October 07

WEEKLY NEWSLETTER 09 - 14 OCTOBER, 2023

Hello and Welcome,

Meeting This Week

2023/10/10 — 18:00-20:00 — October, Tue — Programming

Meetings Next Week

2023/10/17 — 10:00-12:00 — October, Tue — Tuesday Group

2023/10/21 — 14:00-16:00 — October, Sat — Web Design

Schedule of Current & Upcoming Meetings

First Tuesday  18:00-20:00 — Main Meeting

First Saturday 13:00-14:00 — Penrith Group

Second Tuesday 18:00-20:00 — Programming

Third Tuesday  10:00-12:00 — Tuesday Group

Third Saturday 14:00-16:00 — Web Design

----------

Go to the official Sydney PC Calendar for this month's meeting details.

----------

Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The following meeting is in November 2023.

ASCCA News:Tech News:

Millions of Exim mail servers exposed to zero-day RCE attacks

See the BleepingComputer article by Sergiu Gatlan | September 29, 2023, at 4:11 pm.

A critical zero-day vulnerability in all Exim mail transfer agent (MTA) software versions can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.

Found by an anonymous security researcher and disclosed through Trend Micro's Zero Day Initiative (ZDI), the security bug (CVE-2023-42115) is due to an Out-of-bounds Write weakness found in the SMTP service.

While this type of issue can lead to software crashes or data corruption following successful exploitation, attackers can also abuse it for code or command execution on vulnerable servers.

"The specific flaw exists within the SMTP service, which listens on TCP port 25 by default," a ZDI security advisory published on Wednesday explains.

"The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account."

While ZDI reported the vulnerability to the Exim team in June 2022 and resent info on the flaw at the vendor's request in May 2023, the developers still need to provide an update on their patch progress.

As a result, ZDI published an advisory on September 27, with details on the CVE-2023-42115 zero-day and a complete timeline of all exchanges with the Exim team.

Millions of servers exposed to attacks

MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

The National Security Agency (NSA) said three years ago, in May 2020, that the notorious Russian military hacking group Sandworm has been exploiting the critical CVE-2019-10149 (The Return of the WIZard) Exim flaw since at least August 2019.

Exim is also the default MTA on Debian Linux distros and the world's most popular MTA software, according to a mail server survey from early September 2023.

According to the survey, Exim is installed on more than 56% of the 602,000 mail servers reachable on the Internet, representing just over 342,000 Exim servers.

Just over 3.5 million Exim servers are currently exposed online per a Shodan search, most in the United States, followed by Russia and Germany.

United States 1,907,776

Russian Federation 187,883

Germany 159,414

Netherlands 158,357

Canada 117,830

France 110,175

United Kingdom 95,039

Singapore 93,894

Australia 54,216

Romania 53,842

While a patch is not yet available to secure vulnerable Exim servers against potential attacks, ZDI advised admins to restrict remote access from the Internet to thwart incoming exploitation attempts.

"Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application," ZDI warned.

Read More »

Chromebooks Get High-End Range

See the InfoPackets article by John Lister on October 3, 2023, at 1:10 pm EDT.

Google has added a new "Chromebook Plus" category for its higher-end machines. It's meant to make choices easier for buyers, though there's a risk it defeats one of the critical points of getting a Chromebook.

Chromebooks are laptops that run Google's own Chrome Operating System. The devices mainly use web-based applications such as Gmail and Google Docs, meaning a large amount of the processing work is carried out on remote servers rather than the computer itself.

While this limits the devices' usefulness without an Internet connection, they can work with lower-specification hardware, reducing costs. In some cases, the reduced workload also means longer battery life.

Full HD Display

Google wants to encourage manufacturers to produce higher-end Chromebooks with better specifications. It's launched a new "Chromebook Plus" label that can only be used to market devices that meet minimum specifications.

These include a 1080p (full HD) display and webcam, at least 8 GB of RAM, 128 GB of online storage and an Intel Core i3 or AMD Ryzen 7000 processor or better. (Source: theregister.com)

To support the new label, Google added software features available only on Chromebook Plus machines. These include automatic noise cancellation and background blurring for video calls and offline syncing files from Google Drive.

