Jump to content

Search the Community

Showing results for tags 'fixes'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 15 results

  1. Four of the flaws are publicly known but none have been listed as under active attack. Microsoft today patched 88 software vulnerabilities and issued four advisories as part of its monthly Patch Tuesday update. Four are publicly known; none have been seen exploited in the wild. The June fixes released today cover a broad range of products and services including Microsoft Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Skype for Business, Microsoft Lync, Exchange Server, Azure, and SQL Server. Twenty-one patches were deemed Critical in severity, 66 are categorized as Important, and only one is ranked Moderate. While none of the bugs patched this month are under active attack, this is an especially large batch of fixes. Here are some of the noteworthy bugs in Microsoft's June roundup. Publicly known vulnerabilities were disclosed by security researcher SandboxEscaper via Twitter last month: CVE-2019-1053 (sandboxescape) is a flaw in the Windows Shell that could allow elevation of privilege on affected systems by escaping a sandbox; it affects all Windows operating systems. CVE-2019-1069 (BearLPE), an elevation of privilege vulnerability in Windows Task Scheduler, exists in the way Task Scheduler Service validates some file operations. Other publicly known bugs include CVE-2019-0973 (InstallerBypass), which occurs when the Windows Installer fails to properly sanitize input, leading to an insecure library loading behavior. An attacker could exploit this to run malicious code with elevated privileges. CVE-2019-1064 (CVE-2019-0841 BYPASS) could also be used to elevate privileges on target systems. Exploits for all of these were posted on GitHub by the researcher, who had published zero-days in the past. When the bugs were publicly disclosed in May, researchers predicted the likelihood of danger was low; still, there remained a chance the code would be integrated into malware. Even though the proof-of-concept code was posted online, this didn't happen. Remote code execution (RCE) vulnerabilities were common. Three Critical vulnerabilities patched were Hyper-V RCE bugs (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722). This stood out to Jimmy Graham, Qualys' senior director of product management. All would let an authenticated user on a guest system run arbitrary code on the host. While Microsoft says exploitation is less likely, he says "these patches should still be prioritized for Hyper-V systems." Also patched today were CVE-2019-1019, a Windows Security Feature Bypass Vulnerability, and CVE-2019-1040, a Windows NTLM Tampering Vulnerability. Both were reported by Preempt. Greg Wiseman, senior security researcher with Rapid7, calls CVE-2019-1019 a "nasty-looking" bug that could enable an attacker to steal a session key using a specially crafted NETLOGON message; in doing so, they could access other systems by posing as the original user, he says. Researchers found that although domain controllers would deny requests if the expected machine name was different from the one that established the secure channel, the controllers would accept requests if the computer name field was missing, they explain in a blog post. As for CVE-2019-1040, Preempt researchers bypassed the Message Integrity Code protection in NTLM authentication and could change any field in the NTLM message flow. The bypass could let attacker relay authentication attempts which have negotiated signing to another server, while removing the signing requirement. All servers that don't enforce signing are vulnerable. Source
  2. Not even a week has passed since Microsoft released Windows 10 April 2018 Update to their customers around the globe. Early adopters have started to report some Windows problems as they get their hands-on the feature update. The Windows 10 version 1803 issues known so far range across hardware and software. A popular among them is April Update users experiencing Chrome freezes (via MSPUser) more than ever. The cause of the freeze is yet to be known and there is no comment from Microsoft regarding the same. There are a number of components and features that people are unable to use or facing problems with after installing the April Update. Windows United has compiled a list of the known issues in Windows 10 April 2018 Update: Windows 10 April Update problems: Delayed mouse reactions: Some people are observing mouse movements and cursor speed different than before. The cause of this Windows April Update issue is not known. Unusable microphone In case you aren’t able to use the mic on the device, go to Settings > Privacy. See if microphone access is allowed for apps. If you suspect there is something wrong with the hardware, the Sound also includes a tool to test the microphone. Context menu doesn’t appear For some Windows 10 users, the taskbar context menu is missing. No solution for this Windows bug is available. Edge browser can’t start On some PCs, Edge doesn’t start even after doing a reset. The cause and solution of the problem are yet to be known. Delay in Alt +Tab There is a delay when people use Alt+Tab keyboard shortcut to switch between active apps. Fixes for Spectre and