2021 Newsletter: 72/121 — PreviousNext — (Attach.)

Sydney Harbour

Hello and Welcome,

SMSA Closure: Greater Sydney Lockdown extended

Dear Hirers,

Following yesterday morning's press conference [ Wednesday, 28 July 2021 — Ed. ], we can confirm that the NSW Government has extended the Greater Sydney Lockdown for another four weeks.

As a result, 280 Pitt Street will remain closed until Monday, 30 August. All services and Venue Hire due to take place during this time will be cancelled.

If there has been any payment received for events booked in August, I will be in touch to arrange a refund. Would you please not hesitate to get in touch if you would like to reschedule your event.

SMSA staff will be working from home during this period. The SMSA main switch number will be diverted to a mobile, and I can answer any questions you might have via email or on 02 9262 7300.

We encourage everyone to regularly check the list of hotspot locations and alerts on the NSW Health website and follow their advice.

Again, we thank you for your patience and cooperation while we navigate the current lockdown. We look forward to welcoming you back to the SMSA under safer circumstances.

Kind Regards,


Kylie Campbell
Venue & Building Services Coordinator

Meeting This Week

Penrith Group - Saturday, 7 Aug - 2:00 pm - 5:00 pm at the Penrith City Library

The meeting starts typically with a Q&A session around the table to enable members to share problems, advice and computer tips.

The group will then discuss any other technology or computer topics of interest.

— Jeff Garland

Meetings Next Week

Programming - Tuesday, 10 Aug - 5:30 pm (6:00 pm meeting start) - 8:00 pm

Hi Team,

We will be running this meeting using Jitsi; details later by email.

See the Progsig Meeting Reports:


The next meeting is on Tuesday 10th August 2021, at 6 pm.


— Steve OBrien

Friday Forum - Friday, 13 Aug - 9:30 am (10:00 am meeting start) - noon

We'll have the usual Q&A and other discussions. [ Meeting cancelled — See SMSA message above. ]

— Tim Kelly

Schedule of Current & Upcoming Meetings ‡

56 2021/06/05 — 14:00-17:00 — 07 Aug, Sat — Penrith Group, Penrith City Library
57 2021/08/10 — 17:30-20:30 — 10 Aug, Tue — Programming via Jitsi
58 2021/08/13 — 10:00-12:30 — 13 Aug, Fri — Friday Forum, L1 Carmichael Room Cancelled
60 2021/08/17 — 09:30-12:30 — 17 Aug, Tue — Tuesday Group, L1 Woolley Room Cancelled
61 2021/08/21 — 13:30-16:30 — 21 Aug, Sat — Web Design via Zoom
62 2021/08/24 — 17:30-20:30 — 24 Aug, Tue — MAIN Meeting via Zoom
63 2021/08/27 — 09:30-12:30 — 27 Aug, Fri — Digital Photography via Zoom

‡ As decided after assessing the Members' wishes (resumption of face-to-face meetings) via the latest Online Survey.

Tech News:

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

See TheHackerNews article by Ravie Lakshmanan July 26, 2021.

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain.

The issue, dubbed "PetitPotam" [ Little Hippo — Ed. ], was discovered by security researcher Gilles Lionel, who shared technical details and proof-of-concept (PoC) code last week. He noted that the flaw works by forcing "Windows hosts to authenticate to other machines via the MS-EFSRPC EfsRpcOpenFileRaw function."

MS-EFSRPC is Microsoft's Encrypting File System Remote Protocol that's used to perform "maintenance and management operations on encrypted data that is stored remotely and accessed over a network."

Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information. The attack works by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication.

By forcing the targeted computer to initiate an authentication procedure and share its hashed passwords via NTLM, the PetitPotam attack can be chained to an exploit targeting Windows Active Directory Certificate Services (AD CS) to seize control of the entire domain.

"An attacker can target a Domain Controller to send its credentials by using the MS-EFSRPC protocol. Then relaying the DC NTLM credentials to the Active Directory Certificate Services AD CS Web Enrollment pages to enrol a DC certificate," TRUESEC's Hasain Alshakarti said. "This will effectively give the attacker an authentication certificate that can be used to access domain services as a DC and compromise the entire domain.

