Blog

Big security flaws found in popular password managers 1Password, Dashlane, KeePass, and LastPass - But...

Date Published: Wed, 20 Feb 2019 22:07:59 +0200

Big security flaws found in popular password managers 1Password, Dashlane, KeePass, and LastPass - But open source KeePass may be least affected

A report by the Independent Security Evaluators (ISE) shows that many popular password managers store their master passwords in plain text, potentially exposing users’ data to hackers.

The ISE tested 1Password, Dashlane, KeePass, and LastPass on Windows, and found that all of these apps “fail in implementing proper secrets sanitisation”.

See https://mybroadband.co.za/news/security/296572-big-security-flaws-found-in-popular-password-managers.html but also click through to the actual report which shares the details of this test along with a summary near the bottom and it is interesting to note that open source KeePass has the least red blocks. These may be potential vulnerabilities but in the real world these are still by far your best protection.

#passwords #passwordmanager


Big security flaws found in popular password managers
A report shows that many popular password managers store their master passwords in plain text within system memory.

Once hailed as unhackable, blockchains are now getting hacked

Date Published: Wed, 20 Feb 2019 21:47:49 +0200

Once hailed as unhackable, blockchains are now getting hacked

Early last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. Its blockchain, the history of all its transactions, was under attack.

An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million.

Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.

But the more complex a blockchain system is, the more ways there are to make mistakes while setting it up.

An interesting read at https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/

#blockchain #hacking


Once hailed as unhackable, blockchains are now getting hacked - MIT Technology Review
More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.

Samsung’s foldable phone is finally official — meet the Galaxy Fold and it will start at $1,980

Date Published: Wed, 20 Feb 2019 21:42:15 +0200

Samsung’s foldable phone is finally official — meet the Galaxy Fold and it will start at $1,980

The device will start at a whopping $1,980 and arrive on April 26. Samsung says both LTE and 5G-capable variants will be available.

As the company hinted at its developers conference last year, the Galaxy Fold consists of two displays: a 4.58-inch, 1960x840 resolution panel that serves as a more traditional smartphone display, and a foldable 7.3-inch, 2152x1536 resolution panel that behaves more like a tablet.

OLED panels are known in part for their flexibility, which in this case allows users to close the Galaxy Fold like a book. Samsung says it uses a hinge system with “multiple interlocking gears” to create the fold, which the company claims is—and indeed appears to be, at first blush — hidden from view.

Yep it's pretty pricey as a phone but I suppose you need to compare that price to having a phone and a tablet (in one device) and then maybe it's not so expensive.

More info at https://arstechnica.com/gadgets/2019/02/samsungs-foldable-phone-is-finally-official-meet-the-galaxy-fold/

#samsungfold


Samsung’s foldable phone is finally official—meet the Galaxy Fold
Samsung's half-phone, half-tablet is real, starts at $1,980, launches April 26.

Best Multi-Tools & Pocket Tools for Your Everyday Carry

Date Published: Wed, 20 Feb 2019 21:30:49 +0200

Best Multi-Tools & Pocket Tools for Your Everyday Carry

There is no excuse as they come in all sizes and shapes, even disguised as pens... I permanently carry my Leatherman Charge TTi everywhere I go (apart from flying, unfortunately). Whether I'm in the roof working or at friends' houses there is always that time you just quickly need to cut a wire, tighten a screw, twist something off, file something smooth, cut a piece of PVC pipe, etc. Why I love my Charge TTi is because I can carry some replacement bits with a drive extender all in the same small carry case. It's not cheap but it will last 20 or 30 years which works out quite cheap per year.

The Mantality site though at https://www.mantality.co.za/blog/multi-tools-and-pocket-tools.html lists a few more interesting compact options

#mulitool #gadgets #pockettool


Best Multi-Tools & Pocket Tools for Your Everyday Carry by Mantality
Multi-tools and pocket tools are becoming more and more essential. As men we like to be prepared for anything that life throws at us.

Winlink is a worldwide radio email service that uses amateur-band radio pathways where the internet ...

Date Published: Wed, 20 Feb 2019 21:19:15 +0200

Winlink is a worldwide radio email service that uses amateur-band radio pathways where the internet is not present and is capable of operating completely without the internet

This system can get messages through where even voice is not practical to use, as it uses a store and forward system which routes using radio. It is similar to the way normal e-mail would forward automatically across the Internet choosing the best route around any problems. Winlink does the same but via radio pathways.

