Welcome To The Mimentum Blog...

We've been going since 2006 - completely free speakers, tackling consumer issues, current affairs and other issues and injustices that arise. Based in Australia and New Zealand we enjoy the privaledge of free speech without the threat of the Chinese Communist Party's Green Dam, Iranian Government, the USA's "Homeland Security" thought police, CIA (so much for "Land of the Free!"), and almost all the other fruitloops in the world who can't handle some constructive criticism.

New Zealand’s Self Inflicted Teacher Crisis

Posted By on October 16, 2017

New Zealand is suffering a critical shortage of teachers. It’s become so bad, many schools where a teacher resigns, will have to redistribute the students to other classrooms and create classes that are well over the class size limit.

In some cases, the shortage is so bad that a teacher resignation could force schools to turn classes into mixed year classes, part way through the school year. Teachers, already overloaded will have to suddenly rewrite their plans, alter their student registers and completely reorganize their rooms. This sort of chaos actually promotes teachers leaving the system, exacerbating the problem.

This fiasco is the result of an out of touch government, concerned purely with economics, at the expense of its own people. Successive governments from both sides of politics have repeatedly cut the education budget. Teachers don’t have time to get involved in political lobbying. If they do speak out they are labelled too militant by their bureaucrat employers, who don’t want to admit the system is broken because the politicians will place the blame back on them.

Ironically there are plenty of trained teachers in New Zealand who are currently in other areas of employment. As a teacher, it is easy to lose yourself in the world of teaching, so many like to get out in the “real world” for some “real world” experience. Often this involves travel and teaching overseas. These teachers are a valuable asset to the profession. Some have left to become parents of their own children. Their broader experience makes them far more relatable to both parents and students alike.

Unfortunately the New Zealand education system doesn’t acknowledge this fact. Instead they want these teachers with their added life experiences to retrain, refusing to give them any credit for their past experience, even if it was teaching elsewhere . But it gets worse! . . . They also demand these teachers pay an additional $4,000 for the retraining.

Is it any wonder there’s a critical shortage of teachers in New Zealand?

Even if the government was to treble the intake of teacher trainees, those teachers would not begin teaching for another three years at least and how will they perform, compared to teachers with decades of experience in the field and as people who have not only taught children but actually raised them?

It’s time the New Zealand government woke up and recognized this asset, right under their noses. Recognize and reward their experience.

Provide a fully paid re-integration course to welcome these living treasures back into our education system.

This will create highly skilled and experienced teachers, ready to step into the classroom in a matter of weeks, not years.

Scam? – OpenOffice Writer Usability Study with a single task

Posted By on October 3, 2017

I received an email from Lucrecia Llerena ( lucreciallerena2016n@gmail.com ) with the subject line – Re: OpenOffice Writer Usability Study with a single task

It claims to be from the Open Office people. It asked me to take part in a survey that would provide them with data that would help them improve Open Office.

I am a strong advocate for open source software and like many other open source users, will go out of my way to help improve open source wares, which makes me a bit more gullible when it comes to a scam based around open source ware. But would you take part in this survey?

Here’s an extract from the introduction, you judge:

Given that the deadline to present results of our investigation culminates in a short time, we request your collaboration to
participate in a usability experiment with OpenOffice Writer through the application of the Thinking Aloud and SUS Survey techniques. This time we need you just execute a task by following 8 steps in OpenOffice Writer. The average time to perform the task is 20 minutes. This experiment requires the installation of some applications (such as OpenOffice Writer and Morae Recorder) on your computer. As long as you execute the task in OpenOffice Writer, the time taken to perform and the number of clicks you made will automatically be measured by the Morae tool. To perform the installation of the Morae tool it is necessary that the computer where you are going to execute the task, has to have Windows Operating System (*) for its compatibility with the tool. It is necessary for our research that the recording contains audio and video of your facial expressions (audio is indispensable for Thinking Aloud technique and facial recording will be useful for measure your grade of satisfaction when executing the task). However, if you disagree, you can perform the recording only of your screen. “

Firstly, it has a very long wordy introduction and explanation – not the sort of thing we are used to with Open Office. The English, while grammatically correct, seems a little clumsy and the sender doesn’t appear to cite any Open Office credentials. They have addressed me by my sir name, as if it is my christian name. Maybe that’s just a mail-merge glitch. While I am a champion of open source software, I wouldn’t take this survey, even if it was genuine and helped the Open Office designers.

