Flaw in WordPress caching plug-in could affect over 1 million sites

A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.WordPress websites are a popular target for hackers and many of them are compromised due to plug-in vulnerabilities. Just on Tuesday, the FBI warned that attackers sympathetic to the extremist group ISIS -- also known as ISIL -- have defaced many websites by exploiting known vulnerabilities in WordPress plug-ins.The persistent cross-site scripting (XSS) flaw in WP Super Cache can be exploited by sending a specifically crafted query to a WordPress website with the plug-in installed, according to Marc-Alexandre Montpas, a senior vulnerability researcher at Web security firm Sucuri.To read this article in full or to leave a comment, please click here

Seven new hardware technologies for Windows 10 PCs

The arrival of Windows 10 later this year could usher in more convenient, fun and wire-free PC computing.Some new features that make for easier hardware handling are already available, but not yet in Windows PCs, which still make up the vast majority of desktop and laptop machines. For example, Apple's MacBook and Google's Chromebook Pixel have set the stage for USB Type C ports and its associated reversible cables to be used in Windows PCs later this year. Meanwhile, the new Windows Hello feature -- which will allow users to unlock a Windows 10 device by recognizing a face, iris or fingerprint -- could bring 3D cameras and more sensors to PCs.To read this article in full or to leave a comment, please click here

Microsoft creates a container for Windows

Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system.“We’re finding that interest in containers is very high,” said Mike Schutz, who runs cloud platform product marketing for Microsoft. Twenty percent of Azure users deploy Linux and a significant number of those users run Docker containers, he said.The Windows Server Container can be used to package an application so it can be easily moved across different servers. It uses a similar approach to Docker’s, in that all the containers running on a single server all share the same operating system kernel, making them smaller and more responsive than standard virtual machines.To read this article in full or to leave a comment, please click here

Intel courts China’s hardware startups to popularize its mobile, IoT chips

Erwin Liu is the CEO of a fledgling Chinese startup, and he’s been the happy recipient of free chips from Intel.“Whenever I went to Intel’s offices, they would always give us some free samples,” he said.Liu’s company, CEIN Biotechnology, which develops finger vein scanners, is just one among the many Chinese tech startups Intel is courting.In the battle for chip supremacy, the U.S. tech giant has been trying to dig deep into China’s hardware industry, and ensure that not just big vendors use its technology, but small emerging players too.On Wednesday, Intel held its annual developers conference in Shenzhen, China, at a time when rival ARM-based chips from Qualcomm and MediaTek have been all the rage.To read this article in full or to leave a comment, please click here

Network Zen: You Cant Change The Fact But You Might Change The Perception

  The mendicant was perplexed. This wasn’t unusual and, truth be told, the mendicant often didn’t understand everything and lived in a constant state of perplexedness. But this time, he was sure of the facts and knew that something was not right. He sighed and went to find the the Master. The Master was communing […]

The post Network Zen: You Cant Change The Fact But You Might Change The Perception appeared first on EtherealMind.

VPN Design discussion

In this post, I will give you a business requirements and information about the business of a fictitious company,together we will try to find an optimal solution for the given questions. There will be many valid solution as you will see from the comments, we will have to make tradeoffs between each design goals while… Read More »

The post VPN Design discussion appeared first on Network Design and Architecture.

Apple Watch Reviews: Complete Roundup

Like clockwork, the embargo on Apple Watch reviews ended on Wednesday morning, just two days ahead of when pre-orders of the device are scheduled to open up. Per usual, Apple sent review units to a few outlets who have now lifted the veil of secrecy from Apple's highly anticipated wearable. Below are a few of the more notable excerpts from the initial grouping of Apple Watch reviews.Nilay Patel of The Verge: Let’s just get this out of the way: the Apple Watch, as I reviewed it for the past week and a half, is kind of slow. There’s no getting around it, no way to talk about all of its interface ideas and obvious potential and hints of genius without noting that sometimes it stutters loading notifications. Sometimes pulling location information and data from your iPhone over Bluetooth and Wi-Fi takes a long time. Sometimes apps take forever to load, and sometimes third-party apps never really load at all. Sometimes it’s just unresponsive for a few seconds while it thinks and then it comes back.To read this article in full or to leave a comment, please click here