More complex (and accurate) messages can be composed and then only require a few retries and short throughputs to get the message transmitted, and it can be retrieved in the same manner. This is ideal for say maritime vessels which may only get sporadic periods of communication but where they can in that time transmit and receive any messages.

Message services can include email with attachments, position reporting, weather bulletins, emergency and relief communications, and message relay.

Typically if an area is hit by a disaster and normal communications are down, an amateur radio operator with this service could send emails to any normal Internet address elsewhere in the world, and receive messages back.

End-user software used could be Winlink Express for Windows or Pat (cross-platform) and there are other choices too.

Watch a short video overview at https://youtu.be/qGhUfW8pjY8 or more info at Winlink's website at https://winlink.org/

#winlink #emergency #disaster


Xiaomi Mi 9’s kernel source code is available immediately after launch - includes the Qualcomm Snapdragon...

Date Published: Wed, 20 Feb 2019 20:48:27 +0200

Xiaomi Mi 9’s kernel source code is available immediately after launch - includes the Qualcomm Snapdragon 855 with 8GB RAM and a 48MP camera

There was a time not too long ago when Xiaomi was one of the worst offenders when it came to releasing kernel source code for a device in a timely manner. (The GPLv2 license of the Linux kernel legally necessitates kernel source code to be distributed promptly). The prompt availability of kernel source code is the first step on the eventual road to getting a custom recovery such as TWRP and then device-specific custom ROMs.

Which means for ordinary users that if/when the OEM stops pushing out OS updates you have a good chance of getting them via custom ROM for a while yet.

For users suspicious of any OEM's code you can opt to install 3rd party code which you can also inspect or audit.

So releasing the code is one of the important considerations I consider when choosing a phone. It's not just about how many megapixels the camera has.

See https://www.xda-developers.com/xiaomi-mi-9-kernel-source-code-available/

#Xiaomi


Xiaomi Mi 9's kernel source code is available immediately after launch
Xiaomi has released the kernel source code of the Xiaomi Mi 9 (device code-name: cepheus) on the day of its announcement, which is good to see.

We Need A Fossil Fuel Primer Because The Media Isn’t Telling Us Enough About Climate Change eg. scientists...

Date Published: Wed, 20 Feb 2019 07:35:01 +0200

We Need A Fossil Fuel Primer Because The Media Isn’t Telling Us Enough About Climate Change eg. scientists can prove that CO2 in the atmosphere comes from human activities and which ones

People sometimes declare that the world has always had periods of warming and cooling. So — how do we really be certain that today’s warming is primarily caused by humans? How do we know that putting too much carbon into the atmosphere (CO2) when we burn coal, oil, and gas or cut down forests is really the cause of current global warming trends? According to the Union of Concerned Scientists, we know human activities are driving the increase in CO2 concentrations because atmospheric CO2 contains information about its source.

Carbon from fossil fuels has a distinct “signature” — its composition of heavier and lighter atoms of carbon. The smaller the ratio of heavier to lighter carbon atoms, the higher the proportion of carbon from fossil fuels. Over the years, the ratio of heavy to light carbon atoms has decreased as the overall amount of CO2 has increased. This information tells scientists that fossil fuel emissions are the largest contributor of atmospheric CO2 concentrations since the pre-industrial era.

Interesting also on the economics around the effect of falling demand for fossil fuel from late 202's in that no we won't just have the option to pay more for it, it is worse than that, as the price for fossil fuels will actually fall meaning it is not economically viable to extract, produce, transport and sell = it won't be made available,. Which means we just won't have the choice to use it any longer. The article below is really well worth reading as it also looks at how media is, or is not, covering these issues and for example how often did media covering these issues disclose their ties to the fossil fuel industry.

