Baanboard.com

Go Back   Baanboard.com > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor

Main

Google search


Poll
How big is your Baan-DB (just Data AND Indexes)
0 - 200 GB
18%
200 - 500 GB
18%
500 - 800 GB
6%
800 - 1200 GB
6%
1200 - 1500 GB
12%
1500 - 2000 GB
18%
> 2000 GB
24%
Total votes: 17

Baanboard at LinkedIn


Reference Content

 
Industry & Technology

Trivial authentication bypass in libssh leaves servers wide open

Ars Technica - 56 min 10 sec ago

Enlarge (credit: starwars.com)

There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server. While the authentication-bypass flaw represents a major security hole that should be patched immediately, it wasn’t immediately clear what sites or devices were vulnerable since neither the widely used OpenSSH nor Github’s implementation of libssh was affected.

The vulnerability, which was introduced in libssh version 0.6 released in 2014 makes it possible to log in by presenting a server with a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting, according to an advisory published Tuesday. Exploits are the hacking equivalent of a Jedi mind trick, in which an adversary uses the Force to influence or confuse weaker-minded opponents. The last time the world saw an authentication-bypass bug with such serious consequences and requiring so little effort was 11 months ago, when Apple’s macOS let people log in as admin without entering a password.

The effects of malicious exploits, assuming there were any during the four-plus years the bug was active, are hard to fathom. In a worst-case scenario, attackers would be able to use exploits to gain complete control over vulnerable servers. The attackers could then steal encryption keys and user data, install rootkits and erase logs that recorded the unauthorized access. Anyone who has used a vulnerable version of libssh in server mode should consider conducting a thorough audit of their network immediately after updating.

Read 8 remaining paragraphs | Comments

2019 BMW X7 is a three-row SUV crammed to the brim with tech - Roadshow

cNET.com - News - 1 hour 38 min ago
It's a pricey proposition, too, with its base model starting at $73,900.

'There is no God,' Stephen Hawking writes in final book - CNET

cNET.com - News - 1 hour 45 min ago
The late physicist's last book tackles Brief Answers to the Big Questions.

FCC's Ajit Pai asks carriers to waive bills for Hurricane Michael victims - CNET

cNET.com - News - 2 hours 20 min ago
The FCC chairman also calls on wireless carriers to let victims "change carriers without penalty."

IBM talks 'emerging, high value segments', so you know the Q3 numbers aren't great

The Register - 2 hours 30 min ago
Big Blue's $18.8bn revenue falls short of expectations

IBM saw its stock price take a hit Tuesday afternoon after the enterprise tech giant saw quarterly revenues miss the mark.…

Chris Evans: My Avengers tweet isn't confirming Cap's death - CNET

cNET.com - News - 2 hours 32 min ago
But then again, he's not denying it, either.

New movies and shows on Amazon: November 2018 - CNET

cNET.com - News - 2 hours 44 min ago
The Birdcage, Wonder and Kick-Ass are coming to Amazon.

San Francisco blames Uber and Lyft for its growing traffic problems

The Register - 2 hours 45 min ago
Nothing to do with lousy infrastructure, poor public transport etc

As any Bay Area resident knows traffic is bad and getting worse, but San Francisco thinks it has found the culprit - ride-hailing companies.…

Netflix's 137M subscribers evaporate fears of a free fall - CNET

cNET.com - News - 2 hours 58 min ago
Blowout quarter? It's the kind of formulaic plot Netflix loves.

Netflix rom-coms ruled your binge-watching last summer - CNET

cNET.com - News - 2 hours 59 min ago
To All the Boys I've Loved Before was one of Netflix's most watched films yet.

The Facebook cleaners: 'I've seen hundreds of beheadings'

BBC Technology News - 3 hours 22 min ago
What's it like to be someone who watches banned content on social media so you don't have to?

Thought Patch Tuesday was a load? You'll want to avoid this Oracle mega-advisory then

The Register - 3 hours 28 min ago
But you'll definitely want to check out the libssh bug

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products.…

Arcade1Up is next-level retro gaming with cabinets for Street Fighter and other classics - CNET

cNET.com - Reviews - 3 hours 35 min ago
It’s weird to love a $300 video game. But that’s the funny thing about nostalgia.

Spotify ad banned for causing 'distress' to children

BBC Technology News - 3 hours 37 min ago
The advert mimicked a horror movie and was likely to scare youngsters, the ad authority says.

GitHub wants a piece of the Actions with new code jamboree

The Register - 4 hours 37 min ago
Social code biz makes bid to turn workflows into code

At San Francisco's Palace of Fine Arts on Tuesday, GitHub held its annual tech touting talk in a space that once housed the city's Exploratorium science show.…

Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0

Ars Technica - 4 hours 41 min ago

Enlarge (credit: Indigo girl / Flickr)

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

The original TLS 1.0, heavily based on Netscape's SSL 3.0, was first published in January 1999. TLS 1.1 arrived in 2006, while TLS 1.2, in 2008, added new capabilities and fixed these security flaws. Irreparable security flaws in SSL 3.0 saw support for that protocol come to an end in 2014; the browser vendors now want to make a similar change for TLS 1.0 and 1.1.

Read 2 remaining paragraphs | Comments

Trump’s coal rescue is getting more complicated

Ars Technica - October 16, 2018 - 10:39pm

Enlarge / An eastbound Norfolk Southern Corp. unit coal train passes through Waddy, Kentucky. (credit: Luke Sharrett/Bloomberg via Getty Images)

According to four people who spoke to Politico on conditions of anonymity, the Trump administration's plan to bail out coal and nuclear plants has hit a speed bump within the White House itself.

The most recent plan from the Department of Energy (DOE) involved invoking the Defense Production Act of 1950, a wartime rule that allows the president to incentivize and prioritize purchases from American industries that are considered vital to national security.

Another potential plan involved invoking Section 202(c) of the Federal Power Act to mandate that struggling coal and nuclear plants stay open either through compulsory purchases by grid managers or through subsidies. FirstEnergy, a power corporation whose coal and nuclear units are under Chapter 11 bankruptcy, petitioned the DOE to use this power in April.

Read 20 remaining paragraphs | Comments

Facebook breach hit 3 million in EU, putting new privacy law to test - CNET

cNET.com - News - October 16, 2018 - 10:09pm
The social network could face a fine of more than a billion dollars if it failed to notify European users within 72 hours.

Huawei's Watch GT snubs Google for homegrown OS

The Register - October 16, 2018 - 10:07pm
Behold, a new Chinese platform?

Google's decision to shove Java everywhere it can may be as catastrophic as Microsoft's "Windows everywhere" from the 1990s.…

Ajit Pai slams carriers for slow restoration of cell service after hurricane

Ars Technica - October 16, 2018 - 10:06pm

Enlarge / A Verizon logo at the 2012 Consumer Electronics Show in Las Vegas. (credit: Getty Images | Bloomberg)

Wireless carriers' failure to fully restore cellular service in Florida after Hurricane Michael "is completely unacceptable," Federal Communications Commission Chairman Ajit Pai said today in a rare rebuke of the industry that he regulates.

Verizon in particular has been under fire from Florida Governor Rick Scott, who says Verizon hasn't done enough to restore service. By contrast, Scott has praised AT&T for its disaster response.

The FCC will open an investigation into the post-hurricane restoration efforts, Pai said. Pai and Scott urged wireless carriers to immediately disclose plans for restoring service, waive the October bills of affected customers, and let customers switch providers without penalty.

Read 18 remaining paragraphs | Comments


All times are GMT +2. The time now is 04:41.


©2001-2018 - Baanboard.com - Baanforums.com