2021 Newsletter: 98/115 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 18 - 23 OCTOBER 2021

Hello and Welcome,

October Face-to-Face Meetings Cancelled

We have cancelled face to face meetings at SMSA until the end of October 2021.

We will review this decision near the end of October with the possibility of resuming face to face meetings for November 2021.

— Ron Ferguson,
President

Meeting TODAY

Web Design - Saturday, 16 Oct - 1:30 pm (2:00 pm meeting start) - 4:00 pm

We will be running this meeting using Zoom.

Go to https://­us02web.zoom.us/­j/­81341016630, Meeting ID: 813 4101 6630 and Passcode: Webdesign.

— Steve South

Meetings This Week

Tuesday Group - Tuesday, 19 Oct - 9:30 am (10:00 am meeting start) - noon

We'll have the usual Q&A and other discussions. [ Meeting Cancelled until further notice — Ed. ]

Digital Photography - Friday, 22 Oct - 9:30 am (10:00 am meeting start) - noon

We will be running this meeting using Zoom.

Go to https://­us02web.zoom.us/­j/­83573529283, Meeting ID: 835 7352 9283 and Passcode: 598740.

— John Lucke

Meeting Next Week

Main Meeting - Tuesday, 26 Oct - 5:30 pm (6:00 pm meeting start) - 8:00 pm

This will be a Zoom meeting; details later via email.

— Alex

Schedule of Current & Upcoming Meetings ‡

72 2021/10/02 — 14:00-17:00 — 02 Oct, Sat — Penrith Group, Penrith City Library Suspended
73 2021/10/08 — 10:00-12:30 — 08 Oct, Fri — Friday Forum, L1 Carmichael Room Cancelled
75 2021/10/12 — 17:30-20:30 — 12 Oct, Tue — Programming via Jitsi
76 2021/10/16 — 13:30-16:30 — 16 Oct, Sat — Web Design via Zoom
77 2021/10/19 — 09:30-12:30 — 19 Oct, Tue — Tuesday Group, L1 Woolley Room Cancelled
78 2021/10/22 — 09:30-12:30 — 22 Oct, Fri — Digital Photography via Zoom
79 2021/10/26 — 17:30-20:30 — 26 Oct, Tue — MAIN Meeting via Zoom

‡ As decided after assessing the Members' wishes (resumption of face-to-face meetings) via the latest Online Survey.


New Date Set for Our 2020/21 AGM

Regarding the continued lockdown due to COVID and in discussion with our group's committee, it has been decided to defer our AGM until Tuesday, 23 November 2021.

— Ron Ferguson,
President

SMSA Reopening & Venue Hire plans

In line with the Service NSW Reopening NSW Roadmap, detailing the post lockdown plans after the state reaches double vaccination rates of 70%, I am delighted to announce that the SMSA will be reopening its doors on Monday 11 October from 9:00 am.

Venue Hire can recommence for fully vaccinated people providing we adhere to strict operational terms and conditions as outlined on the Service NSW website.

On reopening, there will be some physical distancing and safety regulations that must be observed at all times when visiting the SMSA.

Masks are mandatory inside all SMSA venues until further notice. All guests must register via the QR codes displayed in the GF Lobby and around Level 1. Hand sanitiser is available on all floors as well.

The 4m2 (four square metres) per person rule has been reinstated, which impacts room capacities.

The Henry Carmichael Theatre will be temporarily restricted to 50 attendees in total.

Single meeting rooms will be restricted to 7 guests and a Double Meeting Room 14 guests in total.

Please note, as stated on the website, "Only fully vaccinated people and those with medical exemptions will have access to the freedoms allowed under the Reopening NSW roadmap".

Over the next week, I will determine how to appropriately and confidentially collect this information. Any groups who have upcoming confirmed bookings will be contacted directly. Please do not hesitate to get in touch if you have any queries about your events.

Changes to these restrictions are currently scheduled for 1 December, depending on vaccination rates. I will send an email to all hirers closer to that date detailing those changes.

2022 Bookings - Open! Are you planning your future events? The SMSA will reopen from 5th January and are happily taking your bookings for the new year. Click here to complete a venue hire enquiry form or give the SMSA a call on (02) 9262 7300 to discuss your options.

