Short Topix: 10 Year Old Sudo Security Bug Patched

by Paul Arnote (parnote)

CAT S42 Antimicrobial, Washable Cell Phone

Press Release: Bullitt Group, the global licensee for Cat® phones, today announced that the Cat S42 has been enhanced by advanced antimicrobial product protection, making it the first antibacterial phone. Every exterior component of the product has been treated with Biomaster® antimicrobial technology and tested to ISO 22196.

Based on the inclusion of silver ions during manufacturing, the process creates a permanent level of product protection, inhibiting the growth of microbes on the phone surface and therefore reducing microbial levels on the surface.

Research shows that our phones are home to thousands of germs, with one University of Michigan study finding in excess of 17,000 bacteria on handsets. We interact with our mobile devices many times a day -- around 47 times, on average, according to research from Deloitte. Mobile phones are handled and pressed to our faces, meaning that any bacteria or other microorganisms can easily transfer back and forth between the hard surfaces of your phone and your skin.

The Biomaster active antimicrobial agent is proven to inhibit bacteria cells from replicating, in testing a reduction of over 80% within 15 minutes was shown and 99.9% within 24 hours. Combined with the existing Cat phone rugged credentials that ensure the device can be thoroughly and regularly washed with soaps and water, sanitisers, and even bleach, the Cat S42 represents the next generation of hygienic product protection in smartphone design.

"Throughout 2020 we have consistently been driving awareness of the importance of mobile hygiene for us all, but this is vital for those among our customers working within a health or social care setting, and those visiting multiple sites for their job," said Peter Cunningham, VP Product Portfolio at Bullitt Group. "Using a Cat phone already allows them to have confidence that they can wash and sanitise their Cat phone regularly or between visits. The addition of antimicrobial product protection into the Cat S42 is another first for Cat phones, and will make the Cat S42 safer for users -- such an important feature in the current climate."

The Biomaster-treated Cat S42 will be available from early 2021, with the treatment coming to other devices in the Cat phones range later in the year.

Tested to Cat phones' demanding rugged standards, the Cat S42 features MIL SPEC 810H and IP68 and IP69 ratings, and surpasses our rigorous and repeated drop testing from 1.8m onto steel, including multiple drops onto every side and corner. It's fully waterproof, tested submerged in water at depths up to 1.5m for 35 minutes. Like all Cat smartphones in the range, it is also put through vibration and tumble tests, salt mist conditions, and it's built to operate in high and low extremes of temperature and to survive thermal shocks. Take it with you anywhere and everywhere. It's built tough to help you thrive in challenging outdoor work situations and extreme leisure pursuits alike.

The Cat S42 Smartphone has an MSRP of £229 / €249. The S42 with antimicrobial protection will be available in early 2021. For more information visit www.catphones.com.

Key Specifications

• Powerful 4,200mAh battery
• Water / Dust proof (IP68, IP69), Drop tested to 1.8M onto steel, MIL SPEC 810H, Corning® Gorilla® Glass 5
• Waterproof Smartphone -- up to 1.5 meters for 35 minutes
• 5" HD+ 18x9 display optimised for outdoor use with a touchscreen that can be used with wet fingers or when wearing gloves
• Android™ 10 (with upgrade to 11)
• 3GB RAM, 32GB ROM, Expandable Storage (microSD™)
• Mediatek Helio A20 MT 6761D chipset, 1.8GHz quad-core processor
• 13MP rear camera, 5MP front camera
• LTE Cat 6, VoLTE, VoWiFi
• Textured, extra grip design
• Programmable Shortcut Key useful for Push to Talk (PTT), SOS (Lone worker app), or to easily launch its torch or camera
• Bluetooth 5.0, NFC
• 5mm audio jack (waterproof)
• Curated apps and content catalogue
• Dual SIM -- Nano SIM + microSD™
• 2-year warranty
• Android Enterprise support
• Security updates cover for 3 years
• Zero-touch support

Editor's Note: The phone appears to only be available in the UK at the moment, but US customers can sign up for a notification of when it's available. The estimated MSRP for the phone is expected to be around $300 (US). While it probably isn't necessarily the most powerful cell phone around, most people buying this phone aren't buying it for its power. They are buying it for its antimicrobial properties and its ability to be washed with soap and water, or even bleach. It appears that nearly all CAT phones can be washed, but the S42 is the first model to incorporate the Biomaster antimicrobial properties into the phone case. For more information on just how filthy your cell phone might be, check out the study from the US National Library of Medicine and the National Institutes of Health.

How Much Is Your Data Worth On The Dark Web?

Comparitech researchers analyzed over 40 dark web marketplaces to find out how much your credit card, Paypal, and SSN are worth to cybercriminals, and they revealed their findings in a report on their blog.

