+1 Bernie.

Most routers are sold new in an unencrypted state.

If you get one from your broadband supplier, BT, Virgin, Talk Talk, etc they have a password already set. From my flat I can see a dozen or more different WiFi routers and only one is not encrypted.

My feeling is if you leave your WiFi wide open you have to suffer the consequences . In my eyes Google did nothing wrong, in fact they performed a public service by highlighting the problem. And now as part of the judgement have to run a publicity campaign to get people to protect their data.

---

It was a simple IT cock-up, but it has been reported out of all proportion by the conspiracy mob. What they did was inadvertently collect data from unencrypted wireless routers only. It is estimated that up to 25% of wireless routers in the UK are unencrypted, either because the owners didn't know it, or didn't know how to do it. Most routers are sold new in an unencrypted state.

"The project leaders never wanted this data, and didn't use it or even look at it. We're pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement."

Maybe some more of this might wake them up....

Google hit by $7m fine in US

---

Another worrying aspect:


Google Play Store's "privacy problem" is taxing

Google Play Store logo Google's Play Store is giving out email addresses, post codes and full names to the seller of an Android application whenever an app is purchased, according to an Australian developer's report. Calling it a "massive, massive privacy issue"...

... other developers had observed the same problem. It was in one of the later discussions that a Google employee explained that the details were handed over because the developer was the merchant of record and had a number of responsibilities legally regarding taxes. ...


Unfortunately, I suspect that opens up a whole host of avenues for abuse...

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

... I used to think, "man, all this for software that usually runs like crap and crashes?"...

Is that all a question of design for the benefit of Monopoly and Marketing or for producing a good product for the good of the users?

Can you "trust" Marketing?...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

'Cause Java sucks.

It does.

...

Took the IT industry many years to admit that, all the while myself as a lowly end-user could see hands on how junky it was and could watch those updates roll in from Oracle AND MS back in the days I used Windows 24-7...

I used to think, "man, all this for software that usually runs like crap and crashes?"

Fortunately many sane people out there now are recommending to not use it. Their reasons are mainly security related, but the other plus of not using it is not having to deal with software built on it.

---

#resist

'Cause Java sucks.

It does.

Wonder if the press will report the fact that a website needed to be breached before this Java hole could be exploited? Nah, that might implicate FLOSS as being the source. That doesn't sell advertising space.

Apple has the update available for download.

---

'Cause Java sucks.

---

#resist

http://news.yahoo.com/exclusive-apple-hit-hackers-targeted-facebook-last-week-182005220.html

The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook , which the social network disclosed on Friday.

Apple said it plans to release a piece of software on Tuesday, which it said customers can use to identify and repair Macs infected with the malware used in the attacks.

So why does Apple have to repair Oracle Corp's Java software?

---

privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component

http://technet.microsoft.com/en-us/security/bulletin/ms13-016

The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

For Windows 8, Windows Server 2012, and Windows RT this security update has no severity rating.

Severity ratings do not apply to this update for the specified software because the known attack vectors for these vulnerabilities are blocked.

Sounds like if you are running outdated software, only then is it an issue.

---

Can you trust this?


Intel's new TV box to point creepy spy camera at YOUR FACE

One day we're gonna watch you like it's 1984...



IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

It is that messy time of month again:

Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves

... A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.

... reveal critical holes ... 13 bugs found in Internet Explorer, ... privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component ... gain control of a user's machine via a drive-by download.

... patches Microsoft's web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that's being actively exploited by miscreants.

The other critical updates cover Windows bugs...


The comments to that article speak for themselves. These monthly updates add quite a burden in the desktop IT world...

A serious question: Are we really being 'unfair' on Microsoft? Or are there design problems there that other operating systems and products simply do not suffer?... (Please, no unsubstantiated anecdotes or random opinion. Referenced examples only.)



IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Is this the 'proprietary way' of abusing FLOSS?


Lots of router vulnerabilities, not many patches

... Routers from Linksys, Netgear and repeat offender D-Link are affected. Some of the vulnerabilities can be exploited to inject commands remotely. ...


All that looks to be a rather poor example of non-maintenance, and of risque broad feature richness left unmaintained.



IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

... free to bash...

Note also the shell environment Bash... (Very deliberately and cleverly so named!)


:-)

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Actually one could argue the exact opposite. Linux has almost every popular open source app in the repository lists on each distro... all in one easy to find easy to use location...

Wow a list of other peoples products, not made by the maker of the distro. That leaves people free to bash an application and O/S maker but disingenuously compare them to an O/S only maker. If what you implied was true, then with Java on that list it would be correct to say that Linux has tons and tons of security issues.

