Yearly Archives: 2018

New Laws For Remote Control Parking In The UK

From June 2018 drivers will be able to use remote control parking on British roads.

New laws introduced on 16 May 2018 will mean that from next month drivers will be able to use remote control parking on British roads.

Changes to the Highway Code and relevant regulations were consulted on earlier this year and received overwhelming support from a range of groups including manufacturers, insurance groups and haulage companies.

Developments like remote control parking and motorway assist have the potential to transform car travel for those with mobility challenges, unlocking tight parking spaces and using computers to help driver accuracy on the road.

Not only that, but technology has the potential to make driving more energy efficient meaning cheaper, cleaner journeys, with improved air quality for both drivers and pedestrians.

The updates will provide clarity for motorists about how the technologies can be used, and allow the increased use of features like cruise control, providing significant advantages for drivers.

With gadgets like these already available on some vehicle models, the updates see the law moulding to the modern driving world, making sure drivers are ready to use their new technology safely and ensuring the law is flexible for future breakthroughs.

Jesse Norman, Transport Minister said:

Advanced driver assistance systems are already starting to revolutionise driving.

It’s encouraging to see the strong support for these innovations from a range of stakeholders. We will continue to review our driving laws, in order to ensure drivers can enjoy the potential of these new tools safely.

CCAV graphic

The changes are part of a package of work to ensure UK road laws are fit to support automated driving technology as they develop and provide clarity on new use cases.

The government also recently tasked the Law Commission with a detailed review of driving laws, along with planned updates to the code of practice to ensure that as technology develops the UK remains one of the best places in the world to develop, test and drive self-driving vehicles.




This builds on previous consultations on automated driving, and also the recently published Industrial Strategy, which designated the future of mobility as one of the 4 ‘grand challenges’. This strategy, along with changes to our regulatory framework, will help realise the government’s desire to see fully self-driving cars on the UK roads by 2021.

Mike Hawes, SMMT Chief Executive:

Connected and autonomous vehicles will transform our lives, with the potential to reduce up to 25,000 serious accidents and create more than 300,000 jobs over the next decade.

Today’s announcement is just one step towards increasing automation but it is an important one enabling increased convenience especially for those with restricted mobility. It is another welcome commitment from government to keep the UK firmly at the forefront of connected and autonomous vehicle development and rollout.

Further information

It is important to note that while advanced driver assistance technology will benefit British road users, drivers must continue to maintain overall control of their vehicle.

The remote-control function may be used in a variety of ways, from a key fob issued by the manufacturer, to an app on a device such as a mobile phone.

In addition, the Highway Code rules will be changed so clarity is given on both the use of remote control parking, and driver assistance systems that can control aspects of driving such as changing lanes on the motorway.

The changes proposed will update Road Vehicles (Construction and Use) Regulation 110.

Currently the regulation stipulates that drivers may not hold a mobile device while in their vehicle. The proposed update will to allow drivers to use their remote control parking device. They will need to be within 6 metres of their vehicle. These updates will then be reflected in the Highway Code.



New Laws To Make Social Media Safer

New laws will be created to make sure that the UK is the safest place in the world to be online, Digital Secretary Matt Hancock has announced.

The move is part of a series of measures included in the government’s response to the Internet Safety Strategy green paper, published today.

The Government has been clear that much more needs to be done to tackle the full range of online harm.

Our consultation revealed users feel powerless to address safety issues online and that technology companies operate without sufficient oversight or transparency. Six in ten people said they had witnessed inappropriate or harmful content online.

The Government is already working with social media companies to protect users and while several of the tech giants have taken important and positive steps, the performance of the industry overall has been mixed.

The UK Government will therefore take the lead, working collaboratively with tech companies, children’s charities and other stakeholders to develop the detail of the new legislation.

Matt Hancock, DCMS Secretary of State said:

Digital technology is overwhelmingly a force for good across the world and we must always champion innovation and change for the better. At the same time I have been clear that we have to address the Wild West elements of the Internet through legislation, in a way that supports innovation. We strongly support technology companies to start up and grow, and we want to work with them to keep our citizens safe.

