Backdoored password manager stole data from as many as 29K enterprises - Passwordstate is an Enterprise Password Management solution

Date Published: Sat, 24 Apr 2021 10:42:41 +0200

As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app maker told customers.

In an email, Passwordstate creator Click Studios told customers that bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers. The file, named “moserware.secretsplitter.dll,” contained a legitimate copy of an app called SecretSplitter, along with malicious code named "Loader," according to a brief writeup from security firm CSIS Group.

The Passwordstate breach underscores the risk posed by password managers because they represent a single point of failure that can lead to the compromise of large numbers of online assets. Well that is a worst-case scenario for many, especially happening on the client side. Always have a good master password and ensure you have 2FA turned on.

See Backdoored password manager stole data from as many as 29K enterprises

#technology #security #passwordmanager #hacked

Image/photo

Compromised update mechanism for Passwordstate pushes malware that steals data.

How to Build Air Quality Analyzer using Arduino and Nova PM Sensor SDS011 to Measure PM2.5 and PM10

Date Published: Fri, 23 Apr 2021 23:14:43 +0200

An interesting project for measuring indoor air quality as it's worth noting that for many homes the indoor air quality is actually worse than outdoor air pollution. The demonstration here just shows the lighting of a match and how the readings jump up, and then die down again as that pollution disperses.

The sensor uses a laser diode and a photodiode to detect and count particles, while a fan moves air through the system. If you aren’t up on pollution metrics, PM2.5 is a count of very fine particles (under 2.5 microns) and PM10 is a count of particles for 10 microns.

One thing to note is that the sensor has a finite lifespan. The datasheet claims “up to” 8,000 hours. If you ran the sensor continuously that’s not quite a year, so you might want to be judicious about how often you light up the device.

See Ooohhh, That Smell: Arduino Monitors Air Quality

#technology #opensource #airquality #airpollution #DIY

Image/photo

According to [Dr. Tom Lehrer’s] song Pollution, “Wear a gas mask and a veil. Then you can breathe, long as you don’t inhale!” While the air quality in most of the world hasn…

Agatha and Poirot Partners in Crime a Biography: Agatha Christie is one of my all-time favourite authors and her first book was published 100 years ago

Date Published: Fri, 23 Apr 2021 22:06:24 +0200

I have every one of the 100+ books she published and have enjoyed rereading them over the years (I'm blessed with forgetting the ending of books). Nothing does justice like reading the actual books though, as the mind is way more powerful of conjuring up the imagery than any movie or TV series. Even if you have only seen the acclaimed David Suchet series you should still try reading some of the books.

Some of the best to read are: Murder on the Orient Express, The Murder of Richard Ackroyd, And Then There Were None, The ABC Murders, The Mysterious Affair At Styles, Murder At The Vicarage, and of course the longest running play The Mousetrap.

There is good reason why she was known as the Queen of Crime.

Watch at New: Agatha & Poirot Partners in Crime Episode 1 Easter Bank Holiday Monday 5th April 2021

#reading #agathachristie #agathaandpoirot #fiction #books

Image/photo

Ubuntu 21.04 makes a play for the enterprise desktop with Microsoft Active Directory integration

Date Published: Fri, 23 Apr 2021 16:52:43 +0200

In the corporate world Windows still rules supreme. One reason for that is most enterprises rely on Microsoft Active Directory (AD) to manage users and connect them with network resources. With the just-released Ubuntu 21.04, aka Hirsute Hippo, that could change.

There are ways to do this in Linux -- Native LDAP and Kerberos PAM and NSS modules; Samba Winbind; and System Security Services Daemon (SSSD) -- but they're not easy. There are also third-party programs such as Centrify Authentication Service that get Linux and AD on the same page. But Ubuntu 21.04 is the first major desktop Linux to come with AD support baked in.

Ubuntu 21.04 desktops can now join an AD domain at installation for central configuration. In turn, AD administrators can now manage Ubuntu workstations, which simplifies compliance with company policies.

See Ubuntu 21.04 makes a play for the enterprise desktop | ZDNet

#technology #ubuntu #enterprise #activedirectory #linux

Image/photo

For years, Ubuntu has been enormously popular with Linux fans and developers. The corporate desktop? Not so much. Now, with Microsoft Active Directory integration, Ubuntu wants to be an enterprise business desktop as well.

Woodlands Fire Chief: Lot Of Misinformation Out There About Tesla Crash And Fire - Why Are Humans Never Assumed To Be At Fault?

Date Published: Thu, 22 Apr 2021 14:36:42 +0200

Well I know why, because then we'd ban humans from driving after just a handful of crashes worldwide. Have you ever watched the car crash videos on YouTube? Video after video 30 to 40 minutes long showing all the stupid things that humans do daily which have caused crashes. We seem to have forgotten that gasoline cars can also burst into flames (more regularly). Just on stats and availability of information I'd say hands down humans are terrible drivers and are less trustworthy than machines...

