Security – Michmutters
Categories
Australia

E-scooters help Australia’s net-zero goals, but medics warn about long-term injuries

Traumatic brain injuries, severe dislocations, and broken bones are some of the injuries Graeme Maw has seen come through the Townsville University Hospital from electric scooter (e-scooter) accidents.

Emergency physician Dr Maw says staff would support a ban on the two-wheeled devices, as new research shows half of the riders are making potentially life-threatening decisions on Queensland roads.

He said approximately one person per day was presenting to the hospital with injuries ranging from skin abrasions to significant head trauma.

“Lots and lots of soft tissue injury, extensive grazing and abrasions. Lots and lots of lacerations that require suturing up,” Dr Maw said.

“Often, these patients go on to suffer relatively significant long-term impacts from these sort of injuries.

“There was one young man who came off a scooter after drinking. He came in deeply unconscious and was sent to intensive care. He went from being a functioning member of society with a job to spending months and months in hospital and rehabilitation.”

A serious looking middle-aged man with slicked back hair, standing in hospital ward with equipment, wearing blue scrubs.
Dr Maw says about one person per day presents with an e-scooter injury.(Supplied)

The Townsville University Hospital has been collecting data on the frequency of e-scooter accidents since the ride-sharing devices arrived in the city in 2020.

Dr Maw said about 50 per cent of patients presenting to an emergency were not wearing a helmet, and more than 75 per cent were under the influence of alcohol when an incident occurred.

The data showed 70 per cent of patients presenting to the hospital with e-scooter injuries were male, with the majority in the 18–30 age group.

Man rides e-scooter down a tree-lined street.
The data shows 70 per cent of patients presenting to Townsville University Hospital with e-scooter injuries are male.(ABC North Queensland: Rachael Merritt)

But Dr Maw said the true extent of cases was being under-reported.

“It’s not just the people riding the scooters. We’ve had a few innocent bystanders knocked over,” he said.

“Not everybody who comes off an e-scooter ends up going to the emergency department.

“A lot of patients head to GPs, private hospitals, and some may not seek medical attention at all.”

Calls for help becoming ‘more frequent’

Queensland Ambulance Senior Operations Supervisor Wayne Paxton, from the Townsville district, said paramedics were responding to an e-scooter crash at least once or twice a week.

“It’s starting to become more and more frequent over the weeks and weekends,” Mr Paxton said.

“The types of injuries we deal with can vary from a small cut or abrasion to something like a head injury or fractured leg or shoulder injury.”

Purple e-scooters lined up in front of palm trees with helmets.
Doctors say they have seen cases of traumatic brain injury in Townsville since the scooters were introduced.(ABC North Queensland: Rachael Merritt)

Amid the rising cost of fuel, Mr Paxton said more regional Queenslanders were choosing the cost-effective mode of transport.

He said their popularity would likely continue to rise but warned riders to be aware of the risks.

“I’ve been to accidents where the helmet has been on, but they haven’t done the strap up, and it has come off during the fall,” he said.

“If we don’t have the right education and don’t wear protective equipment … it can certainly lead to serious injuries and, worst-case scenario, more deaths.”

Safety not being taken seriously

With more regional Queensland cities such as Mackay, Rockhampton and Bundaberg taking part in the e-scooter rollout, a recent survey by the state’s peak motoring body found half of the riders admitted to reckless driving behaviour.

Andrew Kirk, principal technical researcher at RACQ, said a crackdown on non-compliant e-scooter users was needed to improve safety, as well as a stronger education campaign.

“Nearly one in 10 riders have had an accident, and over half of those have been injured,” he said.

“That comes down to lack of safety equipment, going too fast and riding in the wrong areas.”

Close up of red safety sign on e-scooter saying ride safely, park responsibly, don't block path, with figures depicting action.
A statewide survey of e-scooter users by RACQ found only a third of riders were aware of the road rules.(ABC North Queensland: Lily Nothling)

Mr Kirk said RACQ had been in talks with e-scooter rental companies to incorporate new technologies, such as onboard cameras, to improve user safety and did not want to see them pulled from the streets.

“It’s getting cars off the road, so it’s reducing vehicle emissions and reducing traffic congestion,” he said.

“They do have a big role to play in Australia’s net-zero goals.

“Most bike riders have adapted to the fact you have to have a helmet on, but for e-scooters we just need to change that mentality to get people to do the right thing.”

