Posts

Twitter flaw allowed you to tweet from any account

Image
All this time, a rather simple Twitter bug could have caused chaos on the platform. A Twitter security flaw which went undetected for years allowed attackers to post messages masquerading as any user they chose. A security researcher that goes under the moniker Kedrisch  disclosed the flaw  on Tuesday, which was present on the microblogging platform until 28 February this year. Discovered in  Twitter Ads Studio , a platform for advertisers to upload media and content, the high-severity bug appeared in the service library where users can review media before publishing. When handling media and tweet publishing requests, by sharing this media with an intended victim and then modifying the post request with the victim's account ID, the media in question would be automatically posted from the victim's account rather than the attacker's. As only the parameters of the code needed to be tweaked, there was no need to have any account credentials belonging to the ...

Network slicing the next step to automated telecom networks: Nokia

Image
Following virtualisation, network slicing is the next step towards automated and programmable networks and 5G, Nokia has said, with an upgrade to optical transmission key to this. Network operators will go through a staged process of network virtualisation, slicing, and automation in the years towards 5G, Nokia has said, with an emphasis on upgrading optical transmission networks key to this. According to managing director of Nokia Oceania Ray Owen and Global VP of Nokia Optics Sam Bucci, Nokia is one of only two companies in the world that can offer an end-to-end solution across the whole network for this journey towards 5G -- which begins with the optical transmission backbone. "What we're seeing today is the need to do a massive infrastructure renewal, which is in the backbone of that network,". "The investment for 5G for us in Australia has started already, and it's mainly in this optical transport networking area ... behind every wireless netwo...

Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug

Image
The vulnerability has been dubbed the worst Windows remote code execution flaw in recent memory. Microsoft has released a patch rapidly developed to combat a severe zero-day vulnerability discovered only days ago. Late Monday, the Redmond giant issued a security advisory for  CVE-2017-0290 , a remote code execution flaw impacting the Windows operating system.The security vulnerability was disclosed over the weekend by Google Project Zero security experts Natalie Silvanovich and Tavis Ormandy. On Twitter , prominent vulnerability hunter Ormandy revealed the existence of a zero-day flaw in Microsoft Malware Protection Engine (MsMpEng), used by Windows Defender and other security products. The researcher deemed the find a "crazy bad" bug which may be "the worst Windows remote code exec [execution flaw] in recent memory." Ormandy did not reveal anything else at the time, to give Microsoft time to fix the scripting engine memory corruption vulnerability aft...

Intel AMT vulnerability hits business chips from 2008 onwards

Image
Silicon giant releases new firmware to patch holes in separate management processor. Intel has  announced  its Active Management Technology (AMT), Standard Manageability (ISM), and Small Business Technology (SBT) firmware has been vulnerable to a pair of privilege escalation issues that could allow an attacker to remotely take control of a machine. The first, found on AMT and ISM units could allow a remote unprivileged attacker to "gain system privileges to provisioned [chips]," Intel said. The second would allow a local attacker to gain "unprivileged network or local system privileges" on chips with AMT, ISM, and SBT. Chips from Intel's 2008-released Nehalem architecture onwards are impacted by the vulnerabilities if they run manageability firmware between versions 6 and 11.6. "Intel highly recommends that the first step in all mitigation paths is to unprovision the Intel manageability SKU to address the network privilege escalation vulnerabili...

FalseGuide malware victim count jumps to 2 million androiders

Image
With five additional apps found containing FalseGuide, Check Point has estimated 2 million Android users have unknowingly downloaded malware. An estimated 2 million Android users have now fallen victim to malware mistakenly downloaded from Google Play, which was initially reported to have affected approximately 600,000 users. The malware, dubbed FalseGuide, was hidden in more than 40 guide apps for games, the oldest of which was uploaded to Google Play as early as November last year, security researchers from  Check Point said . "Since April 24, when the article below was first published, Check Point researchers learned that the FalseGuide attack is far more extensive than originally understood," Check Point said. "The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads." The security firm said it found five additional apps containing the malware...

