10 October 2015

A billion Android phones are vulnerable to new Stagefright bugs

Stagefright 2.0 comes as Android users were still recovering from Stagefright 1.

Ron Amadeo
There's a new round of Stagefright vulnerabilities that allows attackers to execute malicious code on more than one billion phones running ancient as well as much more recent versions of Google's Android operating system.

Stagefright 2.0, as it's being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn't issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone. In a blog post published Thursday, Zimperium researchers wrote:
The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.
  1. An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site (e.g., mobile spear-phishing or malicious ad campaign)
  2. An attacker on the same network could inject the exploit using common traffic interception techniques (MITM) to unencrypted network traffic destined for the browser.
  3. 3rd party apps (Media Players, Instant Messengers, etc.) that are using the vulnerable library.
Zimperium researchers found an earlier round of vulnerabilities that also made it possible for attackers to remotely hijack Android phones. Those bugs, all residing in Android's libstagefright, were especially alarming because they could be exploited by booby-trapped media files included in a text message. Google has since redesigned its Hangouts and Messenger apps to prevent that possibility. More recently, company developers have also fixed the underlying vulnerabilities in newer versions of Android, although those updates remain unavailable to many users. Members of Google's Project Zero security research team recently found that Android's address space layout randomization provided only minimal protection against Stagefright exploits.
 Google representatives have said the new round of Stagefright bugs will be fixed in an update scheduled for release next week. Once Google makes the update available, it could take as long as a week for it to become available to users of Google-branded Nexus phones and even longer for other brands.

arstechnica.com  2 Oct 2015.

09 October 2015

McDonald’s scamming you of your time and money.

There is little doubt that many people are aware of the global junk food empire called McDonald’s even in third world countries.

The products sold by McDonald’s are marketed as ‘food’ (for consumption) which is carcinogenic, creates obesity and diabetes, has a high sugar and salt content detrimental to general health and well-being, and is high in calories and low in nutritional value.

It is of little doubt that McDonald’s is a multi billion dollar empire made on the stupidity of the ‘cannon fodder’.

They are synonymous with tax dodging, low wages and in Australia have registered a charity (not susceptible to tax) to help people with cancer called Ronald McDonald House (RMH).

How ‘oxy-moronic’.

So here we have a company that with its products help cause cancer, yet it helps people with cancer.

What McDonald’s have done now is that they’ve gone on national Australian TV to advertise their RMH, for the plebs to make a financial donation to their charity, and also for you to donate your precious time to a company that helps create cancer.

So, in summary- a multi billion dollar company that helps cause cancer, needs the plebs’ time and money.

We do not support or recommend McDonald’s or their products in any way whatsoever.

Forget 'Dole Bludgers', For-Profit Businesses Are Getting Rich Off Centrelink

The poorest are being charged more for basic goods – and it's moving welfare money into the pockets of big businesses. Max Chalmers reports.

By the time clients meet Kat Lane the decision to attain a household item has already spiralled into such a financial disaster that other basic expenses, including groceries, have often been put out of reach.

Principle solicitor at the Financial Rights Legal Centre, Lane sees first hand what happens when opportunistic vendors target people unable to afford outright a new washing machine, dryer, or television, a tactic advocates are warning has become systemic.

It sounds dramatic, but Lane says going without food is one of the most common outcomes she sees among clients who have been trapped by ‘consumer leases’ – a financial product that allows you to rent an item with regular payments rather than buy it outright – as well as those caught in a cycle of debt after being issued a loan they can’t afford to repay.

“These people have to go and get food hampers to cover basic living,” Lane says. “We see that all the time.”
Consumer leases may not sound like the scintillating stuff of a tabloid ‘dole bludger’ beat-up but, as an Australian Securities and Investment Commission (ASIC) report revealed last month, they’re allowing taxpayer money to be funnelled away from the people who need it to survive and into the pockets of for-profit businesses.

Here’s how it happens.

Firstly, under consumer leases the customer ends up paying far more than the actual value of the good over time. In the most extreme case ASIC found a lease being offered resulted in the consumer paying 884 per cent interest on a clothes dryer. The dryer was worth $345, but the person taking out the lease would have eventually paid a full $3,042 over the course of the contract.