.

Categories
Technology

Are You Being Followed? Use a Raspberry Pi to Find Out

In the movies, a hero can always tell he’s being followed because the goons tasked with following him never blend in. In real life, figuring out if someone is tailing you is much trickier, and can be a matter of life and death. At the Black Hat security conference, a speaker demonstrated a low-cost device that looks for the tell-tale wireless signature of bad guys on your tail.


Watch Your Back

Matt Edmondson, who works with the US Department of Homeland Security, was approached by a friend from a government agency and declined to name onstage at Black Hat. This friend worked with confidential sources, and one in particular had links to a terrorist organization. Edmondson’s friend was concerned that if they were followed after meeting with the confidential source, his friend’s government connections could be discovered and the source put in danger.

The traditional spycraft method of surveillance detection, Edmondson explained, is to change your route and see who does the same—such as exiting the highway and then getting back on again. “It’s really obvious the [Washington, D.C.] Beltway was designed as a surveillance-detection route,” quipped Edmondson, perhaps joking, perhaps not.

Edmondson said his friend asked if he could revisit an idea he had discussed years ago: Using network-detection technology to scan for devices that were following you.

Even if you’re being tailed by a nation-state-backed surveillance team, “isn’t there still a really good chance they have a phone in their pocket?” asked Edmondson.


Tattletale Devices

This works because so many of our devices are constantly trying to communicate with other devices and various wireless networks. Many mobile devices, for example, are constantly seeking familiar wireless networks to connect to. Other devices, such as AirPods, Bluetooth speakers, laptops, and so on, can be similarly chatty.

All those wireless conversations can be easily detected. If the same devices are in your vicinity repeatedly, Edmondson reasoned, it’s likely you’re being followed.

At PCMag, we’ve looked at similar devices before. The PwnPro was a multi-thousand-dollar device with sophisticated backend software that could monitor devices within 1,000 feet. It, too, could identify specific devices and usage patterns, but was far from affordable or portable.


SimpleComponents

To build a device that could scan for wireless communications and alert you when such a device stayed in your vicinity, Edmondson set out to use low-cost materials, and settled on the Raspberry Pi single-board computer. “How many of us have multiple Raspberry Pis sitting in your closet doing absolutely nothing?” Edmondson joked.

Add to that a low-cost touch screen purchased off Amazon, a portable power bank, and a USB wireless adapter (Alfa AWUS036ACM), and Edmondson was off and running.

Screenshot of a livestream, a man is smiling on the left side while the right is a PowerPoint slide showing a Pelican Case full of electronics.

A view of the ‘minimum viable product’ version of Edmondson’s detection device.

Scanning duties on the device would be handled by Kismet, a free and open-source wireless monitoring tool. Kismet scans the airwaves and records its findings in an SQLite database. “Everything else is shoddy python code,” said Edmondson.

Users interact with Edmondson’s device via the touch screen and a custom interface Edmondson described as “literally the worst user interface you’ve ever seen.” It consists of several large, gray buttons, which are intended to be easily pressed while driving. For this task, Edmondson explained, “you don’t want a nice interface designed by Apple, you want something designed by Fisher-Price.”

Once activated, Edmondson’s device compiled data on the surrounding devices into lists broken down by time. If the device detects something that already appears in the list from 5-10 minutes ago, or 15-20 minutes ago, that’s a sign someone might be on your tail.


A Few Challenges

There were still some challenges with the device, however. First, Edmondson needed to build in a mechanism where detected devices could be added to an ignore list. That way, trusted devices wouldn’t trigger an alert.

A slide from a PowerPoint presentation showing a black Pelican case full of foam and several electronic components neatly arranged

Edmondson’s presentation showed a better, more neatly arranged version of his device.

During a field test in the Arizona desert, Edmondson discovered another problem: MAC address randomization. This is a security feature of many modern devices, where wireless requests are sent with a random, spoofed MAC address.

Edmondson’s solution was to also look at what Wi-Fi networks devices were asking for. If the same Wi-Fi network request appears again and again, that probably means a single device is nearby. Edmondson said that this could possibly be expanded upon, since tracing the location of the requested Wi-Fi networks could tell you where the device had been previously. Even the requested Wi-Fi network name could contain clues. Edmondson said he also wanted to add a GPS component, so it was possible to see where a potential follower first appeared.