Meltdown Spectre fixes are already out for version 1709 (and earlier) in the form of microcode updates. But in April Update, it’s unclear up to what extent these microcodes are available. It’s suggested you should use a tool called InSpectre to review the same. Diagnostic data Some users see “Windows Insider Program manages this option” when they try to change the diagnostic data upload options in Settings > Privacy > Diagnostics & Feedback. While this is normal in the case of Insider builds, it is also happening on the machines which were never a part of the Insider program. No solution to this Windows April Update problem is known. However, the situation isn’t much different than the past; that’s why people are advised to keep their horses calm for a few days after a Windows 10 update releases. What’s wrong/broken in April Update’s user interface? Michael West, a concept designer, has spotted some inconsistencies in different areas of the Windows 10 after installing April Update. Issues in the Settings app The Settings app’s new App volume and device preferences page has some weird issues. West says it feels like it got “half designed and then forgotten by its team.” When the window is at its default size, the way the content wraps is a bit odd. On some pages in the Settings app, there are huge gaps between the title and the content. For instance, here is a screenshot of the Shared Experiences page. Another unusual thing in Windows 10 April Update is the standalone Phone page in the Settings app with just one category. It could easily be added to the Devices page. One possible explanation for this is Microsoft might want to promote their cross-device sync feature that lets people receive smartphone notifications on their PC. Windows Defender problems The Windows Defender Security Center (WDSC) has a “glaring bug” that makes it look like some poor HTML website. When you hover the mouse over a tile, other tiles get displaced. Also, when you change the system theme with the WDSC window open, the hamburger menu behaves unexpectedly with the text becoming practically illegible. It seems the Windows system doesn’t change the color of the text, no matter you switch from Light to Dark or Dark to Light. Windows Shell issues West has also noticed that the shadow effect is missing for many flyouts in Windows 10 April Update, including Battery, Network, Volume, Ink Space, Action Center, and Clock. An April Update bug, although it has been fixed in the release preview builds, has managed to get shipped with the final build pushed to the users. The Reveal effect often breaks for certain UI elements, leading to no borders showing up. There is a fluent design-related issue in the Start Menu and Action Center as well. The two tend to lose their acrylic effects as they’re opened and closed. This Windows design problem is visible when the content behind is “busy.” For instance, when open/close the Action Center when a video is playing. Chrome issues It appears there are some issues that have cropped up, with some users finding that the Chrome internet browser becomes unresponsive and crashes after installing the update. The issue has been posted by users on Reddit, and it appears that Microsoft is aware of the issues, with the Microsoft Support Twitter account replying to one user who experienced the issue by saying “it appears that some users are experiencing the same concern as yours. We'll be checking our internal bug report for this. Please let our developer know this as well by posting it on the Feedback Hub. Update us if you needed further assistance. All the best.” Hopefully Google, the company behind Chrome, updates the browser so that it is stable with the Windows 10 April 2018 Update. Some people are reporting that installing the 17134.5 update via the cumulative update KB4135051 and then running the Command Prompt as an Administrator and entering the following helps: dism /online /add-package /packagepath:%homepath%\downloads\Windows10.0-KB4135051-x64_22fd6a942c7b686a5434bcc8dfc87f3379c99437.cab Otherwise, you may need to hang tight until a patch for Chrome is released, and for the moment use a different web browser such as Edge or Firefox. How is your experience with Windows 10 April 2018 Update? Sources: Fossbytes & TechRadar
  3. Thunderbird 52.0 Released: Find Out What Is New Thunderbird 52.0 is out. The new version of the desktop email client for Windows, Mac and Linux devices was released on April 4, 2017 to the public. The new version of the email client is a major new releases, as indicated by the version. It replaces the previous version Thunderbird 45.8.0. Thunderbird installations and portable copies will pick up the new update eventually. You can check for updates with a click on Help > About Thunderbird. The new version may not be available yet via the automatic update system of the email client. Thunderbird 52.0 The new version ships with a massive list of new features and changes. Probably the biggest change in the new version is a change in how images are handled by Thunderbird. So, image links that point to Internet locations won't be downloaded anymore automatically by the email client. This should deal with tracking pixels attached to emails. The team notes that images may be downloaded on a "per image" basis using the image properties dialog. Thunderbird users who want to restore the former status quo may do so as well: Select Tools > Options. Switch to the Advanced > General tab. Select Config Editor there. Use the search for to find mail.compose.attach_http_images. Double-click on the preference to set it to true. New features in Thunderbird 52.0 The following features are new additions, or improvements: Chat functionality has been improved. It supports direct messages, liking, and favoring on Twitter now. Also, support for Jabber/XMPP message carbons, and SASL SCRAM authentication mechanism added. Calendar events can be created and edited in a tab now. Release notes mention "Processing of received invitation counter proposals" as well, but not sure what that means. Other: Becky Internet Mail settings may be imported now, and Thunderbird may remove data files that correspond to accounts when the account gets removed. Other: Folder pane toolbar, enable under View > Toolbars, to quick jump to folders. Also, option to copy message filters was added. Changed features in Thunderbird 52.0 Several features were changed, or removed, in the new version of the desktop email client: The (relatively) new Correspondents column is enabled now for all new folders. You may turn off the feature by setting mail.threadpane.use_correspondents to false. When Thunderbird users reply to mailing lists, the reply is sent to the address in the from header, not the reply-to header. Pulse Audio is needed on Linux to play sound. IMAP caching uses new caching technology. IMAP folder messages read on external devices are filtered by default. Mbox storage folders larger than 4GB are supported without warning now. Yahoo Messenger support was removed. The Formatting Toolbar remains in place when the email deliver format is switched to Plain Text. Fixes in Thunderbird 52.0 Quite a few issues were fixed in Thunderbird 52.0 as well: Message preview pane non-functional after IMAP folder was renamed or moved Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line Various corrections when composing messages in paragraph format Paste as quotation doesn't always work Long lines in plain text replies not properly wrapped Undesired white-space before signature in paragraph mode When attachment unavailable, compose shows endless "Attaching..." message instead of error Text encoding of reply sometimes incorrect (uses encoding of last viewed message) Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment) Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both) Reply to own e-mail does not reply with the correct identity IMAP message part caching Links with escaped non-ASCII (international) characters can't be clicked Calendar: Events specified in timezone "local time" generate alerts in UTC time Chat: XMPP Resource collisions Closing Words The Thunderbird development team added several interesting privacy and security focused features to Thunderbird. First, the blocking of remote images on the Internet, and then the change in mailing list replies. Release notes are here. Now You: What's your impression of Thunderbird 52.0 so far? Do you use a different email client? Source
  4. Mozilla Fixes Critical Vulnerability in Firefox 22 Hours After Discovery White hats were rewarded $30,000 for the effort The new Firefox version 52.0.1 which was released late on Friday contains the patch for the flaw discovered by hackers in the competition. The fix was confirmed via Twitter by Asa Dotzler, Mozilla participation director for Firefox OS, as well as Daniel Veditz, security team member at Mozilla. The bug was discovered by the Chaitin Security Research Lab from China. The hackers managed to escalate privileges in an exploit during the hacking competition by combining the bug with an initialized buffer in the Windows kernel. The bug bounty for this particular vulnerability was of $30,000 indicating that it was a serious matter. In a security advisory published by Mozilla, the company marks the integer overflow in the createImageBitmap() as "critical." They say that the bug was fixed in the newest version by disabling experimental extensions to the createImageBitmap API. Mozilla also claims that since the function works int he content sandbox, it would have required a second vulnerability to compromise a user's computer. Chaitin used, in this instance, the Windows kernel. Largest awards so far Many vulnerabilities were discovered during the hacking competition. So far, few have been fixed, and definitely not many as fast as the one Mozilla patched up in Firefox. Microsoft and Apple are two of the companies people are waiting to hear from int his regard In total, contestants were awarded $833,000 for the discovered vulnerabilities this year, nearly double than what was awarded last year. In 2016, the awards reached $460,000 and the previous year $577,000. In the end, it all depends on how good a day the hackers have to find something critical to exploit. Source
  5. The site hacker ND posted had a *.xyz website extension and I have witnessed sites that are hosted from .xyz that host pups and malware I would be careful of what sites you visit that hacker ND gives you. From this thread: Just be careful and check the site with a site checker first.