  1. Even though their email passed all the spam filters, it has an email address that is unknown to me and looks nothing like anything I am used to with Open Office, Libre Office or any of my Linux contacts.
  2. It asks me to download some unknown software and admits it is spying on me, through both my keyboard activity and through my webcam. They use the term “recording” but it’s the same thing as spying isn’t it?.
  3. If this is a scam, it has planted a key logger and hacked into my webcam – to put it another way – it has taken over my computer. What’s next, a ransom ware screen?

Seriously, if the sender was at all familiar with Open Source ware, they would have planned the survey differently. For the most part, open source users are more computer savvy than the general public. Many are using open source, rather than commercial software, because they already reject the various monitoring methods used by commercial software distributors to mine data for advertising, identify copyright breaches and logging user activity for updates and bug handling. Those types of people are less likely to be stupid enough to be conned into accepting spying software.

If Open Office genuinely planned this survey (and I doubt they are so stupid) Iwould be removing all their software because this demonstrates a complete ignorance of computer security – what’s that say about the security of their software?

I’d advise everyone DO NOT TAKE PART IN THIS SURVEY!

New Zealands shortsighted Government gets caught out.

Posted By on September 18, 2017

Congratulations if you are touring in NZ at the moment. You get to stay a bit longer – like it or not! (And stuck in Auckland, you probably won’t like it.)

While Australia tries to deport New Zealanders, we can’t even get our Aussies off the ground! They can’t get enough fuel for trans Tasman flights and are cancelling them faster than NZ Greens Party members.

In 2012 the NZ National Party government received a report on security. All countries do one, every so often to pinpoint the kind of flaws terrorists could target to maximise disruption. The report highlighted a weak link in New Zealand’s fuel supply to Auckland, it’s largest city and main point of entry for international visitors. All the fuel for Auckland and most of the top of the North Island comes from Marsden Point oil refinery in a single 10 inch pipe line. That’s probably a third of the country’s population.

Typically the National Government’s Ministry of Business Innovation and Employment (MBIE) was asked to make a recommendation, which is akin to asking the fox to renovate the henhouse. The MBIE is focused on business profits, not infrastructure security. As far as they are concerned if it’s making a profit today and it’s not broken, then don’t improve on it for tomorrow. Their solution was to suggest motorists don’t fill their tanks as often and airlines “bunker” fuel reserves. In plain English, that translates to cancel flights that don’t pass through an airport with fuel and add stopovers for refuelling on flights that do. Somehow that answer averted the fuel security problem, as far as the National Government was concerned.

So we come to today; there’s no terrorist attack, just some farmer with a digger pulling out a tree stump, that damaged the pipeline from Marsden Point. The damage is not as extensive as we would see from a terrorist attack with explosives but we will be short on fuel in Auckland for up to two weeks. Motorists are asked to not fill up their tanks, so the place doesn’t grind to a halt from panic buying. At least 2000 tourists get to see soggy Auckland a bit longer – could be worse – could be stuck in windy and soggy Wellington …(Oh but wait – they have fuel!)

And we have an election coming up in a few weeks. If they haven’y fixed that pipeline, it’ll be a decided on postal votes alone – if that isn’t a reason to vote for a different party to take over from National, then what is?

September in the USA … and here we go again!

Posted By on September 5, 2017

Here we go again! How many times has the US economy faced a spending crisis?

Each time it gets worse and they have to borrow more and more.

Considering the US Dollar is a world currency benchmark, the fact that they can’t get their own economy together is alarming, internationally. Once again they can’t balance their books and have to extend the limit on the amount their government can borrow, just to fund the basics. When Greece did this it was blocked because it reached the point where it could not make the repayments. The USA debt ceiling was put in place to prevent the same thing happening in the USA – but it’s been raised …. and raised again….. and now it will have to be raised again!