Microsoft is testing new battery-saving technology for the Windows 10 machines(Redstone 3)

Image
Microsoft is working to add a new battery-saving feature to Windows 10 'Redstone 3', and it has begun testing it on machines with Intel sixth-generation and beyond Core processors. Microsoft rolled out its second "Redstone 3" test build for PCs on April 14. On April 18, officials went public with one of the under-the-cover features in that build:  Power Throttling . Microsoft officials first talked up intentions to provide this kind of battery-saving feature in January, when the company was testing the Windows 10 Creators Update. In Build 15002 of the Creators Update. Microsoft officials said they were experimenting with power throttling with some, but not all, testers. In early experiments, Microsoft executives said Power Throttling showed up to an 11-percent savings in CPU power consumption for "some of the most strenuous cases."Power Throttling (a temporary, not final, name for this feature) is in the Insider Preview build 16176 for Fast Ring PC t...

Samsung testing a dual-screen phone prototype

Image
The limited test is so Samsung can understand how the market will react to a dual-screen smartphone. A report said Samsung also has a foldable OLED smartphone in the works to get into the market. Samsung plans to carry out pilot production of a dual-screen smartphone during the middle of this year,  reported  ET News, as the smartphone giant looks to better understand how the market will react to the form factor. Samsung is planning to produce 2,000 to 3,000 dual-screen smartphones and has already ordered corresponding components to complete the prototype device, the report said. It's not clear what the specific design of the dual-screen smartphone will look like, but it will be made up of two display panels, folded and unfolded. The Investor  added  that the prototype can be folded open 180 degrees and the two display panels are connected by a hinge in the middle. Samsung has been working on foldable display technology, but has yet to bring...

ANZ to use voice biometrics for securing mobile money transfers

Image
The bank has launched a pilot trialing voice verification for money transfers greater than AU$1,000. Australia and New Zealand Banking Group (ANZ) has announced it will be introducing voice biometrics to its mobile banking in a bid to improve security on high value transactions. From mid-2017, customers transferring more than AU$1,000 through ANZ's mobile apps will be able to use their voice to automatically authorise high value payments, and bypass usual security measures such as visiting a branch in person. ANZ will kick off the new technology with a pilot running with ANZ staff and select customers in May using the Grow by ANZ mobile app. The service will then be rolled out to ANZ goMoney and other digital services progressively, the bank said. According to Peter Dalton, ANZ managing director customer experience and digital channels, voice biometrics is the next step in making banking more convenient for customers while also strengthening security. "One of the...

ISPs: We're not going to sell your web browsing data

Image
Summary: Verizon, Comcast and AT&T all defended their business practices following a controversial congressional vote that gives them the power to sell customers' data. Major internet service providers (ISPs) on Friday said they don't plan to sell their customers' web browsing data, even after Congress cleared the way for them to do so. The statements from Verizon, Comcast and AT&T follow the congressional vote to repeal federal regulation that would have prevented ISPs from selling consumers' personal information. "We have  committed  not to share our customers' sensitive information (such as banking, children's, and health information), unless we first obtain their affirmative, opt-in consent," wrote  Comcast senior vice president Gerard Lewis . He argued that Comcast's privacy commitments "go even beyond this protection of sensitive information that has dominated the dialogue this week. If a customer does not want us to ...

Microsoft: No, Linux users, we didn't try to penalize you for not using Windows with OneDrive

Image
Summary: Microsoft fixes a bug that made its file-hosting service, OneDrive, slow on Linux but not on Windows. Microsoft has resolved a bug that made OneDrive and OneDrive for Business slow on Linux machines but not on any other platform, including iOS, Chrome OS, macOS, and Windows. A Microsoft OneDrive spokesman called Edgar has now confirmed that the issue has been resolved, pointing to a failure in a browser component designed to speed up background processing called prefetching. "We identified that StaticLoad.aspx, a page that prefetches resources in the background for Office online apps was using the link prefetching browser mechanism only for certain platforms, iOS, Chrome OS, Mac, Windows, but for Linux it was falling back to a less efficient technique that was causing the issue. Rest assured that this was not intentional. It was an oversight," Edgar  said  on  Hacker News . Microsoft fixed the issue by disabling prefetching and then enabled it again...