Първо пътуване с електронен билет в Пловдив

2024-09-09 Yovko Lambrev

Post Syndicated from Yovko Lambrev original https://yovko.net/e-tickets-plovdiv/

Първата четвърт на 21-ви век почти отминава, но… вече и в Пловдив става възможно човек да си купи електронен билет за градския транспорт и да го използва. Проверено и потвърдено! Е, засега само по един маршрут – автобус 25.

Приложението MPass е семпло, изглежда доста добре и е лесно за ползване, което е важно. След регистрацията си купих билет за еднократно пътуване срещу 1 лев, който платих с дебитна карта (Revolut) без никакви проблеми. Изненадата беше, че е валиден до края на денонощието (по-точно в рамките на работното време на градския транспорт), но в интерес на истината това е разписано зад бутон Детайли на всеки билет. Там пише също и че трябва да е купен поне минута, преди да се качим на автобуса и да се опитаме да го валидираме. Та не си купувайте билети oт днес за следващия ден – ще „изветреят“ преди да ги използвате.

На същото място пише, че валидирането на билета става като поставите смартфона си с QR-кода на билета на разстояние 10-15cm (около една педя) под валидатора. Това е полезно знание, защото QR-кода очевидно трябва да се сканира оптично, а на самия валидатор не личи къде му е сензора. Логично е да отдолу, но ако телефонът е поставен твърде близо, разчитането на QR-кода няма да се получи. Аз успях от втори опит, виждайки светлината на скенера върху дисплея на телефона си, която подсказа колко да го отдалеча и как да го поставя. Не бях прочел това предварително като купувах билета, а шофьорът, разбира се, не знаеше – само промърмори, че не разбирал от електронни неща. Всъщност не е и негова работа, но в първоначалния период на въвеждане на нова система е добре да има някоя табелка, стрелкичка, пиктограма… за всички ще е по-лесно. Но у нас продължава да е в сила методологията „Оправяй се!“.

След валидиране на устройството в автобуса, билетът се маркира с червена лентичка с надпис "За контрол".

И още една особеност. С един акаунт човек може да се логне на няколко устройства (вкл. в браузър) – аз си купих билета, докато бях в офиса на компютъра си, а не през мобилното приложение. Билетът обаче остава в браузъра/устройството, с което е купен, а аз възнамерявах да го ползвам от смартфона си (в автобуса). Няма драма, билетът може да се премести (макар и само веднъж!) – с допълнителна стъпка, която изисква човек да има достъп до електронната си поща, където да получи един код. Иначе и това е лесно и бързо.

С две думи, нещата засега изглеждат доста обещаващо. Остава всичко това да стане възможно и в останалите линии и автобуси от пловдивския градски транспорт. Да се появят и по-удобни варианти на билети. И разбира се, този град да се сдобие с обществен транспорт, на който да може да се разчита.

P. S. Възможно е и да не се ползва приложението, а да се плати директно с карта (през валидатора), но понеже не съм редовен ползвател на градския транспорт, а и автобус 25 не е сред тези, които ползвам обичайно… не съм тествал тази опция.

Първо пътуване с електронен билет в Пловдив

2024-09-09 Yovko Lambrev

Post Syndicated from Yovko Lambrev original https://yovko.net/e-tickets-plovdiv/

След валидиране на устройството в автобуса, билетът се маркира с червена лентичка с надпис "За контрол".

P. S. Възможно е и да не се ползва приложението, а да се плати директно с карта (през валидатора), но понеже не съм редовен ползвател на градския транспорт, а и автобус 25 не е сред тези, които ползвам обичайно… не съм тествал тази опция.

Multiple Vulnerabilities in Veeam Backup & Replication

2024-09-09 Rapid7

Post Syndicated from Rapid7 original https://blog.rapid7.com/2024/09/09/etr-multiple-vulnerabilities-in-veeam-backup-and-replication/

Multiple Vulnerabilities in Veeam Backup & Replication

On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution. Notably, upon initial disclosure, the Veeam advisory listed the CVSS score for CVE-2024-40711 as “high” rather than “critical” — as of Monday, September 9, however, the CVSS score is listed as 9.8, which confirms exploitation is fully unauthenticated.

Five other CVEs were also disclosed in Backup & Replication, including several that allow users who have been assigned low-privileged roles to alter multi-factor authentication (MFA) settings, achieve remote code execution as a service account, and extract sensitive data (e.g., credentials, passwords). Other vulnerabilities in the bulletin affect additional Veeam offerings — notably, there are also two critical vulnerabilities in Veeam Service Provider Console.

While CVE-2024-40711 has received attention from security media and community members, we are not aware of any known exploitation as of Monday, September 9, 2024. Veeam Backup & Replication has a large deployment footprint, however, and several previous vulnerabilities affecting the software have been exploited in the wild, including by ransomware groups. It is possible that one or more of these vulnerabilities may be used to facilitate extortion attacks. More than 20% of Rapid7 incident response cases in 2024 so far have involved Veeam being accessed or exploited in some manner, typically once an adversary has already established a foothold in the target environment.

