October 2019 - wlug - University of Waikato Mail Lists

Remember Sure-Fi? Lostik is open standards Lora you can play with

by Peter Reutemann

'A lot of readers commented on our earlier report on Sure-Fi long-range, low-bandwidth RF chirp communicators that we should test generic Lora gear. Lora is the open standard that Sure-Fi began with and built on top of, and it's available in a variety of inexpensive kits. Most of those kits are aimed at low-level maker-style integration with IoT gear like Arduino, but I found a couple of preassembled kits with generic USB interfaces suitable for use with regular x86 computers. One of those, Lostik, had consistently better user reviews and glowingly boasted of its "extensive documentation," so we picked a pair up for $46 apiece and got to testing. We should be clear about one thing up front—nobody should claim that any Lora device has "extensive documentation" with a straight face. Lostik seems to have more documentation than any of its competitors, but figuring out exactly what it would do felt like learning to play pirated video games in the 1980s. What we eventually discovered was that Lora devices are sort of like dial-up modems all connected to a single party line—they run on serial interfaces over which they can be issued commands and can send or receive data. It's possible to use a generic terminal emulator (at 57,600bps, 8 data bits, 1 stop bit, and no parity) to communicate directly with Lostik, but you'll need to understand its commands—analogous to the Hayes AT modem commands of yore—if you do. That was a bridge too far for us, so we said the heck with it and just lightly modified the ./sender.py and ./receiver.py sample scripts from Lostik's Github repository and used them for some simple range testing. These scripts don't require (or offer) any kind of authentication or pairing; any Lora device running receiver.py will successfully receive data from any Lora device running sender.py within its effective range.' -- source: https://arstechnica.com/gadgets/2019/10/lostik-usb-lora-radios/ Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Popular VPN Service NordVPN Says it Was Hacked

by Peter Reutemann

'NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. From a report: The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. For its part, NordVPN has claimed a "zero logs" policy. "We don't track, collect, or share your private data," the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its datacenters was accessed in March 2018. "One of the datacenters in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server -- which had been active for about a month -- by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.' -- source: https://it.slashdot.org/story/19/10/21/1447208 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Avast Says Hackers Breached Internal Network Through Compromised VPN Profile

by Peter Reutemann

'Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network. In a statement published today, the company said it believed the attack's purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident. Avast said the breach occurred because the attacker compromised an employee's VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution. The intrusion was detected on September 23, but Avast said it found evidence of the attacker targeting its infrastructure going as far back as May 14, this year. The identity of the attacker is currently unknown, but the company said hackers didn't manage to modify CCleaner downloads this time aroun' -- source: https://it.slashdot.org/story/19/10/21/187216 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Visiting New Zealand

by Aaron

I am a longtime Linux developer and will be staying with friends in Rotarua from Feb 2 through April 21. I'd love to both attend and present at a Linux User Group while I'm there. Presentation idea description: The voice interface represents another big shift in user interfaces, and could be as big a shift as the shift from switches to terminals, the switch from terminals to windowed GUIs, or the switch from full computers to small touchscreen devices. Unfortunately, right now most of these devices are little more than a telephone for talking to a server in the cloud. That is a big problem for privacy, and presents the user with a false choice between access and privacy. Today's computers are capable of handling a verbal interface without requiring a cloud service to handle all of your requests. I am one of the developers on the Naomi Project, a free and open source voice assistant (https://projectnaomi.com). It is a plugin based system based on Jasper (http://jasperproject.github.io/), and depending on how the user chooses to configure it, can run totally offline. In this presentation, I'd like to introduce people to the Naomi Project, talk about the benefits of a verbal interface, talk about the current architectures of virtual assistants, and ways in which that architecture can be altered to provide better privacy, and also do a comparison of offline speech to text and text to speech solutions, including Pocketsphinx, Mozilla Deepspeech, Kaldi, and Julius. Finally, I will invite people to participate in building and improving Naomi. There is a lot to do and much of it is both engaging and cutting-edge. Please let me know if you are interested, or if you know of other active groups I should contact. Thanks, Aaron

