I do not use VLC very often so thank you for the warning about that issue.
This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Singapore sting Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in …
make sure you regularly patch everything on your network regularly. Firmware updates for routers or printers can be an easy thing to forget, but if they get compromised things could get ugly very quickly.
Hold on, this "rule" won't work for Huawei's HG532 (which is the centre of this bot using CVE-2017-17215).
Read Huawei's "response" (https://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en). Nowhere in the security notice did it mention that there is a patch available. As far as Huawei is concern, the issue now lies with ISP.
Frankly, Huawei can stick this where the sun doesn't shine. They're behaving like the rest about leaving the consumers out to dry when they can afford to re-write the code to close this vulnerability.
And now they go on a PR expedition about letting people "trust" their gear. How can consumers "trust" their kit if they won't even fix this vulnerability?
Pull the other leg, boy. Them got bells.
I'd guess that statement means one of three things
* We can't be bothered / it's too old (given the vague boilerplate threats about End of Life).
* We've lost the source code so here are some workarounds.
* Some of our ... errr... "customers" requested this "feature" and they won't be happy if we remove it.
It's not just Huawei.. it's practically all of the printer and router makers for home use fall into this dark hole. Updates are not easy to find if you're Joe Average User and the manufacturer's stop support pretty damn quick. IMO, printers and routers need an automated way of updating much like Windows where it's pushed, notice given, and the consumer can make the choice. Most users I've met haven't a clue about how to update these devices or that updates might actually be available.
It's not just Huawei
Anarchist/Wicked (the author of the exploit) is quite smart. He uses a vulnerability the manufacturer refuses to patch. He also mentions, and which has been verified, that his next target is Realtek routers.
Does this sound familiar? Yes, this is the next "wave" of Mirai/brickerbot. But instead of using the default username/password combo, the author has targeted something more difficult to fix by the user of the router.
One way of fixing this is to name-and-shame Huawei. With current environment where western nations are questioning the quality of Huawei's codes, throwing this into the mix might just get a reaction.
Dude, Huawei is no different than Linksys, Netgear, Cisco, etc... they all have flaws that they won't fix, especially for consumer gear. Linksys, before they got purchased by Cisco, refused to release fw updates for my modem about 12 months after releasing the hardware, despite known exploit PoC code being publicly available. This was the straw that broke the camel's back for me - OpenBSD on a small embedded platform as a router since then on any network I operate.
I also went the BSD/Opnsense route (r), ditching the telstra thingy.
The thing is, for most of these rubbish things, they aren't modified once installed, so why not put a separate admin port in which doesn't forward traffic? Then the attack surface and bad press is vastly reduced.
"Ross is condemned to die in prison, not for dealing drugs himself but for a website where others did. This is far harsher than the punishment for many murderers, pedophiles, rapists and other violent people," writes mother Ulbricht.
Ma Ulbricht, let's not forget that time your little angel hired some Hells Angels to murder six people.
@RobThBay: "Hmmm... the boss of Silk Road gets jail time for activities other people did using his website."
Ulbricht was charged with drug trafficking, criminal enterprise, aiding and abetting the distribution of drugs over the internet, computer hacking and money laundering. Prosecutors are debating whether or not to dismiss the murder-for-hire charges, solely because he's spending the rest of his life behind bars anyway
He's a big boy and he knew what he was doing. Time for him to take his medicine...
@Surreal:"Li'l Ross couldn't have been All That busy as a criminal kingpin or he'd have the bushels of cash to get a stern reprimand, rather than life in prison."
At the end of the day he's just another lowlife drug dealer, regardless of what his mum thinks.
El Chapo's mum probably thinks he's misunderstood too...
Australians who wish to opt out of the Government's My Health Record data base have only to October 15 to do it.
See the latest news on the breach of the similar Singapore system for a possible reason for why you may wish to do so.
http://theconversation.com/my-health-record-the-case-for-opting-out-99302 gives extra insight on why you may wish to opt out and also contains a link which argues the contrary view for opting in (the default if you do nothing).
Page link to opt out: https://www.myhealthrecord.gov.au/for-you-your-family/opt-out-my-health-record
Biting the hand that feeds IT © 1998–2020