01Apr 2018 by richard@baronsoftware.com

Meltdown Patch Opened Bigger Security Hole on Windows 7

Microsoft Development, Software Events
Meltdown Patch Opened Bigger Security Hole on Windows 7 Microsoft's Meltdown patch has opened an even bigger security hole on Windows 7, allowing any user-level application to read content from the operating system's kernel, and even write data to kernel memory. Swedish IT security expert Ulf Frisk made the discovery earlier this month while working on PCILeech, a device he created a few years back for carrying out Direct Memory Access (DMA) attacks and dumping protected OS memory. Frisk says that Microsoft's Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains: In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode…
Read More
31Mar 2018 by richard@baronsoftware.com

CommunityToolbar in Delphi creates problems

Rad Studio Delphi Development
CommunityToolbar in Delphi creates problems The CommunityToolbarXXX.BPL located in your C:\Program Files (x86)\Embarcadero\Studio\XX.0\Bin creates problems for the IDE in the long run.  Apparently you can get an access violation when closing the IDE or if you click on tools\options followed by Ok you can get a script error using Tokyo.  The XXX is the version number located in the BIN folder.  For Berlin it was 240 and for Tokyo it was 250. Embarcadero intended good things to happen using the community toolbar but once again the QA department has failed to capture a bad bug. Something of this nature should never happen during the testing phase when the product is about to be released but lately it has happened alot. To rid the problem all you have to do is…
Read More
29Mar 2018 by richard@baronsoftware.com

Apple announcements for Education

Software Events
Apple announcements for Education Apple took its annual spring event out of California and hosted it at a high school in Chicago this year, promising to focus its newest products toward the education market that’s been dominated by Google and Microsoft. The keynote was condensed into just one hour, most of which revolved around all the things you can do with a newly announced iPad. Here’s a look at all the biggest news today. The star of today’s announcement was the new “affordable” iPad with stylus support. Affordable is in quotations because it costs $299 for schools, but $329 for everyone else — the same price as iPad’s 9.7-inch tablet announced last spring. The biggest update with this iPad is that it’ll finally work with the $99 Apple Pencil ($89 for students…
Read More
28Mar 2018 by richard@baronsoftware.com

The FTC confirms it’s investigating Facebook over its privacy practices

News Items, Software Events
The FTC confirms it’s investigating Facebook over its privacy practices The Federal Trade Commission has confirmed that it is investigating Facebook’s privacy practices after it was revealed that the company allowed Cambridge Analytica access to the personal data of some 50 million Facebook users without their expressed consent. “The FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices,” the agency said in a statement, after declining to comment last week when Bloomberg reported that an investigation has been opened. Specifically, the investigation seeks to find whether Facebook violated a consent decree — which requires the social network to obtain explicit permission from users to share their data with third parties — that it signed…
Read More
25Mar 2018 by richard@baronsoftware.com

Vast amount of Servers are leaking huge amounts of passwords and keys

News Items, Software Events
Vast amount of Servers are leaking huge amounts of passwords and keys Thousands of servers operated by businesses and other organizations are openly sharing credentials that may allow anyone on the Internet to log in and read or modify potentially sensitive data stored online. In a blog post published late last week, researcher Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to…
Read More