The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.
On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.
Microsoft has no plans to issue updates for two vulnerabilities, one a zero-day and the other being one publicised by Google, before the scheduled date for its next round of updates rolls around in March.
The company did not issue any updates in February, even though it had been scheduled to switch to a new system from this month onwards.
It gave no reason for this, apart from saying: "This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
"After considering all options, we made the decision to delay this month’s updates. We apologise for any inconvenience caused by this change to the existing plan."
The Google-disclosed bug was made public last week, and is said to be a flaw in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory.
Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.
The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.
When software is developed using open source methods, an upstream repository of the code is accessible to all members of the project. Members contribute to the code, test it, write documentation and can create a solution from that code to use or distribute under license. If an organization follows the main stream or branch of the upstream code their solution will receive all the changes and updates created in the upstream repository. Those changes simply “flow down” to the member’s solution. However, if a member organization forks the code — if they create a solution that strays from the main stream — their solution no longer receives updates, fixes and changes from the upstream repository. This organization is now solely responsible for maintaining their solution without the benefit of the upstream community, much like the baby salmon that took a tributary and then have to fend for themselves rather than remain in the main stream and receive the benefit and guidance of the other salmon making their way to the ocean.
Hewlett Packard Enterprise ( NYSE : HPE ) and Red Hat, Inc. ( NYSE : RHT ) announced today they are working together to accelerate the deployment of network functions virtualization (NFV) solutions based on fully open, production-ready, standards-based infrastructures. HPE plans to offer ready-to-use, pre-integrated HPE NFV System solutions and HPE Validated Configurations incorporating Red Hat OpenStack Platform and Red Hat Ceph Storage for communications service providers (CSPs).
As part of our commitment to delivering open technologies across many computing architectures, Red Hat has joined the OpenPOWER Foundation, an open development community based on the POWER microprocessor architecture, at the Platinum level. While we already do build and support open technologies for the POWER architecture, the OpenPOWER Foundation is committed to an open, community-driven technology-creation process – something that we feel is critical to the continued growth of open collaboration around POWER.
XDC 2017, the annual X.Org Developers' Conference, was announced last year for happening in Mountain View, California and hosted by Google but given the current US political climate, the X.Org Foundation was questioning whether to move the event outside of the United States.
The Sharing and Resue Conference 2017 is about modernisation of eGovenment services, and the key role of sharing and reuse of IT solutions. Working together on IT solutions allows public administrations to improve and develop their eGovernment services and boosts government modernisation.
By sharing and reusing IT solutions public sector organisations can build interoperable and standardised services, while lowering costs.
Last year, experts from Uber, Twitter, PayPal, and Hubspot, and many other companies shared how they use Apache Mesos at MesosCon events in North America and Europe. Their talks helped inspire developers to get involved in the project, try out an installation, stay informed on project updates, and generally get pumped to use and participate in Apache Mesos.
A few moments ago, we hit 100% funded for our AppCenter campaign on Indiegogo. Thank you, backers! More than 300 people backed us over just two weeks to help bring our pay-what-you-want indie app store to life.
...we contacted the creator of the Linux Lite “Jerry Bezencon” and enquired the upcoming new features in the latest version of the Linux Lite. We have also done a review of the latest available distro i.e. 3.2 (32 bit) so that the readers can understand easily where are the new features headed towards.
For some years, OpenWrt has arguably been the most active router-oriented distribution. Things changed in May of last year, though, when a group of OpenWrt developers split off to form the competing LEDE project. While the LEDE developers have been busy, the project has yet to make its first release. That situation is about to change, though, as evidenced by the LEDE v17.01.0-rc1 release candidate, which came out on February 1.
Many of the changes made in LEDE since the 2015 OpenWrt "Chaos Calmer" release will not be immediately visible to most users. The core software has been updated, of course, including a move to the 4.4.42 kernel. There are a number of security-oriented enhancements, including a switch to SHA256 for package verification, the disabling of support for several old and insecure protocols, compilation with stack-overwrite detection, and more. There is support for a number of new devices. Perhaps the most anticipated new feature, though, is the improved smart queue management and the WiFi fairness work that has been done as part of the bufferbloat project. It has been clear for some time that WiFi should work far better than it does; the work that has found its way into the LEDE release candidate should be a significant step in that direction.
Your editor decided that it was time to give LEDE a try, but there was some shopping to be done first. Getting the full benefit from the bufferbloat and airtime fairness work requires the right chipset; most of this work has been done on the Atheros ath9k driver. So the first step was to go out and pick up a new router with ath9k wireless. That is where the things turned out to be harder than one might expect.
Microsoft Corp. faces a coordinated investigation by European privacy regulators after it failed to do enough to address their concerns about the collection and processing of user data with a series of changes to Windows 10 last month.
European Union data-protection officials sent a letter to Microsoft saying they remain “concerned about the level of protection of users’ personal data,” according to a copy of the document posted by the Dutch watchdog Tuesday. Regulators from seven countries are concerned that even after the announced changes, “Microsoft does not comply with fundamental privacy rules.”
Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices.
The software, covered by the Apache 2.0 license, intended for employees of organizations that use a device management service. Netflix hopes that employees using the toolkit will learn from it and apply the app's recommendations to personal devices that are not under active management.
ReactOS 0.4.4 arrived last week as the latest maintenance update to the stable 0.4 series of the open source Windows-compatible operating system, bringing better rendering for many applications and initial printing support.
In most of the places I have worked there has been a centralized computer and application standard that was more or less mandatory for all employees. There are benefits of such an environment, which I will not go into in this piece, but for me, as an open source and Linux enthusiast, I try to use the tools I'm used to and like.
So, I immediately install my favorite applications when I receive a new standardized Windows-based work computer, something I have been lucky enough to be allowed to do.
Companies will almost certainly face challenges establishing their open source compliance program. In this series of articles, based on The Linux Foundation’s e-book, Open Source Compliance in the Enterprise, we discuss some of the most common challenges, and offer recommendations on how to overcome them.