Survey Doubts UK’s Ability to Rollout Full Fibre Networks by 2033

The latest ISPreview.co.uk survey of 1,860 online readers has found that the vast majority of respondents (86.8%) support the Government’s aspiration for universal coverage of ultrafast “full fibre” (FTTP) broadband ISP networks by 2033, but only 43.5% believe it’s actually achievable. Earlier this year the Government made a commitment to deliver ultrafast Gigabit capable “full …

Survey Doubts UK’s Ability to Rollout Full Fibre Networks by 2033 Read More »

Virgin Media UK Tests New Camouflage for Broadband Cabinets

Cable ISP Virgin Media has teamed up with a development of new build houses in the Tees Valley area (Wynyard Park) and a graphic design firm (Shutter Media), which has enabled them to create a series of disguises that will be wrapped around 16 of their ultrafast broadband supplying street cabinets. The tactic of disguising …

Virgin Media UK Tests New Camouflage for Broadband Cabinets Read More »

Apache Qpid Proton-J transport.ssl(…) Methods Man-in-the-Middle Vulnerability

A vulnerability in Apache Qpid Proton-J could allow an unauthenticated, remote attacker to conduct a man-in-the-middle (MITM) attack on a targeted system. The vulnerability exists because the transport.ssl(…) methods of the affected software are missing Transport Layer Security (TLS) hostname-verification functionality. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass hostname-based …

Apache Qpid Proton-J transport.ssl(…) Methods Man-in-the-Middle Vulnerability Read More »

ClusterLabs pcs Debug Parameter Removal Bypass Information Disclosure Vulnerability

A vulnerability in ClusterLabs pcs could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the REST interface of the pcsd service of the affected software does not properly remove the pcs debug argument from the /run_pcs query. An attacker could exploit this vulnerability by sending a …

ClusterLabs pcs Debug Parameter Removal Bypass Information Disclosure Vulnerability Read More »

ncurses _nc_name_match Function NULL Pointer Dereference Denial of Service Vulnerability

A vulnerability in the _nc_name_match function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_name_match function of the affected software. An attacker could exploit this vulnerability by persuading a …

ncurses _nc_name_match Function NULL Pointer Dereference Denial of Service Vulnerability Read More »

ncurses _nc_parse_entry in parse_entry.c Function NULL Pointer Dereference Denial of Service Vulnerability

A vulnerability in the _nc_parse_entry function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_write_entry function, as defined in the parse_entry.c source code file of the affected software. An …

ncurses _nc_parse_entry in parse_entry.c Function NULL Pointer Dereference Denial of Service Vulnerability Read More »

Digital Minister Supports Campaign Against Fake Fibre Adverts

The UK Government’s Digital Minister, Margot James, appears to have indirectly lent support to Cityfibre’s efforts to stop slower “hybrid fibre” (FTTC, HFC DOCSIS etc.) broadband ISPs from using the same marketing terms as significantly faster “full fibre” (FTTP) providers, which the MP agreed was “misleading advertising.“ The Advertising Standards Authority (ASA) has declined to …

Digital Minister Supports Campaign Against Fake Fibre Adverts Read More »

OpenStack Cinder ScaleIO Driver Information Disclosure Vulnerability

A vulnerability in the ScaleIO driver of OpenStack Cinder could allow an authenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the ScaleIO driver of the affected software does not properly delete data on ScaleIO volumes using thin volumes and zero padding on certain storage volume configurations. An attacker …

OpenStack Cinder ScaleIO Driver Information Disclosure Vulnerability Read More »

Python Cryptographic Authority python-cryptography finalize_with_tag API Information Disclosure Vulnerability

A vulnerability in the finalize_with_tag API of Python Cryptographic Authority python-cryptography could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient enforcement of a minimum tag length prior to passing user-supplied input to the finalize_with_tag API of the affected software. An attacker could exploit this …

Python Cryptographic Authority python-cryptography finalize_with_tag API Information Disclosure Vulnerability Read More »

Red Hat Ceph cephx Authentication Protocol Signature Bypass Vulnerability

A vulnerability in the cephx authentication protocol of Red Hat Ceph could allow an unauthenticated, adjacent attacker to bypass signature checks. The vulnerability is due to improper handling of signature calculations by the cephx authentication protocol of the affected software. An attacker who has access to a Ceph cluster network and is able to modify …

Red Hat Ceph cephx Authentication Protocol Signature Bypass Vulnerability Read More »

Linux Kernel EXT4 Filesystem Out-of-Bounds Write Denial of Service Vulnerability

A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the fourth extended filesystem (EXT4) of the affected system. An attacker could exploit the vulnerability by mounting and writing to a crafted EXT4 filesystem image. A successful exploit …

Linux Kernel EXT4 Filesystem Out-of-Bounds Write Denial of Service Vulnerability Read More »

Amazon Cloud Directory now available in the AWS GovCloud (US-West) Region

Amazon Cloud Directory is now available in the AWS GovCloud (US-West) Region, an isolated region designed to address specific regulatory and compliance requirements of US Government agencies, as well as contractors, educational institutions, and other US customers that run sensitive workloads in the cloud. Source:: Amazon AWS

AWS Serverless Application Repository Supports Amazon Route 53, Amazon SQS, AWS Glue, AWS IAM, AWS Step Functions and More

The Serverless Application Repository now supports applications with the following additional resources: Application Auto Scaling, Amazon Athena, AWS AppSync, AWS Certificate Manager, Amazon CloudFront, AWS CodeBuild, AWS CodePipeline, AWS Glue, AWS IAM, Amazon SNS, Amazon SQS, AWS Systems Manager, and AWS StepFunctions. These new resources make it easier for teams and organizations to publish, store, …

AWS Serverless Application Repository Supports Amazon Route 53, Amazon SQS, AWS Glue, AWS IAM, AWS Step Functions and More Read More »

Amazon ECS Now Allows Two Additional Docker Flags

You can now specify two new docker flags as parameters in your Amazon Elastic Container Service (ECS) Task Definition. These flags are pidMode and ipcMode. The pidMode parameter allows you to configure your containers to share their process ID (PID) namespace with other containers in the task, or with the host. Sharing the PID namespace …

Amazon ECS Now Allows Two Additional Docker Flags Read More »

Firefox adds in-browser notification of breached sites

Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers. Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service …

Firefox adds in-browser notification of breached sites Read More »