Will The Drupal Flaw Be Catastrophic?
Comments Off on Will The Drupal Flaw Be Catastrophic?
The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.
The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.
Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.
Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.
That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.
“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”
More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.
“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.
“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.
“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”
Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.
“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.
“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.
“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”
MDM Coming To Office 365
November 10, 2014 by admin
Filed under Smartphones
Comments Off on MDM Coming To Office 365
Microsoft will rollout mobile device management (MDM) capabilities to Office 365 in 2015, making it easier for firms to manage corporate data across a range of mobile devices, including those running iOS and Android as well as Windows.
Microsoft unveiled the updates coming to its Office 365 cloud-delivered productivity suite in 2015 at its TechEd Europe conference.
These will enable customers to apply security policies against devices that connect to Office 365 to ensure that email and documents can be accessed only by approved devices, plus the ability to remotely wipe Office 365 data if necessary.
Julia White, Microsoft general manager for Office 365, said that the updates will enable customers to offer “conditional access” to Office documents and email, such as ensuring that any device used by employees has not been jailbroken or rooted, which could potentially pose a security risk.
Administrators will be able to set policies directly from the Office 365 administration portal, and enforce the use of a Pin to secure access to the device. Any wipe of Office 365 content will not affect the user’s personal data, White added.
These MDM features coming to Office 365 are actually powered by Microsoft’s Intune cloud-based management service and are a subset of Intune’s capabilities, the firm disclosed.
Intune itself is also getting some upgrades that will enable customers to benefit from additional security features if they also subscribe to Intune.
These will include data leak prevention measures that enable policies to be applied against managed applications, preventing users from copying and pasting data from an Office 365 app to another, for example, or copying files from Office 365 to elsewhere on the device.
While these capabilities are built in to Office 365, Microsoft will also enable this to be extended to other applications using Intune app wrapper functionality, White said.
White also confirmed that Microsoft is working on an Android version of the Office for iPad suite of mobile productivity tools that the firm announced for Apple’s tablet platform earlier this year.
Microsoft’s Office announcement comes amid speculation that the firm will release Office for Android next month.
Acers To Launh Cheap Tablets
September 17, 2014 by admin
Filed under Consumer Electronics
Comments Off on Acers To Launh Cheap Tablets
Acer’s latest low-cost 8-inch tablets will come to market in both Android and Windows flavors.
The Iconia Tab 8 W runs Windows on an Intel Atom Z3735G quad-core processor. It offers 8 hours of battery life, weighs 370 grams and is 9.75 millimeters thick. The 8-inch screen has a resolution of 1280 by 800 pixels.
For the $149 price tag, Acer includes a one-year subscription to the Personal version of Office 365, which includes access to Word, Excel, PowerPoint, OneNote and Outlook.
Android fans will prefer the Iconia One 8, running Android 4.4. It has the same Intel processor and screen dimensions as its Windows cousin, but is slightly lighter at 340 grams and only 8.5 millimeters thick.
Buyers can choose between 10 colors, including red, green, blue, purple and pink.
Acer also took the covers off the Iconia 10, an Android-based 10-inch tablet. The device has a quad-core processor from MediaTek. The screen is protected using Gorilla glass and has Full HD resolution. Using Dolby Digital Plus, surround sound is simulated from two-channel stereo audio headphones.
Available in black or white and with a price of $199, the Iconia Tab 10 includes a micro HDMI port and Wireless Display support for showing photos and videos on a bigger TV.
The first of the new tablets to start shipping will be the Iconia 10, available this month in the Americas and Europe, Middle East and Africa (EMEA).
The Iconia Tab 8 W will go on sale in October in EMEA and in November in the Americas.
Is Windows ‘Threshold’ Enroute?
Microsoft will unveil a preview of “Threshold,” the current code name for Windows 8′s successor, as soon as next month, according to an online report on Monday.
