Will The Drupal Flaw Be Catastrophic?
Comments Off on Will The Drupal Flaw Be Catastrophic?
The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.
The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.
Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.
Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.
That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.
“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”
More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.
“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.
“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.
“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”
Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.
“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.
“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.
“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”
Twitter To Allow Monet Tweets
October 22, 2014 by admin
Filed under Around The Net
Comments Off on Twitter To Allow Monet Tweets
One of France’s largest banks is partnering with social network Twitter Inc. to allow its customers to transfer money via tweets.
The move by Groupe BPCE, France’s second largest bank by customers, coincides with Twitter’s own foray into the world of online payments as the social network seeks new sources of revenue beyond advertising.
Twitter is racing other tech giants Apple and Facebook to get a foothold in new payment services for mobile phones or apps. They are collaborating and, in some cases, competing with banks and credit card issuers that have run the business for decades.
The bank said last month it was prepared to offer simple person-to-person money transfers via Twitter to French consumers, regardless of what bank they use, and without requiring the sender know the recipient’s banking details.
“(S-Money) offers Twitter users in France a new way to send each other money, irrespective of their bank and without having to enter the beneficiary’s bank details, with a simple tweet,” Nicolas Chatillon, chief executive of S-Money, BPCE’s mobile payments unit, said in the statement.
Payment by tweets will be managed via the bank’s S-Money service, which allows money transfers via text message and relies on the credit-card industry’s data security standards.
BPCE and Twitter declined to provide further details ahead of a news conference in Paris later today to unveil the service.
Last month, Twitter started trials of its own new service, dubbed “Twitter Buy”, to allow consumers to find and buy products on its social network.
The service embeds a “Twitter Buy” button inside tweets posted by more than two dozen stores, music artists and non-profits. Burberry, Home Depot, and musicians such as Pharrell and Megadeth are among the early vendors.
Twitter’s role to date has been to connect customers rather than processing payments or checking their identities.
The FCC Extends Deadline
August 25, 2014 by admin
Filed under Around The Net
Comments Off on The FCC Extends Deadline
U.S. Federal Communications Commission has said it would accept public comments on its proposed new “net neutrality” rules through Sept. 15, giving the American public extra time to voice their opinions and concerns on how they think Internet traffic should be regulated.
The FCC has received more than 1 million comments already on new rules for how Internet services providers should be allowed to manage web traffic on their networks.
The FCC had set a deadline of July 15 for the initial comments and then September 10 for replies to those initial comments. However, the surge in submissions overwhelmed the FCC’s website and the agency had delayed the first deadline by three business days.
“To ensure that members of the public have as much time as was initially anticipated to reply to initial comments in these proceedings, the Bureau today is extending the reply comment deadline by three business days,” the FCC said on Friday, delaying the final deadline for comments to September 15.
Will Sprint Acquisition Efforts Succeed
May 19, 2014 by admin
Filed under Smartphones
Comments Off on Will Sprint Acquisition Efforts Succeed
Sprint Corp is meeting with banks to devise a funding plan for its bid for smaller rival T-Mobile US Inc, a source familiar with the situation said, as the mobile carrier works to ease regulatory concerns that the deal would hurt competition.
The source said that Sprint, which is owned by Japan’s SoftBank Corp, is looking to fund the bulk of T-Mobile’s estimated $50 billion price tag with corporate bonds and cover the rest with syndicated loans and convertible bonds.
Sprint is currently having discussions with at least five banks, the source told Reuters, including JP Morgan, Goldman Sachs and Deutsche Bank.
Bloomberg, which first reported that Sprint was in talks with banks on Thursday morning in Asia, said the carrier was also talking to Mizuho Financial Group Ltd and Citibank. Softbank is expected to make a formal offer in June or July, Bloomberg added.
Sprint spokeswoman Roni Singleton told Reuters the company does not comment on rumors and speculation. T-Mobile and SoftBank both declined to comment on the Bloomberg report.
Sprint is facing a battle ahead with U.S. regulators who oppose consolidation in the wireless market on the basis it would inhibit competition. The company is aware it may have to give up some of its spectrum holdings to win over critics, the source said.
Two of the most vocal opponents to the deal are Federal Communications Commission Chairman Tom Wheeler and U.S. antitrust chief William Baer, who have pointed to T-Mobile’s success since U.S. authorities rejected a 2011 merger between AT&T Inc and T-Mobile on the grounds the market needs at least four major players to be competitive.