See https://cleantechnica.com/2019/02/18/we-need-a-fossil-fuel-primer-because-the-media-isnt-telling-us-enough-about-climate-change/

#climatechange #media


We Need A Fossil Fuel Primer Because The Media Isn't Telling Us Enough About Climate Change | CleanTechnica
Why don't we know more about climate change

Nissan concept uses recycled Leaf batteries to power camping trips - Could open a new market

Date Published: Tue, 19 Feb 2019 23:24:41 +0200

Nissan concept uses recycled Leaf batteries to power camping trips - Could open a new market

Nissan has sold more than 350,000 Leafs since the car debuted in 2011, and as they’ve aged, the company has thrown around a lot of ideas about how to recycle their batteries. The latest idea: a smart pop-up camper powered by old Leaf battery cells.

The camper concept was developed in partnership with off-road camping manufacturer Opus. The Leaf-powered pack in the concept camper stores just 700wH, and has a maximum output of 1kW — a small slice of a typical Leaf battery, but still plenty to power all the electronics in the camper for a few days, including multiple USB sockets, LED lighting, a 4G hotspot, as well as the included portable microwave, dual-burner gas stove, and fridge. A 400W solar panel can recharge the battery pack in two to four hours, according to Nissan. But the pack can also be removed and plugged directly into any 230V outlet.

Just a concept for now but used EV batteries are actually great as static storage for a second life. Of course, if you have Leaf you could just go camping with it?

See https://www.theverge.com/2019/2/18/18229946/nissan-concept-recycled-leaf-batteries-power-camping-trips

#batteries


Nissan concept uses recycled Leaf batteries to power camping trips
Go off the grid and green at the same time

We’re 10 days away from new mobile data laws (out of bundle protection) in South Africa – here’s what...

Date Published: Tue, 19 Feb 2019 22:10:56 +0200

We’re 10 days away from new mobile data laws (out of bundle protection) in South Africa – here’s what you need to know

South Africa is 10 days away from new data regulations – with mobile customers soon to be spared from out of bundle charges, unless they choose to opt in.

The amended End User and Subscriber Services Charter (EUSSC) Regulations will come into effect on 1 March, which will prevent mobile operators from automatically charging out of bundle data rates for customers who do not opt into the service.

The regulations also state that mobile operators must send usage depletion notifications (SMSes) as customers consume their data bundles.

Good news as many subscribers got caught by surprise - myself included once.

See https://businesstech.co.za/news/mobile/300412/were-10-days-away-from-new-mobile-data-laws-in-south-africa-heres-what-you-need-to-know/

#southafrica


We’re 10 days away from new mobile data laws in South Africa – here’s what you need to know
South Africa is 10 days away from new data regulations – with mobile customers soon to be spared from out of bundle charges, unless they choose to opt in.

When India Kicked Out Coca-Cola, Local Sodas Thrived - But it can also happen with software too...

Date Published: Mon, 18 Feb 2019 22:53:20 +0200

When India Kicked Out Coca-Cola, Local Sodas Thrived - But it can also happen with software too...

It's always interesting (frustrating) to me to see how an organisation starts to buy an outsider service (the latest hype one is a cloud service) and then becomes even more dependent on it over time as they let their internal skilled resources shrivel and die. Don't think external service providers don't know this as their first prize is to feed your dependence and then secure your lock-in... It's then very difficult to switch providers or pull the service back internally as now you don't really have those skills internally to take it over or to even successfully judge the external provider.

You end up then with your local service providers just marking up a foreign service and dropping the boxes off. There are lots of disguises in the form of digital villages, skills transfers, etc but when you are paying double or triple and getting a token 15% back who is being fooled?

To quote an unsavoury part of South Africa's own past it was isolated through sanctions during the Apartheid years and its defence force allowed local industries to innovate and thrive. I'm certainly not promoting going back to that era but it is interesting what effect it has on a local industry to push all the investment their way and let them innovate with it. The money is now 100% directed at local manufacturing and jobs.

Instead in South Africa, we've been seeing our software innovation around Ubuntu Linux and Elon Musk's Zip2 being snapped up overseas. I suppose you have to decide at a fundamental level as a country/organisation whether you want to be a net consumer or producer...If you remain a consumer you will be dependent and have to continue paying someone else whatever you are charged. But the slogan "Nobody Gets Fired For Buying IBM" still seems to ring true...

See the Indian soda story though at https://www.atlasobscura.com/articles/what-is-thums-up


When India Kicked Out Coca-Cola, Local Sodas Thrived - Gastro Obscura
Some still reign today.
Subscribe to GadgeteerZA Blog Posts