Skip to Content

Posts under tag: news

October 31, 2014

FCC considering hybrid approach to ISP reclassification

FCC logo

Ars Technica is reporting that the head of the Federal Communications Commission is close to proposing a “hybrid approach” to net neutrality in which Internet service providers (ISPs) would be partially reclassified as common carriers. Under this proposal, broadband service that ISPs offer to consumers would be maintained as a lightly regulated information service. ISPs would serve as the conduit for websites to distribute content while also classifying them as a common carrier to police deals between ISPs and content providers. This proposal–that would still allow ISPs to charge premium rates on bandwidth speeds–has received mixed support from advocacy groups and providers alike.

For more information, check out this article on Ars Technica.

To learn more about net neutrailty, check out this article from the New York Times.

October 23, 2014

Inbox by Google…maybe the future of e-mail?

Inbox by Google

Gmail’s new user interface

Google announced a new interface and mobile app today called Inbox. For Gmail users, the interface takes some cues from the Google Apps for Education recent updates but incorporates the Tasks feature in Gmail while also incorporating some new features. The mobile app is available on iOS, Android, and Windows Phone stores but using the Inbox interface requires an invitation from Google or from an existing Inbox user. Invite requests can be sent to inbox@google.com.

For more information on the new features and functionality, check out this article from The Verge and this video from Google.

October 15, 2014

Google identifies SSL 3.0 security flaw

Security locks (ZDNet)

Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw.

According to the team’s Bodo Möller: “This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.”

While SSL 3.0 has been succeeded by Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.2, many TLS implementations have continued to be backwards compatible with SSL 3.0 to work with legacy systems for a smoother user experience.

For more information, check out this article posted on ZDNet.com

For information on how to fix the issue, check out this information from ZMAP.io

September 29, 2014

Shellshock patch now available for Mac OS X

OS X Mavericks LogoLast week, I reported on the Shellshock bug found within the Unix shell, bash. As of today, Apple has released new patches for the Mac OS X distributions Lion (10.7), Mountain Lion (10.8), and Mavericks (10.9). For more information, click on the corresponding link for your system:

Lion (10.7)
Mountain Lion (10.8)
Mavericks (10.9)

To install the patch, download the patch file from the link, open the software package, then follow the instructions in the dialog box. This install will require your system username and password.

New features for Google Forms and Chromebook

Adobe-Google.pngGoogle today announced new updates for their Forms online survey offering. Forms will now incorporate a search feature within the Forms help menu accessible via keyboard shortcut (Alt-/) as well as new customization features for randomizing questions and inserting video.

Additionally, Google also announced that Adobe Photoshop is now available via stream on Chromebooks. Currently, this service is only available to students in North America who have purchased an Adobe Creative Cloud subscription. Despite presumably needing to have a constant Internet connection, the new service will include full integration with Google Drive thus eliminating the need to upload and download Adobe files like in past editions of the software.

For more information on Google Forms and Adobe on Chromebooks, follow these links to the Google Blog: (Forms, Adobe)

September 26, 2014

Update on Shellshock Patch Progress for Mac OS X

appleIn yesterday’s post, I reported there is a vulnerability within the bash shell commonly used in Mac OS X, Unix, and some Linux distributions.

Today, CNET.com–citing a statement from Apple–stated that this vulnerability is only a major concern if your machine runs programs that then run bash to perform certain tasks and that most casual Mac users will have little to worry about:

“Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems,” it continues. “With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

If your system does require a patch, there is progress on an advanced workflow methodology by using a combination of Apple’s Xcode (if installed on your iMac) with step-by-step instructions available through the collaboration site, StackExchange. Currently, Network Services here on campus are already working on a fix for any outward-facing servers.

For more information, check on this article from CNET.com

September 25, 2014

What is Shellshock?

Security locks (ZDNet)There have been reports of a security bug–named Shellshock–discovered within the shell program Bash. Bash is used on several distributions of the Linux OS, Unix, and Apple OS X to execute different system commands and scripts and from a local command line user interface. The bug–identified also as CVE-2014-6271 and CVE-2014-7169–is regarded as a severe security issue since it would add extra code to common gateway interface (CGI) scripts which are used to generate content on webpages and web applications as well as HTTP requests.

At the time of this post, Ars Technica is reporting there are patches available for Red Hat Enterprise, CentOS, Ubuntu, and Debian Linux distributions. Apple did not specify an official patch for OS X but did release a software update yesterday.

For more information on this, check out this Ars Technica article.

August 27, 2014

Beyond CAPTCHA: Researching new methods

Captcha Logo

A current web feature seen on authentication required websites is CAPTCHA, an image or pair of words that require the user to type in or speak what they see or hear. With the ever-increasing sophistication of bot programs that can read or speak, researchers at the University of Alabama at Birmingham have been conducting studies on new authentication methods going beyond the established CAPTCHA method specifically through dynamic cognitive gaming (DCG).

One method of DCG being researched is to present a user with an interactive module that uses simple matching techniques like giving the user is given several objects to choose from and they have to associate it with another piece. An example of this is: picking a boat out of a series of objects and dragging and dropping the boat next to a dock. This methodology is still being tested but early results are positive.

For more details on the study, check out this article from Science Daily.