WordPress patches critical XSS vulnerability

WordPress developer Auttomatic is urging users to urgently update their installations of the company’s publishing platform to fix a critical vulnerability that could lead to attackers taking over entire sites.Jouko Pynnönen of security vendor Klikki.fi discovered a cross-site scripting (XSS) flaw in WordPress that allows commenters to inject Javascript into sites.When admin users check the comments to moderate them and execute the Javascript they contain attackers can gain full control of the target WordPress site through the plugin and theme editors.

Read on, source: WordPress patches critical XSS vulnerability – Security – News – iTnews.com.au

iOS bug sends iPhones into endless crash

 

There’s a bug in Apple’s iOS 8 that allows nearby attackers to send apps—and in some cases the iPhone or iPad they run on—into an endless reboot cycle that temporarily renders the devices useless, according to researchers who demonstrated the attack Tuesday.The exploit uses a standard Wi-Fi network that generates a specially designed secure sockets layer (SSL) certificate to exploit the bug, according to the researchers, who work for Israel-based Skycure. The encrypted communication causes whatever apps happen to be connected to the booby-trapped Wi-Fi network to crash. The vulnerability was introduced in version 8 of the Apple mobile operating system.

Read on, source: iOS bug sends iPhones into endless crash cycle when exposed to rogue Wi-Fi | Ars Technica

Why Microsoft Won’t Abandon the Cloud Anytime Soon

Microsoft’s cloud revenue more than doubled yet againIf it appears that Microsoft has its head in the cloud these days, it’s because it does, and that’s where it will likely stay for a long time to come. There’s little incentive for Microsoft to change course at this point, as its commercial cloud revenue just grew 106 percent to $2.76 billion during the company’s third quarter of fiscal 2015. It’s the seventh quarter in a row that its commercial cloud revenue has doubled up.

Read on, source: Why Microsoft Won’t Abandon the Cloud Anytime Soon | Maximum PC

Simpana 8.0 and Linux Clients – 19:599

Recent experience with Simpana is that jobs are submitted to for backup yet fail instantly after the job is started with error 19:599. Not much to go by and not much in Google either; nor the forums.

This issue seems to happen after the upgrade of Ubuntu based client to OS and security patches to 14.04.

Re-installing, reboot of the client and connectivity tests (ping, dns resolution, telnet client 8400+8402 to CV, and Media box; then all the way back again) do not resolve the issue.

After enough days of reading longs, the /etc/hosts file was found to be bad in that erroneous entries as such were present:

127.0.1.1 Localhost

One would expect the CV agent to be bound to an IP address, however along the way you will be fooled by the simple fact that the machine is about to answer to pings, had the required ports open, dns also matches its IP address, and firewalls have been disabled for testing purposes, so, from a network point of view; all is well. Change this and you will be in business.

Resolution is as follows:

  • Change the /etc/hosts entry with your favorite txt editor hosts to the actual IP of the client:
    • Original – 127.0.1.1 Localhost
    • New – x.x.x.x fqdn
  • Restart of the Simpana services from terminal using sudo simpana restart 
  • Check that your services are running with sudo simpana list

You will now find out that restarting the job with allow for a successful backup.