37'.news ¯\_(ツ)_/¯

December 22, 2014

Apple Issues Patch for Critical NTP Vulnerability

Apple NTP Security Update 20141222

Apple issues OS X NTP Security Update for Mountain Lion, Mavericks and Yosemite.

OS X NTP Security Update
ntpd

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: A remote attacker may be able to execute arbitrary code

Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:

Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1

CVE-ID

CVE-2014-9295 : Stephen Roettger of the Google Security Team

From ICS-CERT:

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.

These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.

Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

December 21, 2014

Android 5.0.1 for Nexus 4

Android 5.0.1 “occam” arrives for Nexus 4.

Side note: Android 5.0.2 factory image “nakasi” is now available for 2012 Wi-Fi Nexus 7.

December 20, 2014August 3, 2020

I have just purchased a new electric guitar from Amazon.com and it comes with Dunlop StraplokI pre-installed. I’ll write more about purchasing guitar online later on as I am still struggling with a few issues.

I then decided to install Straplok on my old Gibson SG I which I purchased back in 1994; obviously it was used.

Straplok on Gibson SG I

I also purchased an Ernie Ball guitar strap with the Straplok.

Straplok on Ernie Ball Strap facing inward

I realized that I should install the Straplok facing outward since Gibson SG neck strap button is on the back of the body. The same goes with my new guitar.

Straplok on Ernie Ball Strap facing outward

Install the retainer clip and it is done. Obviously, I installed Straplok the other end of the strap too; facing inward.

Straplok on Ernie Ball Strap with retainer clip

I’m ready to rock, with less chance of having the guitar to fly out when I spin it around my neck.

Straplok on Gipcon SG I and Ernie Ball Strap

Gibson SG I with Neck Strap

December 19, 2014

Calculus Textbook by James Stewart

Calculus 5th Edition bt James Stewart

I read the news just today that James Stewart, the mathematician who authored books on Calculus, died on December 4th, 2014.

I took a look at my bookshelf and immediately found a Calculus Textbook that Stewart authored. Stewart was a violinist and that explains why his books feature violin on the cover.

December 18, 2014

WordPress 4.1

Welcome to WordPRess 4.1

WordPress 4.1, named “Dinah” is now available. New theme, Twenty-Fifteen is included in this release.

December 17, 2014

Sony Pictures Cancels “The Interview” Theatrical Release Due To Terror Threats.

The Interview No Theatrical Release

Ars Technica, echoing Variety:

… in light of major US theater chains’ decision to stay away from The Interview, Sony will not do a theatrical release for the film at all.

Sony Pictures definitely errs on the side of caution in the interest of public safety.

This reminds me of the plot of South Park “200” and “201“.

Life sometimes imitates art.

December 17, 2014

Ars Technica Asks Readers to Change Password Following Security Breach

Ars Technica

Due to the recent hack on the website, Ars Technica “strongly encourages all Ars readers — especially any who have reused their Ars passwords on other, more sensitive sites — to change their passwords today.”

Full Email:

Ars Technica was hacked: Please change your password

You are receiving this email because you may have – at some point – registered as a user on ArsTechnica.com. Our site was recently hacked.

Log files suggest that this intruder had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses cryptographically-protected passwords.

Out of an excess of caution, we strongly encourage all Ars readers — especially any who have reused their Ars passwords on other, more sensitive sites — to change their passwords today.

Read more about the incident here: http://arstechnica.com/staff/2014/12/ars-was-briefly-hacked-yesterday-heres-what-we-know/

Please login to Ars and update your password or use the “Forgot your password” form to change your password.

Settings page: https://arstechnica.com/civis/ucp.php?i=profile&mode=reg_details

Forgot your password? https://arstechnica.com/civis/ucp.php?mode=sendpassword

We sincerely apologize for any inconvenience this has caused.

– Ars

To paraphrase Al Bundy: “Hey! Come to think of it, I remember creating an account at Ars Technica.”