In his talk, Edmondson didn’t reveal whether the device was ever practically put to the test, or what became of his friend’s informant. He did, however, bemoan the lack of similar detection technology. “There’s so much technology out there to stalk on people and invade their privacy and very little to protect yourself,” he said.

Keep reading PCMag for the latest from BlackHatBlackHat.

.

Categories
Technology

Subverting Deep Security in Windows

I picture a scene from a heist movie. The bank boasts of its new, ultimate security force inside the locks, walls, and lasers. And the heist crew looks for ways to subvert that system. Can we slip one of our people into the defense force? Use bribes or threats to compromise a guard? Maybe just find a guard who’s sloppy?

While it’s a lot more technical, finding a technique to subvert the Early Launch Antimalware (ELAM) system in Windows, as described by Red Canary’s principal threat researcher Matt Graeber in his Black Hat briefing, it is similar to that scenario.

Graeber explained that an ELAM driver is secured against tampering, and it runs so early in the boot process that it can evaluate other boot-time drivers, with the potential to block any that are malicious. “To create this driver, you don’t have to implement any early launch code,” Graeber explained. “The only thing you need is a binary resource with rules that say which signers are allowed to run as Antimalware Light services. And you have to be a member of the rather exclusive Microsoft Virus Initiative program.”

“I had to investigate how the rules are implemented,” said Graeber. He then described just how he analyzed Microsoft Defender’s WdBoot.sys to determine the expected structure for these rules. In effect, each rule says that any program signed with a specific digital certificate is allowed to run as an Antimalware Light service, which affords it serious protections.

It’s not possible to swap in an unapproved driver, since each must be Microsoft-approved. And anti-tampering constraints mean it’s equally impossible to subvert an existing driver. “ELAM is an allowlist for Antimalware Light services,” Graber mused. “What if it’s overly permissive? Does there exist an ELAM driver that may be overly permissive?”


A Grueling Search

Graeber relied on many resources in his search for a lax driver, among them VirusTotal Intelligence. You may be familiar with VirusTotal’s free malware check, which lets you submit a file or a hash and have it checked by around 70 antivirus engines. VirusTotal Intelligence provides much broader access to detailed information about just about every file and program in existence.

“Hunting for ELAM drivers, I got 886 results from VirusTotal,” said Graeber. “I filtered the list to validate results and got it to 766. I identified many vendors with ELAM drivers, some of them odd.” Here, Graeber showed a list that included one blank vendor name and several that looked incomplete. “If some of the vendors are odd, maybe there’s one rule set that’s odd.”

In the end, he discovered five certificates from four security companies that, as he hoped, provided a way to subvert ELAM. Without going into detail about certificate chains, I have determined that any program with one of these in its certificate chain could run in the protected Antimalware Light mode. All he had to do was cross a list of such programs with VirusTotal’s list of malware to get a rogue’s gallery of malicious programs with the potential to run protected.


How to Weaponize This Weakness?

At this point, the talk stepped off the technical deep end. Graeber described searching the LOLbins for an abuseable executable, coming up with a suitable version of Microsoft Build, and getting past various obstacles to let him run arbitrary code. I’m sure the bright programmers in the audience were nodding along in admiration.

After a live demo, Graeber noted the possibility of various payloads. “Your own malware is protected, and you can kill other protected processes,” he said. “We effectively killed the Microsoft Defender engine in the demo.” The code is public, though Graeber mentioned that “I had to change some filenames to protect innocent vendors.”


How to Detect and Mitigate This Attack?

“This is abusing the features of ELAM, not a vulnerability,” said Graeber. “I can’t begin to speculate why any of those certificates would be allowed. Shame on Microsoft! Let’s hope for a robust fix in the future. Vendors, I’m not shaming any of you here. I don’t even blame vendors for the overly permissive drivers, since Microsoft allowed them. I encourage any vendor to audit the rule sets of your signed ELAM drivers. You wouldn’t want to be the one who ruined the entire ecosystem.”

Graeber does hold out hope for a fix. “I reported this to Microsoft in December of 2021,” he said. “They acknowledged the issue, and the Defender team really owned this. They’ve taken it very seriously and sent notification to Microsoft Virus Initiative members. If you’re a member, you already know.”

He concluded by offering resources for other researchers to duplicate his work. That might sound like he’s putting weapons in the hands of malware coders, but fear not. Graeber supplied the framework for further investigation, but anyone trying to use it will have to duplicate his search for a permissive driver and an abuseable payload.

