Архив метки: script

Enterprise IT shouldn’t blame open source for their own poor security practices

Автор: | 17.05.2018

Another day, another Black Duck Software report that finds that (wait for it!) «Open-source vulnerabilities plague enterprise codebase systems,» as ZDNet’s Charlie Osborne reported. Even if we set aside the fact that Black Duck sells tools and services to root open source out of your enterprise, it’s not clear why its findings matter. Open source… Читать далее »

Linux admins: Dire vulnerability gives attackers root access in RHEL, CentOS, Fedora

Автор: | 16.05.2018

A command injection vulnerability has been discovered in the Dynamic Host Configuration Protocol (DHCP) client included in Red Hat Enterprise Linux, which would allow a malicious actor capable of setting up a DHCP server or otherwise capable of spoofing DHCP responses on a local network to execute commands with root privileges. The vulnerability—which is designated… Читать далее »

How to make open source work for your company

Автор: | 16.05.2018

Is your company a cesspool of proprietary software politics? Do you long for the day that your code can live free in the open source license of your choice? Well, it’s time to stop blaming The Man and start introspecting a bit. Or, rather, to stop introspecting and start doing something. Individuals, not companies, change… Читать далее »

The new commute: How driverless cars, hyperloop, and drones will change our travel plans

Автор: | 16.05.2018

Transportation is about to get a technology-driven reboot. The details are still taking shape, but future transport systems will certainly be connected, data-driven and highly automated. Articles about technology and the future of transportation rarely used to get far without mentioning jetpacks: a staple of science fiction from the 1920s onwards, the jetpack became a… Читать далее »

Cross-site scripting a top vulnerability, hackers find

Автор: | 16.05.2018

Cross-site scripting (XSS) is the most commonly exploited vulnerability, according to HackerOne, currently the largest platform aimed at connecting organisations with a community of white hat hackers who can identify cyber risks, which currently has around 200,000 members. XSS is a type of injection security attack in which an attacker injects data, such as a… Читать далее »

No need to panic about Efail attacks

Автор: | 15.05.2018

German and Belgian researchers have warned of potential attacks that break email encryption using Pretty Good Privacy (PGP) and secure multi-purpose internet mail extensions (S/MIME) by coercing clients into sending the full plaintext of the emails to the attacker. PGP and S/MIME encryption are used by organisations because both add an additional layer of security… Читать далее »

Трамп поможет ZTE «быстро вернуться в бизнес» » Community

Автор: | 15.05.2018

Президент США Дональд Трамп заявил, что работает с президентом Китая Си Цзиньпином, чтобы найти способ «быстро вернуться в бизнес» китайской телекоммуникационной компании ZTE, которая на прошлой неделе объявила о приостановке «основной операционной деятельности» из-за санкций США в отношении компании. Напомним, что в прошлом месяце Министерство торговли США на семь лет запретило американским компания поставлять продукты… Читать далее »

Critical PGP vulnerability could reveal text of your encrypted business emails

Автор: | 14.05.2018

Critical unpatched vulnerabilities in widely-used email encryption tools PGP and S/MIME have been discovered by a team led by Sebastian Schinzel, professor of Computer Security at the Münster University of Applied Sciences. The vulnerabilities, dubbed EFAIL, were first mentioned by the EFF on Sunday. The EFF’s report only indicated that a vulnerability existed, and that… Читать далее »

Why Amazon and Red Hat are the two biggest winners in enterprise cloud

Автор: | 14.05.2018

In picking winners in the cloud wars, Amazon Web Services (AWS) is the most obvious choice. As the resident hegemon, it’s hard to argue with a company that has accelerated its growth over the past two quarters on top of a run-rate that dwarfs that of all other vendors…combined. No, this doesn’t mean that Microsoft… Читать далее »

New Microsoft Edge security features were just bypassed, opening door for exploits

Автор: | 12.05.2018

Researchers at Google’s Project Zero have bypassed Microsoft Edge security features that Microsoft designed to prevent the execution of malicious code. Created to replace the aging Internet Explorer web browser, Microsoft Edge was built with security in mind. As is often the case with large software projects like a web browser, oversights occur, and in… Читать далее »