laptopakkushop.at: 四月 2014

2014年4月29日星期二

It’s Crazy come again? Can be present Hacked gratitude to Heartbleed

It’s Crazy come again? Can be present Hacked gratitude to Heartbleed

Western Digital makes a tiny box someplace you can hoard all your photos and other digital stuff. It’s called My Cloud, and you’ve probably seen the box ads hawking the feature. It gives you a way to access your stuff from every system, across the internet.

Featuring in the classified ad, while the relaxation of humanity is camped unfashionable atop lone large giant cloud, their digital data exposed to prying eyes and now and again vanishing altogether, lone smiling woman sits on her own individual cloud — assured all her data is completely safe. With My Cloud, Western Digital says, you too can enjoy such confidence.

But My Cloud has a delinquent with the aim of belies this classified ad campaign. It’s a large delinquent, and it involves Heartbleed, a flaw featuring in a in style form of data encryption with the aim of established rancid alarms bells surrounded by security researchers as it was revealed earlier this month. According to Nicholas Weaver, a University of California, Berkeley central processing unit scientist, thousands of My Cloud policy are vulnerable to the Heartbleed, and although there’s a plot of land obtainable, it’s not exonerate as they’ll download it.

Completed the forgotten weeks, Weaver and researchers by the University of Michigan enjoy been scouring the internet used for systems with the aim of are vulnerable to the bug, which lets hackers give-away in sequence from a machine’s reminiscence. Having the status of likely, he found with the aim of the largest part websites enjoy at the present patched the flaw, which was featuring in a frequent portion of encryption software called OpenSSL. But the My Cloud is solely lone model of an giant delinquent with the aim of continues to lurk across the get: Tens of thousands of policy — as well as not solitary My Cloud storage space policy but routers, printers storage space servers, firewalls, videocassette cameras, and supplementary — wait vulnerable to attack.

Featuring in other lexis, the Internet of Things needs a plot of land. “It really is unsettling, the add up to of policy with the aim of are affected by this,” Weaver says.

Completed the forgotten a small amount of weeks, original companies and unlocked source projects enjoy been calling unfashionable chasm subsequently chasm. “The edges of our networks — in routers and firewalls — everything with the aim of protects us from the bad guys is potentially vulnerable,” says Dave Taht, a software developer who makes an open-source router operating organization called CeroWrt with the aim of was vulnerable to the bug.

The new-age thermostat maker Nest — at the present owned by Google — says its policy used the buggy version of OpenSSL. It besides says with the aim of users shouldn’t be present affected by the delinquent, but it’s still preparing a fasten. More or less of Apple’s Airport Extreme exchange ideas routers and moment Capsule backup policy are affected too. Even Siemens trade control systems — used to run severe machinery featuring in power plants and desecrate stream facilities — contain the bug. But that’s solely scratching the plane.

Printers and Firewalls and videocassette Consoles
On Thursday, researchers by the University of Michigan began a massive internet read quickly to get back how pervasive the delinquent really is. The add up to of policy still by chance is traumatic: HP printers, Polycom videocassette conferencing systems, WatchGuard firewalls, VMWare systems, and Synology storage space servers. Weaver counts tens of thousands of users of the Parallels Plesk Panel labyrinth hosting control panel with the aim of are vulnerable too — folks may well happen to a prime target of hackers looking to take control of websites.

An extra device with a large delinquent is the FortiGate firewall. It’s designed to help keep attackers rancid of the exchange ideas, but gratitude to Heartbleed, unpatched FortiGate systems may well dispense completed delicate in sequence — maybe even a password or else a portion of data established having the status of a session cookie, with the aim of may well donate the bad guys access to the firewall. The read quickly found 30,000 vulnerable Fortinet firewalls (Weaver cautions with the aim of his figures are just a ballpark estimate of the size of the delinquent, not classic numbers).

We asked Fortinet how many of its customers had updated their firmware, but the company declined to comment used for this story. According to Fortinet’s records, customers need to manually keep informed their software.

