2020 Newsletter: 32/34 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 29 JUNE - 4 JULY 2020

Hello and Welcome,

Computer Club Dues:

We respectfully ask Members whose annual memberships fall due to pay as usual.

The Club is still providing services to Members, like Zoom meetings, and technical advice through e-mail and other means.

Thank you all.

Payment details:

General — $45
Senior / Pensioner — $40
Under 21 — $25

Cheque subscription payments are no longer accepted, but you may deposit cash at any NAB branch.

Bank Transfer: To "Sydney PC User Group Incorporated", BSB/Account: 082-080 579584892.

IMPORTANT: Please identify your payment with your name when making a bank transfer.

For new memberships, you can print out the Membership Form for joining at a future face-to-face Club Main meeting.

— The Club Committee.

Meeting This Week:

Penrith Group - Saturday, 4 Jul - 2:00 pm - 5:00 pm

We have cancelled this meeting until further notice.

Meetings Next Week:

Friday Forum - Friday, 10 Jul - 9:30 am (10:00 am meeting start) - noon

We have cancelled this meeting until further notice.

Communications - Friday, 10 Jul - 1:00 pm - 3:00 pm

We have cancelled this meeting until further notice.

Current & Upcoming Meetings:
— ALL IN-PERSON MEETINGS CANCELLED UNTIL FURTHER NOTICE —

45 2020/07/04 — 14:00-17:00 — 04 Jul, Saturday — Penrith Group
46 2020/07/10 — 09:30-12:30 — 10 Jul, Friday — Friday Forum
47 2020/07/10 — 12:30-15:30 — 10 Jul, Friday — Communications
48 2020/07/14 — 17:30-20:30 — 14 Jul, Tuesday — Programming SIG
49 2020/07/18 — 13:30-16:30 — 18 Jul, Saturday — Web Design
50 2020/07/21 — 09:30-12:30 — 21 Jul, Tuesday — Tuesday Forum
51 2020/07/24 — 09:30-12:30 — 24 Jul, Friday — Digital Photography [ Discontinued ]
52 2020/07/28 — 17:30-20:30 — 28 Jul, Tuesday — Main Meeting

ASCCA News:


Tech News:

“The US claims Assange tried to recruit LulzSec head to steal data”:

See the iTWire article by Sam Varghese Friday, 26 June 2020 11:47.

A federal grand jury in the United States has issued a second indictment against WikiLeaks founder Julian Assange, charging him with recruiting hackers to commit computer intrusions to benefit the whistle-blower website.

The Justice Department said, on Thursday, the new indictment did not add any new counts but broadened the scope of the conspiracy surrounding the intrusions with which they had charged Assange earlier.

The indictment claimed in 2010, Assange had gained unauthorised access to a government computer in a NATO country. It added that in 2012, Assange communicated with Hector "Sabu" Monsegur, the leader of the hacking group LulzSec — who was then cooperating with the FBI — and gave him a list of targets to hack.

It said in the case of one target, Assange asked Monsegur to look for (and provide to WikiLeaks) mail and documents, databases and PDFs.

In another communication, Assange told Monsegur that the most impactful release of hacked materials would be from the CIA, NSA, or the New York Times, the indictment alleged.

"WikiLeaks obtained and published emails from a data breach committed against an American intelligence consulting company by an 'Anonymous' and LulzSec-affiliated hacker. According to that hacker, Assange indirectly asked him to spam that victim company again," it said.

"Also, the broadened hacking conspiracy continues to allege that Assange conspired with Army intelligence analyst Chelsea Manning to crack a password hash to a classified US Department of Defence computer."

Assange is being held in the Belmarsh high-security prison in the UK awaiting a trial to determine if the UK will extradite him to the US to face these and previously filed charges.

Reader comment:

Bob Harvey • Friday 26 June 2020.

The USA is acting like a little child.
They are making up new allegations whenever it suits them.
This case is so old that it could apply for the age pension.
Surely the USA should have had all their allegations included in their extradition warrant and not be adding things a year after first issuing the request.
I am doubting that the USA has a real case and the UK should be giving them shor shift [ short shrift — Ed. ] on this abominable behaviour.