Mitigation guidance

The following vulnerabilities affect Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds, per the vendor advisory:

CVE-2024-40711: Unauthenticated remote code execution (CVSS 9.8)
CVE-2024-40713: Allows a low-privileged user to alter MFA settings and bypass MFA (CVSS 8.8)
CVE-2024-40710: Covers multiple issues, per the advisory, including one that allows for remote code execution as the service account and enables extraction of saved credentials and passwords (CVSS 8.8)
CVE-2024-39718: Allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account (CVSS 8.1)
CVE-2024-40714: A vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations (CVSS 8.3)
CVE-2024-40712: A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (CVSS 7.8)

Veeam Backup & Replication customers should update to the latest version of the software (12.2 build 12.2.0.334) immediately, without waiting for a regular patch cycle to occur. Unsupported software versions were not tested but, per the vendor, should be considered vulnerable.

Other CVEs in Veeam’s September 4 security bulletin affect Veeam Agent for Linux, Veeam ONE, Veeam Service Provider Console, Veeam Backup for Nutanix AHV, and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.

Rapid7 customers

InsightVM and Nexpose customers will be able to assess their exposure to the Veeam Backup & Replication CVEs listed in this blog with vulnerability checks expected to be available in today’s (Monday, September 9) content release.

Adams: Linux’s bedtime routine

2024-09-09 corbet

Post Syndicated from corbet original https://lwn.net/Articles/989489/

Jacob Adams wanders into
the kernel’s hibernation code:

How does Linux move from an awake machine to a hibernating one? How
does it then manage to restore all state? These questions led me to
read way too much C in trying to figure out how this particular
hardware/software boundary is navigated.

Security updates for Monday

2024-09-09 jake

Post Syndicated from jake original https://lwn.net/Articles/989488/

Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).

Reolink CX810 vs CX410: Duel in the Dark – Color Night Vision Cameras

2024-09-09 digiblur DIY

Post Syndicated from digiblur DIY original https://www.youtube.com/watch?v=uiTJZGpy28I

Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks

2024-09-09 Rapid7

Post Syndicated from Rapid7 original https://blog.rapid7.com/2024/09/09/our-4-essential-strategy-takeaways-from-the-gartner-r-2024-report-how-to-prepare-for-ransomware-attacks/

Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks

As ransomware threats continue to evolve, security and risk management leaders must stay ahead by adopting comprehensive strategies to protect their organizations. The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad actors and offers practical solutions on how to fortify defenses.

Below, we highlight our four key strategy takeaways from the report to help your organization prepare for and respond to ransomware attacks.

Adapt to the rise of extortionware

Traditional ransomware tactics are shifting towards extortionware—where attackers steal data and demand payment for its destruction rather than encrypting it. This growing threat emphasizes the need for robust data protection strategies.

According to Gartner: “Extortionware (encryption-free, data theft attack) is a growing tactic being used by bad actors.”

This evolution in tactics, which includes the emergence of 21 new ransomware groups in the first half of 2024, as noted in Rapid7’s Ransomware Radar Report, underscores the need for organizations to continuously update their defenses to counter new threats.

Actionable Strategy: Regularly update your threat models and security measures to account for new and emerging ransomware groups. Invest in advanced threat intelligence to stay informed about the latest tactics used by these criminal enterprises.

Strengthen your defenses with advanced detection technologies

This is increasingly important as ransomware attacks are becoming more frequent and sophisticated. Rapid7’s research highlights a 23% increase in ransomware posts on leak sites during the first half of 2024, further emphasizing the growing threat landscape.

We believe Gartner reinforces the importance of detection, stating: “… identity threat detection and response (NDR) tools collect indicators of compromise (IOCs) and events that alert you to anomalous behaviors that could indicate that an attack ‘may’ be underway.”

In addition to these detection tools, Gartner advises that a defense strategy should include Endpoint Protection Platforms (EPPs), EDR, and mobile threat defense (MTD) solutions.

For organizations lacking the necessary in-house expertise or resources, Gartner recommends supplementing EDR with managed services: “If internal teams don’t have the necessary skill set or bandwidth, supplement EDR with managed services (see Market Guide for Managed Detection and Response Services).”

Actionable strategy: Implement and regularly update behavioral-anomaly-based detection technologies. Ensure that your security operations center (SOC) is equipped to respond swiftly to any detected threats.

Rapid7’s Managed Threat Complete, which integrates core MDR functionality with transparency into operations and technology, ensures comprehensive visibility across endpoints, networks, users, and cloud infrastructure. We believe this aligns with the Gartner recommendation to supplement EDR with managed services to enhance your organization’s security posture (see the Gartner Market Guide for Managed Detection and Response Services).

Pay attention to vulnerable targets

While large organizations are often targeted, mid-sized companies are increasingly vulnerable to ransomware attacks. Rapid7’s findings support this, showing that companies with $5 million in annual revenue are being attacked up to five times more often than larger enterprises. These organizations are particularly attractive to attackers due to their valuable data and often less mature security defenses.