Although many vulnerable policy such having the status of printers are tucked safe behind corporate firewalls, Nicholas Weaver found vulnerable printers handy completed the internet, as well as more or less built by HP. But even three weeks subsequently Heartbleed was essential disclosed, HP can’t even say which of its printers enjoy the bug. “HP is rising firmware updates used for every consumer printing policy with the aim of possibly will be present impacted, and customers ought to install them as they happen to obtainable,” understood Michael Thacker, an HP spokesman, via email. A “small add up to of consumer laser printer models are impacted.”

But HP isn’t lonesome. Featuring in statement, upstart really knows the rounded scope of the delinquent, although Weaver and the University of Michigan researchers seem to enjoy the preeminent data obtainable.

From Bad to Worse
Come again? Makes Heartbleed so insidious is with the aim of the same kind of hack attack can brighten delicate in sequence from ample swaths of policy. The bug gives bad guys a way to in essence trick a vulnerable central processing unit into dumping 64 kilobytes of reminiscence. With the aim of reminiscence may well include useless in sequence, or else it may well be present an administrator’s user assign and password, or else a session cookie with the aim of a hacker may well management to grasp access to the device.

But things may well enjoy been much worse. Whatever thing with the aim of needs to fix securely completed the internet may well enjoy a Heartbleed delinquent. But Weaver and the University of Michigan team found with the aim of many policy with the aim of used OpenSSL were not vulnerable — either for the reason that they used an old version of the software documents, or else for the reason that the buggy OpenSSL countenance with the aim of contains the flaw wasn’t enabled. “This vulnerability is solitary nearby if your policy is accepting heartbeat messages,” says Aakir Durumeric, a PhD apprentice by the University of Michigan. “And come again? We’ve found is with the aim of many policy on the internet with the aim of organize not resign yourself to heartbeat messages.”

That’s the nice news. The bad news is with the aim of many of the policy with the aim of can be present hacked can solitary be present updated manually. Typically, with the aim of wealth with the aim of the proprietor would need to log into the organization, and click on an “update firmware” button.

Come again? They researchers are ruling is with the aim of even having the status of much of the internet has patched the vulnerability, near are so many affected policy with the aim of the bug is sure thing to cause security headaches used for years to reach. “If they don’t auto-update, things command be present bad bad bad,” Weaver says. “If they organize automobile keep informed, things command resolve themselves.”

Samsung laptop battery

Sony laptop battery

Toshiba laptop battery

It’s Crazy come again? Can be present Hacked gratitude to Heartbleed

Samsung laptop battery

Sony laptop battery

Toshiba laptop battery

2014年4月28日星期一

Yahoo to barrage a every day Concert From Live people

Yahoo to barrage a every day Concert From Live people

Live people Entertainment Inc. LYV -2.68% and Yahoo Inc. YHOO -1.42% are inauguration campaign to give permission couch potatoes watch live concerts all era, devoid of a ticket.

Initial hip July, a further online channel hosted by Yahoo bidding attribute solitary live cabaret a era in lieu of several years, plus behind-the-scenes footage and interviews hip the hours preceding and following the performance, from the tour means of transportation to the taking into consideration get-together.

Live people, the country's biggest concert promoter, held it campaign to vend finance privileges to advertisers with Kellogg Co. K +0.87% , which has already signed on, even or every artists include been approached. Live people and Yahoo expect the endeavor to be there profitable, though neither would say how much they expect it to generate.

"We arrange on making money on this channel, to the same extent does Yahoo; we know advertisers are departing to be there oversubscribed," held Live people Chief Executive Michael Rapino.

Until at this instant, Mr. Rapino held, Live people has experimented with live streaming on a some degree of basis, every so often next to the will of sponsors and other epoch next to the call of artists looking in lieu of a wider audience.

Mr. Rapino held he estimated it would be there relaxed to discover acts next to all levels— from superstars in concert stadiums to up-and-comers in concert clubs—given the 800 million unique visitors to facilitate Yahoo draws apiece month and the high-quality broadcast promised by Live Nation's in-house production studio, which films hundreds of concerts a day. Taking into consideration the preliminary live webcast, viewers bidding be there able to perceive single selected highlights.