Before the end of September, the US government has to raise their debt ceiling just to pay the usual government cost . . . again! Failure to do so means public servants like police, military, and all government services (pensions, customs, coast guard, intelligence, immigration etc) will not get paid. Being a capitalist nation, by their own constitution, that means they don’t have to come to work!

But wait there’s more :

  • It promised to fund children’s medical expenses to patch up a hole in their health program.
  • It tried to scrap Obamacare, their public medical insurance program and failed, so they have to fund the arrears for that.
  • They have to find funds for Hurricane Harvey, to rebuild Houston infrastructure, then fund compensation to families to start the reconstruction of the thousands of lost homes damaged in the floods. In addition they have to pay the extra relief services (welfare, health care, emergency accommodation, extra policing against looters, clean up crews, administration to manage assess and process claims) until that reconstruction has progressed to the point where people can be independent once more – probably one of two years at least.
  • All this has to be decided and passed through the political machine that is debating whether their leader colluded with the Russians to swing the election. This will take up much of the available senate and congress time before they go into recess.
  • In the shadows of congress you have various members on both sides mumbling impeachment for Trump (a polite name for sacking the top dog and stripping away their immunity from prosecution).
  • Add to all this a nut case at the helm, who says let the government shut down until I get what I want – unlimited funds to build a wall to keep out the Mexicans, who we need to help build the wall! – (Yes, you read that right – the US does not have the skilled labour to undertake the job of building the wall). That labour comes from immigrants from … you guessed it … Mexico and neighboring South American countries).

If you thought the US Government behaved like a bunch of spoiled brats when Obama was in power, these Trump lunatics just wrote the text book for irresponsible government.

Has anyone else spotted the irony?

Posted By on August 31, 2017

Has anyone else spotted the irony:

  • Hurricane Harvey, the worlds first Hurricane acclaimed linked to global warming strikes Texas and hits the USA’s 4th largest city.
  • The scientific community is saying that Hurricane Harvey is definitely related to global warming. The warmer air holds more moisture, which is why the hurricanes are increasing in the amount of rain they deliver as seen in Houston.
  • The USA president, Donald Trump, denies climate change and that global warming is man made.

I get this mental image of God sitting up there looking down on Texas and Trump and saying, (with a Texan drawl), “Well? Do you believe me now?

And Mexico has even offered aid to hurrucane Harvey victims, who, I bet they are glad that wall never got built.

I think the fake media has spotted the great irony because they keep showing us images of Texas where 30 people have perished and not images of India, Pakistan or Bangladesh, where their floods have killed over 1,200 people.

Meanwhile in the USA

Posted By on August 19, 2017

Whether you like Donald Trump or not, you have to give him some credit for cutting costs at the Whitehouse.

His unique management style, a mixture of egotism, arrogance and ignorance while being completely contradictory, is reducing his staff and the various advisory panels, down to a tiny clique of brown nosed nepotists. If cost-cutting was his objective, it is working surprisingly well. Unfortunately it’s a finite pool of people. At the current rate of attrition, he will soon have to start divorcing his own family – that will halve the Whitehouse budget.

In lieu of any monument to his achievements, (which might be torn down, wrecking even more distasteful American history) they should install a revolving door in the Oval Office as an entry/exit for the sole use his team members. Of course it goes without saying he will have to erect some edifice to appease his ego.

Did you know that Donald Trump is actually a firm believer in global warming?

His obstinate denial is a brilliant act based entirely on business principles. When you own so much beach frontage real estate, you really don’t have much choice, when it comes to denying rising sea levels.

According to the polls, his popularity is so low that we cannot look forward to Donald Trump being invited to host a re-run of the TV show, “The Apprentice”. However there is talk around the European studios of offers to take a up a career as a stand-up comedian, based on his past presidential record. He already has acquired a large audience and demonstrated great talent there, since he is the first president to get the rest of the world laughing at America.

Is this the World’s first Cyber-war?