But yes also sad to note that actual misinformation was given out (and repeated by so many media organisations without checking) regarding the time to extinguish, context of where the accident happened, no-one questioned how the auto-pilot (which was never proven to be on) could have even operated without a driver in the driving seat (unless humans had tampered with something).

Who even started the false story about 4 hours to extinguish the fire?

See Woodlands Fire Chief: Lot Of Misinformation Out There About Tesla Crash & Fire

#environment #EV #BigOil

Image/photo

I more or less started my coverage of Tesla almost a decade ago responding to nonsense about Tesla that was being pushed by much bigger players in the media industry. Unfortunately, that work is still necessary today. There was a very unfortunate Tesla crash this week that led to the death of two men. There […]

The Irony: Signal CEO gives mobile-hacking firm Cellebrite a taste of being hacked - 'Do as I say, not as I Do'

Date Published: Thu, 22 Apr 2021 13:59:11 +0200

Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.

Cellebrite products are commonly used by police and governments to unlock iOS and Android phones and extract data on them. Last December, the company announced that its Physical Analyzer also gave access to data from Signal.
In a blog post earlier today, Marlinspike, a cryptographer and security researcher, said that Cellebrite’s software works by parsing data that comes from an untrusted source. This means that it accepts input that may not be formatted correctly, which could trigger a memory corruption vulnerability that leads to code execution on the system. Because of this risk, one would assume that the developer was sufficiently careful to set up protections or use code that is not susceptible to vulnerabilities.

Yes one would really expect if the business of your company is to hack devices to give access to law enforcement etc, that you'd be savvy enough to protect your own computers ;-)

See Signal CEO gives mobile-hacking firm a taste of being hacked

#technology #security #hacking #cellebrite

Image/photo

Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.

You Won't Believe How Much Tech Is Hiding In This Desk

Date Published: Thu, 22 Apr 2021 12:25:05 +0200

Inspired by another build, [Pierre] set out to build his dream desk that is maximum PC power in minimum space. It is chock full of easily-accessible cavities that hide everything you’d expect, plus a few things you don’t, like a flatbed scanner, a printer, a router, and a wireless charging pad. One cavity is dedicated to I/O, and another has three international power sockets. The only thing it doesn’t hide is the 22″ pen display that [Pierre] uses for sketching, signing documents, and occasionally as a second monitor.

Even one of the table legs has a channel inside to hide the only two cables that leave the desk. Wonder if we'd ever see something like this for purchase, but I suppose the size of items do differ so not so easy.

See You Won’t Believe How Much Tech Is Hiding In This Desk

#technology #lessismore #clutter #hardware

Image/photo

Say what you will about office life: there were definitely some productivity perks, but the coffee is much better at home. Like many of us, [Pierre] has been working from home for the last year or …

SA Post Office signs deal with US online shopping giant Wish to improve deliveries - If they can get end-to-end tracking visibility right it will be something!

Date Published: Thu, 22 Apr 2021 11:27:53 +0200

Yes it sounds like 'wish'-ful thinking, and it's true that an average 50% plus faster transit time for our post office won't be noticed at all, but if they can get end-to-end tracking right that is really something because right now anything non-courier entering the SA Post Office seems to go into an endless hole in time. Even a query takes a week to two weeks to even get an answer, and then it is often 'we have no record of that shipment arriving'.

Seeing will be believing....

See SA Post Office signs deal with US online shopping giant to improve deliveries

#technology #sapo #postoffice #wish

Online shopping retailer Wish has announced a strategic partnership with the South African Post Office to strengthen its logistics capabilities and customer experience for South African consumers.

UK.gov wants mobile makers to declare death dates for their new devices from launch - Manufacturers are not going to like this

Date Published: Wed, 21 Apr 2021 22:43:29 +0200

Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.

Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.

The plans are likely to meet stiff opposition from device makers as end-of-life dates for devices are usually an open secret among the tech-savvy but stating them at the launch of a brand new bit of hardware is unlikely to be popular with manufacturers' marketing teams.

See UK.gov wants mobile makers to declare death dates for their new devices from launch

#technology #mobile #landfills #security

Image/photo

IoT security plan suddenly thrusts into the mainstream

The Ride to Hell and Back... Literally

Date Published: Wed, 21 Apr 2021 22:33:54 +0200

My wife and I did an epic 5-day motorcycle ride around the Karoo in South Africa in October 2012, and it included a detour away from the Swartberg Pass and down a treacherous pass to stay at a place called Die Hel (or The Hell in English). Going in was easy but getting out after some rain overnight proved to be a hell of a ride... this video shows the dangerous slippery single road out of The Hell, a spontaneous river that needed to be crossed, and I mention the very slippery wet clay road after that.

Watch at The Ride to Hell and Back... Literally

#motorcycling #southafrica #touring #offthebeatentrack

Image/photo

My wife and I did an epic 5-day motorcycle ride around the Karoo in South Africa in October 2012, and it included a detour away from the Swartberg Pass and d...

Subscribe to GadgeteerZA Blog Posts