, "in the past 15 years, much of our efforts were put into becoming independent from Microsoft," including spending "a lot of money looking for workarounds" but "those efforts eventually failed." A full council vote on Windows 10 2020 migration is set for November 23, Hubner said. However, the Social Democrats and Conservatives have a majority in the council, and the outcome is expected to be the same as in committee.' -- source: https://news.slashdot.org/story/17/11/13/1714220 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

All 500 of the World's Top 500 Supercomputers Are Running Linux

by Peter Reutemann

'Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list. Today, it finally happened: All 500 of the world's fastest supercomputers are running Linux. The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the November 2017 TOP500 Supercomputer list. When the first TOP500 supercomputer list was compiled in June 1993, Linux was barely more than a toy. It hadn't even adopted Tux as its mascot yet. It didn't take long for Linux to start its march on supercomputing. >From when it first appeared on the TOP500 in 1998, Linux was on its way to the top. Before Linux took the lead, Unix was supercomputing's top operating system. Since 2003, the TOP500 was on its way to Linux domination. By 2004, Linux had taken the lead for good. This happened for two reasons: First, since most of the world's top supercomputers are research machines built for specialized tasks, each machine is a standalone project with unique characteristics and optimization requirements. To save costs, no one wants to develop a custom operating system for each of these systems. With Linux, however, research teams can easily modify and optimize Linux's open-source code to their one-off designs. The semiannual TOP500 Supercomputer List was released yesterday. It also shows that China now claims 202 systems within the TOP500, while the United States claims 143 systems.' -- source: https://linux.slashdot.org/story/17/11/14/2223227 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

MacOS High Sierra Bug Allows Login As Root With No Password

by Peter Reutemann

'A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."' -- source: https://it.slashdot.org/story/17/11/28/2135236 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

by Peter Reutemann

'A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine. "Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed." They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."' -- source: https://it.slashdot.org/story/17/11/11/237236 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

Net Un-Neutrality ... For Real

by Lawrence D'Oliveiro

Some of those who have been following the net neutrality debate may remember a spoof poster that showed what might happen if ISPs were allowed to charge you differently, based on which sites you were allowed to visit. Well, in Spain, which has no laws against this sort of thing, a similar situation has actually happened: one ISP is selling you addons to a basic broadband cap based, not on the amount of extra data you want, but on what you want to use it for. Their “Vodafone Pass” product offers tiers like €3/month extra for a “Social Pass”, or €5/month for a “Music Pass”. <https://pplware.sapo.pt/informacao/vodafone-portugal-pacotes-smartnet/>, referenced from <https://www.techdirt.com/articles/20171030/12364538513/portugal-shows-inter…>

3 years, 7 months

30 Years Of HyperCard

by Lawrence D'Oliveiro

Just came across this item <https://blog.archive.org/2017/08/11/hypercard-on-the-archive-celebrating-30…> at archive.org about an online emulator that runs HyperCard stacks. HyperCard, in case you didn’t know, was an application created by Apple Macintosh engineer Bill Atkinson for that platform in 1987, and it was always hard to describe exactly what it was for. But it allowed users to create their own applications, aka “stacks”, around a card-based paradigm. One of the commenters points out that the basic idea is still alive and well, in the form of LiveCode, which is available as a paid online service <https://livecode.com/> and also in the form of Free Software <https://github.com/livecode/>.

3 years, 7 months

A Surge Of Sites And Apps Are Exhausting Your CPU To Mine Cryptocurrency

by Lawrence D'Oliveiro

Noticed your machine getting slow after visiting certain websites? They could be running cryptocurrency miners in your browser. <https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and…>: Coinhive's massive Web audience isn't lost on other companies. Collin Mulliner, a security researcher and developer of TelStop, said he recently received an e-mail from a startup called Medsweb inviting him to integrate a Monero miner into his creation. I got one of those e-mails too...

3 years, 7 months

Internet-paralyzing Mirai botnet comes roaring back with new strain

by Peter Reutemann

'Mirai, the Internet-of-things malware that turns cameras, routers, and other household devices into potent distributed denial-of-service platforms, may be lying low, but it's certainly not dead. Last week, researchers identified a new outbreak that infected almost 100,000 devices in a matter of days. In September of last year, Mirai emerged as a force to be reckoned with when it played a key role in silencing one of the most intrepid sources of security news in then-record-setting DDoS attacks topping 620 gigabits per second. Within a few weeks, Mirai's developer published the source code, a feat that allowed relatively unsophisticated people to wage the same types of extraordinarily big assaults. The release almost immediately helped touch off a series of large-scale attacks. The most serious one degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites. Last week, researchers from China-based Netlab 360 say they spotted a new, publicly available Mirai variant. The changes allowed the malware to spread to networking devices made by ZyXEL Communications that could be remotely accessed over telnet using default passwords. One of the exploits was published on October 31. Over a span of 60 hours starting on November 22, the new Mirai strain was able to commandeer almost 100,000 devices. Virtually all of the infected devices used IP addresses local to Argentina, a possible indication the outbreak targeted customers of a regional service provider who were assigned unsecured modems.' -- source: https://arstechnica.com/information-technology/2017/11/internet-paralyzing-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption

by Peter Reutemann

'High-Tech Bridge used its free mobile app analysis software, called Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps in the Google Play store at three different popularity levels: apps with up to 100,000 downloads, up to 500,000 downloads, and apps with more than 500,000 downloads. So, a total of 90 apps altogether. Of the most popular apps, 94 percent used outdated encryption, 66 percent didn't use HTTPS to encrypt user information in transit, 44 percent used hard-coded default passwords (stored in plain text in the code), and overall 94 percent of the most popular apps were found to have "at least three medium-risk vulnerabilities."' -- source: https://it.slashdot.org/story/17/11/29/1610245 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug November 2017