Posted By on June 29, 2017

In 2016 a piece of malicious code was attached to a popular accounting package in the Ukraine. Although the publishers strenuously deny it, all the indicators point to the code being part of an update to Ukraine’s MEDoc accounting software package. This gave birth to the ransomware that came to be known as Petya, which in turn evolved into the “Notpetya” virus attack. But is it really ransomware or are we seeing the first salvo of a true cyber-war?

First came the Wannacry ransomware that had a devastating effect, in terms of infecting systems. It relied on a single flaw to access computer systems. Once inside a system, it quickly spread to all the computers attached to that system. The code itself, was rather amateurish, with a simple kill switch (registering the domain it was looking for). However in hindsight, was it a test for what was to follow?

Next came the Petya ransomware. This spread in a similar manner to Wannacry, utilising the “Fatalblue” code that the USA’s NSA developed to spy on people’s computers  but unlike Wannacry, it uses multiple flaws to get around computer security measures. This one is playing havoc with the Ukraine power grid and somehow jumped from there to some hospital systems in the USA and to the computer systems of Maesk, the international shipping line.

Both of these were ransomware. They demanded a payment in Bitcoin. We assume the objective was for profit. The Wannacry ransomware was removed once confirmation of payment was received. So far we have no evidence that any system infected by the Petya ransomware, has been freed, once the money has been paid.

Now we have the next evolution – the “Not-Petya” or “Netya” ransomware. Like the Petya ransomware, this uses a variety of vulnerabilities to gain entry into a system. Once inside, it wreaks havoc by encrypting the files, like Petya and displays a ransom note. However, the Notpetya ransomware then attacks the master boot record (MBR), crashing the entire system, to the point where it will not start up at all – no more ransom note. This begs the question, if the ransom note cannot be displayed, was the goal really ransom? Since it wipes the hard drive it has been reclassified as “Wipeware” and its aim is to shut down the whole system

If there is no way to make any payment, no ransom note and no master boot record to start the computer up, to the point where it can operate, then what was the purpose of the attack? Even if the MBR was repaired, the files are encrypted – unreadable.

Experts in several computer security companies agree that the Notpetya attack code was designed on a large budget. There are examples of repeated amendments to the code after trials. That is not usual where a single person or few hackers have collaborated. This looks like a larger group of very professional programmers, have spent a lot of time writing multiple exploits, for a wide range of vulnerabilities. If we are not looking at a small group on a tight budget, then we are looking at an organisation. There’s no demand for payment or any way to recover the files, so what was their aim?

The only option left, is cyber-war.

Let’s look at the evidence:

  1. The USA claims Russia hacked the emails of different election candidates to swing the votes in favour of Donald Trump, a self confessed friend of Vladamir Putin and therefore Russia. They claim to have evidence that points to Russia directly.
  2. The French claim to have evidence of Russian cyber tampering with their recent elections.
  3. The Petya and Notpetya ransomware first attacks appear in the Ukraine – a country at war with Russia, the perfect test bed for a cyber attack.
  4. There appears to be a progression of developments and tests leading up to the Notpetya ransomware. Not typical of a sole operator. Were these tests for Notpetya or is something worse coming?
  5. The code seems to be written by an organisation aiming to disable systems en masse, not for any financial gain.

Postscript

Since writing this, the Netya attack has jumped from the Ukraine and USA to thousands of other systems in various countries, as far away as a chocolate business in Tasmania, Australia, Port of Auckland and Port of Tauranga in New Zealand. Container ships are arriving in ports, unable to forward their manifests before they are docked. In some instances no-one knows whats on them until they are unloaded.

The next Ransomware threat is here – Fireball

Posted By on June 11, 2017

Wannacry ransomware took over millions of computers before it was annihilated. The fatal flaw was in the ransomware’s own code. Once discovered it was a simple matter to kill the malware. However the entry point in Windows and Mac computers remains and is about to be attacked by a new version of Ransomware. This one is a bit different – it’s semi-legitimate but could prove just as costly.

Security firm Check Point Threat Intelligence has discovered this new high volume malware threat, called Fireball. Unlike WannaCry, this threat makes no attempt to conceal the source, a large Chinese marketing company called Rafotech. It has two main functions:

  • Fireball allows entry of other malware, onto your computer.
  • Fireball outputs responses from your computer that appear as if you clicked on advertising, generating fake advertising hits and revenue for advertisers.

