- wlug - list.wlug.org.nz

As Raspberry Pi Sales Skyrocket, Eben Upton Applauds Efforts of Open Hardware Community
by Peter Reutemann 20 Apr '20

20 Apr '20

'"Sales of Raspberry Pi's single-board computers hit 640,000 in March, the second-biggest month for sales since they started selling," reports TechRepublic, "as consumers flocked to inexpensive ways to work and learn from home." But that's not all, Eben Upton tells them: With the pandemic having highlighted shortages in personal protective equipment (PPE), 3D-printing manufacturers and hobbyists have been building face shields printed on plastic acetate that can be quickly assembled and delivered to hospitals, for free. "A lot of that is Pi-driven," Upton explained, noting that OctoPrint, which is the most popular platform for managing 3D printers, runs on Raspberry Pi... "[M]aking face shields seems to be a community effort. You have people with a home printer, printing these things once a week and then going to a post office and sending them," he said. "Then you'll have some people sat in a hack space receiving the parcels, cutting the acetate and the elastic, assembling them into face shields then sending them to the hospital. It's amazing." Upton suggested this effort could eventually be ramped up to a "massively distributed scale", with the benefit of open source being that, once you have a good design that works, it can be rapidly iterated. In the long term, this could even include the ventilators themselves, he said. "One thing we're seeing with this is people finding a niche within which open hardware really works," he said. ' -- source: https://news.slashdot.org/story/20/04/19/0154201 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

Will Companies Cut Open Source Investment Because of COVID-19?
by Peter Reutemann 20 Apr '20

20 Apr '20

'The editor of TFIR posed an interesting question to Rob Hirschfeld, the Founder/CEO of RackN (which automates and integrates bare-metal infrastructure). Will the financial impact of the COVID-19 pandemic affect the sustainability of open source software? Hirschfeld responded: "The idea that big companies are maintaining open-source projects for the community good is going to get tested, as companies look for places where they can conserve revenue. I think that's a really critical thing." "The same is going to be true with open-source startups that are hoping to monetize support or consulting but have no real gate across the front of their infrastructure... Companies might decide they can use the open-source project and not pay the sustaining engineers that are working in that project. "These are really serious concerns about the whole open-source model, which relies on goodwill and free money."' -- source: https://news.slashdot.org/story/20/04/19/0452247 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

Supply-chain attack hits RubyGems repository with 725 malicious packages
by Peter Reutemann 20 Apr '20

20 Apr '20

'More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language. The malicious packages were downloaded almost 100,000 times, although a significant percentage of those are likely the result of scripts that automatically crawl all 158,000 packages available in the repository, Tomislav Pericin, the cofounder and chief software architect of security firm ReversingLabs, told Ars. All of them originated from just two user accounts: “JimCarrey” and “PeterGibbons.” The accounts, which ReversingLabs suspects may be the work of a single individual, used a variation of typosquatting—the technique of giving a malicious file or domain a name that's similar to a commonly recognizable name—to give the impression they were legitimate. For instance, “atlas-client,” a booby-trapped package with 2,100 downloads, was a stand-in for the authentic “atlas_client” package. More than 700 of the packages were uploaded from February 16 to 25.' -- source: https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

New Cloudflare tool can tell you if your ISP has deployed BGP fixes
by Peter Reutemann 20 Apr '20

20 Apr '20

'For more than an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn't a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw. BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. Companies like Cloudflare sit on the front lines of the BGP blowback. And while the company can't fix the problem directly, it can call out those that are slow to contribute defenses.' -- source: https://arstechnica.com/information-technology/2020/04/new-cloudflare-tool-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

Growth In Surveillance May Be Hard To Scale Back After Pandemic, Experts Say
by Peter Reutemann 19 Apr '20

19 Apr '20

Long-time Slashdot reader AmiMoJo quotes the Guardian: 'The coronavirus pandemic has led to an unprecedented global surge in digital surveillance, researchers and privacy advocates around the world have said, with billions of people facing enhanced monitoring that may prove difficult to roll back. Governments in at least 25 countries are employing vast programmes for mobile data tracking, apps to record personal contact with others, CCTV networks equipped with facial recognition, permission schemes to go outside and drones to enforce social isolation regimes. The methods have been adopted by authoritarian states and democracies alike and have opened lucrative new markets for companies that extract, sell, and analyse private data. One of the world's foremost experts on mobile phone surveillance said the pandemic had created a '9/11 on steroids' that could lead to grave abuses of power. "Most of these measures don't have sunset clauses. They could establish what many people are describing as a new normal," Ron Deibert, who heads the Citizen Lab at the University of Toronto, said in an interview with the Guardian. The article provides examples from China, Russia, India, Europe, and the United States, and provides a link to an index of new coronavirus-related surveillance measures related to the coronavirus outbreak. The digital rights lead at the group behind the list says "This isn't just an issue with authoritarian governments. This is happening across the world."' -- source: https://yro.slashdot.org/story/20/04/18/0717228 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

