News Posts matching "vulnerability"

Return to Keyword Browsing

Microsoft to Roll Out Four Security Updates Next Week

The first Patch Tuesday of 2014 is less than a week away and it will see Microsoft deliver four updates, all rated 'Important', that tackle vulnerabilities found in Windows, Office, and Dynamics AX.

One of the updates is set to resolve a previously-acknowledged elevation of privilege vulnerability that affects Windows XP and Windows Server 2003 and has already seen limited, targeted attacks. The patches will become available this coming Tuesday, January 14, at about 10:00 AM PST.

For a bit more info check out the Advance Notification found here.

NVIDIA Posts GeForce 310.90 WHQL Drivers

NVIDIA closed its Sunday launch extravaganza by posting a new version of its GeForce software suite, a combination of drivers and software for its GeForce graphics processors. The new GeForce 310.90 introduces a much-needed security update for its driver service manager that patches a recently-discovered vulnerability. In addition, it brings improved stability and performance for the dual-GPU GeForce GTX 690, in 3D production applications. SLI profiles are added or updated for several games.

DOWNLOAD: NVIDIA GeForce 310.90 WHQL for Windows 8/7/Vista 64-bit, Windows 8/7/Vista 32-bit, Windows XP 32-bit, Windows XP 64-bit

The change-log specific to this release follows.

Apple Invites Kaspersky to Improve OS X Security

Weeks after security mogul Eugene Kaspersky opined that Apple is "10 years behind Microsoft on security," Kaspersky Lab revealed that it is collaborating with Apple to investigate security concerns (read: vulnerabilities) of its operating systems, and improve its security. Kaspersky Lab CTO Nikolai Grebennikov in an interview with Computing.co.uk was quoted saying "Apple recently invited us to improve its security."

Kaspersky Lab maintains that Apple's software is extremely vulnerable, going as far as to claim that Apple doesn't pay enough attention to security. "Our first investigations show Apple doesn't pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago," said Grebennikov. Apple's decision to handle updates of Java runtime environment for OS X by itself, breaking away from Oracle's update cycle, particularly drew flack from Grebennikov. "Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," he said. Kaspersky isn't too optimistic about the infinitely more popular iOS platform, either. "Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," it commented.Source: Computing.co.uk

Anything that Ends in .com Seizable by US Government

Last week, US authorities shut down a Canadian-run website that ends with the TLD (top-level domain) ".com", raising eyebrows. It appears that the US is staking claim to the ".com" TLD, letting the authorities seize any ".com" domain, even of websites that are not American. Internet infrastructure company EasyDNS, in its latest blog post, said "[the] ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc. needs to ask themselves about their vulnerability to the whims of U.S. federal and state lawmakers."

This latest controversy highlights how "the U.S. continues to hold over key components of the global domain name system, and rips a Band-Aid off a historic sore point for other nations," Wired commented. It also strengthens the case for non-American businesses and internet companies to opt for local TLDs (eg: ".co.uk", ".de", ".in", etc.,). Naming yourself "Dotcom" isn't such a bright idea, either.

Source: Wired, Image Courtesy: VegasDomain.org

The Pirate Bay Shifts Away From Torrents, Replaces Them With DHT

Famous and very popular media search engine, The Pirate Bay, perpetually in the crosshairs of Big Media to shut it down, is to shift away from torrent files from next month and replace them with Distributed Hash Table (DHT) and Peer Exchange (PEX) technology reports ExtremeTech. They have actually been using these for quite a while now, as this is the technology underlying their Magnet links which have appeared next to the torrent links as an alternative way to download. They have done this, because torrent files are stored centrally on a web server, which makes them vulnerable to aggressive rights holders who want to take them down, while Magnet links are decentralized "trackerless", removing this vulnerability. Also, at the moment, it's impossible for anti-piracy outfits to tell how many files a user is sharing when using Magnet links, or what they are. From next month therefore, only Magnet links will be available. Note that Magnet links are compatible with various anonymizing services, for anonymous downloading, but there can be a significant performance impact on those services. In fact, TPB has been using Magnet links with torrents for some now too, but just did so quietly, without telling anyone.

Popular BitTorrent clients such as uTorrent already use Magnet links as easily as torrent files, so there won't be much difference to the user experience. The main difference, is that they can take a bit longer to get going, but the final download speed isn't any less, due to the cascading exponential pyramid nature of incoming peer connections guaranteed to max out any internet connection, when there are enough peers.

HP Printer Firmware Vulnerability Fixed: Opportunistic Lawsuit's Lost Opportunity?

Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:
Return to Keyword Browsing