Tag: management

35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole

realized writes “Last week Slashdot covered a new vBulletin exploit. Apparently hackers have been busy since then because according to security firm Imperva, more than 35, 000 sites were recently hacked via this vulnerability. The sad part about this is that it could have all been avoided if the administrator of the websites just removed the /install and/or /core/install folders – something that you would think the installer should do on its own.” Web applications that have write access to directories they then load code from have always seemed a bit iffy to me (wp-content anyone?) Read more of this story at Slashdot.

Original post:
35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole

D-Link Router Backdoor Vulnerability Allows Full Access To Settings

StealthHunter writes “It turned out that just by setting a browsers user-agent to ‘xmlset_roodkcableoj28840ybtide’ anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240.” Read more of this story at Slashdot.

Visit site:
D-Link Router Backdoor Vulnerability Allows Full Access To Settings

Dangerous VBulletin Exploit In the Wild

An anonymous reader writes “vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker’s methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site.” Read more of this story at Slashdot.

Continue reading here:
Dangerous VBulletin Exploit In the Wild

How DirecTV Overhauled Its 800-Person IT Group With a Game

mattydread23 writes “Most gamification efforts fail. But when DirecTV wanted to encourage its IT staff to be more open about sharing failures, it created a massive internal game called F12. Less than a year later, it’s got 97% participation and nearly everybody in the IT group actually likes competing. So what did DirecTV do right? The most important thing was to devote a full-time staffer to the game, and to keep updating it constantly.” Read more of this story at Slashdot.

Read the original post:
How DirecTV Overhauled Its 800-Person IT Group With a Game

Microsoft Hands Out $28k In IE11 Bug Bounty Program

hypnosec writes “Microsoft paid out over $28, 000 in rewards under its first ever bug-bounty program that went on for a month during the preview release of Internet Explorer 11 (IE11). The preview bug bounty program started on June 26 and went on till July 26 with Microsoft revealing at the time that it will pay out a maximum of $11, 000 for each IE 11 vulnerability that was reported. Microsoft paid out the $28k to a total of six researchers for reporting 15 different bugs. According to Microsoft’s ‘honor roll’ page, they paid $9, 400 to James Forshaw of Context Security for pointing out design level vulnerabilities in IE11 as well as four IE11 flaws. Independent researcher Masato Kinugawa was paid $2, 200 for reporting two bugs. Jose Antonio Vazquez Gonzalez of Yenteasy Security Research walked off with $5, 500 for reporting five bugs while Google engineers Ivan Fratric and Fermin J. Serna were each handed out $1, 100 and $500 respectively.” Read more of this story at Slashdot.

More:
Microsoft Hands Out $28k In IE11 Bug Bounty Program

AMD Intentionally Added Artificial Limitations To Their HDMI Adapters

An anonymous reader writes “NVIDIA was caught removing features from their Linux driver and days later Linux developers have caught and confirmed AMD imposing artificial limitations on their graphics cards in the DVI-to-HDMI adapters that their driver will support. Over years AMD has quietly been adding an extra EEPROM chip to their DVI-to-HDMI adapters that are bundled with Radeon HD graphics cards. Only when these identified adapters are detected via checks in their Windows and Linux Catalyst driver is HDMI audio enabled. If using a third-party DVI-to-HDMI adapter, HDMI audio support is disabled by the Catalyst driver. Open-source Linux developers have found this to be a self-imposed limitation and that the open-source AMD Linux driver will work fine with any DVI-to-HDMI adapter.” Read more of this story at Slashdot.

More here:
AMD Intentionally Added Artificial Limitations To Their HDMI Adapters

Yahoo Mail is rolling out a spiffy redesign on all major platforms today, including Android, iOS, Wi

Yahoo Mail is rolling out a spiffy redesign on all major platforms today, including Android, iOS, Windows 8, and the web, which also includes some previously premium features like POP access and disposable addresses. Read more here . Read more…        

Read More:
Yahoo Mail is rolling out a spiffy redesign on all major platforms today, including Android, iOS, Wi

How Many Android OEMs Cheat Benchmark Scores? Pretty Much All of Them

An anonymous reader writes “After Samsung got caught out cheating on benchmarks (Note 3, Galaxy S4) AnandTech has done a detailed analysis of the state of benchmark cheating amongst Android OEMs. With the exception of Motorola, literally every single OEM they’ve looked at ships (or has shipped) at least one device that does benchmark-specific CPU optimizations. AnandTech also thinks it will get worse before it gets better. ‘The hilarious part of all of this is we’re still talking about small gains in performance. The impact on our CPU tests is 0 – 5%, and somewhere south of 10% on our GPU benchmarks as far as we can tell. I can’t stress enough that it would be far less painful for the OEMs to just stop this nonsense and instead demand better performance/power efficiency from their silicon vendors.’ The article notes that Apple doesn’t do any of the frequency gaming stuff.” Read more of this story at Slashdot.

Continue Reading:
How Many Android OEMs Cheat Benchmark Scores? Pretty Much All of Them

First Few Doctor Who Episodes May Fall To Public Domain Next Year

First time accepted submitter wmr89502270 writes “Doctor Who is celebrating its 50th anniversary this year. The special The Day of The Doctor will be broadcast simultaneously in over 75 countries and hundreds of cinemas in the UK. Across the world the hotly anticipated special episode will be screened simultaneously in full 3D. According to Copyright law of the United Kingdom, the copyright in a broadcast program expires 50 years from the end of the year in which it is broadcast, which means the first episodes will fall to public domain next year.” Read more of this story at Slashdot.

More here:
First Few Doctor Who Episodes May Fall To Public Domain Next Year

Adobe has revealed that their network was compromised and the attackers may have accessed informatio

Adobe has revealed that their network was compromised and the attackers may have accessed information pertaining to 2.9 million customers, including encrypted credit card numbers and other account details. Read more here . Read more…        

Read the original post:
Adobe has revealed that their network was compromised and the attackers may have accessed informatio