Latest Article

Instagram boss Adam Mosseri says like counts might go private – CNET June 26, 2019

He told CBS This Morning’s Gayle King the Facebook-owned site is making “well-being” a priority. Instagram boss Adam Mosseri says like counts might go private – CNET Source: CNet

Wonder Woman is 'queer,' comic book writer says – CNET

Comic book writer Greg Rucka confirms that the famous queen of the Amazons has romantic relationships with women and men.
Source: CNet

Now Nintendo has two irresistible pint-sized game consoles – CNET

Here’s how Nintendo’s upcoming NES Classic Edition will work. Warning: You might be jealous of Japan’s newly announced Nintendo Mini Classic Family Computer.
Source: CNet

AT&T CEO passionately defends Black Lives Matter – CNET

Randall Stephenson shares an emotional plea to start a conversation about race: “Black lives matter. We should not say ‘all lives matter’ to justify ignoring the real need for change.”
Source: CNet

Apple's playing with magnets for future iPads (Apple Byte Extra Crunchy, Ep. 57) – CNET

New MacBook Pros are coming at the end of October, a guy destroys iPhones in an Apple Store — and Apple knows about the iPhone 6 “Touch Disease” issue!
Source: CNet

Pennsylvania mayor's anti-Obama Facebook posts spark outrage – CNET

Technically Incorrect: Charles Wasko, mayor of West York, says he isn’t interested in being politically correct.
Source: CNet

'Marvel's Luke Cage' group-watch starts at 4 p.m. PT – CNET

“Daredevil” and “Jessica Jones” were big hits. Has Netflix done it again with Luke Cage, hard-working street-level superhero? Join us for a live chat as we watch the first episode.
Source: CNet

Donald Trump's social media would doom him in a job interview – CNET

Social media has been Trump’s greatest asset, but could also be his downfall.
Source: CNet

Xbox boss talks Project Scorpio price, suggests it may not be above $600 – CNET

Phil Spencer discusses the price for the “most powerful console ever made.”
Source: CNet

See Apple's huge new auditorium before it's buried forever – CNET

The latest drone flyover of Apple’s new UFO-shaped “Campus 2” shows the Cupertino giant’s new home in the final phases of construction.
Source: CNet

This is the Star Wars R2-D2 coffee maker you've been looking for – CNET

To make great coffee you need filtered water and fresh beans. To make coffee look great, you need ThinkGeek’s Star Wars R2-D2 Coffee Press.
Source: CNet

Latest update to Windows 10 Anniversary causing installation woes for some

Another week, another new Cumulative Update for Windows 10 Anniversary edition. This week’s collection of fixes is causing installation issues for some users.
Source: Microsoft

ISC updates critical DoS bug in BIND DNS software

The Internet Systems Consortium (ISC) patched two vulnerabilities in domain name system software BIND, one of which was referred to as a “critical error condition” in the software.

BIND is the most commonly deployed DNS server on the internet, translating domain names into IP addresses so that users can access applications and remote servers without having to track IP addresses. BIND is the de facto standard on Linux and other Unix-based machines; a vulnerability in the software affects a large number of servers and applications.

The latest BIND update, versions 9.9.9-P3, 9.10.4-P3, and 9.11.0rc3, patched a denial-of-service flaw (CVE-2016-2776) that could be exploited using specially crafted DNS request packets. The issue was uncovered internally by ISC and affects all servers that can receive request packets from any source, ISC said in its advisory. Affected versions include 9.0.x to 9.8.x, 9.9.0 to 9.9.9-P2, 9.9.3-S1 to 9.9.9-S3, 9.10.0 to 9.10.4-P2, and 9.11.0a1 to 9.11.0rc1.

To read this article in full or to leave a comment, please click here

Source: Security

Google dev tools beef up Content Security Policy defenses

Cross-site scripting attacks – the ability to inject unauthorized scripts into web applications – is pervasive, and even though developers have plenty of tools and technologies that can detect and fix XSS flaws, the attacks still keep coming.

Google’s latest developer tools, CSP Evaluator and CSP Mitigator, tackle the XSS problem from a different angle, by shoring up web application defenses to make it harder to execute those malicious scripts.

XSS is among the most common security threats plaguing web applications, and aren’t always the result of sloppy or lazy coding. Developers can avoid mistakes which lead to XSS with modern web technologies such as strict contextual auto-escaping or use automated scanners to catch vulnerabilities during testing.

To read this article in full or to leave a comment, please click here

Source: Security

Google expands Waze ridesharing to all in San Francisco – Roadshow

Google’s ridesharing ambitions appear to be growing. Anyone in the San Francisco area can now hail a ride through the Waze app.
Source: CNet

Refugee camps and city walls show words of hope, anger – CNET

Messages of hope and despair are painted on walls across Europe as the refugee crisis continues to fester.
Source: CNet

Germany taps tech to help refugees find community, fit in – CNET

Sites and apps are popping up to help refugees learn German, navigate the country and meet locals.
Source: CNet

Microsoft seeks testers for 'Project Springfield' bug-detection service

Microsoft is planning to make its internally-used ‘white-box fuzzing’ bug-detection service available to external customers and partners.
Source: Microsoft

Firefox blocks websites with vulnerable encryption keys

To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.

Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS’s ephemeral modes, which provide forward secrecy — a property that prevents the decryption of previously captured traffic if the key is cracked at a later time.

However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam.

To read this article in full or to leave a comment, please click here

Source: Security

Mercedes-Benz E-Class All Terrain is one seriously posh Subaru Outback – Roadshow

The Audi Allroad finally has some competition.
Source: CNet

The Renault Trezor Concept is a Formula E car for the road…sort of – Roadshow

With a motorsport-derived powertrain and looks that kill, Renault’s Trezor is one of the best concepts at the Paris Motor Show.
Source: CNet

Samsung apologizes to China over Galaxy Note 7 recall handling – CNET

After a Chinese broadcaster accuses Samsung of neglecting the country during its round of recalls, apologies and explanations, Samsung delivers one.
Source: CNet

Time to welcome October with a Luke Cage marathon – CNET

Social Cues: Twitter bids goodbye to a beloved spacecraft on a comet, and hello to a new Netflix series.
Source: CNet

Trump tweets: Check out sex tape of ex-Miss Universe – CNET

GOP presidential nominee’s early morning rant on Twitter attacks the former Miss Universe and his Democratic rival Hillary Clinton.
Source: CNet

CNET UK podcast 500: Happy 10th birthday to us! – CNET

Celebrate our 500th episode (and 10th anniversary) with this special bumper-sized edition, featuring faces from the past including “Top Gear” host Rory Reid.
Source: CNet

Dear tech industry: Stop renaming stuff all the time. Just. Stop. It.

Google has renamed Google Apps to G Suite. Yeah. Explain that to your users. In this not-really-a-rant rant, David Gewirtz explains how so many product name changes can be a complete and total pain for customers, IT folk, and even purchasing agents.
Source: DIY IT