Read more »

“Republicans follow in Australia's encryption law footsteps”:

See the iTWire article by Sam Varghese Thursday, 25 June 2020 10:55.

Three politicians from the US Republican Party have introduced a bill in the Senate that would make it mandatory for technology companies to help break encryption if it would aid law enforcement in enforcing a warrant.

Named the Lawful Access to Encrypted Data Act, the bill was introduced by Lindsey Graham, chairman of the Senate judiciary committee, Tom Cotton and Marsha Blackburn.

In effect, the bill seeks the same outcome as the encryption law passed by Australia in 2018. There are three ways listed in this law by which the authorities can get industry to aid in gaining access to encrypted material. A technical assistance request (TAR) allows for voluntary help by a company; in this case, its staff would get civil immunity from prosecution.

An interception agency can issue a technical assistance notice (TAN) to make a communications provider offer assistance.

Finally, a technical capability notice (TCN) can be issued by the attorney-general at the request of an interception agency; the communications minister of the day would also need to agree. This notice will force a company to help law enforcement by building functionality.

The American bill does not clearly say that technology firms should create backdoors as the attorney-general is not allowed to tell companies how they should go about complying with lawful access orders.

Additionally, companies that receive orders to break encryption can go to court to have the orders changed or dumped.

Graham said in a statement: "Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to co-ordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and dangerous criminal activity where vital information could not be accessed, even after a court order was issued.

"Unfortunately, tech companies have refused to honour these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorisations, they should be able to retrieve information to assist in their investigations.

"Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks."

US attorney-general William Barr said in a statement the passage of a law that allowed warrant access to encrypted data would provide additional safety and security for the people.

"While strong encryption provides enormous benefits to society and is undoubtedly necessary for the security and privacy of Americans. End-to-end encryption technology is being abused by child predators, terrorists, drug traffickers, and even hackers to perpetrate their crimes and avoid detection," he said.

Read more »

“Windows 10 Start Menu Gets New Look”:

See the Infopackets article by John Lister on 24 June 2020 at 01:06 pm EDT.

Microsoft has unveiled Windows 10's new look Start menu. The changes are mostly cosmetic but could make it a little easier to use.

There's no official word yet on when the changes will take effect. Normally such a revamp would be noticed through the Microsoft Inside testing program, but in this case, Microsoft has currently only shared images of the new look on its Facebook page. (Source: betanews.com)

Colour Clashes Under Control

The main changes are to make the Start menu fit in better with the rest of the desktop. For example, the list of recently used apps (which appear on the very left of the menu) will no longer have coloured backgrounds. Icons in this list appear directly next to the text of the app name rather than being blocked off.

The controversial Live Tiles, which display updated information from dedicated Windows 10 apps, are getting a similar overhaul. Those apps which are being used will now have a solid colour that works with the user's overall choice of a light or dark theme for Windows.

Meanwhile, those apps which are no longer active will switch to a translucent background rather than a solid block. The idea here is to draw the eye to the tiles that the user will want to see rather than the disabled tiles distracting them. (Source: techradar.com)

Live Tiles May Not Live Long

While that's a step forward, it seems odd that Microsoft isn't at least removing unused titles [ tiles? — Ed. ]. Insiders have previously reported that Microsoft plans to drop Live tiles altogether either later this year or early next year, so it's odd to make a cosmetic change at this point.

The problem is that while the new look appears to be an aesthetic improvement with a much cleaner and less jarring design, it seems many users dislike the Start menu from a functional perspective.

People either believe that the "classic" Windows Start menu worked better or are not seeing any reason to change something familiar which people use. A market has emerged for a variety of third-party tools that aim to restore the traditional look and function of the Start menu.

Read more »

“Researchers outline flaws in COVIDSafe app, urge users to upgrade”:

See the iTWire article by Sam Varghese Friday, 19 June 2020 20:03.