  6. Malwarebytes Stumbles With False Positive On KB 3197868, The Win7 November Monthly Rollup Thanks to SC for the heads up. Looks like those of you running Malwarebytes on a Win7 system using Group A updating are in for a rocky ride. Symptoms of the kernel32.dll false positive include locked up systems, and machines that take five minutes or more to shut down. On Thursday, Malwarebytes narrowed down the problem and posted this solution: Malwarebytes’ solutions are to uninstall KB 3197868 if you haven’t rebooted after installing it, use System Restore, or manually replace some system files (which is a bear!). Source UPDATE:
  7. vissha

    Firefox 49.0.2 Is Out

    Firefox 49.0.2 Is Out Mozilla has released an update for the stable version of its Firefox web browser that brings the version of it to Firefox 49.0.2. Firefox 49.0.2 is a bug fix and security release that fixes several issues in the browser, among them two that we talked about just yesterday. The new version is already available, and users may want to run a manual check for updates to speed up the updating process. This goes especially for users who are affected by one or multiple of the bugs fixed in the new version. Firefox 49.0.2 Do the following to run a manual update check in Firefox: Tap on the Alt-key on the computer keyboard, and select Help > About Firefox from the menu. This should open a small About Mozilla Firefox window on the screen that checks for updates automatically. Firefox should find the version 49.0.2 update for the browser, and either download and install it automatically, or suggest to do so. The following issues are fixed in the new version: (here is the changelog link) Asynchronous plugin rendering for Flash is now enabled by default. This addresses performance issues and should reduce crashes when visiting sites that use Flash. (Bug 1307108) D3D9 fallback disabled if hardware acceleration is used to prevent graphical artifacts on the screen. (Bug 1306465) Fixed a network bug that prevented some Firefox users from seeing the user interface on start. (Bug 1305436) Fixed a compatibility issue that affected file uploads. (Bug 1306472) Fixed another issue affecting Array.prototype.values. (Bug 1299593) Fixed a canvas filters graphics issue in HTML5 apps. (Bug 1304539) Changed diagnostic information on timing for tab switching. (Bug 1304113) Mozilla on top of that fixed several security vulnerabilities in Firefox 49.0.2. CVE-2016-5287: Crash in nsTArray_base<T>::SwapArrayElements CVE-2016-5288: Web content can read cache entries The Android version has been updated as well to Firefox 49.0.2 for Android. It only got one of the fixes that dealt with compatibility issues with file uploads, and the security fixes. Now You: Have you been affected by any of the issues? Source
  8. Firefox 49: Two New System Add-ons To Fix Flash And Graphics Issues Mozilla has started to distribute two new system add-ons for Firefox 49.0 and Firefox 49.0.1 to address two issues affecting Adobe Flash Player and graphics issues. The organization is working on Firefox 49.0.2 currently, but made the decision to release two new patches for the current stable version of Firefox as system add-ons to address issues that users are affected by. System add-ons are like hotfixes. They can be pushed out to all Firefox users who have automatic updates enabled to fix issues of the browser. That's usually a lot faster than having to create a new build of Firefox. The two system add-ons address two issues in Firefox 49 and 50. Asynchronous Plugin Rendering and D3D9 Acceleration Fallback Asynchronous Plugin Rendering enables asynchronoous plugin rendering in Firefox 49. The patch is designed to improve the performance of Adobe's Flash Player in Firefox, and