Vuln: Apple Mac OS X CVE-2014-4350 Buffer Overflow Vulnerability

Apple Mac OS X CVE-2014-4350 Buffer Overflow Vulnerability

Vuln: Apple Mac OS X CVE-2014-1391 Memory Corruption Vulnerability

Apple Mac OS X CVE-2014-1391 Memory Corruption Vulnerability

Apple Mac OS X QuickTime CVE-2014-4351 ‘m4a’ File Handling Buffer Overflow Vulnerability

Apple QuickTime ‘mvhd’ Atom Heap Memory Corruption Vulnerability

New submitter Intrepid imaginaut sends word of a study (PDF) into how e-commerce sites show online shoppers different prices depending on how they found an item and what the sites know about the customer. “For instance, the study found, users logged in to Cheaptickets and Orbitz saw lower hotel prices than shoppers who were not registered with the sites. Home Depot shoppers on mobile devices saw higher prices than users browsing on desktops. Some searchers on Expedia and Hotels.com consistently received higher-priced options, a result of randomized testing by the websites. Shoppers at Sears, Walmart, Priceline, and others received results in a different order than control groups, a tactic known as “steering.” To get a better price, the article advises deleting cookies before shopping, using your browser’s private mode, putting the items in your shopping cart without buying them right away, and using tools like Camelcamelcamel to keep an eye out for price drops.

Read more of this story at Slashdot.




This week, hybrid cloud takes center stage with solutions from big players, Microsoft’s cloud in a box and Red Hat CEO talks cloud.

dcblogs writes: McDonald’s this week told financial analysts of its plans to install self-ordering kiosks and mobile ordering at its restaurants. This news prompted the Wall Street Journal to editorialize, in ” Minimum Wage Backfire,” that while it may be true for McDonald’s to say that its tech plans will improve customer experience, the move is also “a convenient way…to justify a reduction in the chain’s global workforce.” Minimum wage increase advocates, the Journal argued, are speeding along an automation backlash. But banks have long relied on ATMs, and grocery stores, including Walmart, have deployed self-service checkouts. In contrast, McDonald’s hasn’t changed its basic system of taking orders since its founding in the 1950s, said Darren Tristano, executive vice president of Technomic, a research group focused on the restaurant industry. While mobile, kiosks and table ordering systems may help reduce labor costs, the automated self-serve technology is seen as an essential. It will take the stress out of ordering (lines) at fast food restaurants, and the wait for checks at more casual restaurants. It also helps with upselling and membership to loyalty programs. People who can order a drink refill off a tablet, instead of waving down waitstaff, may be more inclined to do so. Moreover, analysts say younger customers want self-service options.

Read more of this story at Slashdot.




Heart of Windows 8 lives on in Windows 10

Analysis  This weekend marks two years since Windows 8 and Surface were launched at a press event at Pier 57 on the Hudson River in New York.…

Ubuntu 14.10 Charms Linux Unicorns

eWEEK: Also known as the Utopic Unicorn, Ubuntu 14.10 expands the Juju charms orchestration system. Juju now has the ability to “charm” Hadoop big data deployments.

Posted by Security Alert on Oct 24

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2014-096

CVE Identifier: CVE-2014-4624

Severity Rating: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected products:
• EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43.

Summary:
EMC Avamar contains a security vulnerability that may allow a remote user to retrieve sensitive information from Avamar…

Posted by Security Alert on Oct 24

ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability

EMC Identifier: ESA-2014-094

CVE Identifier: CVE-2014-4623

Severity Rating: 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

Affected products:
• EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x
running with optional Password hardening package earlier than version 2.0.0.4

Summary:
EMC ADS/AVE Password hardening package stores…

Ubuntu 14.10 Utopic Unicorn is the latest version of ubuntu operating system developed by Canonical. It now available to download and install on PC and Laptop. On this release ubuntu 14.10 have been updates to many core packages, including a new 3.16-based kernel, Unity Desktop 7.3.1, and new AppArmor with fine-grained socket control, and many more.

Posted by Security Alert on Oct 24

ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

EMC Identifier: ESA-2014-087

CVE Identifier: CVE-2014-4620

Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected products:
• EMC NetWorker Module for MEDITECH (NMMEDI) version 3.0 builds 87-90.

Summary:

A vulnerability exists in the EMC NetWorker Module for MEDITECH when used with EMC RecoverPoint that could…

New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors’ chips. In their statement, FTDI CEO Fred Dart said, “The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.” This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software. If you design hardware, what’s your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?

Read more of this story at Slashdot.




Her Maj opens ‘Information Age’ at the Science Museum

Here it is:…

The openSUSE project has announced
that the “Factory” and “Tumbleweed” distributions will merge into a single
rolling distribution (called “Tumbleweed”). There is also an FAQ posting about the merger. “With
the vast improvements to the Factory development process over the last 2
years, we effectively found ourselves as a project with not one, but two
rolling release distributions in addition to our main regular release
distribution. GregKH signalled his intention to stop maintaining Tumbleweed
as a ‘rolling-released based on the current release’. It seemed a natural
decision then to bring both the Factory rolling release and Tumbleweed
rolling release together, so we can consolidate our efforts and make
openSUSE’s single rolling release as stable and effective as
possible.

Firm cites ‘low demand’ plus ‘abusers’

Comment  One of the oddest cloud storage offers ever has just been binned as Bitcasa bumps into reality. When sprats are competing with killer whales what do you expect?…

We would like to thank the Zorin OS team

 DarkDuck: On behalf of the neighbourhood council, we would like to thank the Zorin OS team for their commitment on an extraordinary software that we hope will be going strong for years to come.

BarbaraHudson writes: The Globe and Mail is reporting the success of a procedure to implant a replacement retina grown from cells from the patient’s skin. Quoting: “Transplant doctors are stepping gingerly into a new world, one month after a Japanese woman received the first-ever tissue transplant using stem cells that came from her own skin, not an embryo. On Sept. 12, doctors in a Kobe hospital replaced the retina of a 70-year-old woman suffering from macular degeneration, the leading cause of blindness in the developed world. The otherwise routine surgery was radical because scientists had grown the replacement retina in a petri dish, using skin scraped from the patient’s arm. The Japanese woman is fine and her retinal implant remains in place. Researchers around the world are now hoping to test other stem-cell-derived tissues in therapy. Dr. Jeanne Loring from the Scripps Research Institute in La Jolla, Calif., expects to get approval within a few years to see whether neurons derived from stem cells can be used to treat Parkinson’s disease.”

Read more of this story at Slashdot.




n the Utopic Unicorn, Juju now has the ability to “charm” Hadoop big data deployments, making it easier for server administrators to deploy big data processing and analytics.Juju isn’t just for deploying Linux-only workloads anymore either: The orchestration system can now deploy Microsoft Windows Server-based workloads, Baker said. “A key part of our strategy is to enable administrators to use Ubuntu tools to manage multiple workloads, irrespective of the operating system,”