People increasingly live their lives through online platforms so it’s more important than ever that people are safe and parents can have confidence they can keep their children from harm. The measures we’re taking forward today will help make sure children are protected online and balance the need for safety with the great freedoms the internet brings just as we have to strike this balance offline.

DCMS and Home Office will jointly work on a White Paper with other government departments, to be published later this year. This will set out legislation to be brought forward that tackles a range of both legal and illegal harms, from cyberbullying to online child sexual exploitation. The Government will continue to collaborate closely with industry on this work, to ensure it builds on progress already made.




Home Secretary Sajid Javid said:

Criminals are using the internet to further their exploitation and abuse of children, while terrorists are abusing these platforms to recruit people and incite atrocities. We need to protect our communities from these heinous crimes and vile propaganda and that is why this Government has been taking the lead on this issue.

But more needs to be done and this is why we will continue to work with the companies and the public to do everything we can to stop the misuse of these platforms. Only by working together can we defeat those who seek to do us harm.

The Government will be considering where legislation will have the strongest impact, for example whether transparency or a code of practice should be underwritten by legislation, but also a range of other options to address both legal and illegal harms.

We will work closely with industry to provide clarity on the roles and responsibilities of companies that operate online in the UK to keep users safe.

The Government will also work with regulators, platforms and advertising companies to ensure that the principles that govern advertising in traditional media – such as preventing companies targeting unsuitable advertisements at children – also apply and are enforced online.

Barnardo’s CEO, Javed Khan, said:

We welcome the Government’s commitment to making the UK the safest place to be online and the recognition of the need to bring industry, charities and the public together to tackle the risks and opportunities the online world brings.

We have long seen the harm that online can bring to children’s lives, our own child sexual abuse services saw a 38% increase last year in children referred. Online can be a force for good, but the ease of exploitation of children must be tackled.

We urge Government in the White paper to consider legislation that ends the era of technology self-regulation and puts children’s safety at the heart of the online world. Taking action now is vital to protect the next generation of children.

Alex Holmes, Deputy CEO, The Diana Award said:

We’re proud to support this government’s internet safety strategy, having been part of a number of consultations seeking and representing the views of our staff, young people and schools. Here at The Diana Award we know from our powerful peer to peer education programmes the positive part that technology plays in the lives of children and young people as well as the risks it brings.

We look forward to seeing government, industry, businesses, schools and the wider children and charity sector workforce continue to work together to make the internet a safer place for all.

Any changes recommended by the Law Commission’s Review of Online Offensive Communications, announced by the Prime Minister in February, will be considered as part of the legislation.

This work forms part of the government’s Digital Charter, which is working to develop the norms and rules for the online world and put them into practice, helping to make the UK both the safest place to be online and the best place to start and grow a digital business.




Internet Safety Strategy

Drupal Remote Code Execution Vulnerability [CVE-2018-7602]

A vulnerability in multiple subsystems of Drupal could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to an unspecified condition in multiple subsystems of the affected software. An attacker could exploit this vulnerability by sending crafted input to the affected application on a targeted system. An exploit could allow the attacker to execute arbitrary code, which could result in a complete compromise of the affected Drupal site.

Drupal.org has confirmed the vulnerability and released software updates.

CVE number – CVE-2018-7602

Analysis
  • To exploit this vulnerability, the attacker must have user-level access to the targeted system. This access requirement could reduce the likelihood of a successful exploit.

    This vulnerability is related to the vulnerability identified as CVE-2018-7600. Cisco previously covered this vulnerability in a Vulnerability Alert at the following link: Alert ID 57297

    Drupal.org is aware that is vulnerability, along with CVE-2018-7600, is actively being exploited in the wild.

Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators are advised to allow only privileged users to access administration or management systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • Drupal.org has released a security advisory at the following link: sa-core-2018-004
Fixed Software





What is cse.google.com

The web address cse.google.com is a legitimate part of Google search, known as “Custom Search” however there are plenty of browser hijackers who abuse this feature to generate revenue from Google.

