Does Wi-Fi Security Really Matter?
by Lawrence D'Oliveiro
Seems the Wi-Fi Alliance is having yet another crack at coming up with
a really secure protocol, this time to be called WPA3
<http://www.theregister.co.uk/2018/01/09/wi_fi_wpa3/>.
Does anybody care? Remember that on the Internet, security is
implemented between the endpoints, the protocols are designed not to
care that everything in-between might be pawed through by
eavesdroppers, or even active attackers trying to inject fake data.
1 year, 1 month
Old Computer Gear
by Andrew Crosby
Hi Guys
I'm moving cities shortly and have a couple of decades of old computer and
electronic gear to pass along.
Mainly periferals and parts from AT/ATX era,
Also have some old laptops getting up core2duo era, and not sure what else
I'll find while I pack.
Anyone around here interested in that sort of stuff.
Cheers
1 year, 3 months
Attackers Can Track Kids' Locations Via Connected Watches
by Peter Reutemann
'A gamut of kids' GPS-tracking watches are exposing sensitive data
involving 35,000 children -- including their location, in real time.
Researchers from Pen Test Partners specifically took a look at the
Gator portfolio of watches from TechSixtyFour. The Gator line had been
in the spotlight in 2017 for having a raft of vulnerabilities, called
out by the Norwegian Consumers Council in its WatchOut research. "A
year on, we decided to have a look at the Gator watch again to see how
their security had improved," said Vangelis Stykas, in a Tuesday
posting. "Guess what: a train wreck. Anyone could access the entire
database, including real-time child location, name, parents' details
etc. Not just Gator watches either -- the same back end covered
multiple brands and tens of thousands of watches."
"At issue was an easy-to-exploit, severe privilege-escalation
vulnerability: The system failed to validate that the user had the
appropriate permission to take admin control," reports Threatpost. "An
attacker with access to the watch's credentials simply needed to
change the user level parameter in the backend to an admin
designation, which would provide access to all account information and
all watch information." '
-- source: https://it.slashdot.org/story/19/01/30/2337239
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
Hackers Are Passing Around a Megaleak of 2.2 Billion Records
by Peter Reutemann
'When hackers breached companies like Dropbox and LinkedIn in recent
years -- stealing 71 and 117 million passwords, respectively -- they
at least had the decency to exploit those stolen credentials in
secret, or sell them for thousands of dollars on the dark web. Now, it
seems, someone has cobbled together those breached databases and many
more into a gargantuan, unprecedented collection of 2.2 billion unique
usernames and associated passwords, and is freely distributing them on
hacker forums and torrents, throwing out the private data of a
significant fraction of humanity like last year's phone book.
Earlier this month, security researcher Troy Hunt identified the first
tranche of that mega-dump, named Collection #1 by its anonymous
creator, a set of cobbled-together breached databases Hunt said
represented 773 million unique usernames and passwords. Now other
researchers have obtained and analyzed an additional vast database
called Collections #2-5, which amounts to 845 gigabytes of stolen data
and 25 billion records in all. After accounting for duplicates,
analysts at the Hasso Plattner Institute in Potsdam, Germany, found
that the total haul represents close to three times the Collection #1
batch.'
-- source: https://tech.slashdot.org/story/19/01/31/1452201
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols
by Peter Reutemann
'A new vulnerability has been discovered in the upcoming 5G cellular
mobile communications protocol. Researchers have described this new
flaw as more severe than any of the previous vulnerabilities that
affected the 3G and 4G standards. From a report:
Further, besides 5G, this new vulnerability also impacts the older 3G
and 4G protocols, providing surveillance tech vendors with a new flaw
they can abuse to create next-gen IMSI-catchers that work across all
modern telephony protocols. This new vulnerability has been detailed
in a research paper named "New Privacy Threat on 3G, 4G, and
Upcoming5G AKA Protocols," published last year.
According to researchers, the vulnerability impacts AKA, which stands
for Authentication and Key Agreement, a protocol that provides
authentication between a user's phone and the cellular networks. The
AKA protocol works by negotiating and establishing keys for encrypting
the communications between a phone and the cellular network.'
-- source: https://it.slashdot.org/story/19/01/31/1913237
Yeah, don't think so that I'm gonna upgrade from my stone tablets any
time soon...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
Criminals Are Tapping Into the Phone Network Backbone to Empty Bank Accounts
by Peter Reutemann
'Sophisticated hackers have long exploited flaws in SS7, a protocol
used by telecom companies to coordinate how they route texts and calls
around the world. Those who exploit SS7 can potentially track phones
across the other side of the planet, and intercept text messages and
phone calls without hacking the phone itself. From a report: This
activity was typically only within reach of intelligence agencies or
surveillance contractors, but now Motherboard has confirmed that this
capability is much more widely available in the hands of
financially-driven cybercriminal groups, who are using it to empty
bank accounts. So-called SS7 attacks against banks are, although still
relatively rare, much more prevalent than previously reported.
Motherboard has identified a specific bank -- the UK's Metro Bank --
that fell victim to such an attack. The news highlights the gaping
holes in the world's telecommunications infrastructure that the telco
industry has known about for years despite ongoing attacks from
criminals. The National Cyber Security Centre (NCSC), the defensive
arm of the UK's signals intelligence agency GCHQ, confirmed that SS7
is being used to intercept codes used for banking.
