CCATP – Taming the Terminal Part 17 of n with Bart Busschots

Main Topic – Regular Expressions

Taming the Terminal Part 17 of n – Regular Expressions: http://www.bartbusschots.ie/blog/?p=3542

Security Light

HeartBleed Followup/Update:

• OpenBSD fork OpenSSL to create a new stripped-down version called LibreSSL – the aim, to have a smaller and easier to maintain, and hence hopefully more secure, open source implementation of SSL (don’t jump in too quick though,

  refactoring code could easily introduce new bugs, so this will take time to mature) – http://nakedsecurity.sophos.com/2014/04/23/libressl-aims-to-prevent-the-next-heartbleed/

• Linux Foundation invests in OpenSSL (and other important technologies) by setting up the Core Infrastructure Initiative (will be about more than OpenSSL) – http://nakedsecurity.sophos.com/2014/04/25/more-post-heartbleed-lovecash-for-openssl/
• Heartbleed claimed it’s first high-profile victims – UK parenting site Mumsnet & the Canadian Revenue Agency – http://nakedsecurity.sophos.com/2014/04/15/heartbleed-jabs-its-first-victims-uk-parents-site-mumsnet-canadian-tax-agency
• Also claimed it;s first arrest, with a 19 year old Canadian being arrested in relation to the Canadian Revenue Agency hack – http://nakedsecurity.sophos.com/2014/04/17/heartbleed-sees-first-arrest-in-wake-of-canada-revenue-agency-breach/

Important Security Updates:

• Apple released Security Update 2014-002 for OS X (10.7 Lion, 10.8 Mountain Lion & 10.9 Mavericks). The update includes fixes to Secure Transport, Apple’s implementation of SSL/TLS (unrelated to HeartBleed) – http://support.apple.com/kb/HT6207
• Apple released iOS 7.1.1 including important security updates – http://support.apple.com/kb/HT6208
• Apple released Apple TV 6.1.1 including important security updates – http://support.apple.com/kb/HT6209
• Apple released AirPort Base Station Firmware Update 7.7.3 (a HeartBleed fix for new AC routers) – http://support.apple.com/kb/HT6203
• Adobe released and out-of-band patch for the mobile version of Adobe Reader (for Android) to fix a remote code execution bug – http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
• Oracle released their latest quarterly Java update, patching 37 security vulnerabilities (reminder – avoid having Java enabled in your browser if at all possible) – http://krebsonsecurity.com/2014/04/critical-java-update-plugs-37-security-holes/

Important Security News:

• Followup – last time we reported on the fake Android AV app Virus Shield being the top paid app on the Google Play store and thousands of people being defrauded. Allison asked if Google had refunded the defrauded customers. Bart didn’t know one way or the other. It turns out they hadn’t then, but they have now – http://nakedsecurity.sophos.com/2014/04/22/google-refunds-android-users-who-bought-fake-virus-shield-app/
• University of New Haven researchers have found a flaw in how WhatsApp sends location data (uses HTTP instead of HTTPS) – http://nakedsecurity.sophos.com/2014/04/19/dont-share-your-location-with-your-friends-on-whatsapp/
• University of New Haven researchers also found serious security and privacy problems with Viber – data sent un-encrypted, and left completely open on servers – http://nakedsecurity.sophos.com/2014/04/24/here-we-go-again-viber-mobile-messenger-app-leaves-user-data-unencrypted/
• At the start of the year we discussed a back-door found in a bunch of Cisco, Linksys, NetGear and other routers (http://nakedsecurity.sophos.com/2014/01/03/gaping-admin-access-holes-found-in-soho-routers-from-linksys-netgear-and-others/). The problem was in firmware provided by an OEM manufacturer (SerComm). An incomplete list of known affected and unaffected products was published on GITHub by the security researcher who found the bug (https://github.com/elvanderb/TCP-32764). Sercomm claimed to have fixed the back-door, but the security researcher wondered how well they had closed the door, so he started poking at the new firmware. The problem Sercomm chose to fix was not that there was a backdoor, but that people knew about it! Their solution, to try put the genie back in the bottle and create a better back door that researchers wouldn’t find – they failed! – http://nakedsecurity.sophos.com/2014/04/23/the-soho-router-backdoor-that-was-fixed-by-hiding-it-behind-another-backdoor/
• Google patched Android to fix a mistake in their security permissions that enabled apps to alter the effect of app icons on the launcher, redirecting people to spam/phishing sites. Google were told of the problem in October, but only released the patch to OEMs in February – as usual with Android, goodness knows when users will get the patch, and many never will – http://www.computerworld.com/s/article/9247674/Google_issues_patch_for_Android_icon_permissions_attack

Notable Breaches:

• Michaels (and subsidiary Aaron Brothers) lose 3 million credit and debit cards – http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/
• LaCie warns customers of year-long credit card breach – http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-long-credit-card-breach/

Suggested Reading:

• Controversial centralised cloud-based US student database inBloom closes after parents groups successfully campaigned against the system – http://nakedsecurity.sophos.com/2014/04/24/parents-win-against-cloud-storage-of-us-students-private-information/
• The Smart Phone Kill-Switch Saga Continues:

• The US DOJ want the right to warrantless searching of smartphones before people have a chance to wipe them –http://nakedsecurity.sophos.com/2014/04/25/feds-argue-for-warrantless-phone-search-to-avoid-suspects-kill-switching-evidence/

Reason 1001 not to jailbreak – new Apple ID-stealing jailbroken-iOS malware “Unflod Baby Panda” emerges (thankfully no sign of major infections at this time) found – http://nakedsecurity.sophos.com/2014/04/21/new-ios-malware-with-a-funky-name-unflod-baby-panda/

FTC effectively lets Brightest Flashlight app get away with disclosing the location of 50 million people – http://gigaom.com/2014/04/09/brightest-flashlight-android-app-disclosed-location-of-50-million-people-but-ftc-imposes-no-fine/

EFF warns of FBI plans to build massive facial recognition DB with millions of records by 2015 (not limited to criminals) – https://www.eff.org/deeplinks/2014/04/fbi-plans-have-52-million-photos-its-ngi-face-recognition-database-next-year

Photographic Sorbet (Time Permitting)

There is no one right way to compose a shot, but, a simple tip that can be very effective for landscape-style shots is to find a shadow and get into it – by shooting from within a shadow you can use the shadow to add foreground interest and depth to your shot. It can be a big shadow or a little shadow. As a bonus, if the sun is low, getting into a bigger shadow is also a great approach for keeping your own shadow out of your shots.

https://www.flickr.com/photos/bbusschots/13928438762/

https://www.flickr.com/photos/bbusschots/10523843154/

https://www.flickr.com/photos/bbusschots/9459340997/

https://www.flickr.com/photos/bbusschots/8589671489/

https://www.flickr.com/photos/bbusschots/7997340925/

https://www.flickr.com/photos/bbusschots/6379352255/

https://www.flickr.com/photos/bbusschots/7167717254/

Bart’s other shows:

Let’s Talk Photography

Let’s Talk Apple

Both at http://lets-talk.ie