Yet another software developer
4498 stories
·
9 followers

Windows has a new wormable vulnerability, and there’s no patch in sight

1 Share
Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.

The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said: “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”

Read 15 remaining paragraphs | Comments

Read the whole story
Share this story
Delete

Ubuntu 20.04’s zsys adds ZFS snapshots to package management

1 Share
Closeup photo of an attentive wildcat.

Enlarge / This is a Fossa. It appears to be focusing. (Cryptoprocta ferox is a small, catlike carnivore native to Madagascar.) (credit: Mathias Appel)

Last October, an experimental ZFS installer showed up in Eoan Ermine, the second interim Ubuntu release of 2019. Next month, Focal Fossa—Ubuntu's next LTS (Long Term Support) release—is due to drop, and it retains the ZFS installer while adding several new features to Ubuntu's system management with the fledgling zsys package.

Phoronix reported this weekend that zsys is taking snapshots prior to package-management operations now, so we decided to install the latest Ubuntu 20.04 daily build and see how the new feature works.

Taking Focal Fossa for a quick spin

Focal installs much as any other Ubuntu release has, but it retains 19.10's ZFS installer—which is still hidden behind "advanced features" and still labeled experimental. After selecting a ZFS install, you give your OK to the resulting partition layout—with one primary partition for UEFI boot and three logical partitions for swap, boot ZFS pool, and root ZFS pool. A few minutes later, you've got yourself an Ubuntu installation.

Read 10 remaining paragraphs | Comments

Read the whole story
Share this story
Delete

Apple Pay Could Soon Expand to Mexico

1 Share
Apple Pay could soon be available in Mexico, based on reports from iPhone users in Mexico who have been able to add their Banregio cards to the Wallet app.


One user on Twitter whose tweet was shared by 9to5Mac was able to add his Banregio card to the Wallet app after setting his region to the United States. The card was able to be successfully added, and there was text included for verification purposes, but the verification process did not work as ‌Apple Pay‌ has not officially launched in the country.

Cards from banks other than Banregio were not able to be added to the Wallet app on the ‌iPhone‌, suggesting ‌Apple Pay‌ in Mexico may be limited to Banregio at launch.

When ‌Apple Pay‌ launches in Mexico, it will be the second country in Latin America to support the payments service. Apple launched ‌Apple Pay‌ in Brazil in 2018, but has not expanded it to other Latin America countries. ‌Apple Pay‌ has also been available in the United States and Canada for years.

Apple maintains a complete list of the countries where ‌Apple Pay‌ is available on its support site, and we have a detailed Apple Pay roundup with everything you need to know about Apple's payments service.

Related Roundup: Apple Pay

This article, "Apple Pay Could Soon Expand to Mexico" first appeared on MacRumors.com

Discuss this article in our forums

Read the whole story
Share this story
Delete

Let’s Encrypt holds off on revocation of certificates

1 Share
Certificate revocation isn't normally handled with boltcutters.

Enlarge / Certificate revocation isn't normally handled with boltcutters. (credit: Jan Kaláb CC BY-SA 2.0)

Earlier this week, Let's Encrypt announced that it would revoke roughly three million—two point six percent—of its currently active certificates. Last night, however, the organization announced that it would delay the revocation of many of those certificates in the interest of Internet health.

The impact of the revocation on system administrators was and is significant due to the very short window of maintenance allowed before the revocation went into effect. Roughly thirty-six hours were available from the initial announcement to the beginning of scheduled certificate revocation. Half an hour prior to the scheduled revocations, more than one million affected certificates had still not been renewed, and Let's Encrypt announced an additional delay to give administrators more time.

The revocations are necessary because of a bug in Let's Encrypt's CA (Certificate Authority) code, which allowed some domains to go unchecked for CAA (Certificate Authority Authorization) DNS record compliance. Although the vast majority of the certificates revoked posed no security risk, they were not issued in full compliance with security standards. Let's Encrypt's decision to rapidly revoke them all is in compliance with both the letter and spirit of security regulations.

