November 2018 - wlug - University of Waikato Mail Lists

by Lawrence D'Oliveiro

Seems the Wi-Fi Alliance is having yet another crack at coming up with a really secure protocol, this time to be called WPA3 <http://www.theregister.co.uk/2018/01/09/wi_fi_wpa3/>. Does anybody care? Remember that on the Internet, security is implemented between the endpoints, the protocols are designed not to care that everything in-between might be pawed through by eavesdroppers, or even active attackers trying to inject fake data.

1 year, 6 months

1
1
0 0

Microsoft Fixes Notepad

by Lawrence D'Oliveiro

Windows Notepad has never been able to handle any newline convention other than the old DOS/Windows/CP/M one (CR-LF). Now, after so many decades, Microsoft has finally decided to give it “universal newline” capability, so it can handle lines ending in LF-only (Unix/Linux) and CR-only (old MacOS) <http://www.theregister.co.uk/2018/05/08/windows_notepad_unix_macos_line_end…>. Gee, I wonder how many lines of code that took...

1 year, 10 months

2
2
0 0

Australia Has Rushed Through Its Copyright Amendment Bill

by Lawrence D'Oliveiro

Seems like the Aussie government has disregarded <https://www.theregister.co.uk/2018/11/28/australia_to_build_a_pirateproof_f…> <https://www.techdirt.com/articles/20181127/13425541113/australian-parliamen…> most of the objections to its plan to impose more draconian copyright restrictions on Internet usage. Rightsholders will be able to get injunctions against sites whose “primary effect” (no longer just “primary purpose”) is to facilitate copyright infringement, and they will also have “adaptive injunctions”, meaning they can reinterpret an existing court order as circumstances change, instead of having to go back to court to get a new order. You’d think a statement like “The Government has zero tolerance for online piracy. It is theft...” should be an instant disqualification from making any kind of statement about copyright law...

1 year, 10 months

1
0
0 0

Mass Router Hack Exposes Millions of Devices To Potent NSA Exploit

by Peter Reutemann

'More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions. The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.' -- source: https://tech.slashdot.org/story/18/11/29/1849254 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 11 months

1
0
0 0

Proprietary Software Subverts Security Of Your PC

by Lawrence D'Oliveiro

Audio company Sennheiser has just issued a fix <https://arstechnica.com/information-technology/2018/11/sennheiser-discloses…> for a really nasty vulnerability where their software for Windows and Mac would install a special fake browser certificate that the machine would continue to trust thereafter, even after the software was removed. Unfortunately, because the installation also included the private key for that certificate (which is never supposed to be distributed), it could then be exploited by arbitrary third parties to trick such machines into trusting random sites.

1 year, 11 months

1
0
0 0

Deleting Windows Server Child Folder Changes Parent Folder Permissions

by Lawrence D'Oliveiro

<https://www.theregister.co.uk/2018/11/28/microsoft_windows_10_server_2016_p…>: ... Microsoft's support team [said] initially that the behaviour was by design and introduced in Windows Server 2016. Interestingly, it only occurs when folders are deleted (or cut and pasted) using File Explorer. Using the command line makes things behave as one would expect. It also only occurred when using a local path. Deleting using a UNC path was fine.

1 year, 11 months

1
0
0 0

Half of all Phishing Sites Now Have the Padlock

by Peter Reutemann

'You may have heard you should look for the padlock symbol at the top of a website before entering your password or credit card information into an online form. It's well-meaning advice, but new data shows it isn't enough to keep your sensitive information secure. From a report: Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That's up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018. This alarming shift is notable because a majority of Internet users have taken the age-old "look for the lock" advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe. In reality, the https:// part of the address (also called "Secure Sockets Layer" or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can't be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.' -- source: https://it.slashdot.org/story/18/11/27/1521240 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 11 months

1
0
0 0

AGM next week

by Peter Reutemann

Hi everyone Just a friendly reminder that our AGM is next Monday: https://www.meetup.com/WaikatoLinuxUsersGroup/events/246737212/ In order to be eligible to vote, "only those people who were paid members in the previous financial year and who have signed a membership form for the then-current financial year will be eligible to vote." (https://github.com/WLUG/charter/blob/master/rules_140120.pdf) See you next Monday! Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 11 months

1
1
0 0

Two Linux Kernels Revert Performance-Killing Spectre Patches

by Peter Reutemann

'Friday Greg Kroah-Hartman released stable point releases of Linux kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic maintenance updates, the 4.19.4 and 4.14.83 releases are significant because they also reverted the performance-killing Spectre patches (involving "Single Thread Indirect Branch Predictors", or STIBP) that had been back-ported from Linux 4.20, according to Phoronix: There is improved STIBP code on the way for Linux 4.20 that by default just applies STIBP to SECCOMP threads and processes requesting it via prctl() but otherwise is off by default (that behavior can also be changed via kernel parameters). Once that code is ready to go for Linux 4.20, we may see it then back-ported to these stable trees. Aside from reverting STIBP, these point releases just have various fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139. Last Sunday Linus Torvalds complained that the performance impact of the STIPB code "was clearly way more expensive than people were told," according to ZDNet: "When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds. "So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"' -- source: https://linux.slashdot.org/story/18/11/24/2320228 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 11 months

1
0
0 0

Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN

by Peter Reutemann

'Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information." Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space." The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server. It's been named Outline because in places where internet use may be restricted — it gives you a line out.' -- source: https://yro.slashdot.org/story/18/11/25/0117226 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 11 months

1
0
0 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug November 2018