Attack on Windows Domain

Read More »

Samsung's journey to the future of gaming monitors is quite the Odyssey — the Odyssey Neo G9

See the iTWire article by Alex Zaharov-Reutt | Tuesday, 27 July 2021 3:19 pm.

Ok, so anyone that has seen curved screens will find Samsung's new Odysseys Neo G9 anything but odd, and when it comes to the best of the best, even the $2,999 price isn't an oddity, even when that price could buy you a PS5, Xbox Series X, gaming PC and still have the odd bit of change to spare.

Samsung Electronics, which bills itself as "the gaming monitor market leader," has announced the global launch of its next-generation curved gaming monitor, the Odyssey Neo G9 enhanced by Quantum Mini LED technology.

We're reminded the Odyssey Neo G9 joins the Odyssey lineup, taking gaming to the next level with Quantum Matrix technology, supported by Quantum Mini LED display and Quantum HDR 2000 for an immersive gaming experience.

Samsung says with the previous launch of the Odyssey G9 in 2020, the company has "pushed the boundaries in terms of seamlessly smooth and brilliant picture quality. Now with Quantum Mini-LED display delivering refined detail no matter the game, the Odyssey Neo G9 is catapulting the gaming monitor category forward."

"With Quantum Matrix Technology combined with the super-fast response and refresh rates, Odyssey Neo G9 delivers an unrivalled dynamic picture and pro-level performance for all gamers."

The Odyssey G9 Monitor

Read More »

Russian Ransomware Group Suffers Big Blow

See the Infopackets article by John Lister on July 28 2021, at 12:07 pm EDT.

A ransomware gang said to have Russian links appears to have been knocked offline. The REvil group recently demanded a $70 million ransom after a major attack.

The group was linked to two recent attacks, the first on an international meat processing company. JBS, estimated to process 20 per cent of the beef and pork sold in the US, had to shut down production while dealing with the breach.

An even more severe attack targeted Kaseya, a company that offers computing services to businesses and powers many managed service providers that run IT for their own clients. The attackers found a way to access remote monitoring tools without logging in, then distributed malware disguised as a software update.

$70 Million Demand

Although only several dozen of Kaseya's customers were directly hit, the knock-on effects on their clients mean as many as 1,500 businesses may have been compromised and left unable to access critical data and systems.

Rather than extorting the individual businesses, the attackers reportedly demanded $70 million from Kaseya to undo the damage, hoping its customers would pressure it into paying up.

The attacks appear to have been the work of REvil, a group with an exceptionally creative "business model." Rather than pick its own targets, it operates a "ransomware for hire" service where clients tell it who to infect and then give it a proportion of any money that victims pay. (Source: theguardian.com)

Putin May Have Turned On Scammers

The group is strongly linked to Russia and was raised in several recent conversations between Joe Biden and Vladimir Putin.

Rather than hiding online, REvil has a presence — including a blog — promoting its services and a site for making payments. Both of these are now unavailable. (Source: bbc.co.uk)

Government officials aren't saying anything publicly, but security analysts speculate that US or Russian cybersecurity staff have done something to make the sites unreachable. The latter would mean a change in tactics from Russia's political leadership, which, even if it wasn't actively backing ransomware attacks on other countries, hasn't necessarily seemed that upset by the disruption.

Read More »

Fun Facts:

Translating Web Pages with Google Chrome or Vivaldi

Both of these browsers let you quickly translate Web pages into English.

Just click the "Translate" icon at the right-hand end inside the URL address bar:

Browser Translate Icons

I recently needed to translate a Japanese page displaying downloadable software packages from https://www.vector.co.jp. The translation produced impeccable English, indistinguishable from human translation.

If you are a Japanese speaker, please compare these two pages offering a PDF program that lets you edit text and images:

PDF XChange Editor

PDF XChange Editor

Quite impressive — Ed.

Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk as to the accuracy and subsequent use of its contents.