Several researchers have detailed four significant vulnerabilities in the Australian Government's COVIDSafe application for the iPhone and Android systems and advised users to upgrade at once.

The main patches issued were to fix:

  • A bug in the way COVIDSafe reads Bluetooth messages on iPhones meant that the new, longer, encrypted messages were sometimes garbled and thus some iPhone-to-iPhone contacts would not be recorded. However, the same phones could connect again in a different way that did record correctly.
  • A patch for CVE-2020-14292, a vulnerability allowed for long-term tracking of Android devices.
  • COVIDSafe on iPhones can now download a new TempID when the phone is locked.
  • The app implemented encryption in a manner that did not prevent interference between multiple threads. This implementation sometimes crashed the app and could lead to garbled encryptions or leaked information.

The researchers who detailed these bugs on GitHub were Chris Culnane of State of IT, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Vanessa Teague of Thinking Cybersecurity, and Alwen Tiu of the Australian National University.

The advisory pointed out that the Bluetooth messages sent by COVIDSafe v2 were much longer than those of the previous version and a bug that was already present garbled some transactions between iPhones. John Evershed of Project Computing found this flaw.

A second flaw tracked as CVE-2020-12856, affected the Android versions of COVIDSafe from v1.0.17 and earlier. This flaw allowed an attacker to bond silently with an Android phone running a vulnerable version of the app.

A third flaw, similar to CVE-2020-12856, affected versions of the COVIDSafe app from 1.0.21 and earlier. This flaw allowed an attacker to obtain the Bluetooth identity address and also to perform silent bonding in some cases.

The fourth problem was that locked iPhones could not receive new TempIDs for COVIDSafe, a flaw found by Richard Nelson, and was fixed in COVIDSafe versions 1.0.6 onwards.

Finally, the researchers wrote that they had found a critical concurrency flaw in encryption code version 1.0.18 used in COVIDSafe; the app shared a single Cipher instance across different threads without being synchronised. This affected Android versions 1.0.18 to 1.0.27.

This bug was notified to the Digital Transformation Agency and the Australian Signals Directorate earlier this month.

The researchers thanked the DTA and ASD for fixing the encryption issue.

"[We'd] encourage the DTA to address the Bluetooth tracking problem and the iPhone logging failure urgently," they wrote. "We'd also like to thank the large and active community of Australian techies who have examined, discussed, and tried to correct the code."

Read more »


Fun Facts:

“A finite power tower”:

Last week's puzzler:

Can you solve for ζ in this equation: ζζζ2017 = 2017?

Hint: First solve for ξ in the equation: ξ2017 = 2017. [ Can this, too, be the value of ζ? ]

If stuck, see the YouTube video by BlackPenRedPen.

Solution:

First solve for ξ in the equation: ξ2017 = 2017. The value of ξ is 20172017, i.e. the 2017th root of 2017.

Substitute this value in the top occurrence of ζ in the original equation, i.e. ζζ(20172017)2017 = 2017 or ζζ2017 = 2017.

One more time: ζ(20172017)2017 = 2017 or ζ2017 = 2017.

This value agrees with ζ being 20172017, i.e. the 2017th root of 2017.

By the way, this means that the power tower could be any (finite) height and still be correct.

Amazing — Ed.

“How can you draw a Perpendicular with a straight-edge only?”:

We are given a circle with a diameter drawn and a point inside the circle. Draw a perpendicular from the point to the diameter using a straight-edge only.

Let the diameter be the line E1 - E2 and the inside point be A.


Can you draw a perpendicular with a straight-edge only

Hint:

Draw E1 - A to B on the circumference.

Draw E2 - A to C also on the circumference.

Then extend E1 - C and E2 - B so that they meet at point D.

Finally, prove that line D - A - F is the required perpendicular.

— Ed.


Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Changing your e-mail address? Please e-mail your new address to — newsletter.sydneypc@gmail.com
DISCLAIMER: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk as to the accuracy and subsequent use of its contents.