aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

Government minister Safia Boly outlines efforts to foster entrepreneurship

I am often asked what I see as the biggest potential game-changers in tech — particularly as it relates to social good. Mobile, social, the cloud, and analytics continue to emerge as key themes. However, analytics is emerging as the true game changer — catalyzed by advances in open architecture.

Let me unpack what I mean by "open architecture." Open means that anyone can access it, contribute to it, and innovate on top of it. At Blackbaud, where I serve as chief technology officer, one of our core tenets has been to design an open, cloud-based software and data architecture. We're cultivating a technical community of partners, customers, and engineers (inside and outside of the company) who are innovating in different ways and contributing to this ecosystem.

From this vantage point, I see the way that openness accelerates the velocity of innovation. Looking at it from a different angle, open ecosystems also yield data and analytics that enable everyone who is part of them to gain more insights and intelligence.

This data can power intelligent software solutions, surface actionable events, maintain accurate and current data assets, and generally drive more results for users. In other words, an open cloud-based architecture elevates usage, which in turn generates more and more data and intelligence that make the system even more powerful.

With data, analytics, and intelligence in mind, the following capabilities emerge as candidates to have a great positive impact.

The Internet of Things

Internet of Things (IoT) technology is cheap and accessible and can transform normal household items into network devices that generate data. In my house, the lights, thermostats, appliances, cars, doors, and windows are all connected devices. These connected devices generate data and intelligence (such as trends in usage, optimization of electricity consumption, and so on). Much like a household, there are many IoT possibilities for nonprofits and other players in the social good space to generate valuable, actionable data.

Instrumentation

Instrumentation provides us with the ability to understand what's happening within our software. As Blackbaud ships features and capabilities within solutions, we monitor usage. We do so to understand if our customers can easily discover the new capability (do they use it the first time they log on?) and to determine if our customers find it valuable (is their use ongoing?). This data-driven approach is an extremely effective way of measuring both the quality of the user experience and the overall value of the work we're doing.

We can learn a lot about our customers just by observing what they do. Across the software industry, instrumentation is driving advances in understanding that enable more targeted solutions to users' challenges.

Usage Information

Like instrumentation, usage data enables us to understand the leading indicators that yield the best, most effective outcomes. For example, through usage data, we were able to understand that nonprofits who proactively thank donors within one week of giving have an advantage. They were much more effective at converting those individuals to longer-term supporters and recurring donors.

Predictive Intelligence

Predictive analytics showcase some of the most stunning and innovative applications of data. At Blackbaud, we think of predictive analytics as a kind of "self-driving car." It guides and sometimes fully automates tasks for our users, enabling them to gain much greater results. A few examples of predictive analytics scenarios that we're working on include

• Extending the most compelling message to a specific person at just the right time via the best channel, to keep them engaged, generate a donation, invite them to an event, or simply share a story.
• Intelligently connecting nonprofits, corporations, individuals, foundations, faith-based organizations, schools, and other stakeholders across the ecosystem we serve. That action enables us to more efficiently coordinate efforts and services and drive greater good together.
• Leveraging social information, an understanding of a person's network, geographical context, and other analytics to help connect an advocate with a nonprofit, school, or foundation, in just the right way.

We leverage the correlation of many different, disparate data sources to drive true intelligence and to power new, predictive user experiences across our applications. Our data platform is what powers this intelligence. This platform drives value across our solutions in other ways, including

• Correcting, appending, and de-duplicating data across the system
• Business intelligence and reporting that shows trends in data
• Real-time data pipelines that spark events across the system based on changes to the data

I’ve included only a few examples of technology capabilities we're researching that we believe will have a strong positive impact. The central theme of these capabilities is providing more actionable data and intelligence. Our commitment to delivering a robust, scalable, and flexible data architecture as well as open, cloud-based software enables us to take advantage of this technology. It also enables us to harness these capabilities to drive greater value for the customers we serve.

This blog post was written by Mary Beth Westmoreland.

spanhidden

In 2015, the state of Louisiana consumed more energy per capita than any other state, according to the U.S. Energy Information Administration. Although this may not come as a complete surprise — the state's warm, muggy climate makes air conditioning a must — it's clear that Louisiana's energy-use profile needs a drastic transformation.

The Energy Wise Alliance (EWA), a small nonprofit based in New Orleans, is determined to do just that. Along the way, the organization has gotten a boost from Microsoft's MileIQ app.

MileIQ is a mobile app from Microsoft that automatically tracks the miles you've traveled and records all of your tax-deductible and reimbursable mileage. It's kind of like using a Fitbit, except you're tracking your driving. You can report your business drives on demand and claim your reimbursements or maximize your tax deductions. The average MileIQ user is logging $6,900 per year.

Building a More Energy-Efficient Community

EWA works to make energy efficiency more accessible to everyone. The organization works primarily with low-income families, tenants, and others who would otherwise be left out of the green energy revolution. EWA accomplishes its goals through both workshops and equipment upgrades at homes and businesses.

