04Apr 2018 by richard@baronsoftware.com

Drupal under attack for one million sites

News Items
Drupal under attack for one million sites The team behind the popular open-source CMS Drupal is urging admins to update their sites to ward off a nasty bug that could leave their sites “highly compromised” to attackers, according to the organization. The effected versions (Drupal  6, 7 and 8) of the CMS power over one million websites on the internet. Drupal has marked the security risk as “highly critical” and warns that any visitor to the site could theoretically hack it through remote code execution due to a missing input validation. “This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,” the group noted in a blog post. Drupal sent out an alert last week, telling users that they’d be dropping a “highly critical…
Read More
04Apr 2018 by richard@baronsoftware.com

goo.gl is shuttering Google shortening service

News Items
goo.gl is shuttering Google shortening service Google announced that it is shutting down its URL shortening service, goo.gl. The company says that new and anonymous users won’t be able to create links through the goo.gl console as of April 13th, but existing users will be able to use it for another year, after which it will be discontinued completely. Firebase Software Engineer Michael Hermanto says that the company introduced the URL shortener in 2009, and that since then, the ways in which people share information on the web has changed, while additional URL shorteners have grown in popularity. He notes that Google is refocusing its efforts by replacing it with Firebase Dynamic Links (FDL), which allow users to redirect to specific locations in iOS, Android or web apps. Existing users will be able to…
Read More
03Apr 2018 by richard@baronsoftware.com

Why Microsoft is splitting up Windows in its latest reorganization

News Items
Why Microsoft is splitting up Windows in its latest reorganization Microsoft is embarking on yet another reorg, arguably the biggest since Satya Nadella took over as CEO four years ago. In this one, Windows will be split into sections all in the name of making Microsoft over to focus on its high-growth businesses. Microsoft is splitting up its Windows and Devices Group and moving the pieces into two new engineering units: Experiences & Devices under Executive Vice President Rajesh Jha and Cloud + AI under Executive VP Scott Guthrie. A couple of units that are currently part of Microsoft's AI + Research group are going to be moving into Guthrie's new organization. Windows and Devices chief Terry Myerson is leaving the company as part of the reorg. Microsoft is making these moves…
Read More
03Apr 2018 by richard@baronsoftware.com

15 percent or less are fully confident of recovering data in a disaster

News Items
15 percent or less are fully confident of recovering data in a disaster In a new survey data protection specialist Arcserve reveals that while downtime is a top concern, many businesses lack confidence in their ability to recover data. The study indicates that IT decision makers across America, Europe and Japan, 57 percent of respondents say they aren't confident in their ability to recover their business data in the event of a downtime or disaster event. Only just over 14 percent say they feel very confident they could recover their data. It was also reveal that over half at 56 percent that their customers don’t have a disaster recovery plan in place. Of those customers that do have a plan in place, 59 percent test it, at most, once a year. This is…
Read More
01Apr 2018 by richard@baronsoftware.com

Meltdown Patch Opened Bigger Security Hole on Windows 7

Microsoft Development, Software Events
Meltdown Patch Opened Bigger Security Hole on Windows 7 Microsoft's Meltdown patch has opened an even bigger security hole on Windows 7, allowing any user-level application to read content from the operating system's kernel, and even write data to kernel memory. Swedish IT security expert Ulf Frisk made the discovery earlier this month while working on PCILeech, a device he created a few years back for carrying out Direct Memory Access (DMA) attacks and dumping protected OS memory. Frisk says that Microsoft's Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains: In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode…
Read More