The Tor Project Lays Off 37% of Its Staff
by Peter Reutemann 19 Apr '20

19 Apr '20

'The Tor Project's executive director Isabela Bagueros writes: Tor, like much of the world, has been caught up in the COVID-19 crisis. Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to make some difficult decisions. We had to let go of 13 great people who helped make Tor available to millions of people around the world. We will move forward with a core team of 22 people, and remain dedicated to continuing our work on Tor Browser and the Tor software ecosystem. The world won't be the same after this crisis, and the need for privacy and secure access to information will become more urgent. In these times, being online is critical and many people face ongoing obstacles to getting and sharing needed information. We are taking today's difficult steps to ensure the Tor Project continues to exist and our technology stays available. We are terribly sad to lose such valuable teammates, and we want to let all our users and supporters know that Tor will continue to provide privacy, security, and censorship circumvention services to anyone who needs them. Mashable reminds its readers that "Those wishing to make sure the specifics of their online browsing remain their own personal business can donate to Tor's non-profit organization. "Because with more and more of our lives happening online for the foreseeable future, it's a good idea to have an organization working to protect what little digital privacy we have left."' -- source: https://yro.slashdot.org/story/20/04/18/1129249 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

After 8 Years of Remote-Access Trojans Attacks, Can We Still Say Linux is Secure?
by Peter Reutemann 19 Apr '20

19 Apr '20

'Remember when BlackBerry reported Advanced Persistent Threat groups have been infiltrating critical Linux servers for at least eight years? What's the lesson to be learned? LinuxSecurity Founder Dave Wreski argues "Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration." Writing for Linux Security, Slashdot reader b-dayyy gathered some additional responses: Some experts argue that it is the popularity of Linux that makes it a target. Joe McManus, Director of Security at Canonical, explains: "Linux and, particularly Ubuntu, are incredibly secure systems but, that being said, it is their popularity that makes them a target." Ian Thornton-Trump, a threat intelligence expert and the CISO at Cyjax, adds: "From an economic and mission perspective, it makes sense for a threat actor to invest in open-source skills for flexibility and the ability to target the systems where the good stuff is happening." Despite the increasing number of threats targeting Linux systems, there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems. Threat actors recognize this, and are still directing the majority of their attacks at proprietary operating systems. These attacks do; however, serve as a much-needed wakeup call for the security community that more needs to be done to protect Linux servers. BlackBerry's report reveals that security solutions and defensive coverage available within Linux environments is "immature at best". Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits. Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this, are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse." ' -- source: https://it.slashdot.org/story/20/04/19/0040223 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0

Apple > Ikea
by Lawrence D'Oliveiro 17 Apr '20

17 Apr '20

Guess how much it costs to get the castor wheel kit for your new Apple Mac Pro <https://www.theregister.co.uk/2020/04/16/apple_mac_pro_699_dollar_wheels/>. I wonder what other furnishing-related items Apple could sell. How about a nice doily to go on top?

1 0

New Jersey Needs COBOL Programmers!
by Lawrence D'Oliveiro 17 Apr '20

17 Apr '20

The Governor of the US state of New Jersey is appealing for help in maintaining their elderly COBOL-based mainframe systems <https://www.theregister.co.uk/2020/04/05/new_jersey_seeks_cobol_volunteers/> that process welfare benefit requests. The volume of requests has gone up a lot lately, and the systems are having trouble coping. By the way, I don’t understand this “ugly side of technical debt” phrase. Does technical debt have a pretty side?

3 4

Linksys Asks Users To Reset Passwords After Hackers Hijacked Home Routers Last Month
by Peter Reutemann 17 Apr '20

17 Apr '20

'Router vendor Linksys has locked user accounts on its Smart WiFi cloud service and is asking them to reset passwords after hackers have been observed hijacking accounts and changing router settings to redirect users to malware sites. From a report: Linksys' decision only impacts Smart WiFi accounts. Linksys Smart WiFi is a cloud-based account system that lets device owners connect to Linksys routers (and other equipment) over the internet to manage router settings. Smart WiFi is widely deployed across Linksys' router fleet, making it an ideal target for hackers who may want to hijack routers en-masse. According to a Bitdefender report published last month, this is exactly what's been recently happening. The cyber-security firm said it detected an organized campaign to break into D-Link and Linksys routers and change DNS settings.' -- source: https://it.slashdot.org/story/20/04/16/1727210 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 0