A Berlin startup has disclosed a remote-code-execution (RCE) vulnerability and a wormable cross-site-scripting (XSS) flaw in Pling, which is used by various Linux desktop theme marketplaces.
Positive Security, which found the holes and is not to be confused with Russia’s Positive Technologies, said the bugs are still present in the Pling code and its maintainers have not responded to vulnerability reports.
Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk. The web code has the XSS in it, and the client has the XSS and an RCE. Pling powers a bunch of sites, from pling.com and store.kde.org to gnome-look.org and xfce-look.org.
The FIDO Alliance, which operates with no smaller mission than to "reduce the world's over-reliance on passwords", has announced the release of new user experience (UX) guidelines aimed at bringing the more technophobic on board.
Launched back in 2013 as the Fast Identity Online Alliance, the FIDO Alliance aims to do away with passwords altogether through the introduction of standards-compliant "authenticators" including USB security dongles, fingerprint readers, Trusted Platform Modules (TPMs) and more.
While the organisation's standards, which were updated with the launch of FIDO2 in 2018, have enjoyed adoption in the majority of web browsers and with a range of companies, they're still seen as unusual and even inconvenient compared to the good ol' username and password combo – which is where the new UX guidelines come in.
Vodafone has launched 5G SA (Standalone) trials in London, Manchester, and Cardiff in its largest test of the technology yet.
The commercial launch has allowed the carrier to experiment with new ways to commercialise its network, including network slicing – where a portion of network is dedicated to a specific customer for their exclusive use. It will also allow customers to test 5G SA devices on a live, public network.
Vodafone selected Ericsson's dual-mode 5G core network as the dedicated provider for this trial. It follows trials at Coventry University in 2020, and a separate trial in Spain.
Microsoft on Thursday announced Windows 11, or tried to as an uncooperative video stream left many viewers of the virtual event flummoxed by intermittent transmission gaps in the opening minutes.
The technical issues proved bad enough that Matt Velloso, Technical Advisor to the CEO at Microsoft, suggested trying the YouTube video stream as an alternative to the Microsoft-hosted one.
But with some of the features already known as a result of a leaked build last week, the impact of the intermittent video dropouts was less than it might have been.
Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea.
Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the British warship in a fruitless effort to divert her away from occupied Crimea's waters.
Russia invaded Ukraine in 2014 and has occupied parts of the region, mostly in the Crimean peninsula, ever since. The UK and other NATO allies do not recognise Ukraine as enemy-held territory so Defender was sailing through an ally's waters – and doing so through a published traffic separation scheme (similar to the TSS in the English Channel), as Defence Secretary Ben Wallace confirmed this afternoon.*
A trio of boffins at the Georg August University Göttingen and Münster University have put together a low-cost yet high-resolution microscope for educational users – using smartphone parts and Lego bricks.
"An understanding of science is crucial for decision-making and brings many benefits in everyday life, such as problem-solving and creativity," said Timo Betz, professor at the University of Göttingen and co-author of the paper detailing the project. “Yet we find that many people, even politicians, feel excluded or do not have the opportunities to engage in scientific or critical thinking.
"We wanted to find a way to nurture natural curiosity, help people grasp fundamental principles and see the potential of science."
Online stalking appears to be as much a part of modern relationships as lovingly sharing a single spoon and dessert in a dimly lit restaurant or arguing over who should put out the bins.
That's just one of the conclusions from antivirus merchant Norton's latest look at online trends which found that nearly one in 10 people in the US admit to using stalkerware or creepware to keep tabs on a partner.
What's more, the threat of cyber snooping works both ways, with those involved in relationships increasingly resigned to the fact that their significant other might be stalking them – either now or in the future.
A report looking into the security of the Linux kernel's release signing process has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to use of static keys for SSH access.
The Linux kernel is at the heart of a wealth of modern technology, from embedded gadgets and network equipment all the way up to supercomputers. Its broad deployment makes it a tempting target for ne'er-do-wells, as was made all-too-obvious in 2011 when attackers gained root access to key servers used in its development and distribution.
In response to that breach, traced back to a Trojan installed on a developer's personal machine which gave the attackers complete control over the affected servers for the 17 days before it was detected, a new release signing process was introduced. The idea: to minimise the trust placed in any given part of the Linux development infrastructure.
A British government minister has claimed that cannibalism on the high seas should now be a thing of the past, as modern navigation and safety technology have made it very unlikely sailors will find themselves in circumstances where they might want to eat each other.
This hopeful statement came during a debate in the House of Lords on human rights at sea when Baron Mackenzie of Framwellgate stood to ask a question of Charlotte, Baroness Vere of Norbiton, the Conservative government's Parliamentary Under-Secretary of State for Transport.
The debate had begun with Baroness Vere answering questions about the government's policy regarding the many merchant sailors worldwide who found themselves stuck on vessels thousands of miles from home, sometimes without pay or current contracts, due to the effects of the COVID pandemic.
Sponsored Experience is everything when it comes to delivering IT-enabled products and services. But it’s no longer about how many deadlines your team smashed, how often you’d exceeded service-level agreements (SLAs), or how many lines of code you’ve spat out.
Rather it’s about how the services and products you deliver impact the rest of the organisation’s ability to do their jobs, increase productivity, deliver customer satisfaction and co-create value.
“Experience” may be seen as subjective, even ephemeral, compared to the traditional IT metrics, deadlines and SLAs. But if you want proof of its importance, consider how ITIL® 4, the latest revision of the best practice framework for service management from AXELOS, focuses on improving user experience of digital services and how this enhances productivity right across the organisation.
Researchers have found that stress does indeed turn your hair grey, and that taking a break from all your worries sure would help a lot, even reversing the process – a discovery with potential ramifications for our understanding of the ageing process.
"Just as the rings in a tree trunk hold information about past decades in the life of a tree, our hair contains information about our biological history," senior author Martin Picard, PhD, explained of the team's research.
"When hairs are still under the skin as follicles, they are subject to the influence of stress hormones and other things happening in our mind and body. Once hairs grow out of the scalp, they harden and permanently crystallise these exposures into a stable form."
Biting the hand that feeds IT © 1998–2021