XKCD, Rack Unit →
Via Randall Munroe, at XKCD.
In not-unsurprising-cruft-news, additional, vulnerability-laden, Unix and Unix-like (read Linux) utilities have been detected, requiring updates. The list, enumerated by HD Moore, the CTO of Rapid7 (and of Metasploit fame) includes wget, tnftp, symlink issues and others. Questions have arisen, as to why these utilities have not been scrutinized earlier...
' “wget versions prior to 1.16 are vulnerable to a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target,” said HD Moore, the chief research officer at Rapid7 who found the vulnerability, in a blog post Tuesday...' - via PCWorld's Lucian Constantin
Fascinating screed via the eponymous Salted Hash column's author Steve Ragan, targeting social engineer teaming, in this case emphasizing enhanced results as the sum 'social-ness' of the effort..
via Paleofuture's Matt Novak. The inception date of our beloved interweb is generally assumed to be the date of the first electronic message transmitted via the packet switched network, that was to become the ARPANET, and at that time managed by BBN.
Quite likely, the authoritative post on the Poodle attack - via Ivan Ristić at SSL Labs, and Today's Must Read [a snippet follows].
"You can look at this problem from two perspectives. As a user, you want to protect yourself from attacks, and the best way to do that is to disable SSL 3 in your browser. (Instructions are easy to find online.) The updated SSL Labs Client Test will tell you if your change was successful. As a web site operator, you should disable SSL 3 on your servers as soon as possible. You need to do this even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited. In normal operation, SSL 3 shouldn't needed by the vast majority of sites..." - Ivan Ristic
Bad news for Network Attached Storage users, as a newly devised POC now exists. Should you be concerned? Probably.
Spry's Internet in a Box, via Sean Gallagher, writing at Ars Technica.
In a privacy reversal, Apple Inc.'s (NasdaqGS:AAPL) Spotlight search utility now mingles your search queries with millions of others, and forwards those sweet, sweet nuggets of data to Microsoft Corporations' (NasdaqGS: MSFT) Bing search engine.
While, on the surface, this data collection does not appear to violate any of http://www.apple.com/privacy, it is quite simply a terrible decision, and certainly muddies the waters for MAC OS X users world wide.. Simply astonishing...
Apple's statement, culled from the Spotlight application on Yosemite, otherwise known as Apple Mac OS X 10.10:
About Spotlight Suggestions & Privacy
When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.
You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.
Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy.
News, via Renee Yao [with guest writer Mark Voelker, technical lead at Cisco] writing at Cisco Blogs, of the newly released OpenStack 2014.2 (aka Juno). Fundamentally, OpenStack open-source software targets the creation of cloud compute infrastructure, both private and public. Absolutely Outstanding.
In an astonishing announcement, and one that I thought might never materialize in my lifetime, Lockheed Martin's Skunkworks has revealed a new fusion reactor, slated for market deployment within a decade. Not to be outdone, the University of Washington has also announced a new tokamak concept reactor that promises inexpensive energy, in fact, 'cheaper than coal'. Absolutely Outstanding.
News [via Lucian Constantin writing at PCWorld] of the latest compromised advertising networks... In this case, Right Media (now Yahoo Ad Exchange), The Rubicon Project, and OpenX - all three broadcasting their nasty bits, now infecting unknown numbers of clients... Hence the necessity of proactive ad-blocking with browser extensions such as AdBlock.
News, via John Ribeiro, writing for PCWorld, of the acceptance of Samsung Electronics Co. Ltd.'s (SSNLF) KNOX device product line within the National Security Agency's Commercial Solutions for Classified program.
Glenn Fleishman, writing at MacWorld, regales us with a sort of iCloud Omnibus; in which, the Good Mr. Fleishman tells of Cupertino's take on the security of the remote storage behemoth's infrastructure (also known as Apple Inc.'s (NasdaqGS: AAPL) iCloud).