We thank you for your patience during this lockdown and look forward to welcoming you back to onsite events at the SMSA.

Kind regards,
Kylie

Kylie Campbell
Venue & Building Services Coordinator

SMSA (Sydney Mechanics' School of Arts)
280 Pitt Street, Sydney NSW 2000
02 9262 7300 | smsa.org.au


ASCCA News:
Tech News:

Govt stance on China not reflected in cloud hosting as AWS gets tick of approval

See the iTWire article by Sam Varghese | Monday 11 October 2021 at 10:32 am.

Despite all the brouhaha over the alleged threat posed by China, the Federal Government does not seem overly concerned when it comes to cloud hosting of its sensitive data. Else, how does one account for the fact that the Digital Transformation Agency has given Amazon Web Services, a company that has links to a Chinese-owned data centre, the green light for hosting government data?

Full marks to InnovationAus for highlighting this fact in its report on the Strategic Hosting Provider certification award under the Federal Government's Hosting Certification Framework. iTWire's report is here.

AWS did not disclose its level of compliance or any undertakings it has given to be among the first to obtain the certification — despite being the only one of four companies to send out a media statement about the certificate. No mention was made of its hosting data at GlobalSwitch, a data centre whose parent company is Aldersgate Investments, now controlled by a Chinese company.

iTWire sent an email to the PR company that issued AWS' media statement, asking: "Just like to check whether there were any areas of non-compliance on which the DTA offered advice to AWS." No reply has been received.

Among the others, Vault Cloud sent a statement to iTWire, with the chief executive, Rupert Taylor-Price, being fully open about the two areas in which it had yet to achieve full compliance. Taylor-Price also spoke to iTWire on the phone to clarify any doubts at our end.

Neither AUCloud nor Sliced Tech, both of which were contacted by phone, responded to iTWire's efforts to make contact. However, officials at the latter firm may have been preoccupied with the process of being acquired by Deloitte, as the takeover was completed the same day.

Last year, when AWS was given the contract to host the government's COVIDSafe app, a similar question — using a data centre wholly owned by a Chinese company — was raised, with Labor MP Ed Husic bringing up the issue on ABC News' afternoon briefing.

Aldersgate owns two data centres in Ultimo, where it stores classified Australian Government material, including sensitive Defence and intelligence files. Both these data centres have secure gateways certified by the ASD and can be used for secure access by government offices.

But the ASD is no longer in the picture when it comes to certification, having bowed out in March 2020. The DTA and the Australian Cyber Security Agency are now the two bodies involved in accreditation.

The issues with Global Switch go back to 2016 when Aldersgate sold a 49% stake to the Chinese firm, Elegant Jubilee.

Investors in Aldersgate are said to have been brought together by Li Qiang, who owns Daily Tech, a leading data centre company in China. The principal investor was the Jiangsu Sha Steel Group, China's largest private steel enterprise. Elegant Jubilee gained full ownership of Global Switch in August 2019.

Relations between Australia and China are at an all-time low, with the ignition point being when Foreign Minister Marise Payne said last year on national TV that Canberra was seeking a probe by the World Health Organisation to find out how the coronavirus outbreak began.

In response, Beijing has cut off Australia's exports in several sectors and hinted that the flow of students and tourists from the Middle Kingdom could be at risk.

In the US, the AWS cloud service offered to the government is air-gapped, has top-notch encryption, controlled metadata, and only on-shore security-cleared personnel can operate the facility.

But in Australia, government agencies are offered the same commercial cloud service that AWS offers to every entity on the face of the earth.

Read More »

Microsoft report details nation-state attacks, forgets that NSA exists

See the iTWire article by Sam Varghese | Friday 08 October 2021 09:42 am.

ANALYSIS — A detailed security report from Microsoft somewhat predictably claims that 58% of state-sponsored network attacks in 2020-21 came from Russia.

But the 134-page Digital Defence Report — which can be downloaded here — makes no mention of any malware generated by America's NSA. This organisation has the most significant budget by far of any intelligence organisation.

Microsoft report heading:

"Microsoft Digital Defense

Report

Knowledge is powerful. This report encompasses learnings from security experts, practitioners,

and defenders at Microsoft to empower people everywhere to defend against cyberthreats."


Microsoft Defense Report

[This report will only cover some of the data on state-sponsored attacks.]