to reduce the likelihood of crashes. The patch flips the switch dom.ipc.plugins.asyncdrawing.enabled to true on Firefox 49 and Firefox 49.0.1. This fixes an issue that 64-bit users of Firefox experienced. Mozilla calls these issues "functional", and mentioned that it also caused issues with scrolling for e10s users and Flash content. Mozilla will integrate the change in Firefox 49.0.2 which will be out soon. If you don't want to wait for the system add-on to be pushed to your copy of Firefox, flip the preference manually instead to resolve the issues: Type about:config in the Firefox address bar. Confirm that you will be careful if the warning prompt spawns. Search for dom.ipc.plugins.asyncdrawing.enabled. If the preference's value is set to false, double-click it to set it to true instead. This enables asynchronous plugin rendering in Firefox. The D3D9 Acceleration Fallback system add-on on the other hand deactivates Direct3D9 fallback if hardware acceleration is enabled in Firefox. This should fix graphics artifacts issues that some Firefox users are experiencing currently. The patch will land in Firefox 49 and Firefox 50. Find out if the system add-ons are installed You can find out if the system add-ons are already installed on your version of Firefox. Simply load about:support in the Firefox address bar and scroll down to the extensions group on the page. There you find all user installed and Mozilla installed Firefox add-ons. If you find the two system add-ons mentioned above, then they are installed and enabled. If not, there is little that you can do but wait for them to become available on your system. (via Sören Hentzschel) Source
  9. Linux Kernel 4.8.1 Is Out, Stable Enough for Deployment in GNU/Linux Distros Users of the Linux 4.8 kernel branch are urged to update As you might know already, Linux kernel 4.8 launched on October 2, as announced by Linus Torvalds himself, and it brought quite some interesting changes, including AMDGPU OverDrive support, Nvidia Pascal support, AMDGPU PowerPlay improvements, support for Raspberry Pi 3's Broadcom BCM2837 system-on-chip (SoC), as well as support for Microsoft Surface 3 touch controller. As with any new kernel branch, the first one is always marked as mainline, which means that it's not yet ready to be deployed in stable GNU/Linux distributions, but only in those that are currently in development, such as Ubuntu 16.10 (Yakkety Yak). The status of the new kernel series changes to stable as soon as the first point release is out. Therefore, Linux kernel 4.8.1 is now stable enough to be used by any Linux-based OS. "I'm announcing the release of the 4.8.1 kernel. All users of the 4.8 kernel series must upgrade," says Greg Kroah-Hartman. "The updated 4.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary." The infamous kernel bug was fixed We also reported the other day that Linus Torvalds apologized for the inclusion of a kernel bug in the Linux 4.8 release, which shouldn't have affected anyone because no stable distribution was using it. We told then that it's just a matter of time before Linux kernel 4.8.1 is out to fix that issue and let OS vendors ship the new Linux 4.8 kernel series in the stable repositories of their operating systems. Now we just need to wait and see which is the first stable (rolling or not) distro to offer the new Linux 4.8 kernel to its users. We have all the reasons to believe that Arch Linux and/or Solus will be the first, but next week, on October 13, Ubuntu 16.10 is hitting the streets powered by Linux kernel 4.8. If you're not using any of these distros, go ahead and download the Linux kernel 4.8.1 sources right now from kernel.org. Source For Ubuntu Users, you can get the Official PPA Mainline builds here.