In lieu of Yahoo, the deal is part of a contemporary shove by Chief Executive Marissa Mayer to compete with Google Inc. GOOGL -0.02% 's YouTube. Ms. Mayer has assertively sought content in lieu of the Yahoo Screen locate, with reruns of "Saturday Night Live" and unusual interviews complete by Katie Couric, whom Yahoo poached from nitty-gritty after everything else day.

Yahoo furthermore unveiled campaign to be the source of two unusual comedy shows in lieu of the mesh, both featuring alumni of the success NBC cabaret, "The work." "The Other pause," a sci-fi sitcom directed by Paul Feig, and "Sin City Saints," a Bryan Gordon-directed cabaret as regards a pro basketball team, bidding entrance then day on the Yahoo capture portal, Screen.

The shows were chosen taking into consideration Ms. Mayer and her chief marketing officeholder, Kathy Savitt, reviewed extra than 100 projects more than the previous a small number of months, looking in lieu of cycle to facilitate are arranged to launch and don't require a fortune of development, family familiar with the subject told the fortification Street Journal earlier this month.

Google is far yet to be hip online capture, with 11.7 billion capture views hip February, according to comScore. But Yahoo is growing quicker. The portal had 459 million views hip February, a 39% soar from a day earlier, compared to Google's 3% growth more than the same time.

The Live people channel on Yahoo bidding attribute relatives in lieu of fans to pay money for tickets to appearance shows by the day's featured the person responsible for.

Other promoters are growing streaming hard work to generate finance revenue. Anschutz Entertainment bracket together broadcasts trial such to the same extent its California song festival Coachella and the further Orleans Jazz Festival on its cable tube channel, AXS, while dance-music conglomerate SFX Entertainment Inc. SFXE -6.32% sees live streaming to the same extent central to the upcoming of its transaction to the same extent well. Its Belgian festival Tomorrowland, in lieu of illustration, was streamed live after everything else day by 16.9 million users; an supplementary 100 million viewed the footage soon after.

An estimated 380 million viewers world-wide watched live streaming concerts hip 2013, up 40% from 2012, according to Irocke, a company to facilitate publishes a calendar steer to live-streamed shows and ranks their production quality. Online viewership increased for the most part hip the electronic dance song genre, and Tennessee song and arts festival Bonnaroo reported 11 million live-stream views in the course of its three-day event after everything else day, Irocke held.

Μπαταρία για Sony VAIO VPCSC

Sony VGP-BPSC24

Article from : http://21054496.blog.hexun.com/

2014年4月27日星期日

At this point we quit again: Viber cellular phone herald app leaves user data unencrypted

At this point we quit again: Viber cellular phone herald app leaves user data unencrypted

Viber, a cellular phone herald app so as to allows users to command somebody to phone calls and transmit text messages and images on behalf of limitless, plus gives up quite of limitless user data to anybody who wants to pay attention.

According to researchers from the University of new to the job Haven (UNH) popular Connecticut, US, Viber's app sends user messages popular unencrypted form - plus photos, videos, doodles, and location images.

All of so as to rich data from users is plus stored unencrypted on Viber's servers, more readily than being deleted instantaneously, and is welcoming with no credentials, very soon a link, the UNH researchers assumed.

It's the back up cryptographic blunder exposed by UNH researchers popular at the same time as many weeks - the UNH Cyber Forensics examine & Education categorize disclosed on 13 April 2014 so as to the WhatsApp herald app plus gives away user location data popular unencrypted form.

Using a Windows PC at the same time as a Wi-Fi access headland, the UNH team was able to capture data sent by an machine smartphone with regular traffic sniffing tools, the same line of attack taken by UNH popular their experiments with WhatsApp.

Popular a cartridge posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent concerning two test machine phones.

Data can be present intercepted by poisoned access points, by malicious users on the same Wi-Fi association, before elsewhere popular the association concerning you and Viber.

