September 23

WEEKLY NEWSLETTER 25 - 30 SEPTEMBER, 2023

Hello and Welcome,

Meetings This Week

NO MEETINGS

Meeting Next Week

2023/10/03 — 18:00-20:00 — October, Tue — Main Meeting

Schedule of Current & Upcoming Meetings

First Tuesday  18:00-20:00 — Main Meeting

First Saturday 13:00-14:00 — Penrith Group

Second Tuesday 18:00-20:00 — Programming

Third Tuesday  10:00-12:00 — Tuesday Group

Third Saturday 14:00-16:00 — Web Design

----------

Go to the official Sydney PC Calendar for this month's meeting details.

----------

Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The following meeting is in November 2023.

ASCCA News:Tech News:

Google Fined $93M for Deceptive Location Tracking

See the InfoPackets article by John Lister on September 21, 2023, at 12:09 pm EDT.

Google will pay $93 million following claims it misled people about location tracking. The company allegedly deceived users about their ability to opt out of tracking. The payment will settle a case brought by California's Attorney General. The terms of the settlement do not require Google to make any admission of wrongdoing or illegal activity.

The case was based on two main allegations. The first is how Google "collected, stored and used a person's location data." The claim is that Google continued doing this for people who have turned off a setting labelled "Location History."

It's worth noting that the complaint also suggests Google misled many users into switching the setting on in the first place by not disclosing they were consenting to data being collected constantly rather than just when actively using the Map tool.

Users Misled

The specific claim of wrongdoing is not about the collection and use of the data itself, but instead that Google falsely told people it would not collect the data if the settings were switched off. The complaint says that counts as deceptive behaviour, which breaches California law.

This issue comes down to semantics, with Google continuing to gather location data when the setting was switched off, but through different methods. (Source: cnn.com)

The second allegation is that the collection and use of the data meant Google has also "deceived users about their ability to opt out of advertisements targeted to their location."

Policy Changes Demanded

As well as paying the fine, Google has agreed to make a series of changes to its data handling. This agreement is legally binding.

The changes don't involve whether or how Google uses data. Instead, they are mainly about giving more straightforward information to users about what location data Google collects, what they use it for, and what practical differences any switches to user settings will make.

Google will also need to conduct an internal review and get documented approval before making any significant changes to the information it gives users about location settings and advertising personalisation. (Source: ca.gov)

What's Your Opinion?

Do you remember switching "Location Settings" on or off if you use Google maps? Do you know what location data your phone collects and who accesses it? Should there be stricter laws on location data collection, or should users switch to a different device or app if they don't like how a company behaves?

Comments

Not so easy to move on

Permalink Submitted by Unrecognised on Thu, 21/09/2023 — 20:58

That there's nothing in the legal mandate about how the data's to be used, or any choice given to consumers around the gathering of the location data, means 93 million bucks changing hands isn't changing anything for me other than that I'll possibly be less oblivious in future to the fact of my exploitation. It's unacceptable to me that I can't turn off location data harvesting. So, I'd love to give Google a big middle finger and discontinue using their services.

Unfortunately, we've collectively handed Google our short and curlies on silver platters, and now they're behaving as predicted. Water flows downhill under gravitational force. Money flows uphill under the influence of greed, and everything and everybody is exploited to that end. They control half the world's mobile operating systems and software, weighted toward the essentials, tied in intimately with daily life. The more indispensable their software gets and the more we integrate it into hardware, infrastructure and architecture, the closer they've been edging toward mandatory doxing*.

'More open and connected' is their mantra. Dead right, but NOT IN A GOOD WAY. We're being vivisected — like pinned frogs.

*Doxing (sometimes written as Doxxing) is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information — Ed.

Read More »

Microsoft exposed 38TB of private data on GitHub: Wiz researchers

See the iTWire article by Sam Varghese | Tuesday, 19 September 2023, at 10:48 am.

Microsoft Data Breach

AI researchers at Microsoft accidentally exposed 38TB of private data while sending live a bucket containing open-source training data, the cloud security company Wiz.io claims.

In a blog post on Monday, Wiz researchers Hillai Ben-Sasson and Ronny Greenberg said a disk backup was among the data exposed, including secrets, private keys, passwords, and more than 30,000 internal Microsoft Teams messages.

Wiz, a company set up by former Microsoft engineers, recently did a deep dive into an Azure cloud breach suffered by Microsoft and revealed several problematic issues at the core of the intrusion.

The Monday post was about an incident that occurred on 22 June. Wiz said Microsoft had shut down the bucket two days later.

Explaining what had happened, Ben-Sasson and Greenberg said the files were shared using an Azure feature called SAS tokens, which allow a user to transfer data from storage accounts.

"The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files," the two Wiz researchers noted.

"This case is an example of the new risks organisations face when leveraging AI's power more broadly, as more of their engineers now work with massive amounts of training data.

"As data scientists and engineers race to bring new AI solutions to production, the massive amounts of data they handle require additional security checks and safeguards."

Ben-Sasson and Greenberg said they had encountered the accidentally exposed data while scanning for misconfigured storage containers.

"In this process, we found a GitHub repository under the Microsoft organisation named robust-models-transfer," they wrote. "The repository belongs to Microsoft's AI research division, and its purpose is to provide open-source code and AI models for image recognition."

