Tags Posts tagged with "security"

security

134
This newly disclosed vulnerability can cause instability and even system crashes.

On Monday, November 20, Intel released an advisory for security listing latest vulnerabilities in Management Engine of its Intel remote administration feature. It also includes bugs in the remote server management tool. Intel has found the vulnerabilities after going through a security audit. It has very recently published a ‘Detection Tool for Windows and Linux administrators’ so that they can check their systems and find out if they’re exposed.

The Management Engine is a subsystem that acts independently of the microprocessor on Intel chipsets. This ME allows users to control their devices remotely for any and all types of functions, from downloading updates to troubleshooting their device. Since this engine has extensive access and control over the main system, flaws in it can give the attackers a powerful breach to exploit. Some security advisors have even called it an unnecessary security hazard.

As with previous bugs, almost all of the recently issued Intel chips are impacted. This has affected servers, PCs, and many other devices. For resolving the issue, Intel has provided updates to manufacturers, but the customers will need to wait for their hardware companies to roll out the fixes.

This newly disclosed vulnerability can cause instability and even system crashes. They can also be used to impersonate the Engine, the Server Platform Services, and Execution Engine in order to erode security verifications. If exploited, this vulnerability can operate your system separately from the main device, which means that many engines wouldn’t even recognise an attack on the system. Even now, the full impact of this vulnerability isn’t clear, because of the little amount of information that Intel has released.

A ray of sunshine in the otherwise looming dark clouds is that most of the vulnerabilities require a local access to exploit. This means that someone has to have their hands on such a device to breach through the security.

 

-Archit

 

114

The flagrant incident of assault of a young women journalist including an other woman at the ITO metro station last Tuesday, being third in a row in a week’s time has shaken the confidence of the women metro commuters of Delhi.

Such an outrageous incident of a young journalist’s assault at a metro station just less than fifty metres away from the police headquarter definitely puts a strong question mark on the claims of women’s security in the capital and its metro stations.

If a woman in the heart of the city surrounded by police headquarter and newspapers’ offices of repute is not safe at 9.30 PM and that too a journalist, who showed exemplary courage to bravely counter the assault attempts and lodge an FIR despite being alone, having to wait for one hour just imagine what would be the fate of those shy and insecure women who daily face such assaults and stalkers but fail to report matters of constant harrasments due to the apprehension of repraisals of these goondaas or the tardy action taken procedures of the authorities concerned.

Hats off to this courageous journalist who not only fought with the criminal valiantly but also acrimoniouly chased him making him badly frieghtened who was later on caught after two days of police’s serious investigation, procuring the CCTV footage and enquiring from hundreds of nearby vendors and strangers.

The culprit who was a local tea seller is now in 14 day police custody under the relevant sections of the law. The Delhi Commision of Women has taken a suo.motto cognisance of this serious matter and have issued notices to the DMRC to submit it the detailed report about such shameless incidents of women assaults and harrasment till date.

Sounds shocking and anguishing that a station like ITO dosen’t have police petrol in the nearby vicinity as well a inside the station to check the antecedents of such anti social elements frequenting in and out at times in inebriated condition with a bad intent to molest women and young girls.

Delhi metro despite having CCTV cameras all over fails to monitor such serious act of a women’s molestation and no policemen or the para military trooper comes to her rescue, sounds unusual and definitely reflects on the poor vigilantism inside the stations where women seem to be vulnerable.

Metro ferries 25 to 30 lakh passengers daily to different parts of the capital and the NCR and is considered to be the lifeline of the Delhites but unfortunately over the past two years, while its fares have been increased manifold, putting extra burden on the squeezed pockets of its commuters it has been felt and visualized that incidents of pick pockets, mollestations, eve teasing are on the rise.

May be the reporting pattern by women complainants is not very encouraging due to different compelling reasons and circumstances. There have been incidents when male commuters enter from the women compartment ruthlessly and stand in close proximity which is higly objectionable and uncalled for.

