Happy New Year!
According to a few pundits, 2015 is a disappointment already for it is only a slight improvement over 2014.
/s
A few things that are coming this year:
Not to mention this year would be the year of the … (wait for it in a few weeks)
Apple Issues Patch for Critical NTP Vulnerability
Apple issues OS X NTP Security Update for Mountain Lion, Mavericks and Yosemite.
OS X NTP Security Update
ntpdAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
Impact: A remote attacker may be able to execute arbitrary code
Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:
Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1CVE-ID
CVE-2014-9295 : Stephen Roettger of the Google Security Team
From ICS-CERT:
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.
Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol.
Android 5.0.1 for Nexus 4
Android 5.0.1 “occam” arrives for Nexus 4.
Side note: Android 5.0.2 factory image “nakasi” is now available for 2012 Wi-Fi Nexus 7.
WordPress 4.1
WordPress 4.1, named “Dinah” is now available. New theme, Twenty-Fifteen is included in this release.
Ars Technica Asks Readers to Change Password Following Security Breach
Due to the recent hack on the website, Ars Technica “strongly encourages all Ars readers — especially any who have reused their Ars passwords on other, more sensitive sites — to change their passwords today.”
Full Email:
Ars Technica was hacked: Please change your password
You are receiving this email because you may have – at some point – registered as a user on ArsTechnica.com. Our site was recently hacked.
Log files suggest that this intruder had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses cryptographically-protected passwords.
Out of an excess of caution, we strongly encourage all Ars readers — especially any who have reused their Ars passwords on other, more sensitive sites — to change their passwords today.
Read more about the incident here: http://arstechnica.com/staff/2014/12/ars-was-briefly-hacked-yesterday-heres-what-we-know/
Please login to Ars and update your password or use the “Forgot your password” form to change your password.
Settings page: https://arstechnica.com/civis/ucp.php?i=profile&mode=reg_details
Forgot your password? https://arstechnica.com/civis/ucp.php?mode=sendpassword
We sincerely apologize for any inconvenience this has caused.
– Ars
To paraphrase Al Bundy: “Hey! Come to think of it, I remember creating an account at Ars Technica.”
What The Hell, Twitter?
Jack Marshall, writing for WSJ.com:
Twitter is now collecting information about the apps installed on users’ devices in order to better target and tailor advertising and other content to them.
WHAT?!
From Twitter:
To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in.
DFQ?!
If you’re not interested in a tailored experience you can adjust your preferences at any time (read below). Additionally, if you have previously opted out of interest-based ads by turning on “Limit Ad Tracking” on your iOS device or by adjusting your Android device settings to “Opt out of interest-based ads,” we will not collect your apps unless you adjust your device settings.
I have always enabled the “Limit Ad Tracking” option on all of my iOS devices.
Megapixel per se
Joanna Stern, writing for WSJ.com:
A quick camera reminder: Looking at the megapixel numbers when comparing phones won’t help you at all. An 8-megapixel camera with a superior sensor can take far better photos, even more detailed ones, than a 21-megapixel camera with an inferior one.
I’m really glad to see Joanna Stern mentions this. For years, a lot of so-called Tech Journalists still measuring the quality of a camera by the pixel-count alone.
Some few years ago, a clerk/salesperson at a store that shall remain nameless adamantly told me that a 13-Megapixel point-and-shoot camera captured better image than an 8-Megapixel DSLR Camera.
On a personal note, Joanna Stern lost one point for using the term “phablet” for a product category. Just call it a big-ass phones and it would’ve sound much better.