Given that Microsoft has access to Windows telemetry data — and the operating system is used on more desktops than any other — it would have been a valuable statistic for the company to include at least some mention of NSA-sponsored malware in a report this long. But given that the company is an active participant in US defence projects, perhaps that would not have sat well with Biden & Co.

On the plus side, there are a few mentions of Windows being the access point or staging ground for attacks. This is a perspective that the entire security industry is wary of canvassing as Microsoft is the source of an enormous amount of business.

Among the most targeted countries, the US was top with 46% of the attacks directed its way. But apart from Ukraine (19% of episodes) and Moldova (2%), there was hardly any mention of countries apart from those in Europe and the Middle East. Japan was the only Asian country that figured (3%).

The report claimed that the SolarWinds attacks, attributed to a Russian source, raised the percentage of attacks in Ukraine.

"We also noted targeting increases consistent with increasing geopolitical tensions between nations," it said. "Russia-based NOBELIUM [Microsoft's name for the alleged attackers behind the SolarWinds attacks] raised the number of Ukrainian customers impacted from six last fiscal year to more than 1,200 this year by heavily targeting Ukrainian government interests involved in rallying support against a build-up of Russian troops along Ukraine's border."

"This year marked a near quadrupling in the targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries."

Unsurprisingly, the countries named in a "sample of nation-state actors and their activities" include all four countries that the US has on its blacklist for network attacks: Russia, China, Iran and North Korea. There is one outlier: Vietnam.

[Unfortunately, the chart for this is too large to reproduce at the size iTWire uses images.]

Later in the report, Turkey was also listed for its attempts to target telecommunications companies in the Middle East and the Balkans.

The report said one noticeable change in state-sponsored attacks was targeting IT service providers "to more successfully exploit victims downstream who receive services from those IT providers."

"The most glaring examples of the use of this kind of strategy from last year are the Russian SolarWinds attacks and the Chinese exploitation of a vulnerability in on-premises Microsoft Exchange servers."

Read More »


Fun Facts:

Pastebin — What is it, and is it useful?

See the Pastebin website at "pastebin.com" for more information.

It is an interesting site primarily for storing text files, such as programs, scripts, HTML, PHP and other files to share with users.

There is a free-to-use mode where the paste-sizes are limited to 500 KB and a pro-mode where sizes up to 10 MB are allowed.

Some users use it for storing log files showing details of various calculations; probably a better place to store this data than on the actual results-hosting site.

Here are the FAQ topics covering user questions:

  1. What is the purpose of Pastebin.com?
  2. What is your Acceptable Use Policy?
  3. How can I contact Pastebin?
  4. What is MY PASTEBIN?
  5. How do folders work?
  6. How many pastes can I create?
  7. How does your Spam Filter work?
  8. Is there an API?
  9. Who can see my pastes?
10. How does your hits counter work?
11. How can I get content removed?
12. What is the maximum paste size?
13. For which languages do you offer syntax highlighting?
14. Can I advertise my product/brand on Pastebin?
15. Can I change my username?
16. How do I downgrade my PRO account?
17. I got blocked! Can I scrape your website?
18. Do my pastes stay online forever?
19. Can I post links & images?
20. How do I delete my account?

1. What is the purpose of Pastebin.com?

Pastebin is a website where you can store any text online for easy sharing. The website is mainly used by programmers to store source code or configuration information, but anyone can paste any text. The idea behind the site is to make it more convenient for people to share large amounts of text online.

2. What is your Acceptable Use Policy?

The site was created to help programmers. You are, however, welcome to post any text to Pastebin. Please do not post email lists, password lists or personal information. The "report abuse" feature can flag such pastes, and they will be deleted. Do not aggressively spider the site. If you do want to scrape our website, use our scraping API.

Do NOT post:

email lists
login details
stolen source code
hacked data
copyrighted information / data
password lists
banking / credit card / financial information / data
personal information / data
pornographic information / data
spam links (this includes promoting your own site)

If you do not comply with our Acceptable Use Policy, we might ban your account and the IP address from the website. More information can be found in our Terms of Service.

3. How can I contact Pastebin?

...

So, if you have any text or data that you think should outlive your current website, please check it out.

— Ed.


Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk as to the accuracy and subsequent use of its contents.