Android’s Stagefright vulnerability hardened against exploits

Last week Google announced fixes to the widely reported Stagefright vulnerability. Fix might not be the right word, though, because as of April 19, 2016, when Google released the Android Security Year in Review for 2015, the company reported: “As of this writing, we have not observed, nor are we aware of, any successful attempts to exploit the Stagefright vulnerabilities against actual user devices.”The status of this exploit seems to contradict the many reports of the Stagefright vulnerability, dating to its announcement at the Black Hat security conference last summer. If all were true, Android phones could be expected to spontaneously combust at any moment.To read this article in full or to leave a comment, please click here

Inside ImageTragick: The Real Payloads Being Used to Hack Websites

Last week multiple vulnerabilities were made public in the popular image manipulation software, ImageMagick. These were quickly named ImageTragick. Although a vulnerability in image manipulation software might not seem like a problem for web site owners it is in fact a genuine security concern.

CloudFlare quickly rolled out a WAF rule to protect our customers from this vulnerability. It was automatically deployed for all customers with the WAF enabled. We know that it takes time for customers to upgrade their web server software and so the WAF protects them in the interim.

Many websites allow users to upload images and the websites themselves often manipulate these images using software like ImageMagick. For example, if you upload a picture of yourself to use as an avatar, it will very likely be resized by the website. ImageMagick is very popular and there are plugins that make it easy to use with PHP, Ruby, Node.js and other languages so it is common for websites to use it for image resizing or cropping.

Unfortunately, researchers discovered that it was possible to execute arbitrary code (CVE-2016-3714) by hiding it inside image files that a user uploads. That means an attacker can make Continue reading

IDG Contributor Network: Opening up networks to choice, at last

Creating choice is one of the fundamental drivers of innovation. Choice sparks debate, fosters competition and drives innovation. There’s always someone else in the market looking to offer us a choice from what is already here, and the decision people typically make is to go with the choice that makes life easier.For example, consider the choices people make when it comes to their mobile device. In the beginning, the majority of us in business had only one choice to access work email and applications—Blackberry. Today, with devices like iPhones and Androids that utilize open APIs, we have more choices than ever. Furthermore, each person’s mobile device can be unique and personalized to their liking.To read this article in full or to leave a comment, please click here

How gender differences can make your company stronger

Remember that popular relationship book, “Men are from Mars, Women are from Venus,” which aimed to help couples communicate better by helping them understand the innate differences between the sexes?As it turns out, the neuroscience explored in that book can help businesses create more gender balance in their ranks — not simply by upping the numbers of female hires or treating everyone the same in the hopes of eliminating bias. Rather, the practice, known as gender intelligence, applies gender science to highlight and create an appreciation for the natural differences between male and female attitudes and behaviors, according to Barbara Annis, founding partner of Gender Intelligence Group (GIG) and a pioneer behind this leadership style.To read this article in full or to leave a comment, please click here

Microsoft strips Store blocking from Windows 10 Pro

Microsoft last week confirmed that it has stopped letting business customers block the Windows Store in Windows 10 Pro, removing a feature that had been present in the operating system's initial summer 2015 release.Instead, the ability to turn off the Store -- Microsoft's distribution channel for not only apps but also games, music and movies, and about as consumer-grade as a Windows component gets -- has been restricted to Windows Enterprise, the top-tier SKU (stock-keeping unit) available only to large customers.IT administrators had been using Group Policy to block the Store within Windows 10 Pro, largely to keep workers from installing apps not on their company's approved software list. Some admins, however, had ditched the Store for other reasons, including bandwidth consumption as scores of apps frequently updated.To read this article in full or to leave a comment, please click here

First look: Microsoft’s API mashup tool for the rest of us

Not all cloud applications need to be cloud-scale. They’re often simple routing and switching apps that take information from one source, process it minimally, then pass it on. That’s where tools like IFTTT and Yahoo Pipes came into play, allowing you to quickly build and share information flows that linked one service to another. Sadly, Yahoo Pipes has been shut down, and IFTTT has concentrated on simple links to the Internet of things.That means there’s space in the market for a new tool -- one focused on working with applications and services, and capable of handling more complex chains of operations than IFTTT’s basic one input to one output mapping. You could build microservices on Node.js to automate these sorts of connections between applications and between APIs, but that would be overkill. So would Azure Logic Apps or AWS Lambda.To read this article in full or to leave a comment, please click here

20 fixes for a Windows 10 update meltdown

If you’re having problems with Windows 10’s forced updates, you’re not alone. Thankfully, with 11 cumulative updates behind us, we’ve accumulated some coping experience.Each cumulative update is different, but there’s a handful of tricks that can help jolt your system back into consciousness when a troubling cumulative update strikes. If you’re having problems, the following solutions are worth a try. If you can’t get back on course, follow the instructions at the end to find more personalized help -- and the hope to live to fight another day.[ Your one-stop shop for Microsoft knowledge: Everything you need to know about Windows 10, in a handy PDF. Download it today! | Survive and thrive with the new OS: The ultimate Windows 10 survivor kit. | Stay up on key Microsoft technologies with the Windows newsletter. ] I’ve avoided recommendations that seem old-in-the-tooth nowadays. As best I can tell, few recent cumulative update problems are solved by creating a new user account (although there are exceptions). Nor have I hit any mass resets of file associations, which is a problem that plagued earlier cumulative updates. I’m also stepping lightly over Windows Mobile -- sorry, it’s a very different Continue reading