ZDNet’s Mary Jo Foley, citing unnamed sources, said that Microsoft will deliver a “technical preview” of Threshold late in September or early in October. Previously, Foley had reported that Microsoft would offer a preview of some kind this fall.
Threshold may be officially named “Windows 9″ by Microsoft — the company has said nothing about either the code name or labeled the next iteration of its desktop and tablet OS — although there are arguments for dumping a numerical title because of the possible association with Windows 8, which has widely been pegged as a failure.
“Technical Preview” is a moniker that Microsoft has used in the past for its Office suite. For both Office 2013 and Office 2010, Microsoft used the term to describe an invitation-only sneak peek. Both application suites were later released as public betas prior to their official launch.
Windows, however, has used a different nomenclature. For 2012′s Windows 8, Microsoft called the early looks ”Developer Preview,””Consumer Preview” and “Release Preview,” all open to everyone. The first was analogous to an alpha, the second to a beta, and the third to a done-but-not-approved release candidate.
Windows 7, however, had used the more traditional “Beta” to describe the first public preview in early 2009. The previous fall, when Microsoft unveiled Windows 7, the firm had seeded an invite-only “pre-alpha” version, also dubbed a Developer Preview, of the OS to programmers and some influential bloggers.
Within hours, the Windows 7 Developer Preview leaked to file-sharing websites. Microsoft may have changed its practices for Windows 8, letting anyone download the first preview, because of the inevitably of leaks.
In an update to her blog of earlier today, Foley added that the “Technical Preview” nameplate notwithstanding, Microsoft would allow anyone to download Threshold/Windows 9 when it becomes available in the next few weeks.
If Microsoft does ship a preview soon and sets its sights on a second-quarter 2015 final release, it will have significantly accelerated the tempo from past practice. With Windows 7 and Windows 8, Microsoft offered its first previews 12 and 13 months, respectively, and the public beta 8 or 9 months, before launching the operating system.
Eight or nine months from September would be May or June 2015; that, however, assumes that the Technical Preview is of beta quality. The name itself hints at something less.
Microsoft appears eager to put Windows 8 behind it. It has stopped beating the drum about the OS and recently announced that it would not issue any additional major updates. Instead, the firm said last week, it will include improvements or new features in small packets using the same Windows Update mechanism that regularly serves security patches.
Salesforce Goes Healthcare
Salesforce Inc, one of the first cloud-computing companies, is turning its focus towards healthcare with new software and services aimed at the largest hospitals.
Salesforce has announced a strategic alliance with Amsterdam-based medical technology company Philips, which it envisions as the first of many partnerships. These companies will announce two new medical applications later in the summer, called Philips eCareCoordinator and Philips eCare Companion.
The software is designed to improve health and cut costs. The apps are intended to be used by physicians to monitor chronically ill patients between doctor visits.
Salesforce said the goal is to make it easier for hospitals to collect and analyze data from medical devices, which patients with chronic conditions often use at home.
“In the United States, care providers are facing increasing demands and decreasing reimbursement,” said Michael Peachey, a senior director of solutions and product marketing at Salesforce.
“We want to improve efficiency for physicians by transmitting patient data in real time.”
Peachey said the Salesforce software meets security and privacy rules under the Health Insurance Portability and Accountability Act, known as HIPAA.
In the short term, Peachey said Salesforce intends to develop additional apps with other partners to help doctors and nurses monitor patients from the comfort of their homes.
“It’s an open platform,” he said.
Microsoft Updates Office Online
April 28, 2014 by admin
Filed under Around The Net
Comments Off on Microsoft Updates Office Online
Microsoft is updating its Web-based Office Online suite, closing the features gap with the main Office 365 and Office 2013 suites installed on users’ devices.
“We know you want features that allow you to move as seamlessly as possible between Office Online and the desktop,” wrote Kaberi Chowdhury, an Office Online technical product manager, in a blog post Monday.
