Daily Archives: April 4, 2019

Satellite plane-tracking goes global

Posted on by

The US firm Aireon says its new satellite surveillance network is now fully live and being trialled over the North Atlantic.

The system employs a constellation of 66 spacecraft, which monitor the situational messages pumped out by aircraft transponders.

These report a plane’s position, altitude, direction and speed every eight seconds.

The two big navigation management companies that marshal plane movements across the North Atlantic – UK Nats and Nav Canada – intend to use Aireon to transform their operations.

[…]

ncreasing numbers of planes since the early 2000s have been fitted with Automatic Dependent Surveillance Broadcast (ADS-B) transponders. US and European regulators have mandated all aircraft carry this equipment as of next year.

ADS-B pushes out a bundle of information about an aircraft – from its identity to a GPS-determined altitude and ground speed. ADS-B was introduced to enhance surveillance and safety over land, but the messages can also be picked up by satellites.

Aireon has receivers riding piggyback on all 66 spacecraft of the Iridium sat-phone service provider. These sensors make it possible now to track planes even out over the ocean, beyond the visibility of radar – and ocean waters cover 70% of the globe

[…]

in the North Atlantic, traditional in-line safe separation distances will eventually be reduced from 40 nautical miles (80km) down to as little as 14 nautical miles (25km). As a result, more aircraft will be able to use the most efficient tracks.

[…]

“Eight out of 10 flights will now be able to fly without any kind of speed restriction compared with the far less efficient fixed-speed environment we previously had to operate within,” Mr Rolfe said. “These changes, made possible by Aireon, will generate net savings of $300 in fuel and two tonnes of carbon dioxide per flight.”

However, any carbon dividend is likely to be eaten into by the growth in traffic made possible by the introduction space-based ADS-B. Today, there are over 500,000 aircraft movements across the North Atlantic each year. This is projected to increase to 800,000 by 2030.

Source: Satellite plane-tracking goes global – BBC News

Dutch  medical patient files moved to Google Cloud – MPs want to know if US intelligence agencies can view them

Posted on by

Of course the US can look in, under CLOUD rules, because Google is an American company. The move of the files has been done without consent from the patients by Medical Research Data Management, a commercial company, because (they say), the hospitals have given permission. Also, hospitals don’t need to ask for patient permission, because patients have given hospitals permission through accepting the electronic patient filing system.

Another concern is the pseudo-anonymisation of the data. For a company like Google, it’s won’t be particularly hard to match the data to real people.

Source: Kamerleden eisen duidelijkheid over opslag patiëntgegevens bij Google – Emerce

540 Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

Posted on by

Researchers at the cybersecurity firm UpGuard on Wednesday said they had discovered the existence of two datasets together containing the personal data of hundreds of millions of Facebook users. Both were left publicly accessible.

In a blog post, UpGuard connected one of the leaky databases to a Mexico-based media company called Cultura Colectiva. The data set reportedly contains over 146 GB of data, which amounts to over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.

A second leak, UpGuard said, was connected to a Facebook-integrated app called “At the pool” and had exposed roughly 22,000 passwords. “The passwords are presumably for the ‘At the Pool’ app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts,” the firm said. The database also contained data on users’ friends, likes, groups, and locations where they had checked in, said UpGuard.

Both datasets were stored in unsecured Amazon S3 buckets and could be accessed by virtually anyone. Neither was password protected. The buckets have since been secured or taken offline.

Source: 540 Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole

Posted on by

Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability.

Designated CVE-2019-0211, the flaw allows a “worker” process to change its privileges when the host server resets itself, potentially allowing anyone with a local account to run commands with root clearance, essentially giving them complete control over the targeted machine.

The bug was discovered by researcher Charles Fol of security shop Ambionics, who privately reported the issue to Apache. Admins can get the vulnerability sealed up by making sure their servers are updated to version 2.4.39 or later.

While elevation of privilege vulnerabilities are not generally considered particularly serious bugs (after all, you need to already be running code on the target machine, which is in and of itself a security compromise), the nature of Apache Server HTTP as a host machine means that this bug will almost always be exposed to some extent.

Fol told The Register that as HTTP servers are used for web hosting, multiple users will be given guest accounts on each machine. In the wild, this means the attacker could simply sign up for an account to have their site hosted on the target server.

“The web hoster has total access to the server through the ‘root’ account,” Fol explained.

“If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster. This implies read/write/delete any file/database of the other clients.”

Source: A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole • The Register

Linux Mint 19.2 ‘Tina’ is on the way, but the developers seem defeated and depressed

Posted on by

I have been a bit critical of Linux Mint in the past, but the truth is, it is a great distribution that many people enjoy. While Mint is not my favorite desktop distro (that would be Fedora), I recognize its quality. Is it perfect? No, there is no such thing as a flawless Linux-based operating system.

Today should be happy times for the Linux Mint community, as we finally learn some new details about the upcoming version 19.2! It will be based on Ubuntu 18.04 and once again feature three desktop environments — Xfce, Mate, and Cinnamon. We even found out the code name for Linux Mint 19.2 — “Tina.” And yet, it is hard to celebrate. Why? Because the developers seem to be depressed and defeated. They even appear to be a bit disenchanted with Free Software development overall.

Clement Lefebvre, leader of the Linux Mint project, shared a very lengthy blog post today, and it really made me sad.

[…]

I can show them 500 people donated money last month, I can forward emails to the team where people tell me how much they love Linux Mint, I can tell them they’re making a difference but there’s nothing like interacting directly with a happy user, seeing first-hand somebody be delighted with what you worked on. How our community interacts with our developers is key, to their work, to their happiness and to their motivation.

Clem quite literally says he is not enjoying the Linux Mint development nowadays, which really breaks my heart.

[…]

I also have a life outside open source work, too. It’s not mentally sound to put the hours I’ve put into the compositor. I was only able to do what I could because I was unemployed in January. Now I’m working a job full time, and trying to keep up with bug fixes. I’ve been spending every night and weekend, basically every spare moment of my free time trying to fix things.

[…]

To make things even worse, Hicks is apparently embarrassed by the official Linux Mint blog post! Another Reddit member named tuxkrusader responds to Hicks by saying “I’m slightly concerned that you’re not a member of the linuxmint group on github anymore. I hope you’re not on bad terms with the project.” Hicks shockingly responds by saying “Nope, I hid my project affiliation because that blog post makes me look bad.”

Wow. Hiding his affiliation with the Linux Mint project on GitHub?  It seems things may be worse than I originally thought…

Source: Linux Mint 19.2 ‘Tina’ is on the way, but the developers seem defeated and depressed