Example of cse.google.com search results

This type of browser hijackers are often bundled with other free software that you download off of the Internet. Some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.

With Google Custom Search the person who created it has the option to set the custom search engine to search the entire web, similar to a normal search on Google.com and they can earn money from Ads.



 

Would You Like To Join SystemTek We Are Looking For A Technical Content Writer

Do you have an interest in technology ? Can you spare a hour or so each week ?

If so we are looking for someone to join our team on a voluntary basis as a content writer.

The Job Role – We are looking for people to write unique blog posts for our website on anything technology related.  These can be news story’s or technical “how to” guides.  As you will be doing this on a voluntary basis there is no fixed time as to when you should write the blog posts, as they can be scheduled to post at peak times.   If you are good with photo or video editing software this would be a bonus as you can add your own unique images or video’s to the posts.

About Us – SystemTek has had a website on the internet since 1999 providing technical news and information, our technology blog has hundreds of unique visitors each day, it’s a great way to share your knowledge. Our blog posts are automatically shared on Facebook, Twitter, Tumblr and Google Plus.

This is a great way to gain practical experience, volunteering can also help you stand out from the crowd and learn practical skills which will make you more desirable for prospective employers.   Remember if your looking for a new job you will have the perfect opportunity to impress recruiters with your experiences and passion for your interests. Employers are well aware of the benefits of volunteering and recognise the initiative and commitment that can be required by volunteers.

Key skills required for this role: –

  • Proficient writing skills and good use of English language.
  • Experience of working in a digital/online environment.
  • Knowledge of the subject matter you are writing about.
  • Ability to work on own initiative.
  • Knowledge of WordPress (not essential)
  • Photo/Image/Video editing skills (not essential)

If your interested in joining us please contact us here or drop us a message on Facebook




Maikspy Spyware

Maikspy is newly observed spyware that targets users on social media and adult gaming sites. There are two known variants of this malware, targeting Google Android and Microsoft Windows devices respectively.

Both variants aim to steal information such as email addresses, banking credentials and contact information. The Android variant propagates via malicious links posted on social media which advertise a fake adult game. Once this is downloaded it displays a message telling the user the app has failed to download, however the spyware will run in the background. The Windows variant is delivered via malicious RAR files downloaded from fake adult sites. These include a .txt file requesting the user disable their anti-virus, so they can access and steal user information.

The latest Maikspy variants revealed that users contracted the spyware from hxxp://miakhalifagame[.]com/, a website that distributes malicious apps (including the 2016 adult game) and connects to its C&C server to upload data from infected devices and machines.

IP’s & Hosts To Block

hxxp://miakhalifagame[.]com

hxxp://fakeomegle[.]com

hxxp://www[.]roundyearfun[.]org ( C&C address to save victims’ data )

107.180.46.243

198.12.155.84

198.12.149.13

Downloading only from legitimate app stores like Google Play can prevent Maikspy from compromising computers and mobile devices. It is also important to be aware of what apps are allowed to access, and to understand the risks before accepting any terms or granting certain permissions to apps.

One way to stay protected is to opt into Google Play Protect. It is designed to work in the background, protecting users from malicious apps in real time.

Affected Platforms

  • Microsoft Windows – All versions
  • Google Android Devices – All versions





Browser Non-HTTPS Website Warning

Google have announced (details here) that all HTTP sites will be marked as insecure in version 68 of their Chrome browser, to encourage site owners to transition to HTTPS. Chrome will display a warning message and notification to all users visiting any site not using HTTPS. Mozilla have also announced that their Firefox browser will begin marking non-HTTPS sites as insecure, although they have not given an indication of when this will start.

Alongside the well-documented security risks associated with HTTP, the notification of users that a site is insecure also brings a considerable reputational risk.

Affected Platforms

All web browsers

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.





