NewCollegeIT

WARNING! This image may trigger PINSecurity. From an analysis of 3.4m PIN code leaked from several data breaches https://informationisbeautiful.net/visualizations/most-common-pin-codes/

Whoops. Thousands of Windows-based computers were rendered inoperable today by an update to a piece of software called CrowdStrike. This is a Cybersecurity tool which works, as they all do, by installing an agent on each computer subscribed to the service, in order to monitor the internal operations of that computer.

Organisations who have subscribed to the CrowsStrilke service will see their subscribed computers crash as soon as the update is installed, and will require manual intervention in each one to rectify the problem. Automated tools for doing this only work if the computer starts up normally, and the CrowdStrike issue prevents this from happening. So, each broken desktop, laptop, and server will need personal attention to remove the problematic update!

The fact that it affects servers is why the issue has been so widespread, and apparently unconnected internet services are all off-line - their services run on Windows servers, either in their premises or running in Cloud-based data centers, that have the CrowdStrike agent installed on them. Cloud-based servers are easy to fix remotely, but there are likely to be dozens, if not hundreds running for each service. On-premise servers can be easy to fix, if the remote access tools are sufficiently useful, but ultimately may require someone to traipse in to a data center with a keyboard, monitor and mouse, and fix each each one by hand.

Currently, most University services are unaffected, except ironically a couple of cloud-based services that IT Services use to provide their Helpdesk service.

At the moment, I'm leaning towards this being more Cockup than Conspiracy, as to cause this amount of trouble so quickly requires a fat-fingered programmer who is permitted access to the update process. That CloudStrike were so quickly able to identify the problem tells me they know pretty accurately where the problem was introduced, and in which particular bit of code.

This does, however, bring in very uncomfortable questions about how such a calamitous piece of code got in to the product. There should have been multiple stages of review and testing to catch exactly this type of snafu, and these seem to have been ineffective. There's also the current industry Agile development fad to contend with ("Move fast and break things") which seems to prioritise a speedy release schedule over code quality.

There is the possibility that this was something nefarious, a supply-chain attack, where black hats infiltrate a product's programming process to introduce bad code to either attack the infiltrated product directly or (as we saw with Solar Winds a few years ago) products or systems built with the surreptitiously-compromised tools. But given the speed of the incident, and the response by the vendor I see this as less likely than a coding or process cockup.

The really disturbing thing is that even though it's less likely to have been a malware event, it has now given the producers of malware more ideas about how to create havoc on demand. The more I think about it the more I'm at risk of concussion from facepalming so hard. Pushing to Production on a Friday! FFS!

As usual, The Register has a good roundup of the issues here, https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/?td=rt-3b

And there's the obligatory hilarious Reddit thread here - https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/?share_id=igx-cOyqO-EV4VasDEn-Z&utm_name=androidcss

CrowdStrike code update bricking PCs around the world Falcon Sensor putting hosts into deathloop - but there's a workaround

Holy s**t this has to be the best piece on AI I've read in a loooong time.

I Will Fu***ng Piledrive You If You Mention AI Again — Ludicity I Will Fu***ng Piledrive You If You Mention AI Again Published on June 19, 2024 The recent innovations in the AI space, most notably those such as GPT-4, obviously have far-reaching implications for society, ranging from the utopian eliminating of drudgery, to the dystopian damage to the livelihood....

Excellent précis of one of the core pieces of internet machinery. And a bonus Evil Edna cameo.

You'll never guess the most popular internet country code Go to https://betterhelp.com/mapmen for 10% off your first month of therapy with BetterHelp and get matched with a therapist who will listen and help. ...

Today in Apple history: Apple Extended Keyboard II is Apple's best ever On November 15, 1990, Cupertino wins a patent for its iconic Apple Extended Keyboard II, arguably the best Apple keyboard in history.

Approved wholesome content.

Internet Vs Ocean: the essential wires we never think about Start a free trial of Shopify and create your own online store by clicking: https://www.shopify.co.uk/mapmenDid you know that the internet is held together b...

Great intro to Passkeys, hardware keys and 2FA.

All About Passkeys Share your videos with friends, family and the world

Useful, and applies to PC as much as Mac.

What's the difference between USB-C and Thunderbolt? | Cult of Mac With iPhone 15 models going with a USB-C connector -- and maybe Thunderbolt on at least one -- people need to know the difference.

Hello again, and welcome to the next in our occasional series of "There's Something about eduroam..."