By the end of May, over 250 million computers were infected. The worst hit countries were India at an estimated 10.1% and Brazil at an estimated 9.6% of computers. Fireball infects machines running Windows or Mac OS.

Fireball is semi-legitimate software that operates by turning home pages and default web search pages into fake pages, directing the user to ads or sponsored content rather than free content. So far, Fireball has only been used to generate fake web traffic but it has the potential to redirect the user to malicious sites or allow entry of spyware.

Fireball is spread through a marketing technique called “bundling”. Rafotech conceals Fireball in a collection of other software, like games etc, that would appeal to users. Accepting what you think is only a game, means you get the booby prize too – Fireball.

How to detect if you are infected with Fireball:

Checkpoint has compiled a list of symptoms that will identify an infection. If you can’t do each of the following, you are probably infected:

  • Start up you browser. Was the Home page set by you? Go to your settings and change it. Shut your browser and restart it. Does the new page you set, appear?
  • Was the default search engine in your browser, set by you? Can you change it or any of the extensions?

Removal

Creating software that is difficult to remove would place any company is danger of costly legal action worldwide. Because Fireball is semi-legitimate, Rafotech has covered their legal backsides by packaging it as stand alone software. So remove is the same as for any other programs:

  • On Windows, you can do this from your Programs and Features list in the Windows Control Panel.
  • On Mac, locate the Applications in Finder and drag the suspicious program to the Trash.

Note that you have removed Fireball but not anything else it may have let in. You should complete the removal process by running a full virus and malware scan with up to date antivirus and malware software.

It could make a great movie.

Posted By on May 22, 2017

Honestly, the “wannacry” scenario sounds like a Hollywood B-grade disaster movie script!

An employee in an intelligence agency gets an attack of ethics, leaks some information that the people should know and some evil malcontent seeking world dominance, uses it to write a childishly simple program to dominate the world’s computers.

In hind sight it sounds more like a children’s cartoon script. That makes it all the more embarrassing!

However for the spy novel readers, there’s a few twists in the plot thrown in too!

Microsoft, in an effort to maintain world computer system dominance tells us porkies; that it’s minor updates are critical for our computer security. It creates entirely new systems to convince us our original one is no longer worth having, when it could revise it. It’s lied that the Windows Advantage upgrade was a security upgrade, when it was spyware that checked your system registration. Today we can’t tell when they are lying or telling the truth any more.

The NSA, an agency supposed to maintain and uphold our security, not only finds a weakness in our national computer systems and says nothing but it writes software to exploit it!

As if that’s not enough, to add insult to injury, the NSA’s own security is so flawed that while it is haemorrhaging secrets, it leaks the instructions to manipulate this computer weakness to the world. Wrap all this up in a nation run by a leader who can’t keep his big mouth shut, giving secret intelligence away to the enemy (even worse – the source of that secret inteliigence!).

But it’s the simplicity of the whole thing that’s so like Hollywood – the software looks for a website that doesn’t exist, indefinitely, meanwhile displaying a ransom note on your screen. When someone created the website, the whole ransomware code was neutralised. . . or was it?

The code is still resident in those systems, meaning the hole is still there to be exploited again. Next time it might not be so simple to fix and capable of penetrating more up to date systems.

When Windows XP was created, it was hailed as a huge leap forward in computer security. Now it’s been compromised. In time the same will be said about today’s latest systems, Windows 10. It’s a catch-up game that we are locked into, always keeping one step ahead of the bad hackers.

It also highlights a few flaws too!

  1. It’s time businesses took a serious look at other operating systems, rather than Windows. Hacks are written for specific operating systems. If most of the world uses one system, that’s the one the hackers will target. If you run a Linux based system (SuSe, Ubuntu, Fedora etc), you’re probably laughing at the “wannacry malware” shambles.
  2. We are engrossed in connecting everything to the Internet – the IoT or Internet of things.

In hindsight, is that wise?

