The support for Windows XP with Service Pack 3 ends 8th April 2014. If you’re running Windows XP with Service Pack 3 (SP3) after support ends, to ensure that you will receive all important security updates for Windows, you need to upgrade to a later version, such as Windows 7 or 8.
Unlock any iPhone 5 running iOS 6.1
As if Apple weren’t embarrassed enough…
Some smart person has found a bug in iOS 6.1 which effectively renders the lock screen entirely useless. By doing a bit of this and a bit of that, applying for iPhone repair in San Diego maybe, whilst the phone is in a locked state, any person that knows the simple process can make use of the bug in iOS to unlock the iPhone 5 in a matter of seconds.
As IT Consultants, we’re not going to give you the process for doing it. We want to make users of the iPhone 5 aware of this serious security flaw so that you can be extra vigilant with your iPhone until Apple get around to releasing a fix for this mess.
By sliding to unlock, doing a few other things, then pushing the sleep/wake button, the phone will unlock as if you’ve entered the pin code (and no, you don’t enter the pin code!).
Apple are currently working on 6.1.3 which is in Beta just now, this should hopefully fix this gaping hole in their security.
(Edit: that’s Unlock as in unlock the phone using the 4 digit pin code, as opposed to unlocking it from the specific network operator).
ICO fines Nursing and Midwifery Council £150,000
The Information Commissioner’s Office has urged organisations to review their policies on how personal data is handled, after the Nursing and Midwifery Council was issued a £150,000 civil monetary penalty for breaching the Data Protection Act.
The council arranged for the DVDs, which contained confidential video files relating to alleged offences by a nurse as well information about two vulnerable children, to be couriered to a hearing in October 2011. Upon arrival it was found that the package didn’t contain the DVDs.
The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. An ICO investigation found the information was not encrypted. The DVDs are yet to be found.
David Smith, Deputy Commissioner and Director of Data Protection, said:
“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected.”
Further details about today’s case can be found on the ICO’s civil monetary penalty notice page.
How we did the Christmas Lights with a Raspberry Pi
Please remember this is a work in progress and we’ve just created this page on the fly!
The Raspberry Pi
The Raspberry Pi just runs one of the stock images available from the RaspberryPi.org site (Raspbian “wheezy”). On top, we’ve chucked Nginx and PHP. We’ve not given instructions on how to do the Nginx and PHP as a quick Google search shows enough information to allow you to do this 🙂 (You’ll notice that a lot of the content here simply says “Go Google”. Sorry about that!).
At this point you should make yourself aware of the GPIO pins on the Pi. Print out the schema so that you have it to reference: http://elinux.org/RPi_Low-level_peripherals
You can see the GPIO pins on the top left of the Pi
The Relay and the Remote
The relay board connects to the Pi using the pin outs. You’ll need to connect GND to a Ground pin on the Pi, and the VCC pin to the 5v pin on the Pi. From there, you have IN1, IN2, etc. which are just Relay 1, Relay 2 etc. respectively. Don’t change the jumper on the relay board, it should be set to VCC JD-VCC.
The Relay board is pictured below (click on it to see the full size image):
It was bought from Ebay via this link: http://www.ebay.co.uk/itm/New-5V-8-Channel-Relay-Module-Board-for-Arduino-PIC-AVR-MCU-DSP-ARM-Electronic-/170745298865?pt=UK_BOI_Electrical_Components_Supplies_ET&hash=item27c1367fb1
To make life easier (we originally ripped apart a floppy ribbon and it got verrrry messy and verrrry confusing for the brain!) you should probably buy these individual jumper wires below. The colour coded nature of them makes life easier when connecting between the Pi and the Relay board.
We bought ours from Hobby Tronics in the UK: http://www.hobbytronics.co.uk/ribbon-jumper-female-40?keyword=40JUMPERF
Last thing you’ll need is the remote control set we used. These are just plugs you connect to a wall socket and then pair with the remote control. For safety reasons we decided this was a better way to go about things rather than splicing mains cables into the relay board. It actually worked out even better as it meant we could position lights anywhere in the room without having to trail loads of wiring to the relay board.
Here’s a crude image of the box. We bought a cheap one from a local retail shop for £20. Fair word of warning here: We actually bought a different set to begin with, but the remote control PCB itself was horrible for soldering the wiring from the relays. Rather than buttons it had rubber electrodes that made the connection between the tracks on the PCB itself. This second set actually used proper switches, so it was easy to solder the connection into the appropriate hole in the PCB.
Each channel (there’s four channels to choose from) needs two relays to control. One sends the ON signal, and one sends the OFF signal.
