McAfee spots Adobe Reader PDF-tracking flaw
McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.
The issue is not a serious problem and does not allow for remote code execution, wrote McAfee's Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2, Li wrote.
McAfee recently detected some "unusual" PDF samples, Li wrote. McAfee withheld some key details of the vulnerability, but did generally describe it. Read more...
Security problem in VMware vSphere 5
Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines. Read more...
Mac OS X leaking passwords of FileVault users
Users of older Mac OS X versions who upgraded to the current Mac OS X 10.7.3, "Lion" and opted to stick with the older version of the FileVault encryption system, may have a problem. It appears that Apple developers enabled a debug option in 10.7.3 which makes the user's password appear, in clear text in a log file, whenever the user mounts the encrypted folder. The problem was identified by security expert David I. Emery who reported the issue on a security mailing list.
The problem appears to only affects users who upgraded from Snow Leopard to Lion and did not activate the new FileVault encryption on Lion which switches to encrypting the whole hard disk rather than just the user's home directory. New users and new installations of Mac OS X Lion are not believed to be exposed to this risk. Read more...
Chinese Web giant Sina’s new citizen reporting platform pulled amid rumor of government interference
We’ve seen plenty of efforts aimed at creating citizen news channels — the last few days alone saw Dabble and Signal launch — but Chinese Web giant Sina‘s effort to join the grouping cluster of news-gathering services has been the most curious yet.
Earlier today Sina, which runs popular Twitter-like Sina Weibo, launched Baoliao, a real-time news reporting platform. However, there’s a problem. As Tech in Asia points out, Baoliao is nowhere to be found.
The Chinese government has been hot on cracking down on anonymous Internet users and the reporting of ‘harmful information’, could it be that the state stepped in to bring down the service just hours after it launched? Read more...
Why you can’t print your TurboTax tax return
If you made the mistake of installing this month's Microsoft Black Tuesday patches, you might find yourself unable to print your tax return this weekend.
The cause? Yet another botched patch to the bungled mess that is the .Net Framework. Microsoft sent it down the Automatic Update chute on Tuesday. There was no confirmation of the problem on Microsoft's official site until Friday. Microsoft yanked the patch, MS12-025/KB 2653638 on Friday, but as of this moment, there's no indication of when the problem will be solved, or the patch reinstated. Read more...
Who do you blame when IT breaks?
Ordinarily, this would not have been a problem, but an error in the construction of the EPO circuit let the signal through, which resulted in an outage. It turned out that the EPO bypass circuit was not constructed to the as-built drawing when the center was built years earlier.
"The designs and actions of engineers, architects, and installation contractors can have latent effects on operations long after construction," said Filas.
Filas believes that "outside forces can make or break the data center just as easily as internal forces." But he also sees risk levels rising, particularly as data centers rely more on external suppliers.
Electrical contractors, for instance, may not understand the specific needs of a data center. "We are frequently questioned on why we provide redundant power to racks," said Filas.
Jeff Pederson, manager of data recovery operations at Kroll Ontrack, looks at the root causes of data loss and sees problems caused by both internal staff and external providers. But, he added, service people attempting to get equipment up and running "tend to cause a lot of the damage we see." Read more...
Is email about to be deleted? Five predictions for the technology’s future
People now receive on average 110 emails per day, according to a study from research company Radicati. My own figures suggest the European trend is nearer 70 emails.
Whatever the precise number of emails you receive daily, the chances are it's still far too high and you end up failing to process them all properly.
Add to this problem the expectation of 25 per cent of business users for an email response within an hour, and it's little wonder that last year held its usual share of email disasters.
For example, in June the Information Commissioner fined Surrey Council £120,000 for breaching the Data Protection Act by sending sensitive emails to the wrong people. And of course famously we had the mother-in-law's email to her future daughter-in-law which, while not involving business email, highlights how quickly hate email can go viral.
Then we had the Blackberry Crumble server problems in October, which left many users bereft of email and climbing up the wall in frustration.
These are just some of the more prominent email disasters, some of which have cost organisations dearly. In addition over the past year I have seen organisations losing up to 75 minutes per day per person simply through trying to process too much unnecessary email. Read more...
RIM: BlackBerry 10 is fine, delays are down to chip ship slip
RIM has strenuously denied that hiccups in development are delaying the launch of phones based on its new OS, citing chip deliveries as the problem.
In an explicit statement RIM's CEO Mike Lazaridis says the Boy Genius Report blog, reporting problems with the upcoming BlackBerry 10* OS, is "inaccurate and uninformed". He then reiterates that delays to the launch of handsets using Blackberry 10 are caused by RIM's decision to wait for a dual-core processor with integrated LTE (4G), rather than any problems getting the software working.
The accusation that things were not well with the software was posted here, citing an inside source from RIM. The blog recognises the seriousness of the accusation, but claims the information comes from "one of our most trusted sources" and that it spells the end for RIM. Read more...
Atlanta hospital looks to cloud for email fix
A few years ago, one of the largest public hospitals in the U.S. had a big problem and it was hampering the way it was getting work done.
The problem, though, wasn't with the health care staff. The problem was email, which had become a nightmare for the doctors, nurses and administrators at Grady Health System, a 1,000-bed hospital in Atlanta that also runs seven neighborhood clinics, along with an infectious disease clinic.
Most companies or organizations experience occasional email downtime. However, at Grady, email was an ongoing headache for the hospital's users, as well as for Debbie Cancilla, the hospital's senior vice president and CIO.
Cancilla told Computerworld the IT staff was fighting an email outage about once a week. Read more...