"We are aware of a known telecommunications vulnerability being
exploited to target bank accounts by intercepting SMS text messages
used as 2-Factor Authentication (2FA)," The NCSC told Motherboard in a
statement. "Some of our clients in the banking industry or other
financial services; they see more and more SS7- based [requests],â
Karsten Nohl, a researcher from Security Research Labs who has worked
on SS7 for years, told Motherboard in a phone call. "All of a sudden
you have someone's text messages."'
-- source: https://tech.slashdot.org/story/19/01/31/1925241
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
Raspberry Pi Compute Module 3+ Launches for the Tiny Linux Computers from $25
by Peter Reutemann
'Raspberry Pi Compute Module 3+ follows on the footsteps of the
Raspberry Pi Compute Module 3 (CM3) series announced in January 2017,
offering owners of the tiny Linux computers a general-purpose,
cost-efficient, and much simpler SBC (Single-board Computer), allowing
them to slot it in and out of any device. It comes with 10x the ARM
performance, 8x the Flash capacity, and 2x the RAM capacity of CM3.
While Raspberry Pi Compute Module 3+ uses the same board as CM3, it
brings improved thermal design, the Broadcom BCM2837B0 application
processor from the Raspberry Pi 3 Model B+ single-board computer, but
running at 1.2GHz instead of 1.4GHz, up to 32GB eMMC Flash memory,
improved PCB thermal design to better support high loads without
getting hot, and 1GB LPDDR2 SDRAM.'
-- source: https://news.softpedia.com/news/raspberry-pi-compute-module-3-plus-launch...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
Linux Mint 19.1: A sneaky popular distro skips upheaval, offers small upgrades
by Peter Reutemann
'While Ubuntu and Red Hat grabbed most of the Linux headlines last
year, Linux Mint, once the darling of the tech press, had a relatively
quiet year. Perhaps that's understandable with IBM buying Red Hat and
Canonical moving back to the GNOME desktop. For the most part Linux
Mint and its developers seemed to keep their heads down, working away
while others enjoyed the limelight. Still, the Linux Mint team did
churn out version 19, which brought the distro up to the Ubuntu 18.04
base.
Mint 18.1 review: Forget about Wayland and get comfy with the command line
While the new release may not have garnered mass attention, and
probably isn't anyone's top pick for "the cloud," Linux Mint
nevertheless remains the distro I see most frequently in the real
world. When I watch a Linux tutorial or screen cast on YouTube, odds
are I'll see the Linux Mint logo in the toolbar. When I see someone
using Linux at the coffee shop, it usually turns out to be Linux Mint.
When I ask fellow Linux users which distro they use, the main answers
are Ubuntu... and Linux Mint. All of that is anecdotal, but it still
points to a simple truth. For a distro that has seen little press
lately, Linux Mint manages to remain popular with users.
There's a good reason for that popularity: Linux Mint just works. It
isn't "changing the desktop computer paradigm," or "innovating" in
"groundbreaking" ways. The team behind Mint is just building a desktop
operating system that looks and functions a lot like every other
desktop operating system you've used, which is to say you'll be
immediately comfortable and stop thinking about your desktop and start
using it to do actual work.
It's worth asking then, why switch from what I have now to Mint? Well,
if you're happy with what you have now, stick with whatever it is. But
if "it" happens to be Windows 10, well, hope you haven't tried to
upgrade yet. Or if what you have now happens to be Ubuntu prior to
18.04 and you're dreading the upgrade to GNOME, suddenly Mint is worth
a look.
The project recently released version 19.1, which comes in three
desktop flavors. There are two homegrown projects, Cinnamon (really
Linux Mint's main desktop) and MATE, which started as a kind of
Cinnamon light and has since become a very capable desktop in its own
right. On top of those, there's also an XFCE version. Previously,
there was also a KDE version of Linux Mint, but it was dropped last
year because the KDE stack is different enough that all the bits that
make Linux Mint, well, Minty, just didn't work with KDE. Diehard Mint
and KDE fans can still get KDE working via a PPA, but it's not
officially supported by Linux Mint.'
-- source: https://arstechnica.com/gadgets/2019/01/linux-mint-19-1-a-sneaky-popular-...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
Firefox 66 blocks auto-playing sound by default
by Peter Reutemann
'Few things are more annoying when browsing the internet than media
that plays automatically, particularly if it makes noise. Mozilla is
hip to this, and beginning in version 66, its Firefox browser will
block automatically-playing audio by default.
Websites won't be able to play audio without user interaction. On
desktop, a notification pops up asking whether you want the website to
play media automatically, while on mobile, media will play silently
until you interact with the player.
The beta version of Firefox 66 for Android is hitting the Play Store
today. The APK of the beta isn't available just yet, but you can grab
a nightly version of Firefox 66 on APK Mirror. The stable release is
expected to be available in March.'
-- source: https://www.androidpolice.com/2019/01/29/firefox-66-blocks-auto-playing-s...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1 year, 4 months