So for example, here’s the PHP script for turning ON channel 1, which happens to be connected to GPIO4.
if( isset($_POST[‘action’]) )
{$a = $_POST[‘action’];
if($a==”on”) {
exec(‘echo “0” > /sys/class/gpio/gpio4/value’);
sleep(0.75);
exec(‘echo “1” > /sys/class/gpio/gpio4/value’);
}
The first three lines are just checking that we’ve got a POST request coming in. The second if statement is checking that we’re turning the device ON. And then we set the signal on the GPIO4 pin. We echo 0 (which for some reason sets the pin live… I don’t know why), we wait 0.75 seconds to give the remote control unit time to send the wireless signal, and then we switch the relay off by echoing 1 to the same GPIO pin. There! The device is on!
To switch it off, you do the exact same, but wire up another GPIO to another Relay Switch, and then from there to the Off button on the Remote 🙂
Video
The video is just an RTMP-enabled web cam (It’s an Axis M1011, get it here ). The stream is picked up by Wowza broadcast software on an Amazon EC2 box.
This is then played via the website using JWPlayer (http://www.longtailvideo.com/jw-player/). It really is that simple! By allowing an Amazon EC2 box to provide the stream, it lessens the load on the web server providing the main content.
Chat
Nothing exciting about the chat to be honest, it’s just a copy of PHPFreeChat (get this here: http://www.phpfreechat.net/) tweaked to look nice within the design of our page. We were prepared to look at alternative chat methods should the load become an issue. An IRC server could have been set up within 15 minutes to lessen the load of the chat script. But at the time of writing, this wasn’t necessary.
The Code (Raspberry Pi end)
For each GPIO output, you need to set it up. We Googled, we found this:
echo $pin > /sys/class/gpio/export
echo “out” > /sys/class/gpio/gpio$pin/direction
We then chmod the specific pin to 777 (so that php/nginx can happily go about changing values):
chmod 777 /sys/class/gpio/gpio$pin/value
It’s important to remember that $pin equates to one of the valid GREEN GPIO numbers from the schema. 4, 17, 22, etc. so re-write this as appropriate!
To make life easy, we added this to our /etc/rc.local file so that on boot, the Raspberry Pi would set up all the GPIO pins we were going to use:
echo “4” > /sys/class/gpio/export
echo “out” > /sys/class/gpio/gpio4/direction
chmod 777 /sys/class/gpio/gpio4/valueecho “17” > /sys/class/gpio/export
echo “out” > /sys/class/gpio/gpio17/direction
chmod 777 /sys/class/gpio/gpio17/valueetc. etc. etc. for all pins
Once you’ve got the relay hooked up, you can then go about testing the GPIO output:
echo “0” > /sys/class/gpio/gpio4/value
echo “1” > /sys/class/gpio/gpio4/value
If all is correct, you should see the LED on the Relay Board and hear the click of the Relay. It’s in your hands which way 0 or 1 goes with the relay (either on or off)!
The Code (The Queue System)
This is coming soon! It’s horribly horribly hacked together with two tables in a database. One is the Auth table (you get entered into this table when you log in with a username/Facebook) and a Queue table (this is populated when you click Join The Queue!). Lots of page refreshes later, the magic happens. More to follow!
Control our office Christmas Lights
It’s almost Christmas! This year we’ve taken our decorations to the extreme. We’ve given YOU the ability to log on to our website and take control over Christmas lights!
Jump onto http://christmas.considerit.com and join in the fun!
If it’s busy, you’ll need to wait in a queue for a little bit, but be patient, it’s a great laugh!
Let us know what you think by leaving a message on our Facebook page or sending us an email: [email protected]!
Have a really great Christmas!
The Consider IT Team
Skype: lol is this your new profile pic? Virus
There is currently a massive increase in complaints from Skype users in relation to viruses. The newest and the one that seems to be infecting a lot of users at the moment is one that sends a message to the users with the text:
lol is this your new profile pic?
The users are asked to then click a link and are taken to a downloadable .ZIP file which will infect your computer.
Skype advise that all users update their Skype application and make sure they have up to date anti virus running at all times. More importantly, we advise users to be cautious. When you see links from friends, always be careful and check that they are genuine.
URGENT Tax Rebate? – delete it immediately
Emails that claim to be “Urgent” are highly likely to contain malware as attachments a new report reveals. FireEye released a report (view it here) that details a list of top words used in phishing emails (those are emails that pertain to be from various legitimate sources with the intent of infecting the machine or conning the user to give out important information).
The attackers mainly use zip files to hide their malware, ultimately aimed at gaining access to valuable corporate and intellectual data. It appears very few corporate establishments block these kinds of executables, which FireEye’s research confirms.
