Episode 386 – Aussie Tech Heads Shownotes

posted in: Show Notes | 0

GLENN’S SHOWNOTES

 
 
An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
 
Tons of major web services and web apps OpenSSL as a way to provide SSL/TLS functionality. Out of the box, OpenSSL is included with lots of versions of Linux, including Debian, Suse, Red Hat and Ubuntu. Two of the most popular projects for acting as web servers, Apache and Nginx, use OpenSSL.
 
It’s not just apps and services that control web pages. Lots of email services, instant messaging clients, network routers and even printers can use OpenSSL.
 
OpenSSL runs on 66% of the web. Even if you don’t ever see OpenSSL or know what it stands for, chances are, you interact with it several times a day. That interaction can be as simple as entering in a password for an email account or as complex as sending a private message or photo or even filing your taxes.
 
OpenSSL is a major part of the modern Internet.
 
If OpenSSL has a flaw?
 
if that flaw meant those secret keys between you and the server were suddenly accessible by someone else?
 
if the flaw meant that someone could secretly gain access to the keys the server has, make a copy for themselves, and eavesdrop on everything you say to that server?
 
What if that flaw was impossible to detect?
 
the worst part is that this vulnerability has actually been around since December 2011. Lots of software packages started using the vulnerable version of OpenSSL in May 2012. So for two years, any app, website, bank or private messaging app that uses OpenSSL has been vulnerable to this bug.
 
Now, it’s important to note that not every web server or application uses OpenSSL as its SSL/TLS implementation
 
Change Password for
 
Facebook
 
Tumblr
 
Google
 
Yahoo
 
Gmail
 
Yahoo Mail
 
Dropbox
 
Lastpass
 
OK Cupid
 
Sound Cloud Wunderlust
 
 
LastPass’ ever-useful Security Check tool now includes recommendations for Heartbleed, letting you know which sites have closed the hole, when, and if you should update yet.P
 
To run the tool, just click on the LastPass extension and head to Tools > Security Check. After running the tool, you’ll get the results (shown above) so you know what passwords to change. Hit the link to read more.P

 
Should the rollout reach full adoption, it will become the largest non-education Office 365 deployment seen in Australia across both the private and public sectors.
 
No quick fix for XP
 
The new deal does not cover operating system licences, which will continued to be managed on an agency-by-agency level.
 
Walker said that arrangements with Microsoft are in place to provide custom support to those entities that haven’t yet fully migrated off the now unsupported Microsoft XP.
 
His own department is still running XP on 40 percent of PCs.
 

 
 
The Windows 8.1 Update arrives today – and Microsoft has warned users to install it quickly or risk missing out on future updates.
 
The first major update to Windows 8.1 includes UI tweaks designed to make the OS easier to use on desktops and laptops: for example, unless you’re using it on a tablet, your machine will now boot to the desktop by default.
 
Microsoft has warned that users must install the Windows 8.1 Update this month in order to keep getting security fixes. “Failure to install this update will prevent Windows Update from patching your system with any future updates, starting with updates released in May 2014,” said Microsoft in a blog post.
 
In order to install the Windows 8.1 Update, you’ll need to have first installed the March update, KB2919442. If this is installed, the new update should show up in Windows Update or the Windows Download Centre; it was first made available to MSDN subscribers last week.
 
Other changes include the addition of Search and Power icons to the Start screen, contextual menus for Tiles and minimise and close buttons for apps. Additionally, it’s now possible to pin Modern-style Store Apps to the Taskbar in the desktop.
 
Microsoft has a full description of changes on its blog.
 
Microsoft has suspended the Windows 8.1 Update for business users on its Windows Server Update Server (WSUS) because of a bug.
 
The flaw interferes with WSUS, stopping Windows 8.1 from scanning the corporate update service for new updates – meaning users wouldn’t receive any future patches.
 
For admins who have already installed Windows 8.1 Update, Microsoft revealed a workaround to get machines scanning WSUS again
 
A solution will likely arrive quickly, as Microsoft has warned all Windows 8.1 users that they must install the update in order to get next month’s round of security patches.
 

 
 
DC4G, a local “proximity marketing” specialist company.  
 