According to the Financial Rights Legal Centre, many of their clients end up paying five to 10 times the original value of the appliance by the time their agreement ends. They say misrepresentation about whether they will own it at the end of the agreement is common.

That’s bad enough. But worse is the fact that under many of these arrangements the poor actually pay more.
“The same lessors charge significantly different amounts for the same goods, in particular Centrelink recipients were charged more than the advertised costs,” ASIC’s report said.

The report said previous experience indicated a simple explanation for such practices: a lack of competitive pressure paired with the desire of companies to extract as much profit from each transaction as possible.
As ASIC Deputy Chair Peter Kell noted when commenting on the Commission’s report: “Of particular concern is that the most financially vulnerable consumers in Australia are paying the highest lease prices for basic household goods. For two year leases, half the Centrelink recipients in our study paid more than five times the retail price of the goods.”

And still it gets worse.

Someone who wants to lease an item can be signed up in a way that sees the payments flows straight out of their Centrelink and into to pockets of the lessor each fortnight via Centrepay, an otherwise helpful system ironically designed to assist people receiving welfare budget essential payments like rent and utilities. When consumer lease companies use the system it can be devastating; while the company is guaranteed to receive its payment every fortnight, the person supposed to be benefiting from the support is cut out of the process, meaning lease payments can continue to be made even if they're struggling to afford food.

Meanwhile, there’s big money to be made, with a 2014 IBISWorld report putting the value of the leasing market for electronic goods and household appliances in Australia at over half a billion dollars.

Earlier in the year it was revealed Radio Rentals had raked in $90 million via Centrepay bills, close to half of its $197 total revenue, while an independent review of Centrepay found that in 2011/12 $188 million worth of payments from the system went to leasing, renting, or buying household goods.

The independent report into Centrepay found the total of payments for leased household goods is increasing in number and value.

In late September the company behind Radio Rentals, Thorn Group, admitted in a statement to the ASX that it had been forced to reimburse “a relatively small number” of customers after continuing to receive money from their payments via Centrepay after their contract for the leased item had finished.

In the statement Thorn said it immediately implemented a process to ensure the situation could not happen again.

Even aside from the problems with Centrepay, those with consumer leases who are not using the system hardly find themselves in a better situation.

As case studies from the Financial Rights Legal Centre make clear, there are a range of other ways such arrangement can short-change vulnerable people with nasty fees and conditions. Here’s one example, made anonymous so as to protect the privacy of the client:

Ms X obtained a consumer lease for a laptop from Consumer Lease Company while she was unemployed.

After 18 months, Ms X was suffering financial hardship (her lease account was in arrears) and she tried to return the laptop. Ms X was informed by an employee or Consumer Lease Company that if she cancelled the lease then she would have to pay a termination fee but if she continued to rent the item for three more months there would no more fees.

A month later an employee of Consumer Lease Company arrived at Ms X’s home and repossessed the laptop. No notice was sent to Ms X prior to the employee arriving at her house. Six months later Ms X received demand of payment for her arrears plus a termination fee of $986.66. The termination fee is equal to about 12 months worth of rental.

By this stage the Ms X had paid rental payments on the item equal to about three times the market value of the laptop.

Because of a legal loophole, the businesses profiting from these arrangements avoid the restrictions that apply to the much-discussed payday loans.

“The payday lending market and the [consumer] lease market are dominated by the big players,” says Lane. “They’re huge in both industries.”

According to Erin Turner, Campaigns Manger at consumer group Choice, consumer leases are one of many financial products used to target vulnerable people and skirt the laws protecting them.

“There’s a whole business model built on the premise that they win when the consumer loses. These kinds of consumer lease models can certainly be that kind of business but they’re not the only one,” she says.

A spokesperson for the Thorn Group emphatically rejected the idea the group charged higher rates or targeted those on low incomes.

“The ASIC report on consumer leasing focuses on just two consumer leasing companies,” a spokesperson said.