  10. Microsoft started to push out Windows 10 Build 14926 earlier today to the cutting edge Insider Channel. The new release is mostly a bug fix release as it fixes several issues that users of Windows 10 may experience when they work on devices that run the operating system. This includes a crash fix in Adobe Acrobat Reader, a crash fix when Settings > Personalization is opened, or improved scaling for full screen games. The changelog that Microsoft released lists one fix in particular that is going to please a good chunk of users of Windows 10. Microsoft files this under "improving the PC upgrade experience". If you have removed apps before on Windows 10, you may have noticed that some of them come back after you perform an upgrade of the operating system, for instance to August's Anniversary Update. Not all users experienced these issues, but Windows Insiders suffered from the issue more than others, as their systems were updated more frequently. So, if you are tired of seeing Candy Crush make a comeback each time you upgrade Windows 10, then you will be pleased that this won't be the case anymore once Build 14926 is installed on the device. Microsoft notes that this is true for all apps Windows 10 ships with. If you remove the Mail app, it won't be reinstalled when you upgrade to a new build. Starting with Build 14926, when your PC updates it will check for apps that have been uninstalled, and it will preserve that state once the update has completed. This means if you uninstall any of the apps included in Wistarting with Build 14926, when your PC updates it will check for apps that have been uninstalled, and it will preserve that state once the update has completed. This means if you uninstall any of the apps included in Windows 10 such as the Mail app or Maps app, they will not get reinstalled after you update to a newer build going forward. It will take a while before the fix lands in stable versions of the operating systems. It seems likely that the fix won't be pushed out before the next feature upgrade is made available. Microsoft mentioned that it plans to release two feature updates in 2017, but has not yet provided any other information on what it has planned. It seems likely that users will experience the reinstallation issue one last time when the first feature update gets released. That's true only however if Microsoft does not release the fix before it pushes out the next feature update for Windows 10. Article source
  11. Fix WiFi Not Connecting In Linux Mint 18 And Ubuntu 16.04 Problem description I experienced this strange issue in Ubuntu 16.04 and Linux Mint 18. When I tried to connect to wifi, I clicked on the available wireless networks, entered the correct wifi password. A few seconds later, I was still not connected to the internet. I thought it may be that I entered an incorrect password. So, I tried to connect again. This time typing the password slowly and then I double checked it to make sure that the password was correct. But no, it won’t connect to the internet. This was frustrating as my wifi password is 26 characters long. Reason I went to the network settings to find out what was wrong with it. I noticed that my wifi password was not stored which could be normal as I was not asked if I wanted to connect to the network automatically. I manually entered the wifi password and saved it in the network settings in an effort to not have to enter the long passwords again. What surprised me that it just got connected to the internet after that. I don’t know exactly what made it work but it worked. I haven’t looked to find if it is a bug in this version of the network manager or not but I experienced the same issue after installing Linux Mint 18. And using this trick again saved me. Steps to fix wifi not connecting despite correct password in Linux Mint 18 and Ubuntu 16.04 Basically, all you need to do here is: go to Network Settings choose the network you are trying to connect to under the security tab, enter the wifi password manually save it This trick has worked for me repeatedly, both in Ubuntu and Linux Mint. I hope that it works for you too. Since I am using Linux Mint 18 right now, I am going to share screenshots so that it would help beginners to fix this issue. Step 1: Go to Network Settings: Step 2: Choose the network you are trying to connect to. Note that it already provides a configuration option because I tried to connect to it earlier. Step 3: Under the security tab, enter the wifi password manually and click on apply to save it: You’ll see that your network is now connected: I hope this helps you. Note that this article deals with the problem when the wireless network is working fine in your system but it cannot connect to the access point despite correct password. I suggest this article if there is no wireless network in Ubuntu or Linux Mint. Have you already encountered the same wireless connection issue in Ubuntu 16.04 or Linux Mint 18? If yes, how did you fix it? Source