Any time your personal data is stolen through either a data breach or a successful phishing attack, more often than not your data will end up being sold on one of the many marketplaces that sell your data.

The prices for that data depend on several things. One is where you live. If you live in the US, your credit card data may only be worth an average of $1.50, but credit card data belonging to a resident of Japan may go for as much as $8. Other stolen credit card information can go for as high as $986. Of course, you may or may not be on the ropes for any charges made using your stolen credit card information, depending on where you live and whether or not you notice the charges.

Your Social Security number (SSN) (or other nationally issued identification number) isn't worth much by itself, but is often packaged into what's called "fullz," shorthand for full credentials, which couples it with other vital information that might make it useful. Fullz from the US run for a measly $8, while fullz from UAE, Japan and Europe go for over three times as much, at $25.

Hacked PayPal accounts can range in price from $5 to $1,767. See, nothing is sacred.

This only illustrates why it's so important to safeguard your personal information. You should also go to the Comparitech website to read the rest of their report. It will give you a much better idea of how much of your information is vulnerable.

10 Year Old Sudo Security Bug Patched

A 10 year old "vulnerability" has been discovered in the code that makes up sudo, which is commonly used in Linux and Unix systems, according to an article on TechPost. Now, don't get all indignant or worried. So far, the vulnerability mostly appears to be only a "proof of concept" vulnerability. However, rogue botnets which attack Linux systems (and they are becoming more prevalent by the day) might be able to gain low-level access to affected systems via brute force attacks, and allow root access to the botnet, which can then wreak havoc on targeted systems.

Qualys is the firm that discovered the vulnerability, and it appears to only be accessible to users who already have access to a Linux/Unix based system. The bug requires local access, such as a user already having an account, or being granted SSH access, and was introduced in a code update in sudo that dates back to 2011. It involves a buffer overflow situation, where the buffer is read beyond the escape characters that tell sudo to stop. Those extra bytes can be changed, and in the process, somehow elevate user privileges. The bug was named by the Qualys researchers as "Baron Samedit," and can be tracked using the assigned code CVE-2021-3156.

The sudo authors have updated sudo with a patch (reported to be a relatively easy fix), and it appears in version 1.9.5p2 of sudo. If you're a sudo user, you'll be happy to know that the patch doesn't fundamentally affect how sudo works.

CentOS Gets Another New Fork: AlmaLinux

As we reported in the January 2021 issue of The PCLinuxOS Magazine, RHEL announced that CentOS was changing directions as of December 31, 2020. CentOS is a favorite for servers across the world, and RHEL's change of CentOS to CentOS Stream didn't settle too well with CentOS users.

In response, one of CentOS's founding members, Greg Kurtzer, went back to work to create Rocky Linux. The Kurtzer-led replacement for CentOS is on track for a second quarter 2021 release.

Meanwhile, CloudLinux has also chosen to fork CentOS into a new distribution, named AlmaLinux. It seems that CloudLinux is putting their money where their "mouth" is, by backing the new CentOS replacement with $1 million (US) annually. AlmaLinux currently has beta ISOs available on its website, and is based on the current RHEL 8. CloudLinux has promised to update AlmaLinux as RHEL is updated, just as has been done with CentOS over the years.

According to an article on TechRepublic, everything on AlmaLinux works pretty much the same as on CentOS, with one exception. Currently, cPanel isn't yet working on AlmaLinux. This should be remedied in subsequent releases of AlmaLinux, since cPanel currently works on CloudLinux.

According to the statement on the AlmaLinux website, "we intend to deliver this forever-free Linux distribution in Q1 2021 -- initially built by our own expertise, but owned and governed by the community."

It will be interesting to see the differences between AlmaLinux and the forthcoming Rocky Linux. As we mentioned in our first article, the whole situation with CentOS is rapidly evolving, and continues to evolve at a brisk pace.

PCLinuxOS Short Topix Roundup

Electronic Frontier Foundation (EFF) has reported that nearly a year after they called on Amazon to offer end-to-end encryption on its Ring doorbell camera feeds, Amazon has responded with just that. Encryption, though, isn't the default setting, and users will have to turn encryption on deliberately.

EFF has also penned a scathing condemnation of government-operated autonomous robots and the surveillance threats they impose on the public. These rolling, trashcan-looking robots not only use cameras to navigate their surroundings, but they also are capable of recording all cell phones -- down to each individual MAC address -- that are, say, in an prescribed area surrounding a protest or gathering. Thus, if your cell phone details are vacuumed up in a sweep of the area, you are incriminated as a participant, even if you have nothing to do with the protest or gathering.

Lifehacker covers a new Google Maps feature on Android phones. The new feature allows users to display the map in the lower half of the screen, while displaying the street-view of the current location at the top of the screen. The article gives step-by-step instructions on how to activate the split-screen display.