Els pegats

VMware Corregeix Privilege Escalation Vulnerabilitat | threatpost

Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched. According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order [...]

Pegats de Google 14 Les fallades en Chrome 23 | threatpost

Google ha llançat Chrome 23, l'última versió del seu navegador, que inclou les solucions de 12 vulnerabilitats en la versió de Windows i dos altres defectes que són específiques només per a Mac OS X. La companyia també va lliurar $9,000 en recompenses als investigadors de seguretat que van informar de les vulnerabilitats. Sis de les vulnerabilitats fixats per Google [...]

Adobe Pegats Vulnerabilitats de memòria en Flash Player, AIR | threatpost

Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. Cap de les vulnerabilitats s'exploten, Adobe va dir, i va afegir que els usuaris han d'actualitzar Flash Player. Versió 11.4.402.287 i anteriorment es veuen afectats en Windows i Apple Macintosh. També hi ha arranjaments [...]

Pegats Mozilla Cross-Site Scripting Falles a Firefox | threatpost

Mozilla is delivering security updates fast and furious this month, the latest coming late last week when a new version of Firefox repaired three vulnerabilities related to the Location object. The Location object is supported by all major browsers and contains information about the URL being requested. The vulnerabilities were closed in Firefox 16.0.2, Firefox ESR 10.0.10, [...]

Investigador desenvolupa Patch for Java Zero-Day, Pressiona Oracle per oferir la seva Fix | threatpost

Un investigador de seguretat ha presentat un pegat per a Oracle va dir que el va portar 30 minuts per produir de reparar una vulnerabilitat de dia zero actualment exposats en Java SE. Ell espera que les seves accions impulsarà Oracle per emetre un pegat fora de banda per a la vulnerabilitat sandbox-escapament, rather than wait for the February 2013 Critical Patch Update as Oracle earlier [...]

Oracle pegat d'actualització per incloure 109 Els pegats | threatpost

El cinturó de seguretat per a administradors d'Oracle 109 patches coming your way tomorrow. Oracle’s quarterly Critical Patch Update is due, i la companyia està llançant pegats per les vulnerabilitats de seguretat en la major part dels seus productes de l'empresa, abordar una sèrie de falles explotables remotament. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were [...]

HTTPS Everywhere 3.0 Alliberat | threatpost

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 llocs. The EFF developed HTTPS Everywhere in collaboration with The Tor Project and it’s designed to protect users’ communications by default, [...]

Google Chrome per Android Actualitzacions, Corregeix diverses vulnerabilitats | threatpost

Google ha publicat una actualització de seguretat per al seu sistema operatiu Chrome en els dispositius Android, resolució de set de risc mitjà vulnerabilitats i pagar un total de $3,500 en premis a dos investigadors. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs. [...]

Apache ignora Internet Explorer 10′s do-not-track capçalera | La Garantia de H

La disputa al voltant de la configuració per defecte per a la “fer un seguiment de no -” (DNT) header in Microsoft’s Internet Explorer 10 (IE10) navegador web està augmentant: the source code of the open source Apache HTTP web server now includes a patch that completely ignores the DNT header if it has been sent by IE10. El pegat de l'autor, Adobe empleat Roy T. Fielding, va dir [...]

Mozilla Firefox actualitzacions 15 per arreglar el problema de la navegació privada | La Garantia de H

Mozilla ha publicat una actualització a la versió 15 de Firefox per corregir un error en funció del navegador web Navegació privada. Navegació privada té per objecte permetre als usuaris navegar per Internet sense guardar les dades dels llocs i les pàgines que ha visitat. No obstant això, un error en el recent Firefox 15.0 alliberament significava que Firefox [...]

Mozilla Firefox llançaments 15 With New Invisible Updater | threatpost

Boasting a new silent updater and an optimized memory management system, Mozilla pushed out Firefox 15 this week, the latest build of its flagship browser. Following similar steps taken by Adobe and Google with its Flash, Reader and Chrome products, Firefox’s new updater will now perform updates in the background, saving users from those pesky, sometimes intrusive notifications. Mozilla debuted a silent [...]

Temes principals d'Oracle Java PEGAT DE SEGURETAT; recomana una acció immediata | ZDNet

Oracle has just released an update that is intended to patch up three “vulnerabilitats diferents, però relacionades” així com altres problemes de seguretat greu en el fet que s'executa en els navegadors d'escriptori Java. Més específicament, els forats de seguretat podria ser explotat a través d'una xarxa sense necessitat d'un nom d'usuari i contrasenya si un usuari desprevingut està executant una versió afectada d'una [...]

WhatsApp ja no envia text sense format | La Garantia de H

Popular messaging service WhatsApp no longer sends its users’ els missatges de text sense format. WhatsApp, que suporta totes les principals plataformes de telèfons intel · ligents, s'ha establert com un reemplaçament de SMS per a molts usuaris al llarg dels últims anys. An FAQ entry from the company behind the application states that the latest version of the WhatsApp client now uses encryption. No està clar com [...]

Firefox 17 per fer complements més segur | La Garantia de H

As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in [...]

Boffins zapped ’2,000 bugs’ from Curiosity’s 2 MILLION lines of code | El Registre

Billion-dollar laser-firing nuke tank – what could go wrong? With a $2.5bn price tag, a 350-million mile journey and 2 million lines of C and some C++ code, the only bugs NASA wants its Curiosity rover to find are those possibly beneath the Martian surface. And it may not be a particularly glamorous job, sinó [...]

Billion-dollar laser-firing nuke tank – what could go wrong?

With a $2.5bn price tag, a 350-million mile journey and 2 million lines of C and some C++ code, the only bugs NASA wants its Curiosity rover to find are those possibly beneath the Martian surface.

And it may not be a particularly glamorous job, but software analysis outfit Coverity was the company tasked with “ensuring that every software defect is found and fixed before launch”.

Roughly 2,000 bugs were zapped in the rover’s code, estimates Andy Chou, the chief technical officer of Coverity, although NASA is schtum on the exact figures.

“For typical software (which this clearly isn’t), it’s not unusual to find approximately 1 defect for every thousand lines of code,” Chou said. “For a project with 2 million lines of code, it would therefore not be unusual for Coverity to be able to find about 2,000 defects.”

The company’s static analysis tool was used to examine the source code written by NASA’s Jet Propulsion Laboratory scientists – specifically the systems that guided Curiosity’s flight to the Red Planet and are now running all of the laser-armed robot’s onboard functions. En aquesta etapa, every bug correction is vital – after all, there’s no service desk on Mars.

Llegir més: El Registre