They'll also get the Magic Eraser feature that can remove unwanted material (such as people in the background) from Photos. That's currently restricted to Google's own high-end Pixel smartphones.

$399 Starting Point

The approach works as significant manufacturers, including Acer, ASUS, HP, and Lenovo, have all said they'll launch models designed explicitly for the Chromebook Plus category. The cheapest list price will be $399, though some models will be considerably more expensive. (Source: techradar.com)

The big question is whether customers want high-end Chromebooks. Those who chose them as a cheap option (particularly as a second or occasional-use computer) may feel the higher specs aren't worth the extra cash given how they use the machine.

However, they could appeal to people who'd previously been sceptical about using something other than a Windows laptop or Macbook, were pleasantly surprised, and might now consider a Chromebook as a primary computer.

What's Your Opinion?

Do you use a Chromebook? Is the Chromebook Plus label helpful in distinguishing different models? Would you be prepared to pay extra for a higher-spec Chromebook or stick to a Windows or Apple device at these price points?

Comments

Not for me — by Dennis Faas on Tue, 03/10/2023 — 13:17.

For that amount of money (and a bit more), I'd rather have a more capable machine with a minimum of 16 GB of RAM, sufficient NVMe storage (512 GB) and comes pre-installed with Windows. At least that way, you're not stuck with a low-end machine designed specifically around centralized processing. As it stands now, many Chromebooks have only 32 GB or 64 GB of soldered eMMC storage, which can't be upgraded and is slow, and about 4 GB of RAM. Nowadays, most phones are much more capable than that and run on a smaller form factor!

Read More »

Interesting Member-supplied Link

Hear the 39m YouTube video by Dr Patrick Moore on Climate Change.

A respected scientist, he was once head of Greenpeace Canada and now talks about Carbon Dioxide being essential to life on the Earth. It is NOT our enemy.

— Ed.

Fun Facts:

Scientists have extracted RNA from the extinct Tasmanian tiger. Could it be resurrected in the future?

See the ABC NEWS item Posted on Thu 28 Sep, 2023, at 7:03 am.

Tasmanian Tiger

It might sound like the plot of Jurassic Park, but scientists believe they can revive the extinct thylacine.

Swedish-Norwegian scientists have recovered RNA from a 130-year-old Tasmanian tiger specimen, marking the first time this molecule has been sequenced in an extinct animal.

The last known Tasmanian tiger, or thylacine, died in captivity in 1936 at the Beaumaris Zoo in Hobart, Tasmania.

With scientists committed to the de-extinction efforts of the carnivorous marsupial, one question remains.

Can the Tasmanian tiger be brought back to life, and when?

What is RNA?

More than just DNA's lesser-known cousin, ribonucleic acid (RNA) allows scientists to create a more complete picture of an animal's biology.

RNA is a genetic material in all living cells with structural similarities to DNA.

DNA is a double-stranded molecule that contains an organism's genetic code, carrying the genes that give rise to all living things.

RNA is a single-stranded molecule that carries genetic information it receives from the DNA, putting this information into practice.

Lead study author Emilio Mármol, a computational biologist at the Centre for Palaeogenetics and SciLifeLab in Sweden, said to understand an extinct species truly, you need to know what the genes are and what they do.

"RNA sequencing gives you a taste of the real biology and metabolism regulation that was happening in the cells and tissues of the Tasmanian tigers before they went extinct," Dr Mármol said.

How could scientists resurrect the Tasmanian tiger?

The research team recovered transcriptome* of the thylacine's skin and skeletal muscle tissues from a 130-year-old desiccated Tasmanian tiger specimen preserved at room temperature.

*Transcriptome — The set of all RNA transcripts, including coding and non-coding, in an individual or a population of cells. The term can also sometimes be used to refer to all RNAs, or just mRNA, depending on the particular experiment. Wikipedia

This led to the identification of RNA that codes for tissue-specific proteins, including titin and actin, which allow muscle fibres to stretch and contract.

Other sequences in the skin revealed information about keratin — a protein that helps form hair, nails, and the skin's outer layer.

So, can it be brought back?

Possibly.

"RNA has never been extracted and sequenced from an extinct species before," said Love Dalen, a Stockholm University professor of evolutionary genomics who co-led the study.

"The ability to recover RNA from extinct species constitutes a small step (toward) maybe being able to resurrect extinct species in the future."