Still, the picture of malicious software taking over the secure bunker that ELAM provides and killing off the defending programs is alarming. Let’s hope the security community, Microsoft in particular, comes up with a defense quickly.

.

Categories
Technology

Your Macs Aren’t as Secure as You Think

When the Macintosh computer was new, Apple touted the fact that Macs, unlike PCs, didn’t get viruses. We know better now; Macs do get hit with malware, even ransomware. But the fact remains that macOS is intrinsically more secure than Windows. That’s why security researcher Thijs Alkemade’s claim to break through all macOS security layers with one attack is such a gut punch. An excited audience of Black Hat conference attendees, both in-person and virtual, clamored to hear details about this surprising claim.


What Makes MacOS So Secure?

“I’ve been a Mac user all my life,” said Alkemade. “It’s a system I know well. The early Mac platform was based on Unix. In that platform, users are security boundaries but processes are not. For files, every file has an owner, and nine flags define permissions. The root user has full access to modify all files, memory, even the kernel. That was the old model.

“System Integrity Protection (SIP) was introduced in 2015 with El Capitan,” he continued. “It put a security layer between the root users and the kernel, protecting the system from modification even by the root user. Root access is no longer enough to compromise the system. One of the other names for this system is rootless. Some people think it means Apple is going to take root away, like on the iPhone. But actually it just means that root es less powerful. Dangerous operations require entitlements, and each macOS release adds more and more restrictions.

“But…macOS is old, large, and established,” said Alkemede. “A lot of system parts were written before the security model changed. It’s not possible to reconstruct the entire system.”

I have listed off several techniques that could be used to enable process injection, but concluded they’re just incidental. “It’s much nicer to have process injection that you can apply everywhere.”


Where’s the Security Hole?

Where’s the weakness? Alkemade didn’t keep listeners in suspense. “It’s in the saved state feature,” I explained. “When you shut down, you check a box if you want an app to reopen when you start again. It even restores unsaved documents. It largely works automatically. Developers don’t have to do anything to use it, but they can extend it.”

The process of saving an app’s state is called serializing, and the serialized data is meant to be encrypted. However, encryption is not required, which allows a clever programmer to abuse this feature. “I create a saved state using a malicious serialized object and write it to the directory of another application’s state. It automatically deserializes and executes within the other app, and can use the entitlements and permissions of that other app, achieving process injection.”

Alkemade walked the audience through the numerous barricades he encountered, and the techniques he evolved to circumvent them. He did admit, “I have to skip a few steps for time reasons and disclosure reasons.” I won’t attempt to explain the details here, as you need to be a programmer to totally grasp them. The key point is, it worked.


What Can You Do With Process Injection

Alkemade detailed three possible uses for the exploit: escape the sandbox, escalate privilege, and bypass System Integrity Protection.

These are extraordinary claims, given those outcomes are practically the Holy Grail of hacking. Bypassing SIP in particular gives your program supreme power. “We can read email or Safari history of all users, or grant ourselves permission to use the microphone or webcam,” Alkemade explained. “Our process is now protected by SIP, which gives it powerful persistence. We can load a kernel extension without the user’s knowledge or permission.”

Alkemade proceeded to demonstrate these three hacks for the appreciative audience. Only the best Black Hat demos get their own round of applause!


Should We Worry?

This security hole is already fixed in macOS Monterey, but app developers need to do their part. “Developers can and should make apps accept only secure serialized objects,” said Alkemade. “Apple has already done that with all their apps, but existing third-party apps need to do the same.”

As it turns out, this new protection isn’t just for Monterey. “I just learned that they back-ported it to Big Sur and Catalina,” said Alkemade. “The Catalina release notes are updated, but not those for Big Sur. I got a spontaneous email from Apple asking to share the contents of my talk in advance. Two hours ago I got confirmation that it’s fixed in Big Sur, though I haven’t had time to verify it.”

“Apple keeps adding layers to macOS,” concluded Alkemade. “Adding new layers to an established system is hard, so code written 10 or more years ago is today’s attack surface. More layers may not increase the effort for attackers, not if you can use the same bug to bypass all of them.”

.

Categories
Technology

Meta Expands Test of End-to-End Encryption Features in Messenger

Meta is testing additional end-to-end encryption (E2EE) features in Facebook Messenger—and not just because it has been roundly criticized for not enabling these protections by default.

