Trinidad and Tobago Computer Society

Author: ttcsadmin

The Heartbleed Bug – if you run web servers that use https and OpenSSL, you need to update now
Heartbleed logo by http://www.codenomicon.com/

A group of researchers have discovered a 2 year old flaw in the OpenSSL library used by web servers to encrypt communications between users and the server. These are the websites that you would use “https” instead of “http” and include websites that offer cloud services (such as email) that require user to login to banking and e-commerce websites.

Dubbed the Heartbleed bug because the flaw is in a particular part of the OpenSSL code called heartbeat. As the Heartbleed website (http://heartbleed.com/) says:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Website operators that use OpenSSL need to update their servers and reissue their security certificates (if case, they were already stolen due to the Heartland bug).

End users should limit their visits to websites that use of SSL (hard I know), change their passwords after being advised by websites to do so and in the near future, consider changing all of your online passwords.

Various links to learn more:
- ReadWrite article
  
  http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security/
- http://heartbleed.com/ – site by the researchers that discovered the flaw
- https://lastpass.com/heartbleed/ – site to test websites if they are vulnerable.
- http://filippo.io/Heartbleed/ – another site to test websites if they are vulnerable
8 April 2014
No more security updates, tech support for Windows

Today’s Patch Tuesday will be the last Windows Update for Windows XP. Microsoft is dropping support for Windows XP, meaning no technical support and no more security updates . Also, Microsoft is also discontinuing its anti-virus tool Microsoft Security Essentials for Windows XP.

Microsoft’s End of Support Page for Windows XP:
http://windows.microsoft.com/en-us/windows/end-support-help which offers suggestions on migrating to Windows 8.1

Ars Technica looks on this milestone and the challenges for Windows XP users:
The XPocalypse is upon us: Windows XP support has ended | Ars Technica.

8 April 2014
Microsoft making Windows free on devices with screens under nine inches | The Verge

Microsoft making Windows free on devices with screens under nine inches | The Verge.

2 April 2014
Microsoft is bringing the Start Menu back | The Verge

From The Verge :

“Millions asked for it, and Microsoft is providing it: the old Start Menu is coming back. Kind of. At its Build conference today, Microsoft announced a new Start Menu that looks like a hybrid of the best of Windows 7 and Windows 8. It’s around the same size as the Windows 7 menu, but also features miniature Live Tiles along one side.”

Read rest of the post on The Verge :

Microsoft is bringing the Start Menu back | The Verge.

2 April 2014
Windows 8.1 Adds a Few Mouse & Keyboard Improvements, Coming April 8th
From Lifehacker :

“Microsoft recently showcased a small update to Windows 8.1, which adds a few improvements to using the mouse and keyboard. The update is beginning to roll out today. Here’s what you’ll find :
- Windows 8 will now automatically boot to the desktop instead of the Start screen on new PCs.
- You can make the taskbar visible on the Start screen and tiled apps, making it easy to switch between desktop and Modern apps using the Taskbar—just like you would on the desktop
- The Start screen now contains a power button for easier shutdown (thank God), a search button, and a tile that takes you right to Settings
- Start screen tiles are now easier to select, move around, and resize using the mouse”
Read the full post

Windows 8.1 Adds a Few Mouse & Keyboard Improvements, Coming April 8th.
2 April 2014
How Gmail Happened: The Inside Story of Its Launch 10 Years Ago Today | TIME.com

Good article by Time on the launch of Gmail by Google 10 years ago on April 1, 2004.

How Gmail Happened: The Inside Story of Its Launch 10 Years Ago Today | TIME.com.