Actionable strategy: Mid-sized organizations should prioritize investing in mature cybersecurity defenses, particularly in endpoint protection, identity management, and regular security training for employees.

You can view the Rapid7 Ransomware Radar Report here.

Pay attention to vulnerable targets

You can view the Rapid7 Ransomware Radar Report here.

Prepare with a comprehensive ransomware playbook

One of the key insights from the Gartner research is the critical importance of having a well-prepared incident response plan. Given the increasingly sophisticated nature of ransomware groups—many of which now operate like full-fledged businesses with their own marketplaces and support networks—a detailed and rehearsed ransomware playbook is essential for any organization.

Gartner states: “Develop an incident response plan with containment strategies that is augmented with a ransomware playbook.”

Actionable strategy: Develop and regularly update a ransomware playbook that includes clear roles, decision-making protocols, and communication plans. Conduct regular tabletop exercises to ensure your team is prepared to act swiftly and effectively.

Conclusion: fortify your defenses against ransomware

Ransomware is an ever-present threat that requires a proactive, multi-layered approach to defense. We feel the 2024 Gartner Report “How to Prepare for Ransomware Attacks” provides essential strategies for preparing, detecting, and responding to these attacks. By implementing these recommendations, we believe your organization can better protect itself against the evolving tactics of cybercriminals.

Download the full Gartner report to explore detailed insights and recommendations for strengthening your ransomware defenses.

Gartner, Inc. How to Prepare for Ransomware Attacks. Paul Furtado. 16 April 2024.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the

Canada’s Forgotten Hurricane 1775

2024-09-09 The History Guy: History Deserves to Be Remembered

Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=1fkbWWcas8Y

Australia Threatens to Force Companies to Break Encryption

2024-09-09 Bruce Schneier

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/09/australia-threatens-to-force-companies-to-break-encryption.html

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption.

The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include:

Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies. Companies are not legally obligated to comply with a TAR but law enforcement sends requests to solicit cooperation.
Technical Assistance Notices (TANs): TANS are compulsory notices (such as computer access warrants) that require companies to assist within their means with decrypting data or providing technical information that a law enforcement agency cannot access independently. Examples include certain source code, encryption, cryptography, and electronic hardware.
Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.

It’s that final one that’s the real problem. The Australian government can force tech companies to build backdoors into their systems.

This is law, but near as anyone can tell the government has never used that third provision.

Now, the director of the Australian Security Intelligence Organisation (ASIO)—that’s basically their FBI or MI5—is threatening to do just that:

ASIO head, Mike Burgess, says he may soon use powers to compel tech companies to cooperate with warrants and unlock encrypted chats to aid in national security investigations.

[…]

But Mr Burgess says lawful access is all about targeted action against individuals under investigation.

“I understand there are people who really need it in some countries, but in this country, we’re subject to the rule of law, and if you’re doing nothing wrong, you’ve got privacy because no one’s looking at it,” Mr Burgess said.

“If there are suspicions, or we’ve got proof that we can justify you’re doing something wrong and you must be investigated, then actually we want lawful access to that data.”

Mr Burgess says tech companies could design apps in a way that allows law enforcement and security agencies access when they request it without comprising the integrity of encryption.

“I don’t accept that actually lawful access is a back door or systemic weakness, because that, in my mind, will be a bad design. I believe you can these are clever people design things that are secure, that give secure, lawful access,” he said.

We in the encryption space call that last one “nerd harder.” It, and the rest of his remarks, are the same tired talking points we’ve heard again and again.

It’s going to be an awfully big mess if Australia actually tries to make Apple, or Facebook’s WhatsApp, for that matter, break its own encryption for its “targeted actions” that put every other user at risk.

S11 E22: School Lunch & J.D. Vance: 9/8/24: Last Week Tonight with John Oliver

2024-09-09 LastWeekTonight

Post Syndicated from LastWeekTonight original https://www.youtube.com/watch?v=3UCqtnr-pF8

Comic for 2024.09.09 – Zero

2024-09-09 Explosm.net

Post Syndicated from Explosm.net original https://explosm.net/comics/zero

New Cyanide and Happiness Comic

The Night Witches

2024-09-09 The History Guy: History Deserves to Be Remembered

Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=DoZODwDsWI4

Monocaster

2024-09-09 xkcd.com

Post Syndicated from xkcd.com original https://xkcd.com/2983/

My competitors say the tiny single tiny caster is unsafe, unstable, and offers no advantages over traditional designs, to which I say: wow, why are you guys so mean? I thought we were friends!

Kernel prepatch 6.11-rc7

2024-09-09 corbet

Post Syndicated from corbet original https://lwn.net/Articles/989426/

Linus has released 6.11-rc7 for testing.

And I wish I could say that things have calmed down, but I can’t
really say that. In fact, rc7 is slightly bigger than both rc6 and
rc5 were, both in number of commits, and in actual diff
size. That’s not really how it should work out.

That said, there’s nothing *scary* in here.

He is apparently “still waffling” about whether to release 6.11 next
weekend, which would cause the 6.12 merge window to land on top of the
Maintainers Summit, Linux Plumbers Conference, and Open Source Summit.