Forgot your password?
typodupeerror

Submission Summary: 0 pending, 5 declined, 5 accepted (10 total, 50.00% accepted)

+ - The upcoming Windows 8.1 apocalypse 2

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "As most people will have heard, Microsoft will end support for anyone who hasn't upgraded to Win8.1 Update 1 on May 8. What fewer people have heard is that large numbers of users can't install the 8.1 Update, with over a thousand messages in this one thread alone, and that's for tech geeks rather than home users who won't find out about this until their PC becomes orphaned on May 8. Check your Windows Update log, if you've got a "Failed" entry next to KB2919355 then your PC will also become orphaned after May 8."

+ - Windows 8.1 Update creates chaos for many users 1

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "Microsoft's Windows 8.1 Update has been creating chaos for many users, as demonstrated by threads running to six hundred and eight hundred messages respectively in Microsoft's support forums. Users report spending days trying to get it to work, with the Microsoft-recommend solution of using the Deployment Image Servicing and Management (DISM) tool fixing some failed updates, followed by more recent reports of it corrupting the Windows component store and requiring a complete reinstall of Windows. For users with OEM pre-installs, that means going out and buying a Windows 8.1 CD. Since no further updates are possible without the 8.1 Update, this now leaves large numbers of users of Microsoft's latest OS in the same boat as Windows XP users."

+ - Is Android the next Microsoft monoculture?->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "A decade ago, Microsoft was criticised for creating a monoculture full of security vulnerabilities. Today we have another emerging monoculture, Android, which is becoming as pervasive as Windows was a decade ago, and just as full of security issues. Will Android be the next insecurity monoculture?"
Link to Original Source
Security

+ - Sophos A/V riddled with vulnerabilities->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "Security researcher Tavis Ormandy has had a look at Sophos A/V and found that it'll actually make your system less secure after you install it:

The paper contains details about several vulnerabilities in the Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system. Ormandy even included a proof-of-concept exploit for the PDF parsing vulnerability which he claims requires no user interaction, no authentication and can be easily transformed into a self-spreading worm.

The findings also include this gem:

Ormandy also found that a component called the 'Buffer Overflow Protection System' (BOPS) that's bundled with Sophos antivirus, disables the ASLR (address space layout randomization) exploit mitigation feature on all Windows versions that support it by default, including Vista and later.

Original paper here."
Link to Original Source

Chrome

+ - Is Google targeting Firefox? 1

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "As of about two weeks ago, Google searches carried out from Firefox are returning meta redirects that require manually clicking through every search result in order to reach your target. In doing this Google is specifically targeting Firefox and no other browser (switching your user agent to anything other than Firefox gets rid of the problem). Presumably switching to Chrome would also resolve the issue. Could this targeting of Firefox be because it's Google's main competitor in the open-source browser market?"
Security

+ - (Possible) Diginotar hacker comes forward-> 1

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more "high-profile" CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns."
Link to Original Source
Security

+ - Another CA issues false certificates to Iran->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate."
Link to Original Source
Communications

+ - The end of the end-to-end principle->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "The Internet was designed around the end-to-end principle, which says that functionality should be provided by end hosts rather than in the network itself. A new study of the effect of vast numbers of middleboxes on the Internet indicates that this is no longer the case, since far too many devices on the Internet interfere with traffic in some way. This has serious implications for network (protocol) neutrality (as well as future IPv6 deployment) since only the particular variations of TCP that they know about will pass through them."
Link to Original Source
Security

+ - 13-year-old password security bug fixed->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "In a sign that many eyes don't really make (security) bugs shallow, a thirteen-year-old password-hashing bug that affects (at least) PHP, some Linux distros (Owl, ALT Linux, SUSE), and a variety of other apps has just been patched. This problem had been present in widely-used code since 1998 without anyone noticing it."
Link to Original Source

With your bare hands?!?

Working...