Read 4 remaining paragraphs | Comments

Read the whole story
Share this story
Delete

Some Staples stores in Boston are getting podcast studios

1 Share
staples store-news-kevin brine / Shutterstock.com

Even Staples, the office supply store, can’t resist the lure of podcasts. The retailer is teaming up with a company called Spreaker to build podcast studios at six of its stores in the Boston area.

The studios will be soundproof, have enough space for four people to record, and will sync with Spreaker’s technology so people can get discounted access to its hosting and distribution services. A recording specialist will be on hand to help, too, and a 60-minute session costs $60. Although that fee only covers the actual recording time, Staples will give people discounts on editing services from We Edit Podcasts if they need help.

The studios are part of broader store renovations for what the company calls Staples Connect, which are stores designed to be co-working and community spaces for professionals, teachers, and students. The redesign speaks to the larger retail brand movement of making retail spaces more like community meeting spots. Apple’s former retail chief Angela Ahrendts famously called Apple stores “town squares” in 2017, for instance, and she predicted people would hang out in stores designed around this idea just as much as they would come in to buy something specific.

Target also experimented with a different kind of retail space in San Francisco, one where people could play with gadgets before buying them. Called Open House, the store functioned like a smart home, so people could better understand the technology. All of this is to say that it isn’t surprising to see Staples try to innovate on a traditional retail design. And building a podcast studio in-store does speak to the moment audio is having — it just seems odd to build studios for a trend that might eventually die.

Read the whole story
Share this story
Delete

Boeing finds another software problem on the 737 Max

1 Share
Boeing’s 737 Max Crisis Continues, As The Airline Manufacturer Aims To Get The Planes Back In Air Before End Of Year Photo by Gary He/Getty Images

Boeing has discovered another software problem on the beleaguered 737 Max that will have to be fixed before the airplane returns to the skies, Bloomberg reported on Thursday. It’s at least the third different software problem that has been discovered since the plane was grounded in March of last year following a pair of fatal crashes that claimed the lives of 346 people.

The new issue apparently has to do with a warning light that helps tell pilots when the trim system — a part of the plane that can lift or lower the nose — isn’t working. Federal Aviation Administration head Steve Dickson said during a talk in London on Thursday that the light was “staying on for longer than a desired period,” according to Bloomberg.

Boeing and the FAA have previously disclosed two other glitches that were discovered during the top-to-bottom review of the plane. In January, Boeing announced that it found a problem in the startup process of the plane’s flight computers, which was serious enough for the company and the FAA to delay a key test flight. That followed a previous flaw in the flight computer discovered last June that the FAA said “could cause the plane to dive in a way that pilots had difficulty recovering from in simulator tests.”

What’s worrisome about this new glitch is that it’s possibly a direct result of the fixes Boeing made to those previous flaws, according to Bloomberg, which reports that the trim system flaw “resulted from Boeing’s redesign the two flight computers that control the 737 Max to make them more resilient to failure.” The new glitch is also more directly related to the original problem that plagued the 737 Max.

An FAA spokesperson said that “Boeing should have details on any issues they are addressing” and provided The Verge with a mostly recycled statement about how “there is no set timeframe for when the aircraft will be cleared for return to passenger service.”

The agency added that the 737 Max “will be approved only after our safety experts are fully satisfied that all safety-related issues are addressed to the FAA’s satisfaction.”

Boeing did not immediately respond to a request for comment.

Boeing said last month that it doesn’t expect the 737 Max to fly again until at least “mid-2020,” meaning the plane will have been grounded for over a year regardless of when it returns to flight. The company suspended production of the 737 Max in January, too. In the meantime, US airlines continue to cancel flights, and some have even reached settlements with Boeing over losses they’ve incurred as a result of the plane’s grounding.

Boeing recently ousted CEO Dennis Muilenburg who oversaw the launch of the 737 Max program. Shortly after he was replaced, the US government released a trove of internal Boeing communications that shed light on how the troubled plane was certified in the first place.

Read the whole story
Share this story
Delete
Next Page of Stories