Let’s Encrypt’s root certificate is about to expire, and it might break your devices

One of the largest providers of HTTPS certificates, Let’s Encrypt, saw its root certificate expire this week — meaning you might need to upgrade your devices to prevent them from breaking.

Let’s Encrypt, a free-to-use nonprofit, issues certificates that encrypt the connections between your devices and the wider internet, ensuring that nobody can intercept and steal your data in transit. Millions of websites alone rely on Let’s Encrypt. But, as warned by security researcher Scott Helme, the root certificate that Let’s Encrypt currently uses — the IdentTrust DST Root CA X3 — was set to expire on September 30. After expiry, computers, devices and web clients — such as browsers — will no longer trust certificates that have been issued by this certificate authority.

Seven-year-old make-me-root bug in Linux service polkit patched

Error handling? Nah, let’s just unlock everything and be done with it.

A seven-year-old privilege escalation vulnerability that’s been lurking in several Linux distributions was patched last week in a coordinated disclosure. In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit associated with systemd, a common Linux system and service manager component.

Introduced in commit bfa5036 seven years ago and initially shipped in polkit version 0.113, the bug traveled different paths in different Linux distributions. For example, it missed Debian 10 but it made it to the unstable version of Debian, upon which other distros like Ubuntu are based.

Formerly known as PolicyKit, polkit is a service that evaluates whether specific Linux activities require higher privileges than those currently available. It comes into play if, for example, you try to create a new user account. Backhouse says the flaw is surprisingly easy to exploit, requiring only a few commands using standard terminal tools like bash, kill, and dbus-send. “The vulnerability is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request,” explained Backhouse.

子供の見守りに必携のGPSトラッカー。どこかなGPSとGPS BoTを試す

新型コロナウイルスの影響で学校が休校になっていたところも、6月からは徐々に授業を再開し始めていることと思う。2人の子をもつ筆者としては、家事や仕事のかたわら子供を世話したり、勉強の面倒を見たりする生活からようやく解放されるのをありがたく思う。しかしその一方で、上の子は新1年生ということもあって、道に迷わず学校にたどり着けているのか、学校が終わった後に寄り道していたりしないか、心配になる気持ちもある。

そこで筆者が子供の4月の小学校入学タイミングに合わせて入手していたのが、GPSトラッカー。携帯している子供の位置情報を親のスマートフォンで逐一知ることができるデバイスだ。最近では、小型で持ち運びの負担が少なく、通信機能を搭載しながら比較的低料金で利用できるGPSトラッカーも増えてきた。

そのなかでも人気が高いと思われる2つの製品、+Styleの「どこかなGPS」と、ビーサイズというメーカーが展開する「GPS BoT」の2機種を試してみた。

Apple Won’t Accept iPhone Apps Offering Incentives to Enable Tracking

App Tracking Transparency feature comes with requirements

The App Tracking Transparency policy is now live in iOS 14.5, so users can choose if they want to allow apps to track them across other apps and websites or just block them on the first launch. Needless to say, this has caused a storm of criticism against Apple, but on the other hand, the company has already defended its decision, explaining that it’s all for protecting user privacy.

The release of this new feature came alongside a new set of policies supposed to prevent cases when app makers turn to all kinds of tricks to convince users to enable tracking. Including offering incentives, that is, as Apple says that apps implementing such an approach might end up being blocked in the App Store.

Hundreds lose internet service in northern B.C. after beaver chews through cable

Telus calls damage ‘uniquely Canadian turn of events’ affecting about 900 customers

Internet service was down for about 900 customers in Tumbler Ridge, B.C., after a beaver chewed through a crucial fibre cable, causing “extensive” damage. In a statement, Telus spokesperson Liz Sauvé wrote that in a “very bizarre and uniquely Canadian turn of events,” crews found that a beaver chewed through the cable at multiple points, causing the internet to go down on Saturday at about 4 a.m.

“Our team located a nearby dam, and it appears the beavers dug underground alongside the creek to reach our cable, which is buried about three feet underground and protected by a 4.5-inch thick conduit. The beavers first chewed through the conduit before chewing through the cable in multiple locations,” the statement said.

Sauvé said that a photo from the site appeared to show the beavers using Telus materials to build their home. She said the image shows fibre marking tape, usually buried underground, on top of their dam.