Improvements to Excel Online include the ability to insert new comments, edit and delete existing comments, and properly open and edit spreadsheets that contain Visual Basic for Applications (VBA) code.
Meanwhile, Word Online has a new “pane” where users can see all comments in a document, and reply to them or mark them as completed. It also has a refined lists feature that is better able to recognize whether users are continuing a list or starting one. In addition, footnotes and end notes can now be added more conveniently inline.
PowerPoint Online has a revamped text editor that offers a layout view that more closely resembles the look of finished slides, according to Microsoft. It also has improved performance and video functionality, including the ability to play back embedded YouTube videos.
For users of OneNote Online, Microsoft is now adding the ability to print out the notes they’ve created with the application.
Microsoft is also making Word Online, PowerPoint Online and OneNote Online available via Google’s Chrome Web Store so that Chrome browser users can add them to their Chrome App launcher. Excel Online will be added later.
The improvements in Office Online will be rolled out to users this week, starting Monday.
Office Online, which used to be called Office Web Apps, competes directly against Google Docs and other browser-based office productivity suites. It’s meant to offer users a free, lightweight, Web-based version of these four applications if they don’t have the desktop editions on the device they’re using at that moment.
Virtru Goes Office 365
April 8, 2014 by admin
Filed under Around The Net
Comments Off on Virtru Goes Office 365
Virtru has added Microsoft’s Office 365 and Outlook Desktop services to its growing list of compatible email platforms available on its encryption product.
The company, headquartered in Washington, D.C. and launched in January, is targeting people using major email providers who want stronger privacy controls for more secure communication.
The service is designed to be easy to use for end users who may not have the technical gumption to set up PGP (Pretty Good Privacy), a standard for signing and encrypting content.
Virtru is compatible with most major webmail providers, including Google’s Gmail, Yahoo’s Mail and Microsoft’s Outlook webmail, which replaced Hotmail.
Emails sent using Virtru through those services would look like gibberish, providing a greater degree of privacy. Law enforcement or other entities would not be able to read the content unless they could obtain the key.
Virtru uses a browser extension to encrypt email on a person’s computer or mobile device. The content is decrypted after recipients receive a key, which is distributed by Virtru’s centralized key management server.
Although Virtru handles key management, the company is working on a product that would allow that task to be managed on-site for users, as some administrators would be uncomfortable with another entity managing their keys.
Virtru has said it put aside funds to contest government orders such as a National Security Letter or law enforcement request that are not based on a standard of probable cause.
LibreOffice Going After MS Office
February 10, 2014 by admin
Filed under Around The Net
Comments Off on LibreOffice Going After MS Office
Libreoffice 4.2 is out and is a major upgrade release.
The popular alternative to Microsoft Office has been retooled to increase compatibility with that expensive proprietary productivity applications suite, including compatibility with Visio and Publisher files.
In addition to a much improved formula process for its spreadsheet application, Libreoffice 4.2 also includes a new startup screen and improved round trip compatibility for newer formats such as .docx.
Java accessibility features are being phased out in favour of the IBM IAccessibility2 package, which will supercede the Java version in future editions.
iOS users can take advantage of the Impress Remote Control feature that allows users to control presentations from their smartphones. This feature has been available on Android for some time but now Apple fans can use it too.
Libreoffice claims that this is the biggest recoding of its office suite yet and says that it now offers better integration with Windows 7 and Windows 8, with documents grouped on the taskbar and quickview thumbnails.
The news comes after UK cabinet minister Francis Maude recently announced that Parliament will move towards using open source software for its documents, and said that interoperability improvements such as those Libreoffice has introduced will be key to ensuring that all areas of government communicate a lot more effectively than they do right now.
Libreoffice has also made contributing to continued development of the open source office suite even easier with a new code submission and review portal known as Gerrit.
Microsoft Slashes Surface Pro
Microsoft on slashed the price of its Surface Pro tablet by $100, or between 10% and 11%, dropping the 64GB model to $799 and the 128GB to $899.