The report also shows a decrease in the use of ZIP files from last year (2011), a decrease in the use of standalone EXE executables, but an increase in PDF files. Adobe Reader, FoxIT Reader and other widely available PDF readers come with the ability to enable a Safe Reading Mode, which in theory, should prevent malicious code within PDF files from executing. In Adobe, Edit -> Preferences -> JavaScript -> uncheck Enable Acrobat JavaScript checkbox to do this today.
Now, .ZIP files represent the vast majority, 76.91%, of advanced malicious files. The complexity of
these attachments, which can contain many distinct files and file types, coupled with a lack of
user awareness of the danger of these file extensions, has made them a highly effective means for
distributing malware and effectively exploiting systems.
PDFs also pose a significant threat. These file types are ubiquitous and familiar to just about every
computer user. Further, many users are unaware of the fact that malware can be distributed through
PDF files, and malware embedded in these file types is proving to be difficult for conventional defenses
to detect. For all these reasons, PDFs provide cybercriminals with a very effective means of attack.
http://www.fireeye.com/resources/pdfs/fireeye-top-spear-phishing-words.pdf
Malware installed at the factory on new PCs!
Hackers have managed to install malware on to brand new factory built and sealed PCs. This brings a whole new meaning to the old term “All Your PCs are belong to us!”
Microsoft is warning that cybercriminal gangs have managed to get the Nitol bug and other dangerous malware software installed to one in five laptops and PCs checked by their investigators. To avoid any confusion, it should be noted that reputable vendors such as Dell, HP etc. are not affected by this.
The malware installed could give the criminals control of the computers, allowing them to watch every tap of the keyboard to steal personal information including your name, address, details of any holidays and credit card information – whether it’s going down an encrypted channel or not.
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a criminal eyes and ears into a vicitm’s home or place of business,” reported Microsoft investigator Richard Dormingues Boscovich.
The Nitol bug has the potential for the most damage as it tries to link the PC to a botnet which criminals can use for hacking attacks, deliberately crashing servers or performing illegal activities under the IP Address of an unknowing user.
Microsoft discovered the bugs in laptop and desktop PCs purchased in cities around China. Four of the computers were infected with malware despite being new and factory sealed.
Investigations led them to a domain name which is alleged to have been involved in cybercrime since 2008. Microsoft have been granted permission to take over the domain name and close down the botnet.
“Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware,” said Mr Boscovich.
So if you’re planning a trip to China then be safe and purchase your computer back home before travelling, and even then give it a good anti virus scan!
Co-Founder of Pirate Bay Arrested
Local police in Cambodia have announced that one of the founders of the Pirate Bay, Gottfrid Svartholm Warg, has been arrested as a result of an international warrant issued against him last April by his homecountry Sweden.
The country reacted after Warg failed to turn up for the beginning of his 1 year jail sentence for multiple copyright violations.
“His arrest was made at the request of the Swedish government for a crime related to information technology,” Cambodia’s police spokesman Kirth Chantharith told the AFP news agency.
“We don’t have an extradition treaty with Sweden but we’ll look into our laws and see how we can handle this case,” the spokesman added.
Warg, Fredrik Neij, Peter Sunde, and their financier Carl Lundstroem were convicted by a Swedish court for encouraging copyright violations in 2009. Lundstroem, Sunde and Neij each had their 1 year jail sentences reduced following an appeal in 2010. The appeal allowed their sentences to be reduced to between four and ten months. In addition, they were also ordered to pay the music and movie companies almost £4m ($7m) in damages for their copyright violations.
Warg did not attend the appeal with his defence lawyer citing being too ill as his reason. The Swedish court decided to uphold his sentence.
Incidentally, no copyrighted material is actually hosted on the Pirate Bay’s website, it simply acts as a linking site to its users torrent servers where the users themselves store the data.
Police Website Hacked
A Hertfordshire police website has been hacked, leading to the publication of what appear to be login details and passwords for dozens of officers and part of the police force’s website has been taken down as a “precaution” while investigations continue. Hertfordshire Police said information stored on an externally hosted database had been published on the internet.
The information which includes phone numbers and IP addresses, relates to a number of officers in Safer Neighbourhood Teams.
The Police force said in a statement:
“Hertfordshire Constabulary is currently investigating following the publication on the internet of information stored on a database linked to the public Safer Neighbourhoods pages of the external Constabulary website.
“As a precaution these pages have been temporarily disabled whilst the circumstances as to how this information was obtained is investigated.
“There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised.
“Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already under way.”