SharePoint Server 2016 – KB4018381 – May 2018

This security update (KB4018381) resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following Microsoft security advisories:

Note To apply this security update, you must have the release version of Microsoft Office SharePoint Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don’t have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues in Project Server 2016:

  • If the proxy for the Project Service Application services already exists when you create a new Project Service application by using Install-SPService –Verbose command, an additional proxy for the service is created.
  • Consider the following scenario:
    • As a team member, you open your timesheet and enter work for two adjacent days.
    • On the first day, you set the actual work value back to zero.
    • On the first day, you set 8 hours of non-working time on an administrator task (for example, vacation)
    • You send a status update for approval.
    • You open the previous week timesheet.
    • You enter actual work values.
    • You send the timesheet for approval, and the status manager approves it.

    In this case, the actual work that was entered on the second of the two days moves to the first day. The actual work should not move when the status update is applied to the project.

  • When you publish a project in which the process updates the Summary Resource Assignment to a later date, the publish fails if the server is configured to use a date format other than MM-DD-YY.

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server 2016:

  • When an item is deleted from the usage analytics caches, the item is now also deleted from the analytics reporting database.
  • If you don’t have sufficient permission to mount a content database to a farm by using the Mount-SPContentDatabase cmdlet, the cmdlet fails and the database is dropped unexpectedly.
  • This update introduces the “My Site creation default to OneDrive in Office 365” hybrid feature in SharePoint Server 2016. After you install this update and enable this feature, hybrid-enabled users can have their OneDrive personal sites provisioned in the cloud instead of on-premises. On-premise only users can still have their OneDrive personal sites provisioned on-premises.
  • You cannot use the SharePoint Term Store Management UI in browsers other than Internet Explorer.
  • The WebPart.ZoneID property is unavailable in the Web Part information.
  • SharePoint emails that are longer than 1,000 characters could become corrupted at the 1,000-character position. Depending on what content happens to be at that position, the corruption could be minor (corrupted text) or severe (broken HTML markup).
  • This update fixes the following three issues with the SharePoint Properties Panel:
    • When you save a SharePoint properties panel with required properties for the first time, you cannot find the properties.
    • The DateTime format is assumed to MM/DD/YY.
    • Drop-down of lookup type is set to nil when the label is selected.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.




Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: May 8, 2018.

Security update replacement information

This security update replaces previously released security update KB 4018336.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
sts2016-kb4018381-fullfile-x64-glb.exe 4C67ED06F36496229DAE007DC51F4398EE40AE47 A85BC9DAB848D1923B179EF11595404189C0712F2BB9214C56B6F6AB3776978E

File information

For a list of the files that are included in this cumulative update (KB 4018381), download the file information.





Sophos UTM Blacklist Removal

You may have an issue for example where you have a website published on your Sophos UTM but certain users are unable to connect to it.  This maybe because the client IP address is on a Sophos UTM Blacklist.

If this is the case check the reverseproxy.log from the command line or the Web Application Firewall log direct from the UTM GUI.

If this is the case you will see authz_blacklist:warn in the log as well as the list that it is blocked on, for example DNSRBL black.rbl.ctipd.astaro.local 

Sophos UTM’s use Cyren as their blacklist provider.

If the client is blocked in the logs check on the Cyren website, as it will probably show as suspect on there :-

http://www.cyren.com/security-center/ip-reputation-check

If this is the case, there should be an option on that page to unblock your IP address, this usually takes a few hours to apply, once applied on the website it may take an hour or so to update on the UTM.



Adobe’s XD Design Tool Is Now FREE

Adobe has unveiled a free starter plan for its XD app, which is aimed at UI and UX designers allowing people to use it across platforms with all its features at no charge.

Included in this plan is ongoing access to the desktop version of XD on both Mac and Windows 10, including all the design and prototyping capabilities, along with the mobile preview apps on iOS and Android.

You can create an unlimited number of XD documents, export assets for production, and create videos to share your experiences. Also included is the ability to have one active shared prototype and one active shared design spec, with the option to upgrade should you need unlimited sharing. If you currently have an XD single app plan or a Creative Cloud all apps plan, then you already have unlimited sharing included.

Download for FREE here – https://www.adobe.com/products/xd.html




%d bloggers like this: