Security Leftovers
-
Java and Python FTP attacks can punch holes through firewalls
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.
On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.
-
Microsoft: no plans to patch known bugs before March [Ed: Microsoft is keeping open 'back doors' that are publicly known about, not just secret ones]
Microsoft has no plans to issue updates for two vulnerabilities, one a zero-day and the other being one publicised by Google, before the scheduled date for its next round of updates rolls around in March.
The company did not issue any updates in February, even though it had been scheduled to switch to a new system from this month onwards.
It gave no reason for this, apart from saying: "This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
"After considering all options, we made the decision to delay this month’s updates. We apologise for any inconvenience caused by this change to the existing plan."
The Google-disclosed bug was made public last week, and is said to be a flaw in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory.
-
Microsoft issues critical security patches, but leaves zero-day flaws at risk
Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.
The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.
- Login or register to post comments
- Printer-friendly version
- 1085 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago