GIXtools

How British veterans are using their military skills to retrain as IT security experts. Source:: BBC News – Technology

The latest ISPreview.co.uk survey of 1,860 online readers has found that the vast majority of respondents (86.8%) support the Government’s aspiration for universal coverage of ultrafast “full fibre” (FTTP) broadband ISP networks by 2033, but only 43.5% believe it’s actually achievable. Earlier this year the Government made a commitment to deliver ultrafast Gigabit capable “full …

Survey Doubts UK’s Ability to Rollout Full Fibre Networks by 2033 Read More »

Photo by Dayne Topkin / Unsplash Why We Weighed In on US Privacy Efforts Cloudflare’s mission is to help build a better internet, and privacy has to be at the heart of that effort. That’s why we submitted comments last week on the National Telecommunications and Information Administration (NTIA)’s request for comment on its proposed …

Cloudflare’s Response to a Privacy Framework Read More »

What is a social network, anyway? To a consumer, a social network might be a place to share memes, cat photos and selfies. But to a business, a social network is a place to bolster and defend branding, share product information, interact with customers and participate in relevant conversations with the world. Businesses have websites. …

Google Maps is the new social network Read More »

Cable ISP Virgin Media has teamed up with a development of new build houses in the Tees Valley area (Wynyard Park) and a graphic design firm (Shutter Media), which has enabled them to create a series of disguises that will be wrapped around 16 of their ultrafast broadband supplying street cabinets. The tactic of disguising …

Virgin Media UK Tests New Camouflage for Broadband Cabinets Read More »

A vulnerability in Apache Qpid Proton-J could allow an unauthenticated, remote attacker to conduct a man-in-the-middle (MITM) attack on a targeted system. The vulnerability exists because the transport.ssl(…) methods of the affected software are missing Transport Layer Security (TLS) hostname-verification functionality. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass hostname-based …

Apache Qpid Proton-J transport.ssl(…) Methods Man-in-the-Middle Vulnerability Read More »

A vulnerability in ClusterLabs pcs could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the REST interface of the pcsd service of the affected software does not properly remove the pcs debug argument from the /run_pcs query. An attacker could exploit this vulnerability by sending a …

ClusterLabs pcs Debug Parameter Removal Bypass Information Disclosure Vulnerability Read More »

Some imams in Kurdistan have officially banned a hugely popular video game – but others are hitting back. Source:: BBC News – Technology

A vulnerability in the _nc_name_match function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_name_match function of the affected software. An attacker could exploit this vulnerability by persuading a …

ncurses _nc_name_match Function NULL Pointer Dereference Denial of Service Vulnerability Read More »

A vulnerability in the _nc_parse_entry function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_write_entry function, as defined in the parse_entry.c source code file of the affected software. An …

ncurses _nc_parse_entry in parse_entry.c Function NULL Pointer Dereference Denial of Service Vulnerability Read More »

The UK Government’s Digital Minister, Margot James, appears to have indirectly lent support to Cityfibre’s efforts to stop slower “hybrid fibre” (FTTC, HFC DOCSIS etc.) broadband ISPs from using the same marketing terms as significantly faster “full fibre” (FTTP) providers, which the MP agreed was “misleading advertising.“ The Advertising Standards Authority (ASA) has declined to …

Digital Minister Supports Campaign Against Fake Fibre Adverts Read More »

A vulnerability in the ScaleIO driver of OpenStack Cinder could allow an authenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the ScaleIO driver of the affected software does not properly delete data on ScaleIO volumes using thin volumes and zero padding on certain storage volume configurations. An attacker …

OpenStack Cinder ScaleIO Driver Information Disclosure Vulnerability Read More »

A vulnerability in the finalize_with_tag API of Python Cryptographic Authority python-cryptography could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient enforcement of a minimum tag length prior to passing user-supplied input to the finalize_with_tag API of the affected software. An attacker could exploit this …

Python Cryptographic Authority python-cryptography finalize_with_tag API Information Disclosure Vulnerability Read More »

A vulnerability in the cephx authentication protocol of Red Hat Ceph could allow an unauthenticated, adjacent attacker to bypass signature checks. The vulnerability is due to improper handling of signature calculations by the cephx authentication protocol of the affected software. An attacker who has access to a Ceph cluster network and is able to modify …

Red Hat Ceph cephx Authentication Protocol Signature Bypass Vulnerability Read More »

A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the fourth extended filesystem (EXT4) of the affected system. An attacker could exploit the vulnerability by mounting and writing to a crafted EXT4 filesystem image. A successful exploit …

Linux Kernel EXT4 Filesystem Out-of-Bounds Write Denial of Service Vulnerability Read More »

Amazon Cloud Directory is now available in the AWS GovCloud (US-West) Region, an isolated region designed to address specific regulatory and compliance requirements of US Government agencies, as well as contractors, educational institutions, and other US customers that run sensitive workloads in the cloud. Source:: Amazon AWS

The Serverless Application Repository now supports applications with the following additional resources: Application Auto Scaling, Amazon Athena, AWS AppSync, AWS Certificate Manager, Amazon CloudFront, AWS CodeBuild, AWS CodePipeline, AWS Glue, AWS IAM, Amazon SNS, Amazon SQS, AWS Systems Manager, and AWS StepFunctions. These new resources make it easier for teams and organizations to publish, store, …

AWS Serverless Application Repository Supports Amazon Route 53, Amazon SQS, AWS Glue, AWS IAM, AWS Step Functions and More Read More »

AWS Server Migration Service now supports hourly replication intervals, which enable customers to further minimize the downtime when migrating on-premises servers to Amazon EC2 Source:: Amazon AWS

You can now specify two new docker flags as parameters in your Amazon Elastic Container Service (ECS) Task Definition. These flags are pidMode and ipcMode. The pidMode parameter allows you to configure your containers to share their process ID (PID) namespace with other containers in the task, or with the host. Sharing the PID namespace …

Amazon ECS Now Allows Two Additional Docker Flags Read More »

Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers. Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service …

Firefox adds in-browser notification of breached sites Read More »