Newspaper chain sending IT jobs overseas

The McClatchy Company, which operates a major chain of newspapers in the U.S., is moving IT work overseas.The number of affected jobs, based on employee estimates, range from 120 to 150.The chain owns about 30 newspapers, including The Sacramento Bee, where McClatchy is based; The Fresno Bee, The News & Observer in Raleigh, N.C., The State in Columbia, S.C. and the Miami Herald.In March, McClatchy IT employees were told that the company had signed a contract with Wipro, an India-based IT services provider.+ ALSO ON NETWORK WORLD The IT outsourcing price wars are on +To read this article in full or to leave a comment, please click here

7 ways to prevent mobile break-in

Looking over your shoulderImage by Louis OliveiraAs mobile devices continue to penetrate our society, mobile security is becoming increasingly difficult to manage. Every mobile device, whether it’s a phone or a tablet, provides hackers with a new avenue to seize private information. We’ve seen many banks, hospitals, and other large organizations have enormous data breaches that caused a lot of damage and recovery time, and they don’t appear to be slowing down anytime soon. For this reason, it is important to take these steps to keep mobile devices protected. Sinan Eren, vice president of Avast Software and general manager of Avast Mobile Enterprise, provides advice on how to do so.To read this article in full or to leave a comment, please click here

Can UC keep remote workers engaged?

So you have a dispersed workforce. Maybe you're part of a big company with several offices. Or maybe your employer has a liberal work-from-home policy. Or perhaps you work with key contractors who may not always be in your office. Whatever the reason, you need unified communication (UC) technology. And so do a lot of other companies. But a recent study by IT consultancy Softchoice suggests that not many companies are getting the tools they need. Softchoice surveyed 250 IT managers and 750 line-of-business professionals in North America, and 44 percent of the IT managers polled said that they found it difficult to deploy UC technology. To read this article in full or to leave a comment, please click here

Apple’s most revolutionary iPhone innovations

The 7 best iPhone innovationsEver since the original iPhone hit stores shelves back in 2007, Apple has skillfully managed to introduce new technologies to successive iPhone models to keep the refresh cycle strong and consumers excited about the latest and greatest model. Not only that, but most new iPhone releases are accompanied by new and innovative technologies that raise the technological bar for all organizations industry-wide. To this end, Apple’s influence within the smartphone industry is immense.To read this article in full or to leave a comment, please click here

New products of the week 5.9.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Absolute Endpoint Data Discovery (EDD)Key features: Endpoint Data Discovery (EDD) allows organizations to identify and protect sensitive data stored on an endpoint. More info.To read this article in full or to leave a comment, please click here

New products of the week 5.9.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Absolute Endpoint Data Discovery (EDD)Key features: Endpoint Data Discovery (EDD) allows organizations to identify and protect sensitive data stored on an endpoint. More info.To read this article in full or to leave a comment, please click here

5 free/low-cost Wi-Fi analyzers for Windows 10

Inexpensive appsWe’ve reviewed Wi-Fi analyzers that run on Android, Windows, and Mac OS X devices. These apps allow you to analyze the wireless access points and channels on the 2.4 and 5GHz bands. Now we’re reviewing apps, published as Universal Windows Platform apps on the Microsoft Store, that run on Windows 10 PCs, tablets and phones. The Wi-Fi features that developers can utilize in the Universal Windows Platform are still pretty limited. But these apps are inexpensive and/or free. Here are the individual reviews:To read this article in full or to leave a comment, please click here

Windows 10-based Wi-Fi analyzers: No frills, low cost

We’ve reviewed Wi-Fi stumbler and surveying apps that run on Android, Windows, and Mac OS X devices. These apps allow you to analyze the wireless access points and channels on the 2.4 and 5GHz bands in your network. Now we’re reviewing apps, published as Universal Windows Platform apps on the Microsoft Store, which can run on Windows 10 PCs, tablets and phones.To read this article in full or to leave a comment, please click here(Insider Story)

First Bay Area OpenResty Meetup

On March 9, 章亦春, known to most of us as agentzh, organized the first Bay Area OpenResty Meetup at CloudFlare's San Francisco office.

CloudFlare is a big user of Lua, LuaJIT, NGINX and OpenResty and happy to be able to sponsor Yichun's work on this fast, flexible platform.

The slides and videos from the meetup are now available for viewing by people who were unable to be there in person.

abode.io by Dragos Dascalita of Adobe

   

The slides are here.

KONG by Marco Palladino from Mashape

       

The slides can be found here

What's new in OpenResty for 2016 by Yichun Zhang of CloudFlare

       

Yichun's slides are here

If you are interested in being present at the next OpenResty Meetup by sure to follow the meetup itself.

Twitter blocks access to analytics around its data for US intelligence agencies

Twitter has blocked Dataminr from offering analytics around real-time tweets from the social networking site to U.S. intelligence agencies, according to a newspaper report.The social networking company, which provides Dataminr with real-time access to public tweets, seems to be trying to distance itself from appearing to aid government surveillance, a controversial issue after former National Security Agency contractor Edward Snowden revealed that the government was collecting information on users through Internet and telecommunications companies.Executives of Dataminr told intelligence agencies recently that Twitter, which holds around 5 percent of the equity in the startup and provides the data feed, did not the want the company to continue providing the service to the agencies, reported The Wall Street Journal on Sunday, quoting a person familiar with the matter.To read this article in full or to leave a comment, please click here

1 2,934 2,935 2,936 2,937 2,938 3,793