Will the next ransomware screen say “Pay $300USD in Bitcoin within 48 hours and we will unlock your home and release your car from your garage. Failure to pay will mean your fridge and freezer will defrost totally and your lighting, phone, hot water and sewage will be disconnected from the grid. If you do not pay within 72 hours, not only will your services be permanently disconnected, but you will be signed up for the highest level of subscription TV services and your TV be locked on permanently.”

Or worse – at 100kph the screen on your dashboard, that was a street map a few seconds ago, tells you that unless you pay $300USD in bitcoin, your engine control module will trip into crash mode. You will be unable to move your vehicle at more than 5kph for a distance of 5 kilometres. Already your car is slowing, oblivious to the other cars on the freeway, all doing 100Kph and you are in the outer lane!

Maybe it’s time for a rethink.
Do we really want everything interconnected?
If so, be prepared to keep it permanently up to date with the latest operating system and all it’s updates.

“wannacry” the cyber-disaster waiting to happen.

Posted By on May 17, 2017

Wow! What a week!

  • The “wannacry” ransomware malware shut down over 30,000 systems worldwide before a fix was discovered (largely by accident too!)
  • As if that wasn’t enough, it’s revealed the ransomware malware was designed from data leaked from the NSA!
  • Microsoft is accusing the NSA of knowing about flaws in computer systems and deliberately not divulging them, so fixes could be made.
  • Donald Trump, America’s motor-mouth president, divulged top secret ISIL intelligence to the Russians, along with the source of that intelligence!
  • And more will come out – the “wannacry” threat will be linked to North Korea, though it’s doubtful we’ll ever get 100% ironclad evidence to prosecute that.

What’s the big deal? It’s only 30,000 of the billions of systems in the world right?

Wrong! Firstly, we’re talking “systems” as in commercial systems, where hundreds (or in some cases thousands) of computers are all interconnected. If you are counting actual computers, it could be millions.

Secondly those systems weren’t home computers. They included most of the UK’s medical systems. scanning machines, intercommunications between services, specialists – right down to GPs, were effected. Attacks were recorded on various government and corporate systems as far away as India, Germany, USA, Spain and Australia.

If that doesn’t alarm you, just imagine if every traffic light in your city turned green at once and you needed an ambulance but your mobile phone network was down. At the same time all planes vanish from the flight controllers radar consoles. Now multiply that for every city in your country. This time the malware targeted old Windows XP based systems. That meant that air traffic control systems weren’t effected – yet!

By the way, the only reason they weren’t is because back on 3rd of May 2014, at 2:00pm, a vintage U2 spy plane upset the California Air Traffic Control system and drew the authority’s attention to the weaknesses in the air traffic control system and they did some major upgrades. The U2 was flying at 60,000 feet and it’s on-board computer tricked flight control into thinking it was the same altitude as commercial airliners, creating havoc as they tried to move airliners out of the way of an aircraft that wasn’t there. Since the U2 was designed in the 1950s, the red faced air traffic control bureaucracy decided it was time to upgrade their systems.

As weaknesses are discovered and systems evolve to meet new demands, a new operating system versions are created, tested and released. Some upgrades are minor and require a few patches to fix the weaknesses, like Windows 95 to Windows 98. Others are major and require a complete rewrite, creating an entirely new version like Windows XP to Windows 7. For governments and large businesses, this means paying millions of dollars for the new system, then paying their IT folks a fortune to adapt their in-house software for this new system.

Throw in this mix, a bunch of sneaky profiteers like Microsoft who try to make new minor revisions look like major rewrites and want customers to buy the new versions so they can spy on their usage and we have huge financial mistrustful disincentives for businesses to keep their systems up to date. They no longer trust Microsoft when it announces new “critical” updates.

Into our so called ‘secure system’ you can add all the people who take work home onto their personal computers at home and download it back onto the corporate or government system tomorrow. Effectively this doubles the number of machines in any system and therefore the number of weaknesses.

Now add the icing on the IT cake – a secretive intelligence organisation like the NSA, who discovers a weakness, writes malware to use it and refuses to tell their own countrymen about the weakness, so they can improve their own national security.

Add all this together and we have the perfect storm, just waiting for some hacker to create the disaster that was the “wannacry” ransomware cyber attack.