“We’re working hard to protect your personal messages and calls with end-to-end encryption by default on Messenger and Instagram,” Meta says. “Today, we’re announcing our plans to test a new secure storage feature for backups of your end-to-end encrypted chats on Messenger, and more updates and tests to deliver the best experience on Messenger and Instagram.”

The marquee change is the introduction of encrypted backups. Messenger currently stores E2EE messages on a single device; there is no way to access them on another device. (At least in theory.) This can be inconvenient for people who lose their primary device, but if the company had backed up the messages without encrypting them, Messenger users would be at risk.

That isn’t a theoretical problem. Apple uses E2EE for iMessage, but many people choose to back up their message histories via iCloud. That backup isn’t encrypted, so even though the messages rely on E2EE in transit, someone can access those messages via iCloud. Meta avoids that problem with Messenger by restricting E2EE messages to a single device.

Now the company is testing what it calls Secure Storage. This encrypted backup will allow people to recover their messages using the method of their choice—supplying a PIN or entering a generated code—if they lose access to their device. Meta says it will also let Messenger users back up their E2EE messages to “third-party cloud services,” if they prefer.

“For example, for iOS devices you can use iCloud to store a secret key that allows access to your backups,” Meta says. “While this method of protecting your key is secure, it is not protected by Messenger’s end-to-end encryption.” (Which is effectively the company’s way of saying that it’s not responsible if otherwise-secure Messenger chats are accessed via iCloud.)

Meta will start testing Secure Storage on Android and iOS this week. The feature isn’t available via Messenger’s website, desktop apps, or for “chats that aren’t end-to-end encrypted,” though.

The company says it will also “begin testing the ability to unsend messages, reply to Facebook Stories, and offer other ways to access your end-to-end encrypted messages and calls”; test an extension dubbed Code Verify that “automatically verifies the authenticity of the code” on Messenger’s website; and make E2EE messages available to more Instagram users.

But perhaps the most important test will be making E2EE the default for some Messenger users rather than requiring people to enable these protections on a chat-by-chat basis. Meta says:

“This week, we’ll begin testing default end-to-end encrypted chats between some people. If you’re in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won ‘t have to opt in to the feature. You’ll still have access to your message history, but any new messages or calls with that person will be end-to-end encrypted. You can still report messages to us if you think they violate our policies, and we’ll review them and take action as necessary.”

Making the most secure option the default is the best way to encourage people to protect themselves. This has become even more important in a post-gnaws Roe country where law enforcement can—and have—use message histories to build cases against people who’ve had or have sought abortions. (Meta tells wiredwired this rollout wasn’t prompted by those concerns.)

Meta says it “will continue to provide updates as we make progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023.”

.

Categories
Technology

Researchers Stalk and Impersonate Tracking Devices (for Safety)

At Black Hat 2022, security researchers showed off a new attack that goes after tracking systems built on ultra-wideband (UWB) radio technology. They were able to stalk these tracking devices without their target’s knowledge, and even make targets appear to move at their attackers’ will.

A key use of UWB is real-time locating systems (RTLS), where a series of transceiver stations called anchors track the location of small, wearable devices called tags in a specific area, in real-time. This has a number of applications, from simple tasks like tracking personal items to high-stakes scenarios like infectious disease contact-tracing and factory safety mechanisms.

“Security flaws in this technology, especially in industrial environments, can be deadly,” says Nozomi Networks Security Research Evangelist Roya Gordon.

You may not be familiar with UWB, but it’s familiar with you. Apple has integrated it into mobile devices starting with the iPhone 11, as well as modern Apple Watches, HomePods, and AirTags. It’s also being used in large-scale infrastructure projects, like the effort to drag the New York City Subway signaling system into the 21st century.

Although Apple AirTags use UWB, the systems the team looked at were markedly different.


Standard Loopholes

What’s the problem with UWB RTLS? Although there is an IEEE standard for RTLS, it doesn’t cover the synchronization or exchange of data, the research team explains. Lacking a required standard, it’s up to individual vendors to figure out those issues, which creates opportunities for exploitation.

In its work, the team procured two off-the-shelf UWB RTLS systems: the Sewio Indoor Tracking RTLS UWB Wi-Fi Kit, and the Avalue Renity Artemis Enterprise Kit. Instead of focusing on tag-to-anchor communication, the Nozomi Networks team looked at communications between the anchors and the server where all the computation happens.