The company has announced the sensors will be installed in 45 shopping centres where it operates free Wi-Fi services, the first being Mt Ommaney Shopping Centre in Queensland.
 
The sensors are small dome shaped devices about the size of two 50 cent pieces. Shoppers download a pass to their phone and special offers are triggered when shoppers are near the sensors. The offers appear as notifications on the phone screen.
 
The system relies on Apple’s iBeacon system. This transmits via Bluetooth low energy which transmits 2.4GHz signals up to 200 feet away, according to the Estimote web site.
 

 
 
Microsoft officially ended support of Windows XP, issuing its last security update for the venerable operating system and its Office 2003 suite, officially sunsetting the software in perpetuity.
 
In its April 2014 Patch Tuesday round of security updates, Microsoft released two critical bulletins and two rated important, impacting Microsoft Word, Internet Explorer and all versions of its operating system. In all, Microsoft repaired 11 vulnerabilities impacting its software.
 
Extended Support of Windows XP is available to organisations that can afford the premium service. Microsoft struck a multimillion Euro deal with the Dutch national government to provide security updates on a regular basis. It has made similar custom support agreements with authorities in England and Australia, and some private-sector firms have made arrangements to continue to receive security updates.
 
ATMs that are running a scaled-down, embedded version of Windows XP have until 2016 before support is officially ended.
 

 
 
 
The small external battery was attached to a Samsung Galaxy S4, and was fully charged from empty in 26 seconds.
 
StoreDot hopes to shrink the battery down enough to be integrated into devices such as smartphones. However, the company predicts that it will be at least three years before the battery is commercially ready, and it’s expected to cost 30 percent to 40 percent more than existing batteries, according to the BBC.
 
The batteries are created using a new material made out of self-assembling nano-crystals, uncovered via research into the use of chains of amino acids called peptides to battle Alzheimer’s Disease.
 

 
 
Petrol-sniffing spiders have forced Mazda to issue a voluntary recall notice so it can apply a software fix to its cars.
 
The yellow sac spider is attracted to the smell of petrol, and will weave its web in engines, causing a blockage and build-up of pressure.
 
The problem increased the risk of fire, Mazda said.
 
A software update will be applied to recalled cars to monitor the pressure level and warn drivers of any danger.
 
Mazda said it was unaware of any fires being started due to the vulnerability, but it has been a problem that has plagued the company since at least 2009.
 
Specifically, it is Mazda 6s from the 2010-12 range that are covered by this latest recall.
 
The yellow sac spider is native to northern America. There is an Australian arachnid known as the yellow nightstalking sac spider, but it is unknown whether the local breed has the same taste for fuel fumes.
 

 
 
The first System 360 mainframe was unveiled on 7 April 1964 and its arrival marked a break with all general purpose computers that came before.
 
The machines made it possible to upgrade the processors but still keep using the same code and peripherals from earlier models.
 
Despite their age, mainframes are still in wide use now, said Barry Heptonstall, a spokesman for IBM.
 
“I don’t think people realise how often during the day they interact with a mainframe,” he said.
 
Mr Heptonstall said mainframes were behind many of the big information systems that keep the modern world humming and handled such things as airline reservations, cash machine withdrawals and credit card payments.
 
The machines were very good at doing small-scale transactions, such as adding or taking figures away from bank balances, over and over again, he said.
 

 
 
Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad’s account without the right password.
 
Microsoft has fixed the flaw, and added Kristoffer to its list of recognised security researchers.
 
The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.
 
Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad’s account.
 
In a statement, the company said: “We’re always listening to our customers and thank them for bringing issues to our attention.
 
“We take security seriously at Xbox and fixed the issue as soon as we learned about it.”
 
 
The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.
 

 
Canberra pay parking app won’t need paper tickets
 
Motorists using government-owned car parks around Canberra won’t have to display a paper ticket on their dashboard once the rollout of a new smartphone application is complete.
 
The app records the owner’s credit card details, number plate and park location and when fully implemented promises to allow parking officers to check if payment has been made without a paper ticket.
 
 
Liked it? Take a second to support Aussie Tech Heads Podcast on Patreon!

Leave a Reply