Daniela Kalthoff, in charge of the mammal collection at the Museum of Natural History, said possibly resurrecting the Tasmanian tiger was an "exciting idea".

"This is a fantastic animal, and I would love to see it live again."

Have any other animals been brought back from extinction?

Currently, no.

However, Dr Mármol and his colleagues note that their findings hold significance for global initiatives aimed at resurrecting extinct species, such as the woolly mammoth, and for studying pandemic RNA viruses.

Why did the Tasmanian tiger go extinct in the first place?

Excessive hunting, habitat destruction, and introduced diseases led to the rapid extinction of the species, according to the National Museum of Australia.

The museum said the thylacine became "an easy scapegoat" in the early 1800s and was feared by the Tasmanian public.

As early as 1830, bounty systems for the thylacine had been established.

In 1888, the Tasmanian government introduced a bounty of £1 per full-grown animal and 10 shillings per juvenile animal destroyed.

The museum estimates that at least 3,500 thylacines were killed through human hunting between 1830 and the 1920s.

Read More »

Argentina's Bold Move: Abolishing Income Tax, A Risky Gamble

See the LinkedIn article by GALI SESHA SAI ROHITH REDDY | Student at The Institute of Chartered Accountants of India | Published Oct 1, 2023.

Argentine Presidential Candidate, Sergio Masa

In a surprising turn, Argentina has taken a bold step by abolishing income tax for a substantial portion of its workforce. While this move has sparked considerable debate and speculation, it raises crucial questions about the potential repercussions for the country's economy, its political motivations, and whether other nations, like India, should consider similar measures to address their unique challenges.

The Argentine Gamble

The decision to abolish income tax for around 1.3 million workers in the formal sector in Argentina is undoubtedly a political maneuver timed strategically just ahead of the presidential elections. The man behind this initiative is Sergio Masa, the Finance Minister and a presidential candidate. His goal is clear: to win the hearts of voters by putting more money in their pockets. However, the real question is whether this move is sustainable and if it will truly benefit the majority of Argentinians.

To put it in perspective, Argentina is one of many countries to explore the possibility of eliminating income tax. The United Arab Emirates, Monaco, and the Bahamas have done so successfully. However, these countries have alternative sources of revenue, like oil, yachts, casinos or tourism, which Argentina currently lacks.

The Economic Consequences

Argentina's decision to scrap income tax for most workers comes with a hefty price tag — a staggering $5.7 billion. The catch is that Argentina plans to finance this spending spree by printing more currency. This move will exacerbate the country's soaring inflation rate, a staggering 124 per cent.

The timing of such a decision could be better, as Argentina is renegotiating a bailout agreement with the International Monetary Fund (IMF). The IMF has expressed concerns about this policy, stating that it only adds to the country's challenges. Argentina's attempt to shore up support ahead of the election could end up derailing its efforts to secure crucial IMF funding, jeopardizing the nation's economic stability.

Lessons for India

While Argentina's situation is unique, it does raise some pertinent questions for other nations, including India. India's income tax system differs significantly from Argentina's, but the fundamental issue of a low tax base remains. Only a minuscule 1.6 per cent of India's population pays income tax, and the maximum tax rate is steep, exceeding 42 per cent.

The critical difference lies in the quality of public goods and services provided. In developed countries with high tax rates, citizens receive commensurate benefits in the form of superior infrastructure, healthcare, and education. In India, however, the tax burden is felt without a corresponding improvement in public services, leading to taxpayer discontent.

Moreover, the exodus of high-net-worth individuals from India, driven partly by the high tax rates, is a concerning trend. These individuals take their wealth and investments with them, potentially depriving the country of much-needed capital.

Conclusion

Argentina's experiment with abolishing income tax for a significant portion of its workforce is a high-stakes gamble driven by political motives. While it may win favour with voters in the short term, the long-term economic consequences are uncertain and potentially risky. As Argentina navigates this challenging path, other nations like India should take heed, considering their unique circumstances and exploring measures to address both the issues of low tax compliance and the need for better public services.

Ultimately, the key lies in balancing taxation, public service delivery, and economic growth, a challenge that every nation must address in its own way, guided by its specific circumstances and priorities.

Read More »

Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.