  12. IoT Manufacturer Caught Fixing Security Holes Smart lock maker August fails to ignore flaws In a shocking development, smart lock manufacturer August has been caught promptly patching security holes discovered in its product. At this year's DEF CON, security researcher Anthony Rose gave a presentation where he outlined how a whole range of "smart locks" were hackable. "Smart locks appear to be made by dumb people," Rose said. "Lots of manufacturers choose user convenience over security and aren't bothered about fixing their hardware." This is not exactly news to those who have been following the blossoming internet-of-things (IoT) marketplace. In fact, security measures on these products has been so consistently bad that it could arguably be the most defining characteristic of the entire market, after the fact that it connects to the internet. But what was surprising was that just 10 days later, August had put out patches that fix the holes. Even Rose was surprised, tweeting: "August just patched their web services to stop guest from being able to insert backdoor keys in homekit locks! Kudos to their engineers." He noted in a subsequent blog post that the fix is not an all-encompassing one – that will take longer to effect – but a 10-day turnaround? What is August thinking? Don't worry though, the company remains an outlier in a market that seems to think packaging and tweets are more important than security. Among the many models of smart locks that Rose identified as being fundamentally flawed, so far it seems that none other than August have fixed the flaws or even acknowledged they exist. In fact, of the 12 manufacturers that Rose contacted because he was able to unlock their locks without approval, only August even responded. So, well done to the Quicklock doorlock and padlock, the IBluLock padlock and the Plantrace Phantomlock for transmitting your passwords in plaintext. Bravo the Ceomate Bluetooth Smart Doorlock, the Lagute Sciener Smart Doorlock, the Vians Bluetooth Smart Doorlock, and the Elecycle EL797 and EL797G smart padlocks for allowing for replay attacks. We will put out a special mention, however, to the engineer at Kwikset who produced "fantastic" software security for its Kevo lock. Sadly the rest of the team let him down when Rose was able to open the lock with a screwdriver. Source
  13. The Truth About Bug Finders: They're Essentially Useless In tests, popular bug finders missed 98 percent of the vulnerabilities in researchers' code Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year. Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found -- what you don't know is how many were missed, leaving success rates an open mystery. So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing. LAVA, or Large-Scale Automated Vulnerability Addition, is a technique created by the researchers to test the limits of bug-finding tools in order to help developers improve them. It does that by intentionally adding vulnerabilities to a program’s source code. "The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," said Brendan Dolan-Gavitt, an assistant professor of computer science and engineering at NYU Tandon. The system inserts known quantities of novel vulnerabilities that are synthetic yet possess many of the same attributes as computer bugs in the wild. It's automated, so it avoids the cost of manual, custom-designed vulnerabilities. Instead, LAVA makes targeted edits in real programs’ source code to create hundreds of thousands of unstudied, highly realistic vulnerabilities that span the execution lifetime of a program, are embedded in normal control and data flow, and manifest only for a small fraction of inputs so as to avoid shutting the entire program down. When tested with existing bug-finding software representing both the "fuzzing" and symbolic-execution approaches commonly used today, just two percent of the bugs created by LAVA were detected. This summer, the team plans to launch an open competition to allow developers and other researchers to request a LAVA-bugged version of a piece of software, attempt to find the bugs, and receive a score based on their accuracy. "There has never been a performance benchmark at this scale in this area, and now we have one," Dolan-Gavitt said. "Developers can compete for bragging rights on who has the highest success rate in bug-finding, and the programs that will come out of the process could be stronger." A paper detailing the research was presented recently at the IEEE Symposium on Security and Privacy and published in the conference proceedings. Source
  14. Top 10 Android Most Common Problems With Their Solutions 10 Most Common Android Problems & Solutions Are you facing problems with your Android smartphone? Although Android is a great platform for mobile and tablet, you may experience problems with it at one point or another, just like any other operating systems. However, the best thing of having an android is maximum problems has a solution. In this article, we have picked the most common 10 Android problems along with its simplest and most effective solutions. Battery Drain Battery drain is one of the most common problems in an Android smartphone. This is the price we have to pay for having the smartest devices in the world. While there are many reasons behind the battery drain issue, one of the best ways to solve this issue is to enable battery saving mode and reduce your Android smartphone brightness. To resolve the problem of battery drain, you can use DU Battery Saver & Fast Charge. Also, DU Battery Saver helps you to charge your battery fast by removing the apps running in the