Even in general compartment some youngsters try to deliberately rub shoulders with girls and women and on objecting either say sorry pretending to be gentlemen or retaliate. This is because there is dearth of police petrolling inside trains and in the station premises.

In order to check and counter such dubious elements the security apparatus including those manning the CCTV part should be made more alert, attentive and answerable and petrolling increased manifold.

If the metro authorities have the guts to increase the fares of its commuters manifold, twice in just past six months, despite repeated opposition and criticism by the general public and the Delhi government it should also exhibit and ensure its performance on security front and well as looking after the convenience of its valued commuters.

Today, you go in any metro station, except few, in majority of the stations one or two token counters function and the queue of the token seekers in long and unending but the staff seems to be least bothered for the convenience of its valued commuters.

Majority of the pedestrian escalaters are out of order. This is so because the Delhi metro has never valued its commuters’ inconvenience as it perhaps thinks that it’s the cimpulsion of the Delhites to travel by it, despite all odds.

The CMD of the DMRC is urged upon to take serious note of all these lapses on the part of the metro and ensure the fullest safety and security of its commuters, particularly the most vulnerable women community using its services. WHAT DO YOU SAY FRIENDS?

SUNIL NEGI

586
Running your own site which is WordPress based is a considerably hectic job. It is time-consuming to ensure that WordPress and its 3rd-party plugins always remain up-to-date and are working properly to fend off any attacks.

Millions of websites that are running WordPress are being strongly advised to update to the latest version of the highly popular content management system as quickly as possible, after a serious security breach was uncovered recently on 1st November, 2017.

Anthony Ferrara discovered this flaw in WordPress, and said, it was a significant SQL-Injection vulnerability that was fixed in WordPress 4.8.3. And if the users haven’t t updated their version of WordPress they are strongly advised to do so, as soon as possible.

It is ironic that, the last month release of WordPress 4.8.2 was actually intended to protect it against the very same vulnerability, but according to Anthony Ferrera, it actually resulted in breaking a lot of websites and didn’t succeed in fixing the root issue.

Ferrera said that he had informed the WordPress team of this problem straight after the release of version 4.8.2, but he was effectively ignored by the security team for several weeks.

According to Anthony Ferrera, this newly-released 4.8.3 security update indeed thankfully mitigates the problem, but in his recent blog post about his interactions with the WordPress’s security team, he said that, any security report should be treated as quickly as possible. He said that, it sometimes means that every second counts and sometimes doesn’t, but the tech support needs to show attention. They need to show that they have read what’s submitted in a report.

Anyone who needs to download the latest version of WordPress (4.83) can get it from the WordPress website, or they can just go to Dashboard / Updates on their admin consoles and simply choose “Update now”.

Some of the WordPress installations support automatic background update, this means that they should have already updated themselves to the latest version of the WordPress.

Automatic updates are usually not for everyone, and many site admins who work inside organisations are wary of updating new versions of software on their web servers. This is because they want a chance to test if the update will introduce any new problems or not.

The truth is that there are many websites out there, which are still running older and vulnerable versions of WordPress. This may or may not be the only breach that could be exploited.

Running your own site which is WordPress based is a considerably hectic job. It is time-consuming to ensure that WordPress and its 3rd-party plugins always remain up-to-date and are working properly to fend off any attacks.

The chances of having your own site being hit by hackers can be reduced if you put a web application firewall in place. This firewall will attempt to filter and block any malicious web traffic before it has a chance to exploit any weaknesses in the system.

It is worth mentioning that websites which are running self-hosted versions of WordPress from wordpress.org are very different from the millions of blogs which are run on wordpress.com. WordPress.com is run by Automattic and it manages the installation of WordPress for you, and also looks after security on your behalf.

Even when there are some limitations on what the website owners can do, they can always be sure that they are fully updated and are running the latest version released by WordPress.

 

-Archit