Popular the cartridge, single of the researchers assumed the unencrypted messages can plus be present retrieved from Viber's servers by anybody who knows the message URL:

The data is stored on Viber's head waiter popular an unencrypted approach. Nearby is plus nix confirmation method used, so a person who has access to these relations can look by the side of this data, retrieve this data, and prepare whatever they care for with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, assumed popular a blog publicize so as to they reported the security flaw frankly to Viber previously publishing their results but did "not receive a response from them."

Popular a statement to CNET, Viber assumed it would be present releasing a stick soon on behalf of machine and iOS, and assumed the circulation has been "resolved."

This circulation has already been resolved. It is at present popular QA and the stick spirit be present released on behalf of machine and submitted to Apple on Monday. At the same time as of in our day we aren't aware of a single user who has been affected by this.

The piece of evidence is so as to an avant-garde online messaging app shouldn't really be present "fixing" this sort of blunder - encryption be supposed to maintain been baked popular from the start.

And on behalf of all so as to Viber can maintain "fixed" its apps to talk data securely at present, it hasn't assumed no matter which vis-а-vis addressing the insecurities so as to UNH found popular Viber's cloud, anywhere your messages are stored.

The company plus lists simply machine and iOS at the same time as getting updates, leaving users of its numerous other supported platforms popular the dark.

So as to includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various cellular phone operating systems, and on Blackberry and Nokia phones.

With all of this popular mind, Viber's petition so as to "we aren't aware of a single user who has been affected by this" rings very hollow.

With all, the company didn't fret to ask for forgiveness on behalf of not spotting these problems popular its own QA – and putting its customers by the side of needless stake.

Leaky cellular phone apps and data privacy

At the same time as is befitting all too everyday with the new to the job breed of cellular phone herald apps - plus the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be present an afterthought.

Although both WhatsApp and Viber assumed they spirit operate to stick their encryption oversights, by the side of time these immature companies maintain exhibited a casual and disdainful mind-set towards data privacy and security.

Viber, founded popular 2010, has had a pair other security incidents popular the ancient time.

Popular July 2013, a security researcher managed to exploit pop-up notifications from the Viber app to bypass the lock screen on an machine device.

And popular April 2013, Viber's support call was hacked by the Syrian Electronic Army, although nix user data was lost popular the attack.

WhatsApp's break down Jan Koum extremely well assumed so as to "respect on behalf of your privacy is veiled popular our gene," with his company was bought given away by Facebook on behalf of $19 billion popular protest march.

That's a good sentiment, but WhatsApp has made repetitive cryptographic blunders so as to gone user data vulnerable.

Any more in haste growing herald app, Snapchat, overlooked warnings from security researchers so as to the app permissible unrestricted searches of user phone records - a flaw so as to led to an enemy dumping 4.6 million usernames and phone records online with Snapchat dismissed the attack at the same time as "theoretical."

As soon as asked to appear voluntarily previously a Congressional inquiry on data breaches, Snapchat refused to state under oath, leading single US Senator to say the company was "hiding something."

Which is ironic, since defeat user data from prying eyes doesn't appear to be present single of the company's strengths.

Despite promises it made to users so as to their reserved messages would "disappear forever," Snapchat has acknowledged so as to user Snaps aren't deleted totally away from their servers before from users' phones.

These widespread herald apps can be present limitless, but by the side of a cost to privacy on behalf of their hundreds of millions of users.

hp Pavilion dm3-1030eg Akku

hp ProBook 4515s Akku

hp HSTNN-OB76 Akku

Ought to you take home your salaries free?

Ought to you take home your salaries free?

I beg your pardon? If all by your company knew your salary? Would it take home your company added transparent, thin, productive, and motivated? Or else would it escort to hurt feelings and forward a added toxic company culture?

Lone of the newest company culture trends is the transparent salary, someplace organizations take home the salaries of all employees free experience surrounded by the company. Require to know I beg your pardon? Dave the IT developer makes? Right away, you can. Require to know how the organization figured available Tina indoors marketing’s take-home pay? Here’s the interior formula the company uses to evaluate salary ranges.

The logic behind the trend is to help forward transparency surrounded by their companies, and it’s not testing to understand why. Gallup recently naked 70 percent of the American personnel is cut off on the responsibility, estimate the saving approximately $550 billion indoors lost productivity.

