39 Years of the Digest ... founded August 21, 1981
Copyright © 2020 E. William Horne. All Rights Reserved.
covid-19 is a social disease! tune up the leaf blower and help save lives!

The Telecom Digest for Mon, 16 Nov 2020
Volume 39 : Issue 298 : "text" format

table of contents
How to get root on Ubuntu 20.04 by pretending nobody's /home
Zoom lied to users about end-to-end encryption for years, FTC says
FCC Releases Public Notice on Filing for Voluntary STIR/SHAKEN Implementation Exemptions
Phone and email scammers have pivoted during the pandemic. Here's how to protect yourself.
---------------------------------------------------------------------- Message-ID: <6232C698-EE95-4806-881B-8A1E8D214FB5@roscom.com> Date: 11 Nov 2020 14:03:05 -0500 From: "Monty Solomon" <monty@roscom.com> Subject: How to get root on Ubuntu 20.04 by pretending nobody's / home How to get root on Ubuntu 20.04 by pretending nobody's /home By Kevin Backhouse ... This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu. With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves. I have made a short demo video, to show how easy it is. It's unusual for a vulnerability on a modern operating system to be this easy to exploit. I have, on some occasions, written thousands of lines of code to exploit a vulnerability. Most modern exploits involve complicated trickery, like using a memory corruption vulnerability to forge fake objects in the heap, or replacing a file with a symlink with microsecond accuracy to exploit a TOCTOU vulnerability. So these days it's relatively rare to find a vulnerability that doesn't require coding skills to exploit. I also think the vulnerability is easy to understand, even if you have no prior knowledge of how Ubuntu works or any security research experience. ... https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE ------------------------------ Message-ID: <336B08EF-DEC2-41DC-93D8-7A03D14223C3@roscom.com> Date: 9 Nov 2020 15:03:27 -0500 From: "Monty Solomon" <monty@roscom.com> Subject: Zoom lied to users about end-to-end encryption for years, FTC says Democrats blast FTC/Zoom settlement because users won't get compensation. By Jon Brodkin Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption. https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/ ------------------------------ Message-ID: <20201114231558.69931753@telecom2018.csail.mit.edu> Date: Sat, 14 Nov 2020 23:15:58 +0000 (UTC) From: Moderator <telecomdigestsubmissions@remove-this.telecom-digest.org> Subject: FCC Releases Public Notice on Filing for Voluntary STIR/ SHAKEN Implementation Exemptions TCPA Regulatory Update - FCC Releases Public Notice on Filing for Voluntary STIR/SHAKEN Implementation Exemptions for Early Implementers & Reviews Comments on Section 8 of the TRACED Act Saturday, November 14, 2020 On October 1, 2020 the FCC adopted the Second Report and Order implementing Caller ID Authentication. As described in our October TCPA Digest, the Report and Order took a number of steps implementing the TRACED Act, including, among others, requiring voice service providers to either upgrade their non-IP networks to IP and implement STIR/SHAKEN, or work to develop a non-IP caller ID authentication solution; and providing a framework to file for extensions to the implementation deadline for certain categories of providers, including small voice service providers. https://www.natlawreview.com/article/tcpa-regulatory-update-fcc-releases-public-notice-filing-voluntary-stirshaken ------------------------------ Message-ID: <498533B4-B192-4A36-8D90-64757465435A@roscom.com> Date: 9 Nov 2020 11:15:17 -0500 From: "Monty Solomon" <monty@roscom.com> Subject: Phone and email scammers have pivoted during the pandemic. Here's how to protect yourself. Phone and email scammers have pivoted during the pandemic. Here's how to protect yourself. After a dip in the spring, phishing attempts are back. Complaints about spam text messages are up. By Laura Daily I hung up on my best friend. I had received three robocalls in a row from what looked like legitimate numbers, including one that started with that super- annoying, high-pitched, childlike, "Hi there! How are you doing?" My pal Lyn was call number four. Without noting the caller ID, I an- swered, snapped, "Stop calling me!" and hung up. (She called back a few minutes later, confused, but was completely understanding. She's Canadian, so she's exceedingly polite.) https://www.washingtonpost.com/lifestyle/home/scam-phone-email-text-covid/2020/11/02/9bf9eaf8-19fd-11eb-aeec-b93bcc29a01b_story.html ------------------------------ ********************************************* End of telecom Digest Mon, 16 Nov 2020
Helpful Links
Telecom Digest Archives The Telecom Digest FAQ