Instructions for downloading data from the repository were provided as shown below:

Running transfer learning experiments

The entry point of our code is main.py (see the file for a full description of arguments).

1-Download one of the pre-trained robust ImageNet models say an L2-robust ResNet-18 with ε = 3. For a complete list

of models, see the section below!

mkdir pretrained-models &

wget -0 pretrained-models/resnet-18-l2-eps3.ckpt "https://robustnessws4285631339.blob.core.window.r.....

However, due to the misconfiguration, the URL provided access to the entire storage account, not just the open-source models.

"Our scan shows that this account contained 38TB of additional data – including Microsoft employees' personal computer back-ups," the Wiz pair wrote.

"The back-ups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees."

Apart from the wrong permissions, the token allowed an attacker to delete or overwrite existing files.

A user can customise the access level of an SAS token, and using such tokens is a security risk since information can be shared with external unidentified IDs, Ben-Sasson and Greenberg said.

They pointed out that SAS tokens had expiry problems with no upper limit. In this case, the Microsoft token was set to expire in 2051.

They provided advice to security practitioners so that such issues could be avoided.

Read More »

Chromebook Support Extended to 10 Years

See the InfoPackets article by John Lister on September 19, 2023, at 12:09 pm EDT.

Google has committed to keeping Chromebooks updated for ten years. It's an increase of two years, though a critical catch remains.

The change applies to all devices running Chrome OS, which also includes the Chromebox (a small box that comes without a keyboard or screen), Chromebase (an all-in-one PC with a monitor) and Chromebit (a computer on a stick that plugs into an HDMI port).

Security Guarantee For Longer

Previously, such devices were only supported for eight years. After this time, they stopped getting performance, feature and security updates, making them somewhat risky. That annoyed some users who owned devices that were still physically working.

The increase to 10 years affects any device, though those released before 2021 may only get some new features for part of the period. That leaves some room for Google to develop new features in a few years without ensuring they work on the oldest machines. All devices will get security fixes for the entire ten years.

Check Model Details

The support window does come with a significant loophole, however. The ten-year period does not start when somebody buys a Chrome OS device. Instead, it starts from when that particular model was first released. Users can check the support date for their device on Google's website. (Source: google.com)

The period during which Google offers updates has increased several times. Initially, it was just three years, later increased to six, and then eight years.

Because so much of a Chrome OS device's activity occurs online, the hardware requirements are relatively limited and haven't dramatically increased. That means Google can now be more confident that a machine released now will still be able to cope with Chrome for many years to come.

According to Google, part of its commitment to update Windows involves testing an all-new version of Chrome OS on every supported Chromebook model. (Source: 9to5google.com)

What's Your Opinion?

Do you use a Chromebook or similar device? Were you aware of how long it will receive updates? How long would you expect to be able to use a new computer that you bought today?

Read More »

Interesting Member-supplied Link

https://www.­howtogeek.­com/the-10-most-influ­ential-­cpus-of-­all-time

This may be of interest to you all, historically speaking.

[ How-To Geek asks you to disable any AdBlock software running in your Browser. — Ed. ]

— Jeff Garland

Fun Facts:

What's the Best Linux Resource for a Retired Windows User?

See the SourceForge article Posted by EditorDavid on Sunday, September 17, 2023, @07:34 am from the learning-Linux dept.

Slashdot reader Leading Edge Boomer wants to help "a retired friend whose personal computing has always been with Windows."

But recently, they were gifted a laptop running "some version of Linux..."

They may not even be aware that different distributions exist for other purposes. However, they seem open to learning about this different world. What recommendations might Slashdot readers have to bring them up to speed as a competent Linux user? I don't want to hold their hand; they're smart enough to learn independently.

"Mint is the answer," argues long-time Slashdot reader denisbergeron. "First, make them use Mint because it's easy, there is a lot of documentation, and the community is solid."

But long-time Slashdot reader spaceman375 thinks they can solve the problem with just three letters. "Show them the man* command. When they feel confident or break it pretty hard, I'd agree — install Mint and go from there. But start with man."

Is that it? Is it as simple as that? Share your thoughts and opinions in the comments and your learning tools for beginners.

What's the best Linux resource for a retired Windows user?

*man is the Linux command-line command for manual — Ed.

Read More »

SMSA: The Times they are A-Changin'

New Electronic Meeting Display

If you've been to the SMSA Club Building lately, you'll have noticed the all-new large-screen Electronic Meeting Display in the Foyer.

This replaces the previous paper menus that used to be shown on the various floors and near the lift exits and entrances.

All the more modern and convenient.

Now, they can display all the meetings on the 1st and 3rd Floors and those held in the Main Auditorium.

Unfortunately, you only have ten seconds to read and check each screen of information.

Room Set-Up Times

At the bottom of the meeting announcement, we see, in small type, the information that "The Doors and Lifts will be open FIFTEEN MINUTES" before the beginning of each meeting.

Whatever happened to the previous thirty minutes we had for Set-up time and time to re-arrange the room furniture back to how it was?

Arriving too early?

Waiting in The Foyer

Forget that. You'll have to stand and wait in the Foyer like the rest of the members.

— Ed.

Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.