blog trackingRealtime Web Statistics Fixes Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘fixes’

NSA merging anti-hacker team that fixes security holes with one that uses them

Source: National Cyber Security – Produced By Gregory Evans

NSA merging anti-hacker team that fixes security holes with one that uses them

A reorganization of the National Security Agency could increase pressure on US spies to choose between keeping hackers out – or acting like them to gather intelligence. This week, the NSA is expected to announce an internal reshuffling that will merge its defensive and offensive cybersecurity missions, two former US officials said. The defensive side, called the Information Assurance Directorate (IAD), works with private companies and government networks to plug security holes before they can be exploited in a cyberattack. The offensive side, called the Signals Intelligence Directorate, often seeks to leave such security holes unpatched so they can be used when they hack into foreign systems. Merging the two departments goes against the recommendation of some computer security experts, technology executives and the Obama administration’s surveillance reform commission, all of which have argued that those two missions are inherently contradictory and need to be further separated. The NSA could decide not tell a tech company to patch a security flaw, they argue, if it knows it could be used to hack into a targeted machine. This could leave consumers at risk. NSA director admiral Michael Rogers has said a flatter structure is necessary to make the agency, which can […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post NSA merging anti-hacker team that fixes security holes with one that uses them appeared first on National Cyber Security.

View full post on National Cyber Security

Talk2Watch Pro updated with new features and fixes to music controls

For those who use a Pebble or Pebble Time with their BlackBerry 10 smartphone will probably be using Talk2Watch Pro to get functionality out of the watch. With a dedicated and active developer, it really is the recommended app. The developer has been busy working on some updates and fixes and a new update has just been pushed. It brings fixes to the music controls where the play/pause button wasn’t quite working as well as some nice new additions.

Read More »

View full post on MobileNations

OnePlus 2 gets updated to OxygenOS 2.0.1 (Stagefright patch and other fixes included)


Starting today, OnePlus is rolling out an over the air update (the first) to its newest smartphone, the OnePlus 2. More exactly, the update is for the international variant of the OnePlus 2 (which runs OxygenOS, not HydrogenOS, like the Chinese model), and brings OxygenOS to version 2.0.1.

Like plenty of other software updates lately, the one offered by OnePlus addresses the Stagefright security exploit. However, that’s not all that OnePlus 2 users are getting with this update. Also included are improved battery performance, improved “user interface logic and coherence”, and various …

View full post on PhoneArena

Verizon pushes out Android 5.1.1 and Stagefright fixes to Galaxy S6, Galaxy S6 edge and Tab 4 10.1

Verizon is sending out Android 5.1.1 and fixes for the Stagefright Exploit to its version of the Samsung Galaxy S6, Samsung Galaxy S6 edge and the Samsung Galaxy Tab 4 10.1. For the Samsung Galaxy S6 and the Samsung Galaxy S6 edge, the update allows you to use Caller Name ID if you have Advanced Calling enabled. With this feature, you can identify who is calling you, giving you the ability to screen calls. The update also gives you the ability to turn off the parallax “Wallpaper motion effect” if it is making you dizzy. It also gives you more wallpaper options to choose from for your lock screen …

View full post on PhoneArena

Windows 10 Mobile Preview build 10512 has over 2,000 fixes

Microsoft has made Windows 10 Mobile Preview build 10512 available to Windows Insiders on the Fast update. That build has over 2,000 bug fixes compared to the last preview version, 10166, which was released over a month ago.

View full post on MobileNations

Tesla’s Response to Hacked Car Offers a Road Map for Fast Fixes

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity researchers on Friday are publicizing software flaws in the Tesla Model S that could allow remote hackers to shut down a moving car’s engine. But owners of the high-tech luxury sedan have little need to worry. The electric-car maker quickly deployed a fix over the Internet. As cars loaded with on-board computers increasingly add wireless connections they are becoming more vulnerable to hackers, as seen recently with a Jeep Cherokee. Tesla’s response offers a model for how other automakers can address the increasing threat of computer attacks. Tesla owners get prompted on their cars’ infotainment screens to download software updates, the same way smartphone users do. The consultants who found the Model S flaws — Kevin Mahaffey, co-founder and chief technology officer of Lookout Inc., and Marc Rogers, principal security researcher for CloudFlare Inc. — revealed the vulnerabilities earlier this week ahead of a presentationFriday at the DefCon hacker conference in Las Vegas. The pair discovered six key weaknesses in the vehicle, alerted Tesla Motors Inc. and coordinated their disclosure with a fix from the automaker to reduce the risk to owners of the car, which starts at $70,000. Two-Edged Sword Such responsible disclosure, as the process is known […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Tesla’s Response to Hacked Car Offers a Road Map for Fast Fixes appeared first on National Cyber Security.

View full post on National Cyber Security

BMW fixes security flaw that left locks open to hackers

_80724006_478390649

Source: National Cyber Security – Produced By Gregory Evans

The flaw affected models fitted with BMW’s ConnectedDrive software, which uses an on-board Sim card. The software operated door locks, air conditioning and traffic updates but no driving firmware such as brakes or steering, BMW said. No cars have actually been hacked, but the flaw was identified by German motorist association ADAC. ADAC’s researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim. The patch, which would be applied automatically, included making data from the car encrypted via HTTPS (HyperText Transfer Protocol Secure) — the same security commonly used for online banking, BMW said. “On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network,” it said in a statement. This should have already been in place, said security expert Graham Cluley. “You would probably have hoped that BMW’s engineers would have thought about [using HTTPS] in the first place,” he wrote on his blog. “If you are worried that your vehicle may not have received the update (perhaps because […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post BMW fixes security flaw that left locks open to hackers appeared first on National Cyber Security.

