Windows 10? Here are privacy issues you should consider

Posted on August 2, 2015 by mea

Sign into Windows with your Microsoft account and the operating system immediately syncs settings and data to the company’s servers. That includes your browser history, favorites and the websites you currently have open as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords.

Source: Windows 10? Here are privacy issues you should consider

The updated terms also state that Microsoft will collect information “from you and your devices, including for example ‘app use data for apps that run on Windows’ and ‘data about the networks you connect to.’”

Mars Rover’s ChemCam Instrument gets sharper vision

Posted on May 24, 2015 by mea

Likewise, the laser analyses were done at nine different focus settings to obtain one good set of data. In the meantime, the team went back to the drawing board. They figured out that if they discarded a lot of the old code on board their distant subject, they could make room for software that could command the instrument to take the nine images on its own and analyze them on-board to find the best focus.

Source: Mars Rover’s ChemCam Instrument gets sharper vision

The program to run the whole instrument is only 40 kilobytes. The first tests on Mars were completed earlier this week.

OpenSSL bug CVE-2014-0160

Posted on April 8, 2014 by mea

If you’re using an older OpenSSL version, you’re safe.

via OpenSSL bug CVE-2014-0160 | The Tor Blog.

I find that statement quite interesting due to how many security experts tout keeping your software constantly updated without realizing sometimes updates can introduce exploit vectors.

From: The Heartbleed Bug

What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.

From: Exploits allow attackers to obtain private keys used to decrypt sensitive data.

They called on white-hat hackers to set up “honeypots” of vulnerable TLS servers designed to entrap attackers in an attempt to see if the bug is being actively exploited in the wild. The researchers have dubbed the vulnerability Heartbleed because the underlying bug resides in the OpenSSL implementation of the TLS heartbeat extension as described in RFC 6520 of the Internet Engineering Task Force.

Software upgrade at 655 million kilometres

Posted on March 30, 2014 by mea

Although Rosetta and MIDAS spent 957 days in hibernation, the MIDAS team back on Earth were busy learning how best to use MIDAS with tests on the Flight Spare (the identical twin instrument). As a result we have made a number of tweaks and enhancements to the software ready for our encounter with comet 67P/CG. After the passive checkout we know that we’re in good shape, so the next step is to upload and apply the software patches. The new software was tested both on the Flight Spare and on an instrument/processor simulator developed by the institute.

via Software upgrade at 655 million kilometres | Rosetta – ESA’s comet chaser.

Open source desktop lowers TCO by 40%

Posted on October 1, 2013 by mea

In 2011, the Gendarmerie added 20,000 Ubuntu desktops, and in 2012 added another 10,000. This year, it added 2000 so far. Between March and June of 2013, the police force also performed an update of Ubuntu, upgrading to version 12.04 from 10.04, over its network. “This January, the last constraints will disappear, and we will replace the last proprietary desktop PCs by Ubuntu.”

via French Gendarmerie: “Open source desktop lowers TCO by 40%” | Joinup.

Microsoft botches six Windows patches in latest Automatic Update

Posted on September 11, 2013 by mea

In an amazing tour de force, Microsoft’s Automatic Update chute released at least six bad patches on Tuesday. Here’s what’s amazing: It’s just 48 hours or so since the bomb bay doors opened, and Microsoft has acknowledged problems with all of these patches.

via Microsoft botches six Windows patches in latest Automatic Update | Microsoft windows – InfoWorld.

This is why I never do automatic update.

Attacks on Package Managers

Posted on June 14, 2013 by mea

To provide an example of the sorts of attacks an attacker can launch on package managers, this page describes an example attack called a replay attack. Other attacks are described on a separate page.

via Attacks on Package Managers.

Here’s a piece of advice I always adhere to for any kind of upgrade.

Manually update your systems (and local mirror caches). Know when package updates become available and what the versions should be. Manually verify and install the updated packages (or add them to your local mirror cache that your systems update from) rather than relying on automated updates. We have observed mirrors many months out of date for some distributions, so you should check periodically that your mirror is being updated.

Microsoft: Uninstall Faulty Patch Tuesday Security Update

Posted on April 12, 2013 by mea

Microsoft patchMicrosoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen. Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software.

via Microsoft: Uninstall Faulty Patch Tuesday Security Update | threatpost.

This is why I always turn automatic updates off on all PCs and update on my own terms and on my own schedule.

NASA Loses Space Station Contact; But No Danger

Posted on February 19, 2013 by mea

NASA spokesman Josh Byerly said something went wrong around 9:45 a.m. EST Tuesday during a computer software update on the station. The outpost abruptly lost all communication, voice and command from Houston.

via NASA Loses Space Station Contact; But No Danger « CBS DC.

How Lytro is Shifting Our Perspective on Photography

Posted on February 1, 2013 by mea

What’s amazing is how quickly the technology is evolving. There’s no second-generation Lytro yet though it’s safe to assume the Mountain View, CA-based company is working on one. But because light field photography is mostly about computation, not optics or electronics, Lytro can make its existing camera more powerful simply by upgrading the software used to process light-field images.

via How Lytro is Shifting Our Perspective on Photography | Xconomy.

Bucktown Bell

Cut to the chase.

Tag Archives: software upgrade