In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal.
The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield’s road network.
Britain’s Surveillance Camera Commissioner Tony Porter described the security lapse as “both astonishing and worrying,” and demanded a full probe into the snafu.
He told us: “As chair of the National ANPR Independent Advisory Group, I will be requesting a report into this incident. I will focus on the comprehensive national standards that exist and look towards any emerging compliance issues or failure thereof.”
Source: The Register
A fool with a tool is still a fool. Remember that the next time you vote.
US President Donald Trump has been lambasted by the medical community after suggesting research into whether coronavirus might be treated by injecting disinfectant into the body.
He also appeared to propose irradiating patients’ bodies with UV light, an idea dismissed by a doctor at the briefing.
Another of his officials had moments earlier said sunlight and disinfectant were known to kill the infection.
But then who will vote for him if every dumbass is dead?
Two thousand four hundred medical gloves were evaluated for leakage. Types of gloves examined (number of brands) included sterile latex (seven) sterile vinyl (four), nonsterile latex (six), and nonsterile vinyl (seven). Sampling was done from one box of each brand. Fifty gloves from each box were filled with 300 ml of water (the standard test used by the American Society for Testing and Materials). An additional 25 cm pressure was applied to water-filled gloves. Another 50 gloves of each box were donned and dipped into a basin that contained heparinized human blood. Only four brands of sterile latex surgeon’s gloves proved nonpermeable to water and blood. Other brands showed leakage that ranged from 1% to 52%. Analysis of proportions of pairs of gloves permeable to water or blood indicated a strong statistical association of nonsterile packaging or packaging in suction kits with increased leakage rates. These findings affirm that gloves can be regarded only as a means of reducing the risk of gross soilage from blood or body fluids. Quality control standards to ensure more uniform glove quality are needed.Source: PubMed.gov
The same applies to all non-FFP3 face masks.
Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.
One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.
In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.