bugs

Synology owners update! Major Photo Station flaws patched

Synology owners update! Major Photo Station flaws patched

Bugs and security holes in software aren't exactly unusual, but there are times when they become so severe that they warrant special attention, immediate fixes, and fast rollouts. That is apparently the case here with Synology's NAS boxes, which was recently discovered to have a critical security flaw related to its photo and blogging features that could practically hand hackers a key to the data contained in those boxes. Synology has patched up those holes last week and the strongly recommended updates are rolling out to users now.

Continue Reading

Apple Watch users find latest update is affecting heart rate monitor

Apple Watch users find latest update is affecting heart rate monitor

On Tuesday of this week, Apple released the first update for Apple Watch, bringing the OS up to version 1.0.1. The patch was intended to improve both Siri and the performance of third-party apps, as well as fix a number of security issues. Unfortunately, the update has also had adverse effects on the Watch's heart rate sensor for more than a few users. Watch owners on both Apple's support forums and MacRumors' message boards have posted that their heart rate reading are being taken at infrequent intervals, as opposed to every 10 minutes.

Continue Reading

Broken Android factory reset leaves critical data intact

Broken Android factory reset leaves critical data intact

Factory reset or wipe is often used not just to start fresh but to also as a necessary step when selling a used Android device. Well, that's the theory anyway. Researchers from Cambridge University claim that they are just that: theories. Unfortunately, in practice, that might not be completely the case. Their tinkering of 21 smartphones from five manufacturers, all running Android versions 2.3 t 4.3, showed that factory wipe actually leaves some data locations intact. Worse, some of these locations are the very places that store credentials and encryptions keys that are supposed to be private and safeguarded.

Continue Reading

United Airlines is offering 1 million miles in bug bounties

United Airlines is offering 1 million miles in bug bounties

Bug bounty programs are a great way for white-hat security researchers--hackers-- to earn extra cash. The best programs incentivize finding security flaws with cold, hard cash. On the other end of the spectrum, some companies only offer swag in return for finding flaws. A new set of bounties from United Airlines falls squarely in the middle. The company is offering airline miles in return for hunting security flaws. These miles aren't a measly upgrade from economy; you could earn some real travel time for uncovering a serious system flaw.

Continue Reading

Lenovo chided again for vulnerable System Update service

Lenovo chided again for vulnerable System Update service

It has barely been three months since Lenovo was embroiled in controversy over its "Superfish" adware installations yet it seems the world's largest PC maker has taken another PR hit. This time however, it isn't about Lenovo installing malware on its products but about not being a good guardian of its critical software. A couple of vulnerabilities found in Lenovo's System Update service practically leaves any Lenovo PC user open to hackers and infection, using nothing more complicated than a man-in-the-middle (MITM) attack, one of the most basic weapons criminals have in their arsenal.

Continue Reading

FAA: Boeing 787s need to be rebooted every 248 days uptime

FAA: Boeing 787s need to be rebooted every 248 days uptime

Computer systems, especially servers, usually boast off years of uptime, the number of consecutive days the system is left running without a reboot or shutdown. That's not exactly surprising given how critical it is for these systems to keep on running and running. Boeing's 787 airplane, nicknamed the Dreamliner, however, can't boast of that same achievement anymore. The US Federal Aviation Administration is ordering airlines to shut down a 787's power systems at least once every 248 days to prevent a complete loss of power and control that can happen when the plane is left powered on for long stretches of time.

Continue Reading

Wink offers posts fix options for hubs bricked by update

Wink offers posts fix options for hubs bricked by update

Wink users who have suddenly found themselves without some smartness in their homes this weekend are probably painfully aware of the blunder that the company made in a recent firmware update. All hope is not yet lost, however. Wink has just posted some instructions on how to get those Smart Hubs up and running and connected to the Internet again. And in case you're not that confident with your technical know-how, they are offering free round-trip shipping to get yours fixed in a few days.

Continue Reading

“FREAK” security hole affects even Windows after all

“FREAK” security hole affects even Windows after all

Microsoft almost had it good. Long lambasted for being so easily hacked, it was almost believed that the company's operating system, at least those well-patched and up to date ones, were immune to the latest security vulnerability causing worry over the Internet. As it turns out, however, it just isn't the case. Microsoft published a security advisory informing users that the version of Internet Explorer running on many versions of the Windows OS are susceptible to this FREAK attack, with no word on when a patch will be rolled out.

Continue Reading

Spot.me Apple Pay to Android app can pose a security risk

Spot.me Apple Pay to Android app can pose a security risk

For all their advertised benefits, these rising mobile payment systems are pretty much walled gardens of their own. But what if you wanted to use that fancy new wireless system to pay, not just a merchant, but a friend? There's a new app on Android that proposes to do just that and it even lets Apple Pay users join the game. But while Spot.me sounds like a really neat and social thing, it might actually be more trouble than it's worth from a security point of view.

Continue Reading

90s US “weaker encryption” policy comes back to haunt it

90s US “weaker encryption” policy comes back to haunt it

The US government has been fighting against recent efforts in the tech industry to strengthen security measures, especially against government snooping. In essence, it wants a backdoor into services and devices in order to get access to crucial information it needs to fight crime and terrorism. Apparently, this has been done before and looks like the government needs to take heed from that. A security policy enacted decades ago has found its way back to the US and is compromising the security of secure websites, including some of the government's own.

Continue Reading

1 2 3 4 5 6 7