Its Energy Smart for Kids program teaches students throughout the state how to lead a more energy-efficient lifestyle. These hourlong sessions cover the pitfalls of nonrenewable energy and detail more sustainable alternatives. At the end of each session, EWA volunteers hand out energy-efficiency starter kits so students can apply what they learned at home.

Much like the rest of EWA's programs, Energy Smart for Kids serves underserved and underprivileged communities. In fact, many of the schools that EWA serves are Title 1 schools — schools whose students generally come from lower-income households.

Aside from schools, EWA also helps nonprofits become more sustainable.

Making Nonprofits Greener and More Cost-Efficient

Nonprofits can benefit from EWA's work by way of simple but effective power-saving retrofits. EWA also provides volunteer labor and donates the materials for the retrofits, which means added cost savings. And as we all know, cost-saving programs are like gold dust for nonprofits.

For example, volunteers from EWA revitalized the Victorian-era headquarters of the Alliance Française, a nonprofit dedicated to preserving Francophone heritage in the New Orleans community, with sustainable retrofits. As part of these upgrades, EWA sealed cracks, gaps, and openings; installed additional insulation; and programmed new thermostats.

In addition, EWA gave the Alliance Française's volunteers a hands-on demonstration of behavioral changes so that they could bring this knowledge back home. EWA anticipated that the Alliance Française would save a total of $2,000 to $3,000 as a result of these green improvements.

EWA's staff members also actively save money and operate more efficiently through the use of the mile-tracking app MileIQ.

Saving Time and Money with MileIQ

This method, as you can imagine, was time-consuming, and it brought with it the risk of human error. Most people can't possibly remember every single trip they make with their car, after all.

"MileIQ is super accurate and takes the forgetting out of the equation," said Jamie Wine, executive director of EWA.

For Kevin Kellup, education coordinator at EWA, MileIQ has been a game-changer. Jamie explained, "Kevin drives like crazy from school to school," racking up miles on his personal car. Now, thanks to MileIQ, Kevin can get more fairly and accurately reimbursed for his constant traveling.

The most important benefit of Microsoft's MileIQ for Jamie is that his staff can be correctly reimbursed for mileage. He wants to show staff members that he values their time and effort spent traveling, which MileIQ really helps him achieve.

For nonprofits, particularly small ones like EWA, it's always great when the team can receive fair compensation for its hard work. "The staff doesn't get paid much," Jamie said. And considering how important staff members' work is to the community, every penny matters. That's also where TechSoup comes in.

TechSoup's Role: "Essential"

Through TechSoup, eligible nonprofits can get MileIQ at 80 percent off the subscription rate. "Without TechSoup," Jamie noted, "this huge step up in technology" would not have been possible. The MileIQ discount program from Microsoft has made acquiring MileIQ way easier on the nonprofit's pocket.

Having also previously obtained Microsoft Office 365 and QuickBooks Online through TechSoup, Jamie said, "TechSoup is a great equalizer." He mentioned that TechSoup helps a small nonprofit to grow into a technologically advanced organization. He added, "The super discounted products from TechSoup are like the pot of gold at the end of the rainbow."

Getting MileIQ Premium

Eligible nonprofits can get MileIQ at 80 percent off the individual subscription rate through TechSoup and can request an unlimited number of individual subscriptions. In addition to individual subscriptions, MileIQ is now included with an Office 365 Business Premium license. Nonprofits who currently do not have an Office 365 license can visit Microsoft's Office 365 for nonprofits page to register.

This blog post was written by Nicholas Fuchs.

spanhidden

(Please visit the site to view this video)

Older adults are at an increased risk of lacking company and being socially isolated. Recent studies prove that a lack of social relationships is as strong a risk factor for mortality as are smoking, obesity, or a lack of physical activity. Enter Little Brothers.

Little Brothers is an effort dedicated to spreading awareness and relieving isolation and loneliness in elders, a problem that often goes unseen. Little Brothers is in 7 U.S. cities and 10 countries worldwide. Its mission is carried out by more than one nonprofit organization.

Little Brothers Friends of the Elderly San Francisco facilitates more than 4,000 friendly visits a year. Volunteers are matched with elders in San Francisco, and they form and build a relationship through home visits, outings, or common interests.

We recently met with Andrew Butler, the program manager at Little Brothers Friends of the Elderly San Francisco. He explained that many volunteers form a relationship with an elder, and their stereotypes about older people are quickly broken down.

"A lot of what we do is creating awareness. I think a lot of the information that we share through training or events really inspires people," said Butler. He also suggested that we speak with a member of Little Brothers Friends of the Elderly San Francisco, Andy Morgan, to get a proper feel for the organization.

Andy Morgan is a highly spiritual 86-year-old who loves to read. Originally from Transylvania, Andy came to San Francisco in 1962 and has worked a variety of jobs throughout his life.

However, he stresses that he has never defined himself by what he did for a living. Aside from books and his spirituality, Andy values personal relationships and enjoys company.

Our conversation with Andy revealed why Little Brothers' impact matters so much.

I wanted to ask if you have any main visitors.

