| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Community
Forum: Chat Room
Thread: Security advisories thread: Those that may interest you. |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 53
|
|
| Author |
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
Google seems to have made a slight mess of it, fixing 8 gaping holes, and again one in their media module: http://www.eweek.com/security/google-patches-...-in-september-update.html
Not seen the update arriving yet. |
||
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
Going by this article http://www.zdnet.com/article/sloppy-programming-leads-to-openssl-woes/ if on openSSL 1.1.0a, better get on 1.1.0b, and if on 1.1.0i, better race over to 1.1.0j.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Microsoft has issued a slew of patches for operating systems that are out of service, including Windows XP, Windows Vista, Windows 8, and Windows Server 2003. These are all in response to the leaking of NSA cyberweapons, such as ETERNALBLUE which was the tool used by the recent WannaCry ransomware attack. All the updates need to be installed manually.
You can find details and downloads on the Microsoft site. A good starting point is the page at https://support.microsoft.com/en-ca/help/4025...dance-for-older-platforms |
||
|
|
DCS1955
Veteran Cruncher USA Joined: May 24, 2016 Post Count: 668 Status: Offline Project Badges: 
|
Microsoft has issued a slew of patches for operating systems that are out of service, including Windows XP, Windows Vista, Windows 8, and Windows Server 2003. These are all in response to the leaking of NSA cyberweapons, such as ETERNALBLUE which was the tool used by the recent WannaCry ransomware attack. All the updates need to be installed manually. You can find details and downloads on the Microsoft site. A good starting point is the page at https://support.microsoft.com/en-ca/help/4025...dance-for-older-platforms It is good that they voluntarily/were forced to do this (don't know the situation). In my opinion, it is like a company that has dumped toxic waste having to clean up. God only knows what copied versions of those OS are spewing out.   |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
All the updates need to be installed manually. Interesting. What's your source for that? I ask because other commentators are saying otherwise, e.g. Woody's article on Computerworld:You can get them through Windows Update, or download them directly from Microsoft |
||
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
This month had 20 'updates' to W8.1, 3 automatic, 17 'optional', which included one that sets for future updates to be as obscured as the W10 roll-up packages. The optional would never get installed unless manually selecting.
 |
||
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
For Linux, various flavors, a long list in fact, hit by 'The Stack Clash'
https://www.cyberciti.biz/faq/howto-patch-lin...ability-cve-2017-1000364/ It's serious. How do I fix CVE-2017-1000364 on Linux? Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version: $ uname -a $ uname -mrs then read on for your distro's particular actions needed. |
||
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
Was reading yesterday about websites using your computer through your browser to mine cryptocoinage, and reflected back on some websites that did cause the browser to go into high CPU usage for no reason, even a big on line retailer (Who claimed to not know about it!). The easy was having the AdBlock extension, adding a line of block code, the distributor claiming there is already a block rule in place, but since having switched recently to the much faster Vivaldi browser, added the chrome extension "No Coin".
----------------------------------------Just in case, if they those highjackers can do this, they could do other stuff too, thus, just in case you'd like to make doubly sure to disallow the activity: https://thenextweb.com/apps/2017/09/19/cpu-cryptocurrency-miner-blocker/ Edit: More detail from AdBlock and how to add block filters: https://adblockplus.org/blog/kicking-out-cryptojack . In Fact there's a filter subscription for No Coin that can be added to AdBlock at https://adblockplus.org/subscriptions#type_other . Just pick Subcribe: No Coin [Edit 1 times, last edit by SekeRob* at Nov 14, 2017 12:30:45 PM] |
||
|
|
captainjack
Advanced Cruncher Joined: Apr 14, 2008 Post Count: 147 Status: Offline Project Badges: 
|
|
||
|
|
SekeRob
Master Cruncher Joined: Jan 7, 2013 Post Count: 2741 Status: Offline |
Major alert on macOS password security bug: http://www.bbc.com/news/technology-42161823
----------------------------------------"Apple has said it is working to fix a serious bug within its Mac operating system." BTW, You cant make this up: "However, a member of Apple's support forums had posted details of the flaw more than two weeks ago, though the message appears to suggest the vulnerability could be a useful feature for troubleshooting rather than a critical security threat." TSIB  [Edit 1 times, last edit by SekeRob* at Nov 29, 2017 10:00:09 AM] |
||
|
|
|