January 2019 - wlug - University of Waikato Mail Lists

by Lawrence D'Oliveiro

Seems the Wi-Fi Alliance is having yet another crack at coming up with a really secure protocol, this time to be called WPA3 <http://www.theregister.co.uk/2018/01/09/wi_fi_wpa3/>. Does anybody care? Remember that on the Internet, security is implemented between the endpoints, the protocols are designed not to care that everything in-between might be pawed through by eavesdroppers, or even active attackers trying to inject fake data.

1 year, 6 months

1
1
0 0

Old Computer Gear

by Andrew Crosby

Hi Guys I'm moving cities shortly and have a couple of decades of old computer and electronic gear to pass along. Mainly periferals and parts from AT/ATX era, Also have some old laptops getting up core2duo era, and not sure what else I'll find while I pack. Anyone around here interested in that sort of stuff. Cheers

1 year, 8 months

2
4
0 0

Attackers Can Track Kids' Locations Via Connected Watches

by Peter Reutemann

'A gamut of kids' GPS-tracking watches are exposing sensitive data involving 35,000 children -- including their location, in real time. Researchers from Pen Test Partners specifically took a look at the Gator portfolio of watches from TechSixtyFour. The Gator line had been in the spotlight in 2017 for having a raft of vulnerabilities, called out by the Norwegian Consumers Council in its WatchOut research. "A year on, we decided to have a look at the Gator watch again to see how their security had improved," said Vangelis Stykas, in a Tuesday posting. "Guess what: a train wreck. Anyone could access the entire database, including real-time child location, name, parents' details etc. Not just Gator watches either -- the same back end covered multiple brands and tens of thousands of watches." "At issue was an easy-to-exploit, severe privilege-escalation vulnerability: The system failed to validate that the user had the appropriate permission to take admin control," reports Threatpost. "An attacker with access to the watch's credentials simply needed to change the user level parameter in the backend to an admin designation, which would provide access to all account information and all watch information." ' -- source: https://it.slashdot.org/story/19/01/30/2337239 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Hackers Are Passing Around a Megaleak of 2.2 Billion Records

by Peter Reutemann

'When hackers breached companies like Dropbox and LinkedIn in recent years -- stealing 71 and 117 million passwords, respectively -- they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords, and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book. Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2-5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.' -- source: https://tech.slashdot.org/story/19/01/31/1452201 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols

by Peter Reutemann

'A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report: Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year. According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.' -- source: https://it.slashdot.org/story/19/01/31/1913237 Yeah, don't think so that I'm gonna upgrade from my stone tablets any time soon... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Criminals Are Tapping Into the Phone Network Backbone to Empty Bank Accounts

by Peter Reutemann

'Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself. From a report: This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. So-called SS7 attacks against banks are, although still relatively rare, much more prevalent than previously reported. Motherboard has identified a specific bank -- the UK's Metro Bank -- that fell victim to such an attack. The news highlights the gaping holes in the world's telecommunications infrastructure that the telco industry has known about for years despite ongoing attacks from criminals. The National Cyber Security Centre (NCSC), the defensive arm of the UK's signals intelligence agency GCHQ, confirmed that SS7 is being used to intercept codes used for banking. "We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA)," The NCSC told Motherboard in a statement. "Some of our clients in the banking industry or other financial services; they see more and more SS7- based [requests],â Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. "All of a sudden you have someone's text messages."' -- source: https://tech.slashdot.org/story/19/01/31/1925241 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Raspberry Pi Compute Module 3+ Launches for the Tiny Linux Computers from $25

by Peter Reutemann

'Raspberry Pi Compute Module 3+ follows on the footsteps of the Raspberry Pi Compute Module 3 (CM3) series announced in January 2017, offering owners of the tiny Linux computers a general-purpose, cost-efficient, and much simpler SBC (Single-board Computer), allowing them to slot it in and out of any device. It comes with 10x the ARM performance, 8x the Flash capacity, and 2x the RAM capacity of CM3. While Raspberry Pi Compute Module 3+ uses the same board as CM3, it brings improved thermal design, the Broadcom BCM2837B0 application processor from the Raspberry Pi 3 Model B+ single-board computer, but running at 1.2GHz instead of 1.4GHz, up to 32GB eMMC Flash memory, improved PCB thermal design to better support high loads without getting hot, and 1GB LPDDR2 SDRAM.' -- source: https://news.softpedia.com/news/raspberry-pi-compute-module-3-plus-launches… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Get started with eDEX-UI, a Tron-influenced terminal program for tablets and desktops