“None of the practices highlighted are representative of how Thorn Group and its subsidiary, Radio Rentals, operates.”

“On average, Radio Rentals customers pay around 2.6 times purchase price, with these other benefits additional, and around 70 per cent of customers go on to own the goods they rent.”

While at times focusing in on two specific companies, ASIC’s review also looked at advertised price data collected by the RMIT on 544 products and nine lessors.

Labor Senator Doug Cameron has emerged as one of the most outspoken MPs on the subject of consumer leases, pushing a legislative fix and calling on the new Prime Minister to take rent-to-buy groups off Centrepay’s list of approved businesses.

“The Minister for Human Services Stuart Robert can immediately make a positive impact in his new portfolio. He should sign a ministerial determination to exclude consumer leasing businesses from Centrepay and end the rip-offs,” Cameron said in a recent statement.

“The consumer leasing industry is based on a broken business model that preys on the financially vulnerable. The Government is tacitly supporting the rip-off because the leasing companies target Centrelink clients using the Centrepay service operated by the Department of Human Services.”

Doug Cameron

Aside from this option, advocates say another potential solution would be capping the effective interest a lessor can charge on a product, as is the case with payday lending, limiting the amount the company could extract beyond the actual price of the item.

The government isn’t on board with Cameron’s legislation – which it says won’t actually exclude consumer leases from Centrepay – but will look at the issue in a review of credit laws.

“My department recently strengthened Centrepay, by restricting the type of leases that can be paid for through Centrepay,” then Minister for Human Services Marise Payne told New Matilda in the wake of the ASIC report.

“In addition, we are expanding the service categories for which Centrepay can be used to support alternatives to consumer leases, such as low-interest loans, no interest loans, savings, and lay-by.”

While the government warns shutting off arrangements like consumer leases could leave those at the bottom end of the market without options to attain essential goods, Lane says the harm being done under the current policy settings should outweigh those concerns.

Consumer advocates also point out that those who find themselves unable to get a regular loan may be able to access a no interest loan. A range of community groups also offer financial counselling.

“The exploitation is quite comprehensive,” says Lane. “And for the low income group, as the ASIC report says, they’re paying more, they’re exploited more, and they’re the people who can least afford it.”

newmatilda.com 6 Oct 2015

Some people are allowed to get away with cheating Centrelink (read the Australian taxpayer), while others are punished.

If you're a member of the 'brotherhood' you have a better change of getting away with defrauding Centrelink.

We have a fair few files on hand with evidence indicating a blind eye by Centrelink.

If Centrelink is turning a blind eye to criminal activity, the people responsible are defrauding the Australian taxpayer, which is still a criminal offence.

Dodgy banks do not inform customers of problem only once it's fixed

Think banks are dodgy?

Think they have your best interests (pun intended) at 'heart'?

Can you really trust Australia first bank?

This is quite simply put as misinformation by the bank.

If your banking transaction failed, as a result of Westpac and this happened in a place of business / trading maybe entertaining the idea of defamation of character should be followed up?

They don't tell you they stuffed up, only that they fixed a problem..... 

From the news.com.au headline of 6 October 2015:

Internet banking finally restored after long weekend meltdown

St George customers were unimpressed by the long weekend internet banking outage.
Dana McCauleynews.com.au
CUSTOMERS of Westpac-owned St George Bank, the Bank of Melbourne and BankSA can finally to access internet banking after a frustrating outage that threw southern long weekend plans into disarray.
All three banks’ online and mobile phone platforms are up and running today, although some customers have been confronted with an error message when they try to login.

The banks have said on their Facebook page that this can be resolved by force quitting out of the mobile app and logging in again. Another option is to delete and reinstall the app.

“Some mobile banking apps may still appear not to be working after our recent outage,” St George Bank posted on Facebook.

“Rest assured, our mobile banking has been restored.”

Customers breathed a collective sigh of relief at being able to pay their bills, including those incurred in embarrassing “card declined” incidents over the weekend.

These scenarios prompted furious customers to vent on Facebook yesterday after being stranded at petrol stations and unable to pay their bills.