background of your Android device. Open your Settings menu, click on the location and enable battery saving mode. Always use low brightness in an Android smartphone. Related Article: 7 Hidden Tricks Of Android Smartphone You Probably Didnt Know! Freeze Android smartphone and slow speed One of the major issues in an Android smartphone is slow speed. The reason behind the slow speed is installation of lots of unused Android apps. Also, we tend to open many Android apps at the same time resulting in slow speed. However, the solution of the problem is very simple. You need to uninstall unused apps, delete big files from Memory Card. Download Clean Master for Android smartphone. Clean Master can do all the listed things, such as it can make you uninstall an unused app and can help you clear big files from Memory card. Further, it can also clear Phone junk files using this. Related Article: Secret Trick To Make Your Android Smartphone Super Fast Wi-Fi not connecting Many a times, we face problems connecting to the internet in spite of the Android smartphone being connected to the Wi-Fi. This may solve the problem. Just go to Wi-Fi > Settings > Menu > Advanced and choose to stay connected to Wi-Fi during sleep. Alternatively, you can restart your Android smartphone and Wi-Fi router or enable Airplane mode for atleast a minute. Then, again try to connect with your Android smartphone to Wi-Fi. Syncing error with Google Several users face syncing problem with Google server in an Android smartphone for many reasons. However, the solution is simple. Firstly, check if you have recently changed your account password. If yes, then you need to update it with the new password. If the problem still persists, then enable Airplane mode for 30 seconds and try again. Alternatively, you can do remove your Google account and add it again. Keyboard not working By default, keyboard of the Android smartphone gets hung. If you are facing problems such as Keyboard taking too long to respond, or stopped responding, then it is suggested that you download Google Keyboard, as it is one of the most popular Google keyboard apps. You can make it as your default Keyboard app and can improve your typing experience too. Screen turns off when charging Your smartphone screen automatically turned off when you plug your smartphone with charger. To recover this, you need to go to Settings / Applications / Development and tick the ‘Stay awake’ option to keep the screen on when charging. Related Article: How to Charge your smartphone faster Your smartphone can’t connect to your PC (for transferring data) If you use laptop or Wi-Fi network, you can try Airdroid app for wirelessly transferring data in the Android device. Airdroid is one of the best apps for transfer data in PC to mobile and mobile to PC. Sometimes, the USB or USB port in PC doesn’t support each other, which is why you face these type of problem. Google Play errors Google Play Store is the main hub for downloading apps in Android devices. For instance, if you are getting error like not downloading an app from the Google Play Store, then your smartphone may have a serious problem. When you are unable to download Android apps, you can’t do anything in android mobile. Just follow some simple methods to sort out these errors. You need to remove and add your Google Account. Removing it and adding your account can solve your problems within minutes. You can clear the data and Cache of Google Play Store and Services. This will fix the problems. If the problem still persists, then you need to head over Google Play Store in “Apps” and select the option of “Uninstall Updates.” Games not working The main reason for such an error in an Android smartphone could be due to the device not supporting that particular game. Always ensure that the game you want to download is compatible with your Android OS versions. Another reason for the games not running is because of insufficient RAM space in Android smartphone. Use Clean Master for boosting games in Android mobile. If you are game lover then you can go through our list and download Best Free Car Racing Games for Android Mobile. Insufficient space error Android provides limited storage for apps and we don’t have the authority to expand it. So, if you are running Android that frequently shows up insufficient space error, then there is no fix. You just need to install the app CCleaner in your Android device that will help you free up some storage. Related Article: Top 5 apps for saving storage space on Android smartphones Source
  15. Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities, but of the eight that it listed in its advisory, those three are the most serious. The full list of vulnerabilities patched in Chrome 35 will be published later, but here are the ones that Google has published and received bug bounties: [$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. [$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. [$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. [$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. [$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. [$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. Users running Chrome should upgrade as soon as possible in order to avoid attacks against these flaws. Source
  • Create New...