1 April 2014
The Cybercrime Bill 2014
The Cybercrime Bill was introduced in the Senate by the Minister of National Security Gary Griffith on March 21 2014. The Bill seeks “to provide for the creation of offences related to cybercrime and related matters” and if passed would repeal the Computer Misuse Act 2000

The offences related to cybercrime and related matters includes
- illegal access to a computer system
- Illegally remaining in a computer system
- Illegal interception of subscriber or traffic data
- Illegal data interference
- Illegal acquisition of data
- possession and distribution of devices that is designed or adapted for the purpose of committing an offence under this Act or disclosure of password or access codes
- Unauthorised receiving or granting of access to computer data
- forgery of computer data and distribution of forged data
- Computer-related fraud
- Identity-related offences
- child pornography
- using computers to set up a meeting with a child for the purpose of abusing the child.
- the offence of violating a person’s privacy by capturing and sharing pictures or videos of a person’s private area without his consent.
- relaying of multiple email messages with the intent to deceive as to the origin of the message
- the offence of harassment through the use of electronic means with the intent to cause emotional distress.
- criminalising the act of sending multiple electronic mail messages that are unsolicited and which causes harm to a person or damage to a computer.
The Bill lapsed with the end of the Parliament session on July 30 2014.
- Cybercrime Bill 2014
- Trinidad & Tobago Parliament website on the Cybercrime Bill 2014 which has the Hansard of the Parliament deliberations.
30 March 2014
TTCS lime on Wednesday March 19 2014 from 7-9:30pm
The Trinidad and Tobago Computer Society (TTCS) will be having its next lime on Wednesday March 19 2014 at Joe’s Pizza, St. Augustine from 7:00 pm to 9:30 pm.

Come join us as we discuss various topics, including:
- the upcoming cybercrime bill
- the new TTCS executive for 2013
Anyone interested in computing and ICT is welcome to attend.
A contribution of $50 is expected towards the food bill.

Address:
Joe’s Pizza
#5-6 Emerald Plaza
Eastern Main Road, St Augustine

Detailed Directions:
Heading East on the Eastern Main Road after UWI, just before St. John’s Road (the road with Scotia Bank), look for Emerald Plaza on your right. Take the second entrance on your right.
17 March 2014
ICANN Board Chair, Steve Crocker reacts to US Government plan to relinquish key Internet stewardship

14 March 2014
Administrator of Domain Name System Launches Global Multistakeholder Accountability Process | ICANN

Text of ICANN announcement : Administrator of Domain Name System Launches Global Multistakeholder Accountability Process | ICANN.

(Update 14/3/2014 8:57pm) ICANN Board Chair, Steve Crocker reacts to US Government plan to relinquish key Internet stewardship

ICANN has launched a process to transistion the role of the US Government relating to the Internet’s unique ICANN’s announcement comes on the heels of an historic announcement today by the U.S. Government stating that it is ready to transfer its stewardship of the important Internet technical functions to the global Internet community. The U.S. Government’s current responsibilities to be transitioned include the procedural role of administering changes to the Domain Name System’s (DNS) to the authoritative root zone file – the database containing the lists of names and addresses of all top-level domains – as well as serving as the historic steward of the unique identifiers registries for Domain names, IP addresses, and protocol parameters.

In doing so, the U.S. recognized ICANN’s maturation in becoming an effective multistakeholder organization and requested that ICANN convene the global community to develop the transition process from of the U.S. stewardship to a global community consensus-driven mechanism.

“We are inviting governments, the private sector, civil society, and other Internet organizations from the whole world to join us in developing this transition process,” said Fadi Chehadé, ICANN’s President and CEO. “All stakeholders deserve a voice in the management and governance of this global resource as equal partners.”

Independent of the U.S. transition, the roles of the Internet technical organizations, including ICANN’s role as administrator of the Internet’s unique identifier system, remain unchanged. The Internet’s Unique Identifier functions are not apparent to most Internet users, but they play a critical role in maintaining a single, global, unified and interoperable Internet.

“Even though ICANN will continue to perform these vital technical functions, the U.S. has long envisioned the day when stewardship over them would be transitioned to the global community,” said Dr. Stephen D. Crocker, ICANN’s Board Chair. “In other words, we have all long known the destination. Now it is up to our global stakeholder community to determine the best route to get us there.”

“The global multistakeholder process is defined by inclusion, and it will take some time to make sure that we obtain all of the necessary inputs,” said Chehadé. “By the time the current contract with the U.S. Government expires in September 2015, we will have a defined and clear process for global multistakeholder stewardship of ICANN’s performance of these technical functions.”

The first community-wide dialogue about the development of the transitional process will begin March 23-27 during ICANN’s 49th Public Meeting, in Singapore. All global stakeholders are welcome to participate in person or remotely.identifiers system.

14 March 2014