July 2020 - wlug - University of Waikato Mail Lists

by Lawrence D'Oliveiro

The Charter <https://www.theregister.com/2020/07/28/new_zealand_algorithm_charter/> requires Government departments who sign on to it to “maintain transparency” about the algorithms they use, but does not make them reveal the actual details of these algorithms. Nor does it explain what it means by an “algorithm”.

1 month

2
3
0 0

How Qualcomm Shook Down The Cell Phone Industry For Almost 20 Years

by Lawrence D'Oliveiro

A pretty sobering read <https://arstechnica.com/tech-policy/2019/05/how-qualcomm-shook-down-the-cel…>: Qualcomm's first weapon against competitors: patent licensing terms requiring customers to pay a royalty on every phone sold—not just phones that contained Qualcomm's wireless chips. Sound familiar? Judge Koh draws a direct parallel to licensing behavior that got Microsoft in legal trouble in the 1990s. Microsoft would offer PC makers a discount if they agreed to pay Microsoft a licensing fee for every PC sold—whether or not the PC shipped with a copy of MS-DOS. This effectively meant that a PC maker had to pay twice if it shipped a PC running a non-Microsoft operating system. There’s a lot more--the article reads like a catalogue of gangster-like tactics. All of which is perfectly all right under the US interpretation of “Free Enterprise”, of course ... Also, reading the details of how Qualcomm managed to sabotage Intel’s efforts to develop 5G chips, it seems to me that Qualcomm is directly responsible for the situation today where US companies are lagging behind Chinese ones like Huawei in 5G capability.

2 months, 1 week

1
1
0 0

Allowing PBL'ed IP addresses in Postfix

by David McNab

Hi, Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP? Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses. 2degrees have PBL'ed most/all of their cellular data IP addresses. I'm trying to support a user to send email from their cellphone email client. Cheers David

2 months, 3 weeks

4
5
0 0

Bug In Grub2 Breaks Secure Boot (Yawn)

by Lawrence D'Oliveiro

Seems a vulnerability has been found in everyone’s favourite bootloader <https://arstechnica.com/information-technology/2020/07/new-flaw-neuters-sec…> which allows a bypass of the “Secure Boot” mechanism in modern UEFI-based machines. But given that so many other bypasses already exist, nobody seems especially worried about this. For example, the article references an attempt by Microsoft to revoke the certification of (an obsolete version of) a secure bootloader from Kaspersky Lab with a vulnerability in it; the revocation caused so many headaches for users that it had to be rolled back.

2 months, 3 weeks

1
0
0 0

NoiseTorch

by Peter Reutemann

Hi everyone Angus mentioned NoiseTorch at last night's meeting as a way of avoiding noise from being recorded when using microphones: 'NoiseTorch is an easy to use open source application for Linux with PulseAudio. It creates a virtual microphone that suppresses noise, in any application. Use whichever conferencing or VOIP application you like and simply select the NoiseTorch Virtual Microphone as input to torch the sound of your mechanical keyboard, computer fans, trains and the likes.' -- source: https://github.com/lawl/NoiseTorch Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 4 weeks

1
0
0 0

Hackers Stole GitHub and GitLab OAuth Tokens From Git Analytics Firm Waydev

by Peter Reutemann

'Waydev, an analytics platform used by software companies, has disclosed a security breach that occurred earlier this month. From a report: The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database. Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers' work output by analyzing Git-based codebases. To do this, Waydev runs a special app listed on the GitHub and GitLab app stores. When users install the app, Waydev receives an OAuth token that it can use to access its customers' GitHub or GitLab projects. Waydev stores this token in its database and uses it on a daily basis to generate analytical reports for its customers. Waydev CEO and co-founder Alex Circei told ZDNet today in a phone call that hackers used a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens. The hackers then used some of these tokens to pivot to other companies' codebases and gain access to their source code projects.' -- source: https://tech.slashdot.org/story/20/07/27/1918237 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 4 weeks

1
0
0 0

meeting suggestions?

by Peter Reutemann

Hi everyone For our first in-person meeting after the lockdown on July 27th, any ideas for topics? Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 4 weeks

3
3
0 0

World’s Fastest Computer Is ARM

by Lawrence D'Oliveiro

Looking at the June Top500 list <https://top500.org/lists/top500/list/2020/06/>, the current number 1, Japan’s Fugaku, uses over 7 million A64FX cores and close to 5 petabytes of RAM. Numbers 2 and 3 are based on IBM’s POWER architecture, while number 4 is a Chinese RISC-based machine, which might have some resemblance to the DEC Alpha <https://en.wikipedia.org/wiki/Sunway_(processor)>, or MIPS, or not. It’s not until 5th place does x86 make an appearance.

3 months

1
0
0 0

Popular Chinese-Made Drone Is Found To Have Security Weakness

by Peter Reutemann

'Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the world's most popular consumer drones, threatening to intensify the growing tensions between China and the United States. From a report: In two reports, the researchers contended that an app on Google's Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited by the Beijing government. Hundreds of thousands of customers across the world use the app to pilot their rotor-powered, camera-mounted aircraft. The world's largest maker of commercial drones, DJI has found itself increasingly in the cross hairs of the United States government, as have other successful Chinese companies. The Pentagon has banned the use of its drones, and in January the Interior Department decided to continue grounding its fleet of the company's drones over security fears. DJI said the decision was about politics, not software vulnerabilities. For months, U.S. government officials have stepped up warnings about the Chinese government's potentially exploiting weaknesses in tech products to force companies there to give up information about American users. Chinese companies must comply with any government request to turn over data, according to American officials. "Every Chinese technology company is required by Chinese law to provide information they obtain, or information stored on their networks, to Chinese authorities if requested to do so," said William R. Evanina, director of the National Counterintelligence and Security Center. "All Americans should be concerned that their images, biometrics, locational and other data stored on Chinese apps must be turned over to China's state security apparatus." The drone vulnerability, said American officials, is the kind of security hole that worries Washington.' -- source: https://it.slashdot.org/story/20/07/23/1437214 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 months

1
0
0 0

Fawkes: Protecting Privacy against Unauthorized Deep Learning Models

by Lawrence D'Oliveiro

This paper <http://people.cs.uchicago.edu/%7Eravenben/publications/abstracts/fawkes-use…>, presented at USENIX Security 2020, discusses techniques for allowing you to continue to share images of yourself online while making them resistant to automated exploitation by “deep-learning” facial-recognition software. The researchers found that they could make subtle distortions to facial images, imperceptible to the human eye, that would severely confuse recognition services from major providers like Microsoft and Amazon. (Found from Bruce Schneier <https://www.schneier.com/blog/archives/2020/07/fawkes_digital_.html>.)

3 months

1
0
0 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug July 2020