Bakfeits.nl Cargo Bike Tire Sizes

I was needed to buy some new tyres for my Bakfiets.nl cargo bike.  I couldn’t see the tire sizes on the tire and no-one seems to put the specs on the internet.  After some measuring, I can confirm that the tires are:

  • Front Tires – 20″ x 1.75
  • Rear Tire – 26″ x 1.75

I hope this helps someone.

Bluetooth Really Quiet / Low Volume on Bluetooth iPhone

I have an Audio Pro T10 bluetooth speaker. I use it to play music from my iphone. For some reason this morning, when I tried to use, I could not hear any music coming out. The iphone was connected and playing music. I tried my wife’s phone and this played perfectly. I finally realised that the music was coming through but really quietly at a really low volume.

It seems that you have reset your bluetooth connection. Go into bluetooth setting. Click the information button.

IMG_5242

Then forget the device.

IMG_5241

Then re-pair the phone with the bluetooth speaker.  The sound should then work again.  If it doesn’t then repeat the process.

OpenSSH Xauth Command Injection Vulnerability – Ubuntu 14.04 – PCI Compliance

I’m just going through PCI Compliance for a company that I work for. The security scan picked an apparent vulnerability in the open-ssh server. The vulnerability had been patched in Ubuntu 14.04 and so this is a false positive. I thought that I post put about it because I found lots of posts where people are trying to compile their the latest open-ssh servers to get around this problem – when in fact it isn’t actually a problems. Compiling your own version of the open-ssh server isn’t recommended because you will have to continually patch the package yourself from then on.

The warning text said:

Threat:
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

The sshd server fails to validate user-supplied X11 authentication credentials when establishing an X11 forwarding session. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie.
Please note that Systems with X11Forwarding enabled are affected.

Affected Versions:
OpenSSH versions prior to 7.2p2
Impact:
An authenticated, remote attacker can exploit this vulnerability to execute arbitrary commands on the targeted system.
Solution:
Users are advised to upgrade to the latest version of the software available. Refer to OpenSSH 7.2p2 Release Notes for further information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 7.2p2
Result:
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 detected on port 22 over TCP.

I hope this is helpful to someone.