The cuts came three weeks after much more dramatic discounts to Microsoft’s Surface RT, which was reduced by up to 30% to prices starting at $349.
Microsoft said that the price cuts would be valid in the U.S. and Canada until August 30, or while supplies last. Discounts were also offered to customers in China, Hong Kong and Taiwan.
U.S. electronics retailer Best Buy — a key Microsoft partner — also was selling the Surface Pro tablets at the lower prices Sunday, as was Staples.
The Surface Pro tablets rely on Windows 8 Pro and Intel processors, rather than the stripped-down Windows RT and lower-powered ARM processors of the Surface RT devices. Surface Pro tablets can run traditional Windows software like the full-featured Office 2013 productivity suite.
While the price cuts were reminiscent of the more aggressive Surface RT discounts, their much smaller size could simply be part of Microsoft’s back-to-school marketing: August is the biggest month for that selling season, which is second only to the end-of-the-year holidays for retailers pushing consumer electronics, personal computers and tablets.
Microsoft is expected to refresh its Surface tablet lines this fall, a notion reinforced by company executives, who have repeatedly pledged that the company is in the tablet business for the long haul. The Surface Pro discounts could be part of the usual push to empty inventory prior to the launch of new models.
The 10% to 11% price cuts were also in line with other hardware makers’ recent discounting. Last month, Best Buy ran a short-term deal that chopped prices of the MacBook Pro by as much as 17%, and for college students, up to 25%.
MS Office Demand Fizzles
After a promising start, downloads of Microsoft’s free Office for the iPhone quickly nosedived, as the latest data from a mobile app analytics company showed.
But at least 200,000 copies of the small suite — iPhone versions of Word, Excel and PowerPoint — were downloaded in the first six days.
Distimo, a Dutch firm that tracks app store market data for several platforms, including Apple’s iOS, Google’s Android, and Microsoft’s Windows 8 and Windows Phone, said Office Mobile for the iPhone debuted in the No. 10 spot on June 15, the day after Microsoft launched the free app.
That was Office Mobile’s peak: On June 16, Office Mobile slipped to the No. 19 position among all free iPhone apps, then continued to slide throughout the week of June 17-23, starting that seven-day stretch at No. 36, falling to No. 86 by Friday, June 21, and ending at No. 299 on June 23.
From June 24 to July 6, Office Mobile was not on Distimo’s leaderboard, which lists only the top 400 downloaded apps.
The number of downloads of Office Mobile for iPhone is unknown — Distimo requires a paid account to show developers the estimated downloads of their apps and those of competitors, and did not reply to questions Sunday — but the tally was probably significant.
According to Distimo, to place in the App Store’s No. 10 spot, an app must average 72,000 downloads daily. Office Mobile was ranked No. 10 on June 15. Apps ranked at No. 50 averaged 23,000 downloads daily: Office Mobile held position at No. 50 or lower for five consecutive days.
Those numbers implied that at least 200,000 copies of Office Mobile were downloaded in the six days between June 15 and June 20.
Likewise, the sharp decline of Office Mobile’s position in the App Store’s free list after just a week hints at a pent-up demand that was quickly satisfied.
Although rumors of Office on iOS had circulated since the iPad’s 2010 introduction, they heated up last November when reports claimed Microsoft would launch a mobile version of the suite this year and tie the software to Office 365. At the time, most analysts agreed that Office 365 was the smart move because it could boost interest in the subscription concept Microsoft has bet will result in more, and more regular, revenue from its Office cash cow.
Linking Office on iOS to Office 365 would also let Microsoft avoid the Apple “tax,” the 30% cut that Apple takes from all App Store sales.
Only Office 365 subscribers can use Office Mobile. Subscriptions range from the consumer-grade Office 365 Home Premium, which costs $100 annually, to several business plans that start at $150 per user per year and climb to $264 per user per year.