1 year, 4 months

2
1
0 0

Researchers abuse Alexa and Google Home to eavesdrop and phish passwords

by Peter Reutemann

'By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials. Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords.' -- source: https://arstechnica.com/information-technology/2019/10/alexa-and-google-hom… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Project Trident Ditches BSD For Linux

by Peter Reutemann

'Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else. The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.) After much searching and testing, the Project Trident team decided to use Void Linux as their new base. More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more... The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.' -- source: https://linux.slashdot.org/story/19/10/20/2227228 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Samsung Won't Support Linux on DeX Once Android 10 Arrives

by Peter Reutemann

'If you've been using Linux on DeX (aka Linux on Galaxy) to turn your Samsung phone into a PC, you'll need to make a change of plans. Samsung is warning users that it's shutting down the Linux on DeX beta program, and that its Android 10 update won't support using the open source OS as a desktop environment. The company didn't explain why it was shutting things down, but it did note that the Android 10 beta is already going without the Linux option... Samsung is still committed to DeX, and recently enabled its desktop-style space on Macs and Windows PCs. However, it's clear that the dreams of fully replacing a PC with your Galaxy phone will have to wait, at least for now.' -- source: https://linux.slashdot.org/story/19/10/20/0051217 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Mozilla is Sharing YouTube Horror Stories To Prod Google For More Transparency

by Peter Reutemann

'CNET reports on a new crowdsourced public awareness campaign: Mozilla is publishing anecdotes of YouTube viewing gone awry -- anonymous stories from people who say they innocently searched for one thing but eventually ended up in a dark rabbit hole of videos. It's a campaign aimed at pressuring Google's massive video site to make itself more accessible to independent researchers trying to study its algorithms. "The big problem is we have no idea what is happening on YouTube," said Guillaume Chaslot, who is a fellow at Mozilla, a nonprofit best known for its unit that makes and operates the Firefox web browser. Chaslot is an ex-Google engineer who has investigated YouTube's recommendations from the outside after he left the company in 2013. (YouTube says he was fired for performance issues.) "We can see that there are problems, but we have no idea if the problem is from people being people or from algorithms," he said.... Mozilla is publishing 28 stories it's terming #YouTubeRegrets; they include, for example, an anecdote from someone who who said a search for German folk songs ended up returning neo-Nazi clips, and a testimonial from a mother who said her 10-year-old daughter searched for tap-dancing videos and ended up watching extreme contortionist clips that affected her body image. ' -- source: https://news.slashdot.org/story/19/10/20/1927234 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

WAV Audio Files Are Now Being Used To Hide Malicious Code

by Peter Reutemann

'Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The first of these new malware campaigns abusing WAV files was reported back in June by Symantec security researchers who said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation.' -- source: https://it.slashdot.org/story/19/10/20/200249 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Privacy-Respecting Smart Home System Can Work Offline and Sends Fake Data

by Peter Reutemann

'A publicly-funded group of designers, artists and privacy experts from Amsterdam have designed a smart home system prototype to "prove it's technically possible to build a privacy respecting smart home while maintaining convenience." Its controller uses an Arduino Nano to disconnect the system from the internet during times when it's not in use. They're building everything on Mozilla's open smart home gateway software. The system's microphone is a separate USB device that can be easily unplugged. For extra security, the devices don't even use wifi to communicate. "The Candle devices offer the advantages of a smart home system -- such as voice control, handy automations and useful insights -- without the downsides of sending your data to the cloud and feeling watched in your own home," explains their blurb for Dutch Design Week, where they're launching their prototypes of trust-worthy smart locks, thermostats, and other Internet of Things devices: Most smart devices promises us an easier life, but they increasingly disappoint; they eavesdrop, share our data with countless third parties, and offer attractive targets to hackers. Candle is different. Your data never leaves your home, all devices work fine without an internet connection, and everything is open source and transparent. One of the group's members is long-time Slashdot reader mrwireless, who shares an interesting observation: Smart homes track everything that happens inside them. For developing teenagers, this makes it more difficult to sneak in a date or break the rules in other subtle ways, which is a normal, healthy part of growing up. Candle is a prototype smart home that tries to mitigate these issue. It has given its sensors the ability to generate fake data for a while. In the future, children could get a monthly fake data allowance. Some of the devices have "skirts", simple fabric covers that can be draped over the devices to hide their screen. If you own a dust sensor, this can be useful if your mother in law comes over and you haven't vacuumed in a while.' -- source: https://yro.slashdot.org/story/19/10/20/216238 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug October 2019