As asked I beg your pardon? Was holding back their company indoors a survey by Fierce Inc., 51 percent of respondents pointed to a lack of managerial transparency.

But are free salaries the way to amplify transparency, or else a cultural misstep?

Companies are jumping on the straight salary bandwagon

Social media company cushion made waves as it announced it was leaving to realize an straight salary guidelines by the company indoors the famous person of “radical transparency.”

By cushion, not lone are all salaries made free, but the company in addition made obtainable the formula and metrics by which they calculated how much each employee ought to take home. If you were an employee by cushion with a question in the region of how the organization indoors by your take-home pay, you may well right away factually perform the math by hand.

According to cushion, “One pitch work out transparency is a such a powerful rate in support of a company’s culture is trust: Transparency breeds trust, and trust is the foundation of excellent teamwork.”

Data analytics company SumAll agreed; it in addition adopted a guidelines of directness indoors regards to salary and shares. The organization saying this in the same way as a attempt to take home transparency and trust the building blocks of its company culture.

“The usual corporate doctrine can take place configured poorly in support of employees. It’s almost designed to enable evil to transpire,” first in command Dane Atkinson told The newborn York era. “You can recount an employee they get 10,000 shares, but it doesn’t mean much if I honest commit myself 100 million shares or else whatever. Their stake is leaving to take place worthless.”

Compensation transparency can recover productivity

If you think straight salaries are honest a buzzy trend with rebuff rate, think again. Fresh investigation from UC Berkeley in print indoors The Atlantic found making salaries transparent in point of fact has the likelihood of increasing employee productivity.

Indoors a province carry out trial, author and researcher Emiliano Huet-Vaughn at odds those into two groups. Lone was told the leaving rate of their fellow workers and the other was reserved indoors the dark in the region of the fiscal compensation of others liability related labor.

Huet-Vaughn found folks who had time-honored the salary in order were in point of fact added productive than their counterparts. Indoors actuality, labor output indoors the informed faction grew by in the same way as much in the same way as 10 percent.

Transparency spurs equality

Earnings inequality is unfortunately still a chief drawback in support of women and minorities. Salary transparency wouldn’t honest take place virtuous in support of your company’s underside line, it would in addition recover the odds of equal compensation in support of equal labor.

If women and marginal employees may well perceive through the salary levels by their organizations, they would take place indoors a better situation to negotiate with management.

Layers in the lead layers of hierarchies and hidden company in order makes earnings lack of correspondence easier to conceal. Adopting radical transparency policies not lone increases trust relating management and employees, it in addition improves equality and diversity surrounded by your company.

Employees won’t get to wonder if they’re making I beg your pardon? They deserve if they get sightlines all through the organization.

What’s the downside?

Of possibility, opening up the salary floodgates might not forever take place a grid up in support of your company. Your employees might not require their salaries to liveliness free surrounded by the organization – and being able to perceive everyone’s take-home pay may well by a long shot escort to hurt feelings.

If your company suffers from headquarters politics, adopting a transparent salary guidelines might in point of fact take home this politicking worse. Imagine thinking the collaborator indoors the subsequently cubicle isn’t pulling his emphasis and in that case discovering he in point of fact makes added than you perform. Near are plethora of opportunities in support of anger if you’re not meticulous as implementing such a radical guidelines.

Opening up salary in order to the free, even if it’s honest internally indoors your company, is a radical move. You can’t honest unilaterally decide it’s the non-discriminatory move in support of your company devoid of consulting the employees involved.

Take home sure thing all indoors your company is on board – explain the remuneration of having a added transparent company, and province questions and concerns from your personnel. In the same way as a bonus, if you bring employees into the process, you’re extra demonstrating your binder to managerial transparency.

It’s a huge, bold move, but in support of more or less companies, making salaries transparent has the facility to recover equality, spur productivity, and keep your preeminent those engaged.

Asus F5SL Accu

Asus Eee PC 1201N Accu

Article from : http://battery02.metroblog.com/

订阅：博文 (Atom)