Apple Watch reviews: Complete roundup

Like clockwork, the embargo on Apple Watch reviews ended on Wednesday morning, just two days ahead of when pre-orders of the device are scheduled to open up. Per usual, Apple sent review units to a few outlets who have now lifted the veil of secrecy from Apple's highly anticipated wearable. Below are a few of the more notable excerpts from the initial grouping of Apple Watch reviews.Nilay Patel of The Verge: Let's just get this out of the way: the Apple Watch, as I reviewed it for the past week and a half, is kind of slow. There's no getting around it, no way to talk about all of its interface ideas and obvious potential and hints of genius without noting that sometimes it stutters loading notifications. Sometimes pulling location information and data from your iPhone over Bluetooth and Wi-Fi takes a long time. Sometimes apps take forever to load, and sometimes third-party apps never really load at all. Sometimes it's just unresponsive for a few seconds while it thinks and then it comes back.To read this article in full or to leave a comment, please click here

Google ordered by German authority to change privacy practices

A German data protection authority has ordered Google to change how it handles users’ private data in the country by the end of the year.The administrative order was issued on Wednesday by the Hamburg Commissioner for Data Protection and Freedom of Information, Johannes Caspar, in order to force Google to comply with German data protection law and give users more control over their data.Google started combining existing policies for various services when it changed its privacy policy in 2012, despite the concerns of European Union data protection authorities. At least six authorities then started formal investigations into the new policy; Hamburg was one of those six.To read this article in full or to leave a comment, please click here

Encryption startup Vera locks down transferred documents

In Silicon Valley, the recruiting game is extremely competitive, according to Ron Harrison, founder of Jivaro Professional Headhunters, a specialist in placing technology candidates.In some cases, Harrison said the difference between getting nothing and a US$30,000 fee has come down to the few slim minutes between when one recruiter sent a resume to a company and a competing recruiter did.“It’s a dirty business,” Harrison said in a phone interview.Recruiting is complicated by the fact that companies may share resumes, even if the receiving company isn’t a client of the recruiter. Essentially, it means a recruiter loses its intellectual property through a gaping hole: an unencrypted document can be sent to anyone.To read this article in full or to leave a comment, please click here

How the Apple Watch is like Google Glass

The Verge has a terrific “day in the life” review of the Apple watch today, written by editor-in-chief Nilay Patel, that puts the device through its paces morning, noon and night.It’s a lengthy read and I thought one of its most telling points, near the end, was worth noting here: After the gym, I head to Betony for drinks with Eater managing editor Sonia Chopra so we can talk about a future of food series for later in the year. So far I’ve mostly used the Watch either alone or in an office environment, but it’s really different to have a smartwatch in a bar: here, even small distractions make you seem like a jerk. Sonia’s trying to describe the project to me and find ways to work together, but I keep glancing at my wrist to see extremely unimportant emails fly by.To read this article in full or to leave a comment, please click here

Oyster breaks out of its subscription shell, targets Amazon with e-book store

E-book subscription service Oyster has opened an online book store, a move that pits the young company against heavyweight Amazon.Oyster’s ebook store has the support of the top five publishers in the U.S. While Amazon also offers books from these publishers—Hachette, HarperCollins, Macmillan, Penguin Random House and Simon & Schuster—it got into a nasty battle with them over pricing. Amazon wanted to offer their books at steep discounts, ignoring the publishers’ suggested prices.The fight between Amazon and Hachette was especially toxic, with Amazon preventing customers from pre-ordering upcoming books from the publisher and threatening to stop stocking its titles. The two parties resolved their dispute last November, but didn’t disclose the deal’s terms. None of the publishers immediately replied to questions regarding their negotiations and pricing arrangements with Oyster.To read this article in full or to leave a comment, please click here