On the 8th of March this year (2021), the certificates that encrypt your eduroam data, and verify that all the systems required to talk to each other actually re who they say they are, are going to expire. You need to change these certificates in each device you wish to connect to eduroam.

Fortunately this is "relatively straightforward", as much as anything on a global, multi-institution, multi-sytem network is straightforward. You just need to install a new copy of the CAT tool, *after* removing the old one. Instructions on how to do that follow below.

To use eduroam, your computer needs to talk to a lot of systems to confirm your account details, and to do this it needs a couple of certificates installed in the correct places so that it can encrypt the data it sends to them.

This is done by the aforementioned eduroam CAT tool. As part of this process, you will also need to know your eduroam username and password.

Your username takes the form of [email protected] - i.e. your University username with .AC.UK on the end. The CAPS are required - this is how systems know not to check their internal list of users, but to ask the system after the @ sign. It's what enables eduroam to span the globe with one username and password.

Although the username resembles your SSO and Email username, it's an entirely separate account and thus *it does not use the same password*. Instead, it uses your Remote Access password, because eduroam is in fact a form of remote access, even if you're inside a University building.

If you don't know your Remote Access password, you can change it here:
https://register.it.ox.ac.uk/self/remote_access...

You can get to this site from anywhere, you don't need to be inside the University.

Once you've confirmed what your Remote Access password is, get the new CAT tool from

https://cat.eduroam.org/

On this page, you'll be presented with a list of eduroam tools - you need the University of Oxford tool. Tools for other institutions won't work, as they talk to institutions where you don't have an account. If you're on an Oxford network, the correct tool should be fairly near the top of the list but if you're elsewhere, use the search box and type in Oxford to filter the results. There are tens of thousands of participating eduroam institutions, and scrolling through the list is a tedious process.

Once you've got the correct CAT tool, download it and run the installer. This process varies from device to device, but they all require the eduroam username - [email protected] - and your remote access password.

Be sure you enter the details carefully, because you may need to go through the whole process again to change them!

If you need further information, IT Services have posted an article which information about the change here:
https://www.it.ox.ac.uk/article/update-eduroam-settings

I missed it when it went out live, but there was a fascinating Panorama shown in March, wherein they managed to infiltrate a call centre full of scammers in Kolkata, India. It stems from the work of Jim Browning, whose YouTube Channel is well worth a follow and a browse, because he’s one of the most technically proficient and forensically thorough investigators of this kind of scam. You can find his videos here, with this one which is a great intro - https://youtu.be/1JDCbq9Uq5o

and the Panorama episode is available on iPlayer here: Panorama, Spying on the Scammers: www.bbc.co.uk/iplayer/episode/m000fzx2 via

Panorama - Spying on the Scammers Panorama goes inside a criminal call centre to reveal how scammers cheat their victims.

Following Government and College management advice, the IT Office will be closed from 15:00 today and we will be working from home. We will continue to be contactable as normal on the [email protected] email address and via our office phone numbers. By the power of Chorus, these are being redirected to our mobiles.

We are also available on Teams for chat, voice or video calls should you need.

Our page for college staff with resources to assist working from home is available on Sharepoint at
https://sharepoint.nexus.ox.ac.uk/sites/newcollege/remote/SitePages/Home.aspx
(requires SSO login).

LLAP.

Partial power failure at the Weston buildings has taken out the central network cabinet, disconnecting the entire site from the University network. Electricians en route to investigate.

For all those running Windows 7, please read this notice. Past the EOL date (Jan 14-2020) New College will be blocking Windows 7 from accessing the college network.

https://support.microsoft.com/en-gb/help/4057281/windows-7-support-will-end-on-january-14-2020

support.microsoft.com

There appear to be major issues with the University network at the moment. Multiple colleges and units are disconnected from the network, and the Chorus phone system has stopped functioning.

If we hear any news, I’ll post it here.

Hello again, and welcome to the next in our occasional series of "There's Something about eduroam..."

On the 8th of March this year (2021), the certificates that encrypt your eduroam data, and verify that all the systems required to talk to each other actually re who they say they are, are going to expire. You need to change these certificates in each device you wish to connect to eduroam.

Fortunately this is "relatively straightforward", as much as anything on a global, multi-institution, multi-sytem network is straightforward. You just need to install a new copy of the CAT tool, *after* removing the old one. Instructions on how to do that follow below.

