Notices by GeniusMusing (geniusmusing@nu.federati.net), page 42
-
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 20-Dec-2021 13:12:00 EST 
GeniusMusing
Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels TechCrunch
https://techcrunch.com/2021/12/17/security-flaws-wifi-gateway-hundreds-hotel/
>A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk.
>...
VPN anybody? -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 20-Dec-2021 09:48:45 EST
GeniusMusing
$EMPLOYER: Why is it so noisy where you are? -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 20-Dec-2021 08:09:16 EST
GeniusMusing
Widely-Used Kronos Payroll Provider Down for "Weeks" Due to Ransomware Attack; Was Log4Shell Involved CPO Magazine
https://nu.federati.net/url/284043
>A major payroll provider used by thousands of businesses in the United States, including government agencies, is reporting that it expects to be down for “weeks” due to a devastating ransomware attack.
>
>Kronos, known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline on Monday. This element is central to its UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services used to track employee hours and process paychecks. The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures. Kronos did not give a timetable for recovery but said that it expects it to be at least several days, if not weeks, before the services are fully online again.
>
>Though it has not been confirmed, there is speculation that the notorious Log4Shell vulnerability was involved given that the Kronos cloud services are known to be built on Java to a great degree.
>... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 18-Dec-2021 11:09:08 EST
GeniusMusing
I would have to say that these days that even if you "bought" the hardware, you don't really "own" it due to the "agreements" you "agree" to just to be able to get beyond the "agreement" and try to use it.
About the only exception to this issue that I can think of is if you build something yourself like a computer/Pi/etc. I am not sure about things like Pine Phone/other Linux phone(s) could meet this not because of the hardware but that it connects to a cell provider for use.
It does look like you can get Firefox on ios, if the version being run is over 13.
https://support.mozilla.org/en-US/kb/install-firefox-your-ipad-iphone-or-ipod -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 17-Dec-2021 12:53:16 EST
GeniusMusing
PinePhone Malware Surprises Users, Raises Questions Hackaday
https://hackaday.com/2021/12/16/pinephone-malware-surprises-users-raises-questions/
>On December 5th, someone by the IRC nickname of [ubuntu] joined the Pine64 Discord’s #pinephone channel through an IRC bridge. In the spirit of December gift-giving traditions, they have presented their fellow PinePhone users with an offering – a “Snake” game. What [ubuntu] supposedly designed had the potential to become a stock, out-of-the-box-installed application with a small but dedicated community of fans, modders and speedrunners.
>
>Unfortunately, that would not be the alternate universe we live in, and all was not well with the package being shared along with a cheerful “hei gaiz I make snake gaem here is link www2-pinephnoe-games-com-tz replace dash with dot kthxbai” announcement. Shockingly, it was a trojan! Beneath layers of Base64 and Bashfuscator we’d encounter shell code that could be in the “example usage” section of a modern-day thesaurus entry for the word “yeet“.
>
>The malicious part of the code is not sophisticated – apart from obfuscation, the most complex thing about it is that it’s Bash, a language with unreadability baked in. Due to the root privileges given when installing the package, the find-based modern-day equivalent of rm -rf /* has no trouble doing its dirty work of wiping the filesystem clean, running a shred on every file beforehand if available to thwart data recovery. As for the “wipe the cellular modem’s firmware” bonus part, it exploits the CVE-2021-31698. All of that would happen on next Wednesday at 20:00, with scheduling done by a systemd-backed cronjob.
>...
Not really surprising this happened. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 16-Dec-2021 19:25:17 EST
GeniusMusing
@simsa04
You could also try
https://tweetdeck.twitter.com
It has a mastadon kind of layout. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 16-Dec-2021 10:49:58 EST
GeniusMusing
I talked to one of my former coworkers in IL this morning and they woke up to the smell of smoke in their house. It was from fires burning in KS and helped with high winds with gusts up to 70 mph over night.
Chicago posts record high for December 16 before cold air hit this morning – peak wind gusts top 70 mph overnight WGN-TV
https://nu.federati.net/url/283986 -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 15-Dec-2021 20:33:51 EST
GeniusMusing
@lnxw48a1
Probably not related at all.
There are only two things to know about bananas The Oatmeal
https://theoatmeal.com/comics/bananus
All Jonkman Microblog content and data are available under the