Up against laws of physics, Bell Labs pushes network performance

By using more spectrum and developing new ways to send multiple channels of data at the same time, researchers at Bell Labs are working to increase bandwidths over fiber, copper and the air.Alcatel-Lucent’s Bell Labs celebrated its Nobel Laureates and gave a sneak peek at some of the projects that are part of its vision for networks in 2020 at an event on Wednesday.Because most network technologies have hit or are very close to the limit of what can be transferred over one channel, increasing speeds is getting more complicated. But Bell Labs President Marcus Weldon is convinced there is still room for major improvements.Part of Bell Labs’ plan for 5G is a pint-sized base station, or small cell, that can generate its own power by using solar energy or energy harvesting. The power consumption of current equipment has to come down for this to work, according to Weldon.To read this article in full or to leave a comment, please click here

Retirement or Die

Large-scale Google malvertising campaign hits users with exploits

A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.Exploit kits are Web-based attack platforms that try to exploit vulnerabilities in browsers and browser plug-ins in order to infect users’ computers with malware. The Nuclear Exploit Kit specifically targets vulnerabilities in Adobe Flash Player, Oracle Java and Microsoft Silverlight.To read this article in full or to leave a comment, please click here

Saisei Tries to Stuff ‘Net Neutrality’ into a Virtual Box

Saisei's latest FlowCommand offering aims for the FCC's favorite buzzword.

The Upload: Your tech news briefing for Wednesday, April 8

Microsoft will offer a peek at new Office apps next weekA Microsoft event on April 16 promises an advance look at how the next version of Office will work with Windows 10, PC World reports. Demonstrations are expected to include applications that run across all platforms from mobile to desktop, and some new features in Office 2016, optimized for a touch interface.Intel shrinking RealSense 3D cameraIntel has shrunk its RealSense 3D camera and is in China pitching it to smartphone makers. In Shenzhen on Wednesday, CEO Brian Krzanich showed off a 6-inch prototype phone built with the new camera, which will be available in devices later this year.To read this article in full or to leave a comment, please click here

NAS shoot-out: QNAP vs. Synology

The past few years have seen a meteoric rise in the breadth and scope of small-business NAS, and while the top names in this space may have brought the core disciplines of NAS and even SAN to maturity, they continue to add features to their hardware. The latest from QNAP and Synology -- two longtime leaders in this market -- showcase this trend.To read this article in full or to leave a comment, please click here(Insider Story)

LG wants your help to hype its G4 smartphone

LG Electronics is recruiting an army of social media users to test and talk up the company’s new G4 smartphone ahead of its official launch on April 28.By offering 4,000 people a G4 for 30 days, the company hopes to create some buzz around its new device as flagship devices from its rivals Samsung Electronics and HTC go on sale.The Consumer Experience Campaign kicks off in South Korea on Wednesday, and will then expand to Turkey, Indonesia, Singapore, U.S., China, India, Brazil, Canada, U.K., France, Germany, Mexico, Japan and Hong Kong, LG said.Exactly how the company will choose the testers is unclear, but interested users are encouraged to check local LG webpages and social media sites in the coming days for more details on how to participate. The chosen will be given a G4 for up to 30 days, it said.To read this article in full or to leave a comment, please click here

Automate All The Things? Maybe Not

I’m fundamentally lazy. That’s why automation appeals: less work for me. Get the machine to do it instead. But automating everything isn’t always the right answer. Sometimes you need to ask yourself: Does this task need to be done at all? Or can I get someone else to do it for me?

Automating tasks carries some overhead. If you’re really unlucky, you’ll end up spending more time on the automation than doing it manually:

So if you can eliminate tasks, you’re in a much better position. Here’s a few contrived examples, based around a fictitious email provider:

Eliminating Tasks: Maximum Email Size for ‘Special’ Users

15-20 years ago we had limited bandwidth, and limited storage. It seemed reasonable to limit the maximum email message size. Otherwise people would send monstrous 2MB attachments. Of course, there were always ’special’ cases that needed to be able to send enormous 5MB AVI files. So we had special groups of users defined that could send large emails.

Users could put in a request to the Help Desk to get access to send large emails. That would go via some manager, who would of course approve it. Someone would then need to manually update that Continue reading