To use eduroam, your computer needs to talk to a lot of systems to confirm your account details, and to do this it needs a couple of certificates installed in the correct places so that it can encrypt the data it sends to them.

This is done by the aforementioned eduroam CAT tool. As part of this process, you will also need to know your eduroam username and password.

Your username takes the form of [email protected] - i.e. your University username with .AC.UK on the end. The CAPS are required - this is how systems know not to check their internal list of users, but to ask the system after the @ sign. It's what enables eduroam to span the globe with one username and password.

Although the username resembles your SSO and Email username, it's an entirely separate account and thus *it does not use the same password*. Instead, it uses your Remote Access password, because eduroam is in fact a form of remote access, even if you're inside a University building.

If you don't know your Remote Access password, you can change it here:
https://register.it.ox.ac.uk/self/remote_access?action=pwreset

You can get to this site from anywhere, you don't need to be inside the University.

Once you've confirmed what your Remote Access password is, get the new CAT tool from

https://cat.eduroam.org/

On this page, you'll be presented with a list of eduroam tools - you need the University of Oxford tool. Tools for other institutions won't work, as they talk to institutions where you don't have an account. If you're on an Oxford network, the correct tool should be fairly near the top of the list but if you're elsewhere, use the search box and type in Oxford to filter the results. There are tens of thousands of participating eduroam institutions, and scrolling through the list is a tedious process.

Once you've got the correct CAT tool, download it and run the installer. This process varies from device to device, but they all require the eduroam username - [email protected] - and your remote access password.

Be sure you enter the details carefully, because you may need to go through the whole process again to change them!

If you need further information, IT Services have posted an article which has links to thier detailed instructions here:
https://it.web.ox.ac.uk/article/eduroam-news

IT Services are experiencing problems with the Chorus phone system, which seems to be affecting all University phones in one way or another. There also seems to be issues with other administrative systems in the same hosting system.

Check status.it.ox.ac.uk for more info.

A cautionary tale about choosing ease of use over security... https://www.theregister.co.uk/2019/07/09/zoom_mac_webcam_security_patch/

Anyone for unintended ChatRoulette? Zoom installs hidden Mac web server to allow auto-join video conferencing 'A legitimate solution to a poor user experience'

All finished with the networking changes. It's working!

Ok, so we're done with the major external/internal disruption, and the Wireless AP's can now see their controller again. On to realign the Annex network.

NewCollegeIT updated their business hours.

NewCollegeIT updated their phone number.

Progress!

Here we go with some major network reconfiguration. Hang on to your hats!

https://twitter.com/defsecnsattack/status/1133123286500564992

defsecnsattack on Twitter “Phishing Attack https://t.co/YTfQrrhv75”

You’re probably well aware that an actively-exploited flaw has been discovered in the popular Facebook-owned messaging app WhatsApp. All that is required to exploit WhatsApp is that a carefully crafted call be made to a target device, the user doesn’t even have to answer.

According to an article on The Register, “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.”

You can find the version number by tapping ‘Settings’ and then ‘Help’ within the app. The version number is shown on the help screen. User your mobile’s particular update methods to update the app.

https://www.theregister.co.uk/2019/05/14/whatsapp_zero_day/

It's 2019 and a WhatsApp call can hack a phone: Zero-day exploit infects mobes with spyware Rap for snoopware chaps in chat app voice yap trap flap – now everyone patch

Ex New College IT person Adam Spiers helping out the Put It To The People march.

Meet Ali, on the right - he volunteered his time and built an app that allows you to voice message your MP - this is the first of its kind app in the world. Use it at https://finalsay.app

Adam, on the left, helps run Tech For UK and built https://EUWorthit.uk - that shows how much each of us contribute to the EU.

People like Ali and Adam are changing how we interact with our elected representatives. Thank you, both 👏🏽

Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked)

A bug in Google chrome has been discovered that needs an update as soon as possible, as it's already being actively exploited in the wild. It affects all versions of Chrome on all platforms - Windows, Mac, Linux, ChromeOS, etc. So apply updates now!

theregister.co.uk Plus: Security sandbox escape vuln in 32-bit Windows 7 boxes exploited

https://twitter.com/ox_it/status/1080826116305084417

IT Services Oxford on Twitter “Are your devices secure? Protect yourself with our advice on mobile security. https://t.co/j7aWAzQzMF ”

Two USB sticks. Can you tell which is the USB storage, and which one presents itself to your computer as a keyboard, then begins typing commands the moment you plug it in?