The team’s goal was to intercept and manipulate the location data, but to do that, they first needed to know the precise location of each anchor. That’s easy if you can see the anchors, but much harder if they’re hidden or you don’t have physical access to the space. But Andrea Palanca, Security Researcher at Nozomi Networks, found a way.

The anchors could be detected by measuring the power output of their signals, and the precise center of the space found by watching for when all the anchors detect identical signal data for a single tag. Since RTLS systems require the anchors to be arranged to form a square or rectangle, some simple geometry can pinpoint the anchors.

But an attacker wouldn’t even need pinpoint precision; anchor positions can be off by 10% and still function, Lever says.


Attacking RTLS

With all the pieces in place, the team showed off their location-spoofing attacks in a series of demos. First, they showed how to track targets using existing RTLS systems. We’ve already seen mounting concern over malicious uses of AirTags, where a bad guy tracks a person by hiding an AirTag on them. In this attack, the team didn’t need to hide a device, they simply tracked the tag that their target already used.

They also demonstrated how spoofing a tag’s movements in a COVID-19 contact-tracing scenario could create a false exposure alert, or prevent the system from detecting an exposure.

Another demo used a manufacturing facility mockup, where RTLS data was used to shut down machines so a worker could enter safely. By messing with the data, the team was able to stop production at the faux factory by tricking the system into thinking a worker was nearby. The opposite could be more dire. By making it seem as if the worker had left the area when they were actually still there, the machine could be reactivated and potentially injure the worker.


Practical Complications

The good news for owners of these systems is that these attacks aren’t easy. To pull it off, Luca Cremona, a Security Researcher at Nozomi Networks, first had to compromise a computer inside the target network, or add a rogue device to the network by hacking the Wi-Fi. If a bad guy can get that kind of access, you’ve got a lot of problems already.

Unfortunately, the team didn’t have any easy answers for securing RTLS in general. They kludged data encryption onto an RTLS system, but found that it created so much latency as to make the system unusable for real-time tracking.

The best solution the team presented was for the IEEE standard to be revised to cover the synchronization and exchange of data, requiring manufacturers to meet standards that could prevent RTLS attacks like this.

“We can’t afford to have those loopholes in standards,” Gordon says.

Keep reading PCMag for the latest from BlackHatBlackHat.

.

Categories
Technology

Microsoft, CISA Warn of Actively Exploited ‘DogWalk’ Windows Bug

Microsoft has warned its customers that a vulnerability known as DogWalk, which affects every recent version of Windows and Windows Server, is being actively exploited by attackers.

DogWalk (CVE-2022-34713) is a high severity vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that can be exploited to enable remote code execution on vulnerable devices, the company says in a Microsoft Security Response Center (MSRC) update.

There are many such devices; DogWalk affects Windows 7, 8.1, 10, and 11 as well as several versions of Windows Server, Microsoft says in the MSRC update. More than 1.4 billion devices currently run Windows 10 or 11 alone, the company says on its website.

Microsoft does reassure Windows users that “exploitation of the vulnerability requires that a user open a specially crafted file,” which means attackers can’t just force their way onto a vulnerable system, but it’s not particularly hard to get someone to open a malicious file .

“In an email attack scenario,” Microsoft says, “an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.” Or they could upload the malicious file to a website and just wait for someone to download it.

This update has prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2022-34713 to its Known Exploited Vulnerabilities catalogue. That means federal agencies have until Aug. 30 to patch their systems against the vulnerability.

That might not seem like a long time, especially since Microsoft released the Windows and Windows Servers patches related to DogWalk on Aug. 9 as part of Patch Tuesday. But attackers have known about this flaw in MSDT for at least 2.5 years at this point.

BleepingComputer reports that DogWalk was initially disclosed by a security researcher named Imre Rad in January 2020. Microsoft initially dismissed the report, Rad says, but now it’s finally released a fix and confirmed that attackers have exploited the flaw.

.

Categories
Australia

Learner driver speed limits spark debate with NSW regional road safety inquiry underway

Driving instructors and the trucking industry want speed limits for learner drivers in New South Wales to be lifted or increased, citing safety concerns on regional roads.

Learner and red P-plate drivers in NSW cannot exceed 90 kilometers per hour while driving, even if a road’s speed limit is higher.

