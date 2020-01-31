Security, Proprietary Software and Openwashing
Security updates for Tuesday
Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django).
PortSys heightens security for SSH network services with Total Access Control
PortSys®, a global innovator in information security and Zero Trust Access control for the enterprise, today announced that Total Access Control™ (TAC) now offers protection for SSH network services.
Short Topix: U. S Gov't Once Again Requests iOS Back Door
In a bold move that will end up protecting users everywhere for all platforms, Microsoft has taken control of 50 domains believed to be used by the North Korean hacking group commonly referred to as Thallium, according to a blog report on Microsoft's site.
U.S. District Court documents were unsealed on December 27, 2019 that detail the steps that Microsoft has undertaken to disrupt cyberattacks originating from the Thallium hacking group. As a result, those 50 sites will no longer be able to be used to launch cyberattacks.
The attacks were mostly "spear phishing" attacks. They would attempt to trick users into logging into a fake Microsoft security account to fill out information about their accounts, and into revealing their account credentials. By combining publicly available information gleaned from social media accounts, the Thallium group of hackers was able to make a rather believable case for the possibility of a user's account becoming compromised.
They also employed techniques that might go undetected by the average non-tech savvy users, such as using an "r" and an "n" closely spaced to represent the first "m" in the "microsoft.com" website address.
Tech Problem With Mobile App Causes Iowa Caucus Chaos
A new mobile app was supposed to help Democratic officials quickly gather information from some 1,700 caucus sites throughout Iowa. Instead, a “coding issue” within the app is being blamed for delays that left the results unknown the morning after the first-in-the nation presidential nominating contest.
What We Know About Shadow Inc. and the App That Delayed the 2020 Iowa Caucus Results
Okay, so what happened? Basically, a company fittingly named Shadow Inc. (linked to another company called Acronym) designed an app for reporting caucus results at nearly 1,700 precincts. According to the Los Angeles Times, Shadow Inc. is not a costumed team of comic book supervillains, but a private tech firm started by people who worked on Hillary Clinton’s 2016 campaign. And, sources told the New York Times, the app used to report Iowa caucus results was hastily developed in just the last few months, with no testing at the statewide scale needed for last night.
The app, by all accounts, was a failure, forcing those running individual caucuses to call a hotline for reporting results. According to Vox, many reported they were waiting indefinitely to do so. One official trying to report results was live on air on CNN when he finally got through, only to be promptly hung up on.
[Attackers] Target Hong Kong Universities With New Backdoor Variant
Believed to have been active since at least 2009, the Winnti Group is operating under the same umbrella as Axiom, Barium, Group 72, Blackfly, and APT41, targeting the aviation, gaming, pharmaceuticals, technology, telecommunication, and software development sectors in industrial cyber-espionage campaigns.
In October last year, ESET detailed two new backdoors employed by the [attackers], namely PortReuse and the Microsoft SQL-targeting skip-2.0.
One month later, the security researchers discovered a new campaign run by the Chinese hackers, targeting two Hong Kong universities with a new variant of the ShadowPad backdoor, the group’s flagship tool.
Nevada Democratic Party abandons problematic app used in Iowa caucuses
The Nevada Democratic Party said Tuesday that it will not use Shadow Inc., the maker of the app that caused reporting issues in the Iowa caucuses, to power its state caucuses later this month, despite already paying tens of thousands of dollars to the Democrat-affiliated technology company.
In a statement, state Democratic Party Chairman William McCurdy II promised that Nevada's caucuses on February 22 will not be a repeat of Iowa's.
UBank releases open source accessibility kit on Github
UBank has released an open source accessibility kit on Github in a move to help iOS app developers and contributors improve the accessibility for users that experience issues such as low vision, cognitive impairment, or neurological impairment.
UBank digital banking chief product officer Peter O'Malley said making the accessibility kit openly available for the first time is part of the bank's mission of "making technology accessible to everyone".
"There's nothing in the market. There's no easy tool that are available for developers or contributors to make sure their apps more accessible and so for us, we want to ensure technology is accessible and easy for people to use no matter who they are," he told ZDNet.
OSS Leftovers
Android Leftovers
Fan-cooled Raspberry Pi enclosure supplies screw terminals for GPIOs
Pi-oT Hardware has launched a $35 “MKR Module” enclosure for the Raspberry Pi that routes unused GPIO pins to screw terminals. There’s also a fan, a breadboard, and circuit protection. Last August, Cleveland-based Pi-oT Hardware successfully launched a Pi-oT add-on board and enclosure for the Raspberry Pi featuring 5x relays, 8x ADCs, and power inputs. Now, the startup has returned to Kickstarter to launch a simpler MKR Module with the same fan-cooled, DIN-rail mountable enclosure, but without the relays and ADCs.
