Monthly Archives: July 2015
The Internet causing 'digital amnesia'?
Stakeholders Argue Against Restrictive Wassennaar Proposal
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate.
Tech Tips to Stay Safe While Travelling Abroad
One in five of the 198 million Americans who have plans to take vacations this summer are planning to go abroad, with Europe being the most popular destination.
The attraction is not surprising given the strong US dollar, though uncertainty about the Greece debt crisis and default, and its impact (still an unknown), is a possible damper for some travel plans.
At this juncture, the UK Foreign Office has advised its travellers: “Visitors to Greece should be aware of the possibility that banking services – including credit card processing and servicing of ATMs – throughout Greece could potentially become limited at short notice.”
The Greek situation aside…If you are preparing to travel abroad, here are some tech-related tips on the basics to make sure you have a great, safe time.
Cash or credit cards?
It’s a simple but complex question. Many small proprietors in Europe only take cash. So, you will need to travel with a certain amount of cash.
Starting with currency basics, there are many apps that can show you instant conversion rates, no matter what country you are visiting. And now, ordering currency online can make your life easier. Order Euros online from your bank in advance and get delivery direct to your home or for pick up at your local bank branch in 1-3 business days.
If you need to find an ATM on the fly while abroad, try an app such as as ATM Locator available on the Android platform or iOS.
At the end of the day, most security experts advise against using your debit card for anything beyond cash withdrawals at ATMs. For other transactions, use cash or a credit card.
Using Your Mobile Abroad
Probably chief among the tech challenges for most of us when traveling abroad is using your cell and smartphones. Cell phones and other mobile devices from North America don’t automatically work in Europe. Europe uses the GSM network and much of North America primarily uses the CDMA network. Some US cell phone companies use GSM (T-Mobile, AT&T), but many do not.
To be able to use phones whether they are public phones, landlines or a mobile phone, please confirm the situation with your personal device manufacturer and service provider before you leave for your trip.
Among your options, is to rent a European cell phone. Telestial, for example, offers standard rental package which comes with a SIM with a UK number. That means that if you are calling to other countries, there are calling charges. For lowest calling charges rent the phone and then purchase a local SIM either in advance or when you arrive.
If you can use your own phone, get an international calling and data plan. Roaming charges have improved, but can still add up very quickly. Before you leave, contact your carrier for an international data and calling plans. Also check how to access your Cell phone voicemail when traveling abroad; it may be different than when you are at home.
Turn off the phone when not in use. Turn off 3G (or 4G), cellular data and data roaming when not in use. Another quick fix is turn your phone on “airplane mode.’ Disable automatic downloads and app updates, or restrict this feature to operate only when connected to Wi-Fi. Reset all your usage statistics (so you can keep track of how much you are using your phone, whether it’s texting, voicemail, etc.).
You might also want to pick up a local calling card, as old school and non-high-tech as that seems. J In many cases, these cards offer better rates to cellular networks in foreign countries than are available in the U.S.
“Free” Wi-Fi considerations
Wi-Fi is ubiquitous now and that’s a good thing. But you need to be careful. This is where a lot of data gets stolen. Whether it’s at a café or your hotel, you should ask staff to tell you the name of the network. Many scams simply say “Free Wi-Fi” and people innocently connect with them…
As another simple precaution, avoid disclosing any sensitive information online in a free Wi-Fi hotspot. This would include banking, credit card information, or other personal data.
I highly recommend using AVG’s Wi-Fi Assistant, a free app that allows you to encrypt your data when on the move and helps save battery by shutting off your smartphone’s Wi-Fi when not in use.
Oh, and finally, be sure to leave that selfie stick at home J. (They have been banned at many tourists sites!)
The UK gets ready for automated vehicles
Earlier this July, the British government published “The Pathway to Driverless Cars: A Code of Practice for testing”, a fourteen page document clarifying the legislation around driverless vehicle testing in the UK.
As expected, the document is heavily skewed towards safety, with stipulations for operator overrides and emergency service procedures among others.
That’s not the part that I found interesting about the guidleines. That came later, and was more focused on data collection and cyber security.
As we have come to expect from our connected devices, data collection is inevitable. The government’s outlines mandate the following as minimum data recording functionality on the vehicle.
As a minimum this device should record the following information (preferably at 10Hz or more):
- Whether the vehicle is operating in manual or automated mode
- Vehicle speed
- Steering command and activation
- Braking command and activation
- Operation of the vehicle’s lights and indicators
- Use of the vehicle’s audible warning system (horn)
- Sensor data concerning the presence of other road users or objects in the vehicle’s vicinity
- Remote commands which may influence the vehicle’s movement (if applicable)
Add to these minimum prerequisites some other specific datasets such as location (for traffic updates etc.) and you begin to get the picture. Very soon our connected, driverless cars will become a hive of activity, bringing convenience to our daily lives but documenting it like never before.
In fact, immediately following the data collection requirements, the document then went on to establish expected behavior for handling this data.
“Testing is likely to involve the processing of personal data. For example, if data is collected and analysed about the behaviour or location of individuals in the vehicle, such as test drivers, operators and assistants, and those individuals can be identified.”
Will our own cars present a privacy risk to us in the future? Thorough data logs of everything we do and everywhere we go suggest that it might. Who knows, perhaps we’ll see an optional “incognito mode” like we see in some web browsers, where you can drive “off-record” for a limited time.
I was also pleased to see the inclusion of some basic cybersecurity standards included in the document. As our digital world rapidly merges with the offline, it becomes ever more important to safeguard the things that matter most from attack.
The document stipulates:
“Nevertheless, manufacturers providing vehicles, and other organisations supplying parts for testing will need to ensure that all prototype automated controllers and other vehicle systems have appropriate levels of security built into them to manage any risk of unauthorised access.”
This is hardly comprehensive but it does make developers consider cybersecurity from the outset.
While time will tell just how ready the people of Britain are for driverless vehicles, but it’s good to see that the government is addressing safety concerns both on the road and online.
CVE-2015-0681
The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733.
CVE-2015-2973
Multiple cross-site scripting (XSS) vulnerabilities in Welcart before 1.4.18 allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.
Interview With Hacking Team CEO David Vincenzetti
Hawkeye-G 3.0.1.4912 Cross Site Request Forgery
Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
Debian Security Advisory 3315-1
Debian Linux Security Advisory 3315-1 – Several vulnerabilities were discovered in the chromium web browser.