A state parliamentary committee is currently holding an inquiry into speed limits and road safety in regional areas.

The NSW Driver Trainers Association believes novice speed restrictions should be removed.

Vice president Christine Hillis said the rules increased travel time and fatigue, and could encourage other motorists to attempt risky overtaking.

She said regional roads that did not have adequate overtaking lanes were of particular concern.

“It just puts pressure on everyone else that uses the roads,” she said.

“In every other state on the eastern seaboard the learner drivers can drive at close to the speed limit.”

New South Wales learner drivers used to be capped at 80kph until it was increased in 2013.

Queensland, Victoria and the ACT do not have similar speed restrictions for their learner drivers but the Northern Territory limits learners to 80kph and South Australian novices are capped at 100kph.

A man standing in front of a driving instructor's car
Graham Kidson says it makes new drivers anxious when traffic builds up behind them.(ABC NewsHugh Hogan)

Stressful situations

Graham Kidson runs a driving school in Orange, in the state’s central west, and argued a learner driver following the rules could cause dangerous situations on regional roads.

“Traffic is building up behind them, it makes them more anxious, and people tend to do silly things to encourage the learner to go faster or tend to take risks to overtake,” he said.

The driving instructor of more than 15 years believed brand new drivers should not be out on the highway.

“But by the time they get to the stage where they can move onto the highway, there’s certainly an advantage if they can keep up with the speed of the traffic,” Mr Kidson said.

Rod Hannifey smiles in front of his truck
Rod Hannifey says the well-intentioned speed restrictions can cause havoc on regional roads.(ABC News: Jerry Rickard)

trucking concerns

Safety advocates from the trucking industry have also thrown their weight behind the calls to get rid of probationary speed limits.

President of the National Road Freighters Association Rod Hannifey said the rules created delays and caused extra fatigue for truck drivers.

“If we had four-lane highways everywhere that would be really nice, but we’re all realistic,” he said.

“and [drivers] that are learning in rural areas are more likely to be on a two-lane road with trucks that have logbooks and time requirements and need to manage their fatigue.”

He said it was also important that beginner drivers got practice traveling at the speed limit.

“Give them the opportunity to at least do a reasonable highway speed instead of making them another obstacle,” he said.

“They don’t have to travel at the limit, but it gives them more options to flow with the traffic and learn with less duration.”

No Overtaking or Passing sign on Williams Road at Bonville in NSW.
Critics say the lack of overtaking opportunities on regional roads puts undue pressure on learner drivers.(ABC News: Chris Gillette)

no evidence

Transport for New South Wales said there was no evidence that increasing speed limits for novice drivers would reduce fatigue related crashes.

The deputy secretary of safety, environment and regulation, Tara McCarthy, said novice drivers were still developing necessary skills and experience.

“In recognition of this and the higher crash risks that these drivers face as a result of inexperience, NSW has implemented the Graduated License Scheme [learner speed limits],” she said.

The agency said since the scheme was implemented in June 2000, driver fatalities for those aged 25 years and under had reduced by 58 per cent.

“These speed restrictions, combined with a zero tolerance approach to speeding offences, are in place to manage risk and young driver trauma,” Ms McCarthy said.

.

Categories
Australia

New Adelaide accommodation for domestic violence victims expected to be full within weeks

Eight new units have been set up in an undisclosed location in Adelaide to help women and children escape domestic violence.

South Australia is the first state to get new upgraded facilities, with other states set to follow suit.

It is a part of a $20 million federal government program to upgrade domestic violence services across the nation.

The Adelaide facility, operated by the Salvation Army, will accommodate approximately 40 people, with on average one adult and four children per property.

Salvation Army general manager of family violence Lorrinda Hamilton said the facility was in high demand.

“We are almost half full and we’ve only been open for two weeks,” she said.

A woman standing with a beige jacket and looking serious
Lorrinda Hamilton says the Salvation Army runs domestic violence refuge facilities across the nation. (abcnews )

“We are expected to be fully occupied within the next week.

“These facilities are critical. The demand for family violence responses outstrips the supply of refuge accommodation.

“It is one of the leading causes of homelessness.”

The site includes recreational facilities and outdoor play areas for children, but in a high-security setting.

DV Shelter Adelaide (1)
Bedroom and living areas have been designed to maximize privacy and safety for parents, while affording them the opportunity to easily supervise their children and ensure their safety. (abcnews )

Ms Hamilton said it was important the location was kept secret.