It is not known when the problem arose, but one customer told news.com.au their St George Bank their account issues began on Friday.

Many complained that the bank had not alerted them earlier to the meltdown, which happened when data was corrupted on the mainframe computer powering core banking systems during a routine IT maintenance upgrade.

The banks only alerted customers yesterday, via Facebook, that there was a problem.

Those who tried to logon were greeted with an error message stating that customers could still use their credit cards and withdraw cash from ATMs and EFTPOS.

However, several customers contacted news.com.au stating that they had been unable to get money out.
“When attempting to withdraw cash this morning, several St George and Westpac ATMS were down and not accessible — and I was also unable to withdraw through Commonwealth Banks ATMs,” said a customer, who did not wish to be named.

And the prospect of ATM access was little consolation to those who needed to transfer money between accounts to pay for essentials such as bills and rent — not to mention those who are on holidays interstate and overseas.

The bank’s branches were closed for Labour Day yesterday in NSW, Queensland, South Australia, and the ACT, making it even more frustrating for those who could not access funds.

Customer Naomi Cantale deemed the outage “utterly disgraceful”, writing on St George’s Facebook page that she was left stressed and exhausted after being stranded at a cafe.

“Stuck not able to pay for our lunch and unable to leave,” Ms Cantale wrote.

“Lucky a friend came to the rescue and paid half our lunch bill over the phone ... We are not happy.”

ATM access is no consolation to those who need to transfer funds.
ATM access is no consolation to those who need to transfer funds.Source:AFP

Families travelling overseas saw their holiday plans severely curtailed, with a lack of cash forcing them to downgrade their dream holidays.

“We are in Hawaii on our honeymoon and missing out on stuff,” wrote Queensland’s Chris Buckley.

“It’s been like this for days now. Not happy, this shouldn’t be happening — we have been patient, we have been eating hot chips for days. I want a steak!”

Others faced the dire prospect of bring unable to buy food, such as Jane Malins, who wrote to news.com.au.

“I was meant to be paid today, went and did my food shopping and when I got to the check out my card was declined,” Mrs Malins said.

“I had to walk out of Aldi with out my shopping to check what was going on. It was very embarrassing and frustrating.”

She said her husband, who banks with Westpac, was due to get paid on Wednesday.

“I hope it’s fixed by then, because if not we are stuffed and will be staying at my in-laws just so we can eat.”
Ian Rinebarger told news.com.au he was stranded in Vietnam with no way to access his funds.

“I transfer money over when needed only, as using one’s card overseas can be risky, so I keep my balance low in the account attached to my card,” Mr Rinebarger said.

“How do I access my money now that internet banking is down? There should be a backup system in place to prevent this from occurring.“

Another family faced the prospect of having to check out of their hotel without cash to settle the bill.

“We are thousands of kilometres away from home, leaving to fly back into Sydney tonight with three children,” Michelle Meehan wrote.

“Need to check out of our hotel before 5pm today, return a hire car etc. How do you suppose we do that if internet banking isn’t up? We have everything with St George, time to shop around! If we were at home it wouldn’t be so bad — but we are on holidays with children! So it’s not just a little inconvenience.”

Mrs Meehan told news.com.au that the family had travelled interstate for a wedding and were left stressed and out of pocket by the meltdown.

“Instead of enjoying family holiday time that’s cost us a small fortune to get here we are stressed, constantly checking for updates and limiting our expenses to help minimise the stress and anxiety of what it will cause if we can’t pay,” she said.

“Since Friday have been trying to pay for things and it gets declined on and off. Our 13-year-old daughter was in a hair salon having a wash and blow-dry yesterday, for a wedding that we have paid $3000 in airfares to attend — and couldn’t pay for the service after it had been completed. I had to drive back to the hotel rummage through bags to find the cash so then exhausted all of our cash.”

Then, unable to pay for a cab ride to get to the wedding, the family had to keep their hire car for an extra day — a bill they are unsure if they will be able to settle before boarding their plane home, or fill up the tank to avoid a costly fuel surcharge.

“Our kids and their cousins who they never see — and haven’t since my mum passed away three years ago — aren’t able to go with their cousins to an event today,” she said.