by Peter Reutemann

'eDEX-UI is a cross-platform terminal program designed for tablets and desktops that was inspired by the user interface in Tron. It has five terminals in a tabbed interface, so it is easy to switch between tasks, as well as useful displays of system information.' -- source: https://opensource.com/article/19/1/productivity-tool-edex-ui Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Linux Mint 19.1: A sneaky popular distro skips upheaval, offers small upgrades

by Peter Reutemann

'While Ubuntu and Red Hat grabbed most of the Linux headlines last year, Linux Mint, once the darling of the tech press, had a relatively quiet year. Perhaps that's understandable with IBM buying Red Hat and Canonical moving back to the GNOME desktop. For the most part Linux Mint and its developers seemed to keep their heads down, working away while others enjoyed the limelight. Still, the Linux Mint team did churn out version 19, which brought the distro up to the Ubuntu 18.04 base. Mint 18.1 review: Forget about Wayland and get comfy with the command line While the new release may not have garnered mass attention, and probably isn't anyone's top pick for "the cloud," Linux Mint nevertheless remains the distro I see most frequently in the real world. When I watch a Linux tutorial or screen cast on YouTube, odds are I'll see the Linux Mint logo in the toolbar. When I see someone using Linux at the coffee shop, it usually turns out to be Linux Mint. When I ask fellow Linux users which distro they use, the main answers are Ubuntu... and Linux Mint. All of that is anecdotal, but it still points to a simple truth. For a distro that has seen little press lately, Linux Mint manages to remain popular with users. There's a good reason for that popularity: Linux Mint just works. It isn't "changing the desktop computer paradigm," or "innovating" in "groundbreaking" ways. The team behind Mint is just building a desktop operating system that looks and functions a lot like every other desktop operating system you've used, which is to say you'll be immediately comfortable and stop thinking about your desktop and start using it to do actual work. It's worth asking then, why switch from what I have now to Mint? Well, if you're happy with what you have now, stick with whatever it is. But if "it" happens to be Windows 10, well, hope you haven't tried to upgrade yet. Or if what you have now happens to be Ubuntu prior to 18.04 and you're dreading the upgrade to GNOME, suddenly Mint is worth a look. The project recently released version 19.1, which comes in three desktop flavors. There are two homegrown projects, Cinnamon (really Linux Mint's main desktop) and MATE, which started as a kind of Cinnamon light and has since become a very capable desktop in its own right. On top of those, there's also an XFCE version. Previously, there was also a KDE version of Linux Mint, but it was dropped last year because the KDE stack is different enough that all the bits that make Linux Mint, well, Minty, just didn't work with KDE. Diehard Mint and KDE fans can still get KDE working via a PPA, but it's not officially supported by Linux Mint.' -- source: https://arstechnica.com/gadgets/2019/01/linux-mint-19-1-a-sneaky-popular-di… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

Firefox 66 blocks auto-playing sound by default

by Peter Reutemann

'Few things are more annoying when browsing the internet than media that plays automatically, particularly if it makes noise. Mozilla is hip to this, and beginning in version 66, its Firefox browser will block automatically-playing audio by default. Websites won't be able to play audio without user interaction. On desktop, a notification pops up asking whether you want the website to play media automatically, while on mobile, media will play silently until you interact with the player. The beta version of Firefox 66 for Android is hitting the Play Store today. The APK of the beta isn't available just yet, but you can grab a nightly version of Firefox 66 on APK Mirror. The stable release is expected to be available in March.' -- source: https://www.androidpolice.com/2019/01/29/firefox-66-blocks-auto-playing-sou… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 8 months

1
0
0 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug January 2019