“It is imperative that we operate in non-disclosed locations, and that’s particularly important when we are working with high-risk family violence, particularly women who might be an imminent risk of death,” she said.

“The majority of people using this facility are from South Australia but there are some women who will be fleeing from interstate who will use this facility.”

A woman with brown curly hair and glasses mid-sentence with everything else around her blurred out
Minister for Social Services Amanda Rishworth says no woman should have to choose between having a home or experiencing violence.(ABC News: Matt Roberts)

Minister for Social Services Amanda Rishworth said the federal government fund was “about supporting women and children who are escaping family and domestic violence.”

“Every 10 days, one woman is killed by their former or current partner,” she said.

“This is a really big problem, family and domestic violence in this country.”

.

Categories
US

MBTA announces 4-week shutdown of Green Line Extension

Less than five months after part of the Green Line Extension began operations, the MBTA is announcing plans to close the tracks for four weeks and delaying the opening of a new branch. Green Line service in both directions between Government Center and Union Square will be replaced by free shuttle buses from Aug. 22 through Sept. 18, the MBTA announced Friday. Officials said the disruption is necessary to allow for work at the Government Center Garage project. Scheduled projects during this time include overhead wire adjustments on the East Cambridge Viaduct that will eliminate a speed restriction, installation of sound barriers and testing of track and communication infrastructure. Also Friday, MBTA officials pushed the start date of the Green Line Extension’s Medford Branch back to late November. It was originally expected to open in late summer. It’s another blow for riders in Medford who are also impacted by the MBTA’s plan to shut down the whole Orange Line for 30 days of maintenance and repair work starting at 9 pm on Aug. 19. ” Much of the work to be performed during the diversion in service from August 22 to September 18 is tied to the opening of the Medford Branch,” officials wrote in a statement. “The start date has also been affected by the availability of Safety and Operational support crews that were previously prioritized for GLX, but are now re-allocated to other critical MBTA construction work, including in the MBTA’s response to the Federal Transit Administration’s Safety Management Inspection directives.”At a recent MBTA Board of Directors meeting, members voted unanimously to authorize a deal worth up to $37 million with Yankee Line Inc. to provide shuttle buses during the Orange and Green Line projects. Federal Transit Administration issued four multifaceted directives in June after completing a safety review of the system. It issued an additional order for a “safety standdown” in July, impacting all employees who work with disabled rail vehicles in the T’s maintenance facilities and rail yards. Among the issues identified by the FTA in June were backlogs of thousands of known defects related to the rail infrastructure and a shorthanded Operations Control Center.

Less than five months after part of the Green Line Extension began operations, the MBTA is announcing plans to close the tracks for four weeks and delaying the opening of a new branch.

Green Line service in both directions between Government Center and Union Square will be replaced by free shuttle buses from Aug. 22 through Sept. 18, the MBTA announced Friday. Officials said the disruption is necessary to allow for work at the Government Center Garage project.

Scheduled projects during this time include overhead wire adjustments on the East Cambridge Viaduct that will eliminate a speed restriction, installation of sound barriers and testing of track and communication infrastructure.

Also Friday, MBTA officials pushed the start date of the Green Line Extension’s Medford Branch back to late November. It was originally expected to open in late summer.

It’s another blow for riders in Medford who are also impacted by the MBTA’s plan to shut down the whole Orange Line for 30 days of maintenance and repair work starting at 9 pm on Aug. 19.

“Much of the work to be performed during the diversion in service from August 22 to September 18 is tied to the opening of the Medford Branch,” officials wrote in a statement. “The start date has also been affected by the availability of Safety and Operational support crews that were previously prioritized for GLX, but are now re-allocated to other critical MBTA construction work, including in the MBTA’s response to the Federal Transit Administration’s Safety Management Inspection directives.”

At a recent MBTA Board of Directors meeting, members voted unanimously to authorize a deal worth up to $37 million with Yankee Line Inc. to provide shuttle buses during the Orange and Green Line projects.

Federal Transit Administration issued four multifaceted directives in June after completing a safety review of the system. It issued an additional order for a “safety standdown” in July, impacting all employees who work with disabled rail vehicles in the T’s maintenance facilities and rail yards.

Among the issues identified by the FTA in June were backlogs of thousands of known defects related to the rail infrastructure and a shorthanded Operations Control Center.

.