I'm sorry, but I just do not follow your desperate negativity and 'trashing' upon every post. All just a silly game of Trolling? Or are you paid to spread FUD?


Please note the name "distro". That is short for "distribution". In the early days of the Linux kernel and the GNU collection of software building an operating system, developers and users had to run through a recipe to download (old FTP) and compile software from all around the internet of the day. A very slow and very Geekie early days method during rapid development. Certain Geeks streamlined the process by collecting core components together in one place that they then distributed... The GPL licensing deliberately allows (and encourages) that. It helps everyone.

Since those very early days, the name/description "distro" has stuck and the description "Linux distro" has come to describe any collection of software operating on top of a Linux kernel. A great security strength is the use of signed repositories where all the software for a particular distro is kept in effect in one place.

Further notes:

You are free to keep to just a distro's collection of software, or you are equally free to know your stuff for yourself to add your own.

Two interesting variations on that theme are the Google Android system which is the Linux kernel with Google's "Bionic" libc/OS, and the GNU Hurd microkernel (suffering stalled development) with the GNU OS. ("Linux" is often used to describe all of the Linux kernel + GNU OS + FLOSS applications.)


Educated? Enthused even?

IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Actually one could argue the exact opposite. Linux has almost every popular open source app in the repository lists on each distro... all in one easy to find easy to use location...

Wow a list of other peoples products, not made by the maker of the distro. That leaves people free to bash an application and O/S maker but disingenuously compare them to an O/S only maker. If what you implied was true, then with Java on that list it would be correct to say that Linux has tons and tons of security issues.

---

Strange that sort of widespread expansive fix across all levels of OS and applications for such critical vulnerabilities is never seen for other systems...

Because other systems have no applications?

Have your powers of discussion really degenerated to something so sad and pathetic? Or do you now admit that you are flogging a dead horse of trolling to try to beef up any implausible argument?

What system. Oh that's right, only Microsoft has a system with applications bundled. But that still wouldn't be right. Apple has a system and it is the one you like *nix, and it comes bundled with applications. You don't bash it, because if you did you would be bashing your own precious system. Linux has no bundled applications. They all come from other suppliers.

So you scream and scream about the bundled applications and call them the system. So you flog the dead horse again and again. Change the title of the thread to "BASH MICROSOFT" and go look in the mirror. The little word describing the picture in the mirror is disingenuous.

Actually one could argue the exact opposite. Linux has almost every popular open source app in the repository lists on each distro... all in one easy to find easy to use location...

Ex, were getting close to the shut down, But later tomorow Im going to PM you about converting my wifes old laptop over to linux.

---

[/quote]

Old James

Strange that sort of widespread expansive fix across all levels of OS and applications for such critical vulnerabilities is never seen for other systems...

Because other systems have no applications?

Have your powers of discussion really degenerated to something so sad and pathetic? Or do you now admit that you are flogging a dead horse of trolling to try to beef up any implausible argument?

What system. Oh that's right, only Microsoft has a system with applications bundled. But that still wouldn't be right. Apple has a system and it is the one you like *nix, and it comes bundled with applications. You don't bash it, because if you did you would be bashing your own precious system. Linux has no bundled applications. They all come from other suppliers.

So you scream and scream about the bundled applications and call them the system. So you flog the dead horse again and again. Change the title of the thread to "BASH MICROSOFT" and go look in the mirror. The little word describing the picture in the mirror is disingenuous.

Actually one could argue the exact opposite. Linux has almost every popular open source app in the repository lists on each distro... all in one easy to find easy to use location...

---

#resist

Microsoft licence cops kick in TWICE as many customers' doors as rivals

Microsoft audited far more customers on software licensing than its rivals managed during 2012

Thought there might have been something there, but there wasn't. Doesn't even say what "customers" means or how it came up with the percentages. Then it doesn't say anything about the survey being conducted in a scientific manner or give error bars.

There are lies, damn lies and statistics.

But they did self report their piracy was about 38%

38% of enterprises indicated that 11% or more of their application spend is associated with applications that are overused, and therefore out of compliance, up from 26% one year ago.

And Microsoft looks to be doing more random than the others

Microsoft was the leading auditor reported across all organization sizes. The other application producers favored performing audits of the large organizations (over $1B revenue), to a greater degree than Microsoft did.

With 38% percent of the responses coming from pirates, perhaps Microsoft is just better at figuring out who is a pirate than the other vendors, unless their software is just that more popular.

Of course the BSA runs radio advertising offering a bounty to report.

---