The clock that cost its inventor millions
Thomas Bromley failed to renew the patent on his digital clock, and missed out on a fortune. Source:: BBC News – Technology
Streaming wars: Can Disney topple Netflix?
Netflix is the leader in online video. Will Disney’s plans check its growth? Source:: BBC News – Technology
Cloudflare’s Response to a Privacy Framework
Photo by Dayne Topkin / Unsplash Why We Weighed In on US Privacy Efforts Cloudflare’s mission is to help build a better internet, and privacy has to be at the heart of that effort. That’s why we submitted comments last week on the National Telecommunications and Information Administration (NTIA)’s request for comment on its proposed …
Google Maps is the new social network
What is a social network, anyway? To a consumer, a social network might be a place to share memes, cat photos and selfies. But to a business, a social network is a place to bolster and defend branding, share product information, interact with customers and participate in relevant conversations with the world. Businesses have websites. …
Virgin Media UK Tests New Camouflage for Broadband Cabinets
Cable ISP Virgin Media has teamed up with a development of new build houses in the Tees Valley area (Wynyard Park) and a graphic design firm (Shutter Media), which has enabled them to create a series of disguises that will be wrapped around 16 of their ultrafast broadband supplying street cabinets. The tactic of disguising …
Virgin Media UK Tests New Camouflage for Broadband Cabinets Read More »
Apache Qpid Proton-J transport.ssl(…) Methods Man-in-the-Middle Vulnerability
A vulnerability in Apache Qpid Proton-J could allow an unauthenticated, remote attacker to conduct a man-in-the-middle (MITM) attack on a targeted system. The vulnerability exists because the transport.ssl(…) methods of the affected software are missing Transport Layer Security (TLS) hostname-verification functionality. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass hostname-based …
Apache Qpid Proton-J transport.ssl(…) Methods Man-in-the-Middle Vulnerability Read More »
ClusterLabs pcs Debug Parameter Removal Bypass Information Disclosure Vulnerability
A vulnerability in ClusterLabs pcs could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the REST interface of the pcsd service of the affected software does not properly remove the pcs debug argument from the /run_pcs query. An attacker could exploit this vulnerability by sending a …
ClusterLabs pcs Debug Parameter Removal Bypass Information Disclosure Vulnerability Read More »
PlayerUnknown’s Battlegrounds: Imams divided over video game fatwa
Some imams in Kurdistan have officially banned a hugely popular video game – but others are hitting back. Source:: BBC News – Technology
ncurses _nc_name_match Function NULL Pointer Dereference Denial of Service Vulnerability
A vulnerability in the _nc_name_match function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_name_match function of the affected software. An attacker could exploit this vulnerability by persuading a …
ncurses _nc_name_match Function NULL Pointer Dereference Denial of Service Vulnerability Read More »
ncurses _nc_parse_entry in parse_entry.c Function NULL Pointer Dereference Denial of Service Vulnerability
A vulnerability in the _nc_parse_entry function of ncurses could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that exists in the _nc_write_entry function, as defined in the parse_entry.c source code file of the affected software. An …
Digital Minister Supports Campaign Against Fake Fibre Adverts
The UK Government’s Digital Minister, Margot James, appears to have indirectly lent support to Cityfibre’s efforts to stop slower “hybrid fibre” (FTTC, HFC DOCSIS etc.) broadband ISPs from using the same marketing terms as significantly faster “full fibre” (FTTP) providers, which the MP agreed was “misleading advertising.“ The Advertising Standards Authority (ASA) has declined to …
Digital Minister Supports Campaign Against Fake Fibre Adverts Read More »
OpenStack Cinder ScaleIO Driver Information Disclosure Vulnerability
A vulnerability in the ScaleIO driver of OpenStack Cinder could allow an authenticated, remote attacker to access sensitive information on a targeted system. The vulnerability exists because the ScaleIO driver of the affected software does not properly delete data on ScaleIO volumes using thin volumes and zero padding on certain storage volume configurations. An attacker …
OpenStack Cinder ScaleIO Driver Information Disclosure Vulnerability Read More »
Python Cryptographic Authority python-cryptography finalize_with_tag API Information Disclosure Vulnerability
A vulnerability in the finalize_with_tag API of Python Cryptographic Authority python-cryptography could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient enforcement of a minimum tag length prior to passing user-supplied input to the finalize_with_tag API of the affected software. An attacker could exploit this …
Red Hat Ceph cephx Authentication Protocol Signature Bypass Vulnerability
A vulnerability in the cephx authentication protocol of Red Hat Ceph could allow an unauthenticated, adjacent attacker to bypass signature checks. The vulnerability is due to improper handling of signature calculations by the cephx authentication protocol of the affected software. An attacker who has access to a Ceph cluster network and is able to modify …
Red Hat Ceph cephx Authentication Protocol Signature Bypass Vulnerability Read More »
Linux Kernel EXT4 Filesystem Out-of-Bounds Write Denial of Service Vulnerability
A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the fourth extended filesystem (EXT4) of the affected system. An attacker could exploit the vulnerability by mounting and writing to a crafted EXT4 filesystem image. A successful exploit …
Linux Kernel EXT4 Filesystem Out-of-Bounds Write Denial of Service Vulnerability Read More »
Amazon Cloud Directory now available in the AWS GovCloud (US-West) Region
Amazon Cloud Directory is now available in the AWS GovCloud (US-West) Region, an isolated region designed to address specific regulatory and compliance requirements of US Government agencies, as well as contractors, educational institutions, and other US customers that run sensitive workloads in the cloud. Source:: Amazon AWS
AWS Serverless Application Repository Supports Amazon Route 53, Amazon SQS, AWS Glue, AWS IAM, AWS Step Functions and More
The Serverless Application Repository now supports applications with the following additional resources: Application Auto Scaling, Amazon Athena, AWS AppSync, AWS Certificate Manager, Amazon CloudFront, AWS CodeBuild, AWS CodePipeline, AWS Glue, AWS IAM, Amazon SNS, Amazon SQS, AWS Systems Manager, and AWS StepFunctions. These new resources make it easier for teams and organizations to publish, store, …
AWS Server Migration Service Now Supports Hourly Replication Intervals
AWS Server Migration Service now supports hourly replication intervals, which enable customers to further minimize the downtime when migrating on-premises servers to Amazon EC2 Source:: Amazon AWS
Amazon ECS Now Allows Two Additional Docker Flags
You can now specify two new docker flags as parameters in your Amazon Elastic Container Service (ECS) Task Definition. These flags are pidMode and ipcMode. The pidMode parameter allows you to configure your containers to share their process ID (PID) namespace with other containers in the task, or with the host. Sharing the PID namespace …
Amazon ECS Now Allows Two Additional Docker Flags Read More »
Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers. Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service …
Firefox adds in-browser notification of breached sites Read More »