Miscellaneous Tech News
- 
 @Dashrender said in Miscellaneous Tech News: @scottalanmiller said in Miscellaneous Tech News: @travisdh1 said in Miscellaneous Tech News: @Dashrender said in Miscellaneous Tech News: @mlnews said in Miscellaneous Tech News: T-Mobile lied to the FCC about its 4G coverage, small carriers sayFCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells. T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage. Can we say - duh? Yeah, isn't that every carrier in the US? The US system favours companies lying about things  I don't understand this - though I do agree with Travis - all companies lie abut their coverage! They lie because in the US there are big benefits to lying and few penalties. Our laws favour companies that take advantage of corporate protections. 
- 
 Iranian phishers bypass 2fa protections offered by Yahoo Mail and GmailGroup breaches SMS-protected accounts. It's still testing attacks against 2fa apps. A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. “In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote. 
- 
 @mlnews said in Miscellaneous Tech News: Iranian phishers bypass 2fa protections offered by Yahoo Mail and GmailGroup breaches SMS-protected accounts. It's still testing attacks against 2fa apps. A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. “In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote. This isn't new. 
- 
 Mass email hoax causes closures across the US and CanadaEmails threaten explosions unless people pay $20,000 in Bitcoin. The emails warn that explosives have been planted in the recipient’s premises and that they will detonate by the end of the day unless the target pays $20,000 in bitcoin. By late Thursday afternoon, Sammy, the email security researcher who sent one of the tweets above, told Ars she and other researchers estimated more than 100,000 such emails had been received. A large percentage of the emails, she said, used unique wallet addresses and variations on the sender’s name as well as the type of explosive materials. 
- 
 How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/
- 
 @black3dynamite said in Miscellaneous Tech News: How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago? 
- 
 @JaredBusch said in Miscellaneous Tech News: @black3dynamite said in Miscellaneous Tech News: How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago? I don't think so, but it did come up on a call yesterday! 
- 
 @scottalanmiller said in Miscellaneous Tech News: @JaredBusch said in Miscellaneous Tech News: @black3dynamite said in Miscellaneous Tech News: How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago? I don't think so, but it did come up on a call yesterday! Check your Telegram with me on December 6th. 
- 
 @JaredBusch said in Miscellaneous Tech News: @scottalanmiller said in Miscellaneous Tech News: @JaredBusch said in Miscellaneous Tech News: @black3dynamite said in Miscellaneous Tech News: How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago? I don't think so, but it did come up on a call yesterday! Check your Telegram with me on December 6th. Oh, asking you directly. Yes, but not on ML. But we were looking for internet at the time, we hadn't come up with using an external service, yet. 
- 
 @JaredBusch said in Miscellaneous Tech News: @scottalanmiller said in Miscellaneous Tech News: @JaredBusch said in Miscellaneous Tech News: @black3dynamite said in Miscellaneous Tech News: How to Make an Offline Root Certificate Authority for Windows PKI in WSL 
 https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago? I don't think so, but it did come up on a call yesterday! Check your Telegram with me on December 6th. Same for me. 
- 
 Apple says iOS update will avoid Qualcomm patents, China iPhone banApple is appealing Qualcomm's China-wide ban on older iPhone models. Apple's patent battle with Qualcomm in China has intensified this week, with Qualcomm seeking a broader ban and Apple claiming it has a workaround to avoid Qualcomm's patents. 
- 
 @mlnews said in Miscellaneous Tech News: Apple says iOS update will avoid Qualcomm patents, China iPhone banApple is appealing Qualcomm's China-wide ban on older iPhone models. Apple's patent battle with Qualcomm in China has intensified this week, with Qualcomm seeking a broader ban and Apple claiming it has a workaround to avoid Qualcomm's patents. Does anyone know what the actual claimed infringement is? 
- 
 I have not seen anything yet. 
- 
 
- 
 
- 
 
- 
 
- 
 @dbeato said in Miscellaneous Tech News: That'll probably be the death knell for Kafka. It'll encourage Amazon to fork it rather than sustain it. 
- 
 ALthough it looks like Kafka remains under the solid Apache license. Only ADD ONs are getting a weird license. 
- 
 