“This wedding is also like a family reunion, people have flown in all over for this and as a whole family it is very rare, and we can’t join in on activities that cost money ... A day I can tolerate and understand, but three days I cannot accept. And to think my story isn’t even the worse, there are others that are in more of a pickle then we are.”

When users attempt to login to St George internet or mobile phone banking, a message stated: “The problem has arisen following a regular upgrade to the bank’s computer systems over the weekend. We are currently working to restore banking services as quickly as possible and apologise to customers for the inconvenience that this incident has caused.”

The Westpac-owned banks were the latest hit by a string of IT meltdowns that have also affected the Commonwealth Bank and NAB.

A Westpac spokeswoman said online, mobile and telephone banking was progressively restored last night.
“Customer transactions undertaken over the weekend should be processed by Tuesday,” the spokeswoman said.

“We are very sorry for the inconvenience that this has caused many customers. The bank will waive fees and other charges for those customers needing to access emergency funds through their credit card cash advance facility.”

* No 'heart in a bank.

Metadata laws to be introduced on Tuesday, but there are still some unanswered questions

Data from your texts and calls will be stored for two years.

AUSTRALIA is days away from one of its most controversial national security measures and we still don’t know the full cost.
From Tuesday we will be paying a personal price for hunting down terrorists with the start of retention and extended storage of the metadata of every message we send.

On that day a big chunk of the privacy we expect for our most personal communications will be sacrificed amid growing concerns about domestic terrorism.

It will be just over a week since the shooting of unarmed civilian Police worker Curtis Cheng in Parramatta which intensified those concerns.

Parramatta shooter, 15-year-old Farhad Jabar.
Parramatta shooter, 15-year-old Farhad Jabar.Source:Channel 7

The October 13 start of the Mandatory Data Retention Regime will involve details of our telephone and internet messages being stored by service providers for two years.

The captured communication material will cover who sent a message, who received it, when, where and how. But the contents of the message will not be retained.

It will mean storage of the telephone numbers of people making and receiving calls and how long they talked but not the contents of their conversation.

Similarly, internet addresses and times will be kept but not the messages themselves.

Under defined circumstances, police and national security authorities will have access to the retained material.

Text messages between a 14-year-old British schoolboy and an Australian man in which the boy suggests the man get his “first taste of beheading". The contents of texts won’t be stored under these laws.

Text messages between a 14-year-old British schoolboy and an Australian man in which the boy suggests the man get his “first taste of beheading". The contents of texts won’t be stored under these laws.Source:AAP
But we still don’t know who will be paying for this national security measure, or how.

The Government is expected to provide about $128 million, plus $3 million for administrative costs, to help telephone and internet service providers set up retention and storage systems, but the final bill is expected to be higher.

Any extra cost would be passed on to consumers, particularly from smaller providers.

Not all companies have submitted a Data Retention Implementation Plan to the Government and it won’t be until the final deadline of April, 2017 that a full picture of costs will be known.

Nor is it known how many people have set up counter systems such as VPNs — virtual private networks — to avoid the archiving of their metadata. The VPNs allow messages to be sent by detours, which escape retention.

It will be a big expansion of existing powers and the operation of laws rewritten in April to catch up with the digital age and the criminals who use the internet as a tool, and to give a structure to existing collection of private information.

A number of restrictions were placed on the data retention to get legislation passed earlier in the year and Attorney-General George Brandis is making specific guarantees:

• There will be significant limits on who can get access to the information;
• The system and its use will be monitored independently by the Commonwealth Ombudsman;
• The Attorney-General’s Department will publicly report on the operation each year;
• ASIO and police will need special warrants before getting data from the communications of journalists which might identify confidential sources, and Public Interest Advocates would make submissions on these warrants;
• The scheme will be reviewed by a parliamentary inquiry after three years.

news.com.au 8 October 2015

If anyone has had any doubts that Australians live in a controlled 'Prison Isle' then maybe this article would wake some people up. 

'Terrorism' is just an excuse.

Are the real terrorists currently sitting in office?