Andy Morgan: Yeah! I have one main visitor come every week. Rain or shine, he comes and sees me. He brings me food from Trader Joe's, and he does my laundry.

Wow, that's a sweet deal. Would you share a particular visit that has stuck with you over the years?

There's nothing that stands out; every visit is enjoyable. What we usually do is grab a spiritual book, you know, all those books over there are on spirituality, and we read from it and then we discuss it. I've been on the spiritual path since the 1960s, so if he has any questions, I can try and clarify.

I was wondering what makes you happy.

What makes me happy? Knowing that my within-ness, that which makes me breathe and which makes me exist, is pure joy and pure love. When you do a lot of meditation, something opens up within you, and I just feel, practically all the time, this feeling of love and joy and peace.

Of course no one can maintain that 24/7, but I can always come back. If something goes wrong, I can just remind myself of my true nature.

That's beautiful. Thank you so much for opening your home to us.

My pleasure; it's been a joy having you guys. Could I just read you one very short poem? It says …

Be as a Flower

Truth is very simple
A flower does not try to be beautiful.
Its True Nature is Beauty.
Just by its Very Being.

In the same way, when you Awaken
To your true nature,
You will naturally exude Love,
Compassion, Beauty.
It is all you.
For it is your True Self.

(poem by Robert Adams)

TechSoup is proud to support our member, Little Brothers Friends of the Elderly San Francisco, in its mission to spread awareness about and help elders at risk of loneliness and isolation. There are incredible people like Andy all over the world who are at risk of being forgotten. But they should never be. TechSoup provides technology and services to Little Brothers staff members to help run their nonprofit so that they can focus on fighting the effects of elder isolation.

spanhidden

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

• Keep your operating system current.
• Keep your software up to date, particularly the software you use to browse the Internet.
• Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
• Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
• Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

• Passwords are the first line of defense to protect your personal and financial information.
• A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
• It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
• Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

• Pick a famous quote or saying and use the first letter of each word.
• Add a number that you can remember.
• Capitalize one letter.
• Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
• Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

spanhidden

From historically underperforming when compared with its peers, the German federal state of Rhineland-Palatinate is now attracting major investment projects on the back of its auto and electrification expertise.

Once the powerhouse of the industrial US, the rust belt states have revived their economies with the help of foreign investment. 

Consulting firms in the Middle East are likely to take a hit in 2020 due to the coronavirus, after two strong years.

Continued African development could hinge on public finance reforms.

Marcus Weldon, chief technology officer of Nokia and president of its research arm Nokia Bell Labs, talks about what guided the decision to set up a new global R&D centre and the company’s strategy for driving innovation.

Financial incentives from two different cities persuaded US grocery chain The Fresh Market to stay headquartered in its home state of North Carolina.

Global free zones may be spurring development in less economically developed countries

Venture capital funding has reached record levels in recent years, enabling start-ups to expand across borders – but their ability to do this depends on their type of business, and where they are founded.

Up to 18 countries across Latin America have joined China’s new Belt and Road Initiative, hoping to boost their infrastructure development and investment.  

The chairman of the board of the National Bank of the Republic of Belarus talks to fDi about preserving financial stability and diversifying the country’s export split.

The minister of foreign affairs for Belarus tells fDi why the country is keen to join the WTO and strengthen economic relations with the CIS.

Besides perks such as tax breaks, Belarus’s six free economic zones offer investors convenient logistics and, for companies from neighbouring Ukraine and Russia, a geopolitical safe place to do business. Wendy Atkins reports.

Belarus’s Great Stone Industrial Park is another ambitious Belt and Road Initiative venture, designed to evolve into a smart city and industrial hub. But what are the benefits for Belarus or China? Jacopo Dettoni and Wendy Atkins report.

With its keen workforce and generous free zones, Belarus is attracting plenty of manufacturing investment. Moreover, it is bullish about its prospects, as local companies expand into Europe and further afield. Wendy Atkins reports.

Belarus may be unfamiliar to many Westerners but the eastern European country plans to boost its profile by leveraging its location and ease of doing business credentials to ramp up investment from both east and west. 

Belarus is climbing up the innovation league table thanks to an official decree to establish a favourable environment for start-ups. Initiatives such as tech parks and tax-friendly conditions are attracting foreign companies and reversing the country's brain drain, as Wendy Atkins reports.

With a multilingual population, Antwerp enjoys a diverse talent pool that has made it a popular testbed for digital innovation and entrepreneurship.

Bolivian President Evo Morales has inaugurated the 69-MW San Jose II Hydroelectric Power Plant in the municipality of Colomi, department of Cochabamba.

Siemens Gamesa Renewable Energy (SGRE) said that is has begun operation of its electric thermal energy storage system (ETES), a milestone in the development of energy storage solutions, according to the company.

Sweden’s ambitious plan to drastically cut emissions from transport by bringing millions of electric cars onto the road could be derailed by a lack of power capacity for new charging stations in major cities.

Hydrogen, which has been touted as the fuel of the future much of the past five decades, may finally be on the verge of converting its potential to reality.