The failure of that deal cost AT&T a $6 billion break-up fee, a penalty Sprint feels confident it can avoid, the source said, adding that it is leaning towards having Deutsche Telekom, which currently owns 67 percent of T-Mobile, retain part of that stake.
Is Yahoo Really Back?
Yahoo has once again made the list as one of the world’s 100 most valuable brands.
The Internet company nabbed the 92nd spot in the annual list of global companies from multiple industries including technology, retail and service, released Tuesday by BrandZ, a brand equity database. The ranking gave Yahoo a “brand value” of US$9.83 billion, which is based on the opinions of current and potential users as well as actual financial data.
Apple occupied the number-one position on the list, with a brand value of $185 billion. Google was number two, with a value of roughly $114 billion.
The BrandZ ranking, commissioned by the advertising and marketing services group WPP, incorporates interviews with more than 2 million consumers globally about thousands of brands along with financial performance analysis to compile the list. Yahoo last appeared on the list in 2009 at number 81.
Yahoo’s inclusion on the 2013 list comes as the Internet company works to reinvent itself and win back users. Previously a formidable player in Silicon Valley, the company has struggled in recent years to compete against the likes of Google, Facebook and Twitter.
Improving its product offerings on mobile has been a focus. New mobile apps for email and weather have been unveiled, along with a new version of the main Yahoo app, featuring news summaries generated with technology the company acquired when it bought Summly.
Most notably, Monday the company announced it is acquiring the blogging site Tumblr for $1.1 billion in cash. Big changes to its Flickr photo sharing service were also announced.
Yahoo’s rebuilding efforts have picked up steam only during the last several months, but the 2013 BrandZ study was completed by March 1.
However, last July’s appointment of Marissa Mayer as CEO likely played a significant role in the company’s inclusion in the ranking, said Altimeter analyst Charlene Li. “Consumer perception has gone up since then,” she said.
“Yahoo’s leadership has a strong sense of what they want to do with the brand,” she added.
Yahoo’s 2012 total revenue was flat at $4.99 billion. However, after subtracting advertising fees and commissions paid to partners, net revenue was up 2 percent year-on-year.
RIM To Launch Music Service
August 26, 2011 by admin
Filed under Smartphones
Comments Off on RIM To Launch Music Service
BlackBerry maker Research In Motion is making plans to roll out its own music streaming service that will work across its mobile devices, according to people familiar with the plans.
The new service is likely part of an attempt by RIM to improve its BlackBerry Messenger service as it competes with the mobile media platform strengths of rival Apple Inc and Google Inc’s Android.
RIM is in late-stage negotiations with major labels, including Vivendi SA’s Universal Music Group, Sony Corp’s Sony Music, Warner Music Group and EMI Group. The new service is expected to be announced by Labor Day in the United States, September 5.
RIM has been enhancing its BlackBerry Messenger offering, popularly known as BBM, since announcing its “social platform” at last September’s DevCon event where it unveiled the PlayBook tablet computer.
A RIM spokeswoman declined comment on the report but said BBM is one of the largest mobile social networks in the world.
RIM’s BlackBerry smartphones have been hit by a sharply declining market share in the United States, even as the company has expanded sales in other parts of the world, partly because of BBM’s popularity.
Analyst Matthew Thornton at Avian Securities said he doubted the music service would attract new users but might help the company keep its existing BlackBerry customers interested.
“I just don’t think trying to replicate Apple is really going to change their situation near term,” he said.
“For RIM it’s going to be the new OS 7 product first and foremost … and then it’s about QNX and making that transition.”
RIM has just launched an updated operating system on three new touchscreen devices intended to catch up with the technical specifications of Android and other rivals. The company plans to launch the first BlackBerrys using the QNX software, used on its PlayBook tablet, early next year.
T-Mobile Will Offer Unlimited Data Plans
July 24, 2011 by admin
Filed under Smartphones
Comments Off on T-Mobile Will Offer Unlimited Data Plans
Wireless telecom firm T-Mobile USA said it will begin offering unlimited data service plans, in a move aimed at snagging customers of bigger rivals Verizon Wireless and AT&T Inc which have discontinued offering such plans.
T-mobile, a unit of Deutsche Telekom AG, said the new plans will become available from July 24. The unlimited plans will be available with a two-year agreement for new and existing customers.
Verizon Wireless, the biggest U.S. mobile provider, said earlier in July it will stop offering unlimited data service plans, meaning higher prices for heavy users of services such as mobile Web surfing.
AT&T had stopped offering unlimited data services last year.