View full post on National Cyber Security

Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities

1

Mozilla yesterday discharged the considerably upgraded variant 29 of its Firefox program. The most recent cycle incorporates fixes for various basic and very evaluated security vulnerabilities. Around the five discriminating vulnerabilities are client without after bugs in nshostresolve, imgloader while resizing pictures, and the Text Track Manager for HTML features. The remaining two discriminatingly appraised patches resolve a benefit heightening weakness in the Web warning provision programming interface and an assortment of memory security dangers. Settles that get discriminating appraisals apply to vulnerabilities that could be misused to run assaulter code and introduce programming without any client cooperation past typical …continue reading

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Fixes Critical Vulnerability in Windows Common Controls

April’s Patch Tuesday update delivers six bulletins — including a critical fix for a core flaw that affects a long list of Microsoft applications.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Flash Player 11.2 fixes critical vulnerabilities and adds silent updates

Adobe have released Flash Player 11.2, addressing two critical arbitrary code execution vulnerabilities and introducing a silent update option.

One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.

Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely. However, Adobe is not aware of any exploits for these flaws being used in online attacks at this time, said Wiebke Lips, Adobe’s senior manager of corporate communications.

Users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris are advised to update to the new Adobe Flash Player 11.2 for their respective platforms. Users of Adobe Flash Player 11.1.111.7 for Android are advised to update to Flash Player 11.1.111.8.

Flash Player 11.2 also introduces a new updating mechanism that can be configured to check for and deploy updates in the background automatically, without requiring user interaction. The feature has been in Adobe’s plans for a long time and is expected to decrease the number of outdated Flash Player installations that attackers can target.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks,” said Peleus Uhley, platform security strategist at Adobe. “This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach. We are hoping to have similar success.”

The move was welcomed by Thomas Kristensen, chief security officer at Secunia, which develops the popular Personal Software Inspector (PSI) patch management program.

“A silent and automatic updating mechanism for Flash would help the majority of users. A more consistent and rapid updating of the user base is likely to impact the attackers’ preferences for Flash,” he said.

Of course, this will only happen after the vast majority of users upgrade to Flash Player 11.2 or a later version using the old method that requires explicit approval.

When Adobe Flash Player 11.2 is installed, users are asked to choose an update method. The available choices are: install updates automatically when available (recommended), notify me when updates are available, and never check for updates (not recommended).

The silent updater will try to contact Adobe’s update server every hour until it succeeds. If it receives a valid response from the server that no update is available, it will wait 24 hours before checking again.

For now, the automatic update option is only available for Flash Player on Windows, but Adobe is working on implementing it for Mac versions as well, Uhley said.

However, even if the automatic update option is enabled, Adobe will decide on a case-by-case basis which updates will be deployed silently and which won’t. Those that change the Flash Player default settings will require user interaction.

The new updater will update all Flash Player browser plug-ins installed on the system at the same time. “This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other open source browsers,” Uhley said.

In addition to keeping the Flash Player install base up to date more easily and reducing the time required to effectively respond to zero-day attacks — attacks that exploit previously unknown vulnerabilities — the new silent updater could also reduce the number of scams that distribute malware as Flash Player updates.

“The pretext of a Flash Player update has been intensively used by cyber-crooks to lure users into downloading malicious content,” said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender. “By eliminating the update wizard, users will likely get more difficult to con on the pretext of a legitimate update required by an application they trust.”

Unfortunately, this silent update model can’t be applied to all applications, Botezatu said. He gave the example of Internet Explorer 6, which Microsoft is trying to phase out, but that companies still widely use because their business applications are dependent on it and don’t work on newer versions.

Adobe is doing its part to convince users to move away from Internet Explorer 6 by dropping support for the browser from upcoming Flash Player versions. “We will no longer include testing on Internet Explorer 6 in our certification process and strongly encourage users to upgrade to the newest version of Internet Explorer,” Uhley said.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1de731e0/l/0Lnews0Btechworld0N0Csecurity0C33478370Cflash0Eplayer0E1120Efixes0Ecritical0Evulnerabilities0Eadds0Esilent0Eupdates0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Page 1 of 212»

My Twitter

  • 28 Turn-Ons for Girls That’ll Make Them Melt in Your Arms https://t.co/oY2iBIOPfP #dating @gregorydevans
    about 10 hours ago
  • Gregory D. Evans : @GregoryDEvans    Best Family Movies of 2015 https://t.co/XA0kh18gDS … #security #hacker #HTCS https://t.co/lQaDDFPk8n
    about 11 hours ago
  • Analysts Say Tinder Is ‘A Real Business’ https://t.co/IbZNBnZeqS #dating @gregorydevans
    about 12 hours ago
  • EBR 042: When You Should Use The No Contact Rule https://t.co/ZwQduQvR3v #dating @gregorydevans
    about 14 hours ago
  • Sex Addict: 11 Straight Questions to Know if You’re One https://t.co/jWL4PFsNnS #dating @gregorydevans
    about 22 hours ago

AmIHackerProof.com By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans