"Microsoft has reversed course on a decision it announced last week. According to an official statement, Windows 8 users will receive critical security updates for Flash Player "shortly." But larger questions remain."
It looks like Windows 8 users won't be at risk of attack from unpatched vulnerabilities in Adobe's Flash Player much longer.
In an e-mailed statement I received late last night, Yunsun Wee, Director of Microsoft Trustworthy Computing, said:
In light of Adobe's recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe's as possible.
That decision is the first step in correcting a serious security screw-up on Microsoft's part.
Here's the background:
Adobe released critical security updates for Flash Player on August 14 and August 21. Those patches were immediately available for installation on Internet Explorer 9 and earlier versions in Windows 7, Windows Vista, and Windows XP SP3. A plugin version was released promptly for Mozilla Firefox. The patches were also incorporated into Google Chrome and sent out via that browser's automatic update mechanism....
Continued : http://www.zdnet.com/microsoft-to-deliver-flash-update-to-windows-8-users-shortly-7000004039/
Related: Microsoft puts Win 8 users at risk with missing Flash update
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
NEWS - September 11, 2012
GoDaddy, one of the Internet's biggest webhosting providers, experienced technical difficulties on Monday that prevented many people from visiting sites that relied on the service for connectivity.
A little after 5 p.m. California time on Monday, company officials took to Twitter to say the outage was mostly resolved.
"Most customer hosted sites back online," the dispatch stated. "We're working out the last few kinks for our site & control centers. No customer data compromised."
Searches using the dig utility also indicated domain name system servers operated by GoDaddy competitor VeriSign were being used to resolve the godaddy.com domain name. Wired reported VeriSign was hosting GoDaddy's DNS servers, too, although Ars couldn't independently verify that. One reason GoDaddy might turn to VeriSign is to avail itself of functional domain-name-resolution services. VeriSign operates a denial-of-service mitigation service called iDefense, so another possibility is that GoDaddy is under attack and is turning to VeriSign for help blocking it.
Continued : http://arstechnica.com/security/2012/09/godaddy-outage-makes-websites-unavailable-for-many-internet-users/
Also:
Millions of Go Daddy Sites, E-mail Accounts Knocked Offline in Alleged Anonymous DDoS Attack
GoDaddy comes back online after attacks
GoDaddy experiences massive outage
Go Daddy largely unavailable for over 4 hours - Hacker revenge or SNAFU?
Discussion is locked
5 Posts
- Collapse
- Collapse -
- Collapse -
After being deported from Cambodia yesterday Pirate Bay co-founder Gottfrid Svatholm is now back on Swedish soil. The big question now concerns the motivations of the authorities in having him brought back to Sweden. It now seems almost certain that they want Gottfrid for more than just the Pirate Bay case. TorrentFreak is informed that upon his arrival the 27-year-old was immediately charged by police in connection with another alleged crime.
After a stormy and somewhat confusing twelve days, Pirate Bay co-founder Gottfrid Svartholm was finally deported from Cambodia last night.
"We deported him out of the country in accordance with the order from the ministry of interior," confirmed Chhour Kimny, chief of the country's immigration police.
Gottfrid's Cambodian visa had expired so this was used by the Cambodian authorities to kick him out. However, if Gottfrid was being deported he should have had a choice of which country to go to, but this appears to have been denied.
Continued : http://torrentfreak.com/pirate-bay-co-founder-lands-in-sweden-immediately-charged-by-police-120911/
Related:
Pirate Bay's co-founder deported to Sweden, Anonymous hacks Cambodian ministry
Pirate Bay's Warg, back in Sweden, busted on hacking charges
Hackers Protest Against Arrest of TPB Co-Founder, 5,000 Documents Leaked
- Collapse -
The internet is abuzz with whispers that Apple's iPhone 5, rumored to be launched this week, will come with a fingerprint scanner to secure the device. If true, this could be a big step forward in Apple's quest to make the iPhone a digital wallet.
Here's what we know: Apple will release the iPhone 5 on Wednesday, September 12 at a company-sponsored event. Actually, we don't know that. What we do know is that the company has sent out invitations to members of the media for an event in San Francisco dated September 12 that is widely expected to be the launch of the phone.
As for the rumors about a biometric fingerprint scanner as one of the new features of the iPhone 5 - they're mainly informed speculation, based on an announcement in late July from security device maker AuthenTec Inc.
AuthenTec had entered into an agreement that had Apple buying it for $8.00 a share, or around $356 million in cash.
AuthenTec, you might recall, makes a wide range of security technology for mobile devices and corporate networks. (Actually, Naked Security wrote just last week about a dire security warning from the Russian firm Elcomsoft, which accused AuthenTec of storing Windows passwords insecurely in management software that is installed with the UPEK scanners. AuthenTec vigorously denied the allegation, and Elcomsoft, to date, hasn't produced any proof to back up their claims.)
Continued : http://nakedsecurity.sophos.com/2012/09/11/will-iphone-5-have-a-fingerprint-scanner-and-will-anybody-use-it/
- Collapse -
Cryptology experts at ElcomSoft have published a report that reveals that the popular UPEK fingerprint readers made by AuthenTec enable attackers to extract Windows passwords from the registry.
The flaw is present in the UPEK Protector Suite, which is the piece of software that interfaces the company's scanner hardware with Windows. This software was apparently pre-installed on a wide range of laptops which included UPEK devices. According to a list on the manufacturer's web site, which has since been deleted, different variants of the UPEK readers are used in laptops from most major manufacturers, including Dell, Lenovo, ASUS, Acer, Samsung and Toshiba. Additionally, UPEK Protector Suite is also being sold as a stand-alone product.
The UPEK Protector Suite saves the user's password in the Windows registry when the fingerprint-based login functionality is activated. This is necessary so that the application can present Windows with the password for the user once a valid fingerprint is detected. The passwords are encrypted with the AES cypher, but the encryption has apparently been implemented incorrectly. According to ElcomSoft, the key is always the same and can be reconstructed. To demonstrate this, the ElcomSoft developers have provided The H's associates at heise Security with a tool that shows the first three characters of the passwords for all users on the system where the Protector Suite is installed and who have activated its Windows login functionality.
Continued : http://www.h-online.com/security/news/item/Fingerprint-reader-reveals-passwords-1704058.html
- Collapse -
"Web host debunks rumors that a debilitating DDoS attack took it down."
Monday's five-hour outage that left GoDaddy unable to serve millions of websites that depend on it for Web hosting was not caused by an external attack as claimed by an anonymous hoaxster. An internal network error was at fault, company officials said Tuesday morning.
"It was not a 'hack' and it was not a denial of service attack (DDoS)," GoDaddy Interim CEO Scott Wagner wrote in an e-mail. "We have determined the service outage was due to a series of internal network events that corrupted router data tables."
Once engineers identified the problem, they were able to restore e-mail and connectivity to the company's and customers' websites, Wagner added. Customer data was never at risk of being exposed during the outage, which prevented people from accessing many or all of the websites that rely on GoDaddy.
The high-profile outage caused no shortage of frustration and disruption for the millions of individuals and businesses who rely on GoDaddy to provide e-mail and Web connectivity. Shortly after it began, an unidentified individual took to Twitter to claim the outage was the result of a distributed denial-of-service attack. The individual provided no evidence to support the claim, but it was widely reported as fact by both news and blog reports.
Continued : http://arstechnica.com/security/2012/09/godaddy-outage-caused-by-router-snafu-not-ddos-attack/
Related: GoDaddy Says Glitch, Not Hacker, Caused Outages
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic