• Guest
HabraHabr
  • Main
  • Users

  • Development
    • Programming
    • Information Security
    • Website development
    • JavaScript
    • Game development
    • Open source
    • Developed for Android
    • Machine learning
    • Abnormal programming
    • Java
    • Python
    • Development of mobile applications
    • Analysis and design of systems
    • .NET
    • Mathematics
    • Algorithms
    • C#
    • System Programming
    • C++
    • C
    • Go
    • PHP
    • Reverse engineering
    • Assembler
    • Development under Linux
    • Big Data
    • Rust
    • Cryptography
    • Entertaining problems
    • Testing of IT systems
    • Testing Web Services
    • HTML
    • Programming microcontrollers
    • API
    • High performance
    • Developed for iOS
    • CSS
    • Industrial Programming
    • Development under Windows
    • Image processing
    • Compilers
    • FPGA
    • Professional literature
    • OpenStreetMap
    • Google Chrome
    • Data Mining
    • PostgreSQL
    • Development of robotics
    • Visualization of data
    • Angular
    • ReactJS
    • Search technologies
    • Debugging
    • Test mobile applications
    • Browsers
    • Designing and refactoring
    • IT Standards
    • Solidity
    • Node.JS
    • Git
    • LaTeX
    • SQL
    • Haskell
    • Unreal Engine
    • Unity3D
    • Development for the Internet of things
    • Functional Programming
    • Amazon Web Services
    • Google Cloud Platform
    • Development under AR and VR
    • Assembly systems
    • Version control systems
    • Kotlin
    • R
    • CAD/CAM
    • Customer Optimization
    • Development of communication systems
    • Microsoft Azure
    • Perfect code
    • Atlassian
    • Visual Studio
    • NoSQL
    • Yii
    • Mono и Moonlight
    • Parallel Programming
    • Asterisk
    • Yandex API
    • WordPress
    • Sports programming
    • Lua
    • Microsoft SQL Server
    • Payment systems
    • TypeScript
    • Scala
    • Google API
    • Development of data transmission systems
    • XML
    • Regular expressions
    • Development under Tizen
    • Swift
    • MySQL
    • Geoinformation services
    • Global Positioning Systems
    • Qt
    • Dart
    • Django
    • Development for Office 365
    • Erlang/OTP
    • GPGPU
    • Eclipse
    • Maps API
    • Testing games
    • Browser Extensions
    • 1C-Bitrix
    • Development under e-commerce
    • Xamarin
    • Xcode
    • Development under Windows Phone
    • Semantics
    • CMS
    • VueJS
    • GitHub
    • Open data
    • Sphinx
    • Ruby on Rails
    • Ruby
    • Symfony
    • Drupal
    • Messaging Systems
    • CTF
    • SaaS / S+S
    • SharePoint
    • jQuery
    • Puppet
    • Firefox
    • Elm
    • MODX
    • Billing systems
    • Graphical shells
    • Kodobred
    • MongoDB
    • SCADA
    • Hadoop
    • Gradle
    • Clojure
    • F#
    • CoffeeScript
    • Matlab
    • Phalcon
    • Development under Sailfish OS
    • Magento
    • Elixir/Phoenix
    • Microsoft Edge
    • Layout of letters
    • Development for OS X
    • Forth
    • Smalltalk
    • Julia
    • Laravel
    • WebGL
    • Meteor.JS
    • Firebird/Interbase
    • SQLite
    • D
    • Mesh-networks
    • I2P
    • Derby.js
    • Emacs
    • Development under Bada
    • Mercurial
    • UML Design
    • Objective C
    • Fortran
    • Cocoa
    • Cobol
    • Apache Flex
    • Action Script
    • Joomla
    • IIS
    • Twitter API
    • Vkontakte API
    • Facebook API
    • Microsoft Access
    • PDF
    • Prolog
    • GTK+
    • LabVIEW
    • Brainfuck
    • Cubrid
    • Canvas
    • Doctrine ORM
    • Google App Engine
    • Twisted
    • XSLT
    • TDD
    • Small Basic
    • Kohana
    • Development for Java ME
    • LiveStreet
    • MooTools
    • Adobe Flash
    • GreaseMonkey
    • INFOLUST
    • Groovy & Grails
    • Lisp
    • Delphi
    • Zend Framework
    • ExtJS / Sencha Library
    • Internet Explorer
    • CodeIgniter
    • Silverlight
    • Google Web Toolkit
    • CakePHP
    • Safari
    • Opera
    • Microformats
    • Ajax
    • VIM
  • Administration
    • System administration
    • IT Infrastructure
    • *nix
    • Network technologies
    • DevOps
    • Server Administration
    • Cloud computing
    • Configuring Linux
    • Wireless technologies
    • Virtualization
    • Hosting
    • Data storage
    • Decentralized networks
    • Database Administration
    • Data Warehousing
    • Communication standards
    • PowerShell
    • Backup
    • Cisco
    • Nginx
    • Antivirus protection
    • DNS
    • Server Optimization
    • Data recovery
    • Apache
    • Spam and antispam
    • Data Compression
    • SAN
    • IPv6
    • Fidonet
    • IPTV
    • Shells
    • Administering domain names
  • Design
    • Interfaces
    • Web design
    • Working with sound
    • Usability
    • Graphic design
    • Design Games
    • Mobile App Design
    • Working with 3D-graphics
    • Typography
    • Working with video
    • Work with vector graphics
    • Accessibility
    • Prototyping
    • CGI (graphics)
    • Computer Animation
    • Working with icons
  • Control
    • Careers in the IT industry
    • Project management
    • Development Management
    • Personnel Management
    • Product Management
    • Start-up development
    • Managing the community
    • Service Desk
    • GTD
    • IT Terminology
    • Agile
    • Business Models
    • Legislation and IT-business
    • Sales management
    • CRM-systems
    • Product localization
    • ECM / EDS
    • Freelance
    • Venture investments
    • ERP-systems
    • Help Desk Software
    • Media management
    • Patenting
    • E-commerce management
    • Creative Commons
  • Marketing
    • Conferences
    • Promotion of games
    • Internet Marketing
    • Search Engine Optimization
    • Web Analytics
    • Monetize Web services
    • Content marketing
    • Monetization of IT systems
    • Monetize mobile apps
    • Mobile App Analytics
    • Growth Hacking
    • Branding
    • Monetize Games
    • Display ads
    • Contextual advertising
    • Increase Conversion Rate
  • Sundry
    • Reading room
    • Educational process in IT
    • Research and forecasts in IT
    • Finance in IT
    • Hakatonas
    • IT emigration
    • Education abroad
    • Lumber room
    • I'm on my way

Security Week 41: Good News

Security Week 41: Good News This is enough in the information security industry for dramas. The latest means of hacking, grandiose failures in the protection systems of programs and hardware - or the complete absence of these same systems. The daily routine of spam with malicious appendages and phishing, cryptographers and stuff is not as interesting as the most complex cyber attacks, but they have to be dealt with the most. 3r3398.  
3r3398.  
Finding out that the password does not fit your router - it's about how to detect a broken lock in the front door. And yet, although cyber threats should be taken seriously, the real work on security begins at the moment when everyone stopped waving their hands and speaking unprintable words and started doing business. They updated the router, conducted a training on phishing with employees, installed protection from cryptographers. Even at the moment when everything is bad with information security, it makes sense to imagine how it should be good, and not rushing to move towards a beautiful future. Today is a digest of good news: Google fixed Android security, Cisco fixed Webex, Wordpress fixed Wordpress. 3r3398.  
3r311. 3r3386. 3r3398.  
Let's start with the uncomplicated news : as reported by The Verge , Google has complemented the contractual obligations of smartphone manufacturers based on the Android operating system with a separate item on security. Beginning January 3? 201? all new phones, sold in more than one hundred thousand copies, should receive security patches regularly within two years of release. Accordingly, manufacturers of more or less popular phones will be required to prepare and distribute these patches. 3r3398.  
3r3398.  
3r3391. 3r3108. 3r3398.  
The practice of delivering security patches was introduced r3r386. in 201? first for Google’s own phones, and later other manufacturers pulled up. Three years ago, Google began to move away from the traditional scheme of preparing updates for smartphones, when priority was given to new features, and security holes were tackled “as lucky”. In the version of Android 8.? Oreo was
introduced r3r386. Project Treble, designed to improve the situation with the fragmentation of the code base. If before this vendors were in no hurry to roll patches, fearing conflicts with their own code, now functionality and security have been completely (or something) separated. Closing vulnerabilities made easy. 3r3398.  
3r3398.  
3r3391. 3r3108. 3r3398.  
Not everyone benefited from these benefits. First, active devices based on the eighth (or higher) version of Android are still in the minority. Secondly, not all vendors regularly send out monthly security patches, like 3r-341. found out
in April, Security Research Labs. It is time for organizational measures. Of course, the ideal way to improve security is to develop technology so that it works more or less by itself. But this is not always the case, so now vendors will be required to support devices for at least two years. Another good news about Android: the fight against malicious applications on Google Play continues. Almost has been removed from the official Google store. three dozen applications with relatively useful functionality and appendages in the form of SMS interception. 3r3398.  
3r3398.  
More good news. Cisco removed dangerous bug in the Webex newsgroup system. Webex usually requires the installation of client software, which intercepts requests from the browser and provides the video stream, the contents of the desktop speaker and other things to the user’s computer. The client works constantly, even when you are not using a conference call, and more than once 3r-351. It turned out
that he can add a couple of extra attack vectors to the system. Back in September, a vulnerability was discovered and closed, in which the WebExService.exe process was used to elevate privileges (if you already had access to the system in the rank of a regular user). And last week, a researcher known as SkullSecurity found a similar bug. He studied how WebExService launches the client update process, and was able to redirect this functionality to launch any process with system privileges, and even with the theoretical possibility of remote operation. I recommend reading the original study 3r3386. , it describes in detail the process picking studying code with IDA Pro, full of tears and disappointments, but with the successful launch of the calculator at the end. 3r3398.  
3r3398.  
3r3391. 3r362. 3r3108. 3r3398.  
Finally, good news about Wordpress: 96% of sites on this engine 3r3666. use
modern version of the software. Just last week, we are Viewed Wordpress version statistics and came to similar conclusions. Or did not come. 96% of the sites on Wordpress really use version 4.x, but the most current version 4.9 is used by a little more than 70%, and this release, for a minute, is already a year. At the DerbyCon conference, Wordpress developers decided, apparently, to also focus on the positive and told how they achieved (in any case) a very good indicator. The automatic update system of the engine also helped (far from all implementations working normally - it depends on the admin user), and the security notifications in the Google Search Console, and a rating of 3r370. Tide
. 3r3398.  
3r3398.  
3r3391. 3r3108. 3r3398.  
Tide is an automated test suite that evaluates plug-in security. It is assumed that the Tide rating will eventually be displayed next to the plug-in user rating (as in the screenshot), which motivates the developers of 3r30000. It is safer to code [/i] . So far, the rating has not been demonstrated, the system is in development, and, judging by the notes on the project website, release 1.0 is coming. Automated tests by definition can not find all the vulnerabilities, but their task is not in this. Quickly assessing the code for well-known security problems is a good start. Moreover, the real cases of hacking sites on Wordpress most often occur through vulnerable extensions. In addition, Wordpress will now alert users if their site uses 3r3383.
no longer supported. PHP version 5.6. Useful feature for customers of companies that provide "Wordpress out of the box." And topical:
according to the site 3r3386. W3Techs, at the time of publication, the fifth version of PHP was used by more than 60% of sites. 3r3398.  
3r3398.  
3r3391. 3r33939. 3r3108. 3r3398.  
All good! 3r3398.  
3r3398.  
3r3-300. Disclaimer: The opinions expressed in this digest may not always coincide with the official position of Kaspersky Lab. Dear editors generally recommend to treat any opinions with a healthy skepticism. [/i] 3r3108.
3r3105. ! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e.parentNode.insertBefore (r, e)}; "[object Opera]" == e.opera? a.addEventListener? a.addEventListener ("DOMContentLoaded", d,! 1): e.attachEvent ("onload", d ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () ();
3r3108.

It may be interesting

  • Comments
  • About article
  • Similar news
This publication has no comments.

weber

Author

29-10-2018, 17:20

Publication Date

Development / Information Security

Category
  • Comments: 0
  • Views: 281
Security Week 50: forecasts for 2019
Hackers from the APT28 group attacked
Chinese hackers are behind numerous
Security Week 14: RSA conference, leaky
Pedro Uria: "The problem for
The miners replaced the cryptographers
Write a comment
Name:*
E-Mail:


Comments
this is really nice to read..informative post is very good to read..thanks a lot! How is the cost of house cleaning calculated?
Yesterday, 17:14

Legend SEO

It’s very informative and you are obviously very knowledgeable in this area. You have opened my eyes to varying views on this topic with interesting and solid content.

entegrasyon programları
Yesterday, 17:09

taxiseo2

I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work.

entegrasyon programları
Yesterday, 17:02

taxiseo2

I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work...먹튀

Yesterday, 16:50

raymond weber

Lose Weight Market provides the best fitness tips, workout guides, keto recipes and diet plans, yoga workout routine and plans, healthy recipes, and more! Check Out: Lose Weight Market


Corvus Health provides medical training services as well as recruiting high quality health workers for you or placing our own best team in your facility. Check Out: Health Workforce Recruitment




I.T HATCH offers a wide range of IT services including remote access setup, small business servers, data storage solutions, IT strategy services, and more. Check Out: IT strategy services
Yesterday, 22:33

noorseo

Adv
Website for web developers. New scripts, best ideas, programming tips. How to write a script for you here, we have a lot of information about various programming languages. You are a webmaster or a beginner programmer, it does not matter, useful articles will help to make your favorite business faster.

Login

Registration Forgot password