Baanboard.com

Go Back   Baanboard.com > News

User login

Frontpage Sponsor

Main

Poll
How big is your Baan-DB (just Data AND Indexes)
0 - 200 GB
19%
200 - 500 GB
30%
500 - 800 GB
4%
800 - 1200 GB
7%
1200 - 1500 GB
7%
1500 - 2000 GB
11%
> 2000 GB
22%
Total votes: 54

Baanboard at LinkedIn


Reference Content

 
RSS Newsfeeds

Comic for March 21, 2019

Dilbert - March 22, 2019 - 12:59am
Categories: Geek

Facebook developers wrote apps that stored users’ passwords in plaintext

Ars Technica - 33 min 30 sec ago

Enlarge / Facebook Lite users made up the majority of Facebook accounts exposed internally by plaintext password logging, according to a Facebook spokesperson.

Facebook has mined a lot of data about its users over the years—relationships, political leanings, and even phone call logs. And now it appears Facebook may have inadvertently extracted another bit of critical information: users' login credentials, stored unencrypted on Facebook's servers and accessible to Facebook employees.

Brian Krebs reports that hundreds of millions of Facebook users had their credentials logged in plain text by various applications written by Facebook employees. Those credentials were searched by about 2,000 Facebook engineers and developers more than 9 million times, according to a senior Facebook employee who spoke to Krebs; the employee asked to remain anonymous because they did not have permission to speak to the press on the matter.

In a blog post today, Facebook Vice President of Engineering, Security, and Privacy Pedro Canahuati wrote that the unencrypted passwords were found during "a routine security review in January" on Facebook's internal network data storage. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and, as a precaution, we will be notifying everyone whose passwords we have found were stored in this way."

Read 6 remaining paragraphs | Comments

Why “chickenpox parties” are a terrible idea—in case it’s not obvious

Ars Technica - 47 min 14 sec ago

Enlarge / A child with chicken pox. (credit: Getty Images | Dave Thompson)

Kentucky Governor Matt Bevin made headlines Tuesday after revealing in a radio interview that he had purposefully exposed his nine unvaccinated children to chickenpox, drawing swift condemnation from health experts.

In case anyone needs a refresher on why you shouldn’t deprive children of safe, potentially lifesaving vaccines or purposefully expose them to serious, potentially life-threatening infections, here’s a quick rundown.

Chickenpox is nothing to mess with

Though most children who get the itchy, highly contagious viral disease go on to recover after a week or so of misery, chickenpox can cause severe complications and even death in some. Complications include nasty skin infections, pneumonia, brain inflammation, hemorrhaging, blood stream infections, and dehydration.

Read 16 remaining paragraphs | Comments

Critical flaw lets hackers control lifesaving devices implanted inside patients

Ars Technica - 1 hour 47 min ago

Enlarge / An X-ray showing an cardio defibrillator implanted in a patient. (credit: Sunzi99~commonswiki)

The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators that allows attackers to use radio communications to surreptitiously take full control of the lifesaving devices after they are implanted in a patient.

Defibrillators are small, surgically implanted devices that deliver electrical shocks to treat potentially fatal irregular heart rhythms. In recent decades, doctors have increasingly used radios to monitor and adjust the devices once they're implanted rather than using older, costlier, and more invasive means. An array of implanted cardio defibrillators made by Medtronic rely on two types of radio-based consoles for initial setup, periodic maintenance, and regular monitoring. Doctors use the company's CareLink Programmer in clinics, while patients use the MyCareLink Monitor in homes to regularly ensure the defibrillators are working properly.

No encryption, no authentication, and a raft of other flaws

Researchers from security firm Clever Security discovered that the Conexus Radio Frequency Telemetry Protocol (Medtronic's proprietary means for the monitors to wirelessly connect to implanted devices) provides no encryption to secure communications. That makes it possible for attackers within radio range to eavesdrop on the communications. Even worse, the protocol has no means of authentication for legitimate devices to prove they are authorized to take control of the implanted devices. That lack of authentication, combined with a raft of other vulnerabilities, makes it possible for attackers within radio range to completely rewrite the defibrillator firmware, which is rarely seen in exploits that affect medical device vulnerabilities.

Read 12 remaining paragraphs | Comments


All times are GMT +2. The time now is 00:12.


©2001-2018 - Baanboard.com - Baanforums.com