Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices.
The software, covered by the Apache 2.0 license, intended for employees of organizations that use a device management service. Netflix hopes that employees using the toolkit will learn from it and apply the app's recommendations to personal devices that are not under active management.
ReactOS 0.4.4 arrived last week as the latest maintenance update to the stable 0.4 series of the open source Windows-compatible operating system, bringing better rendering for many applications and initial printing support.
In most of the places I have worked there has been a centralized computer and application standard that was more or less mandatory for all employees. There are benefits of such an environment, which I will not go into in this piece, but for me, as an open source and Linux enthusiast, I try to use the tools I'm used to and like.
So, I immediately install my favorite applications when I receive a new standardized Windows-based work computer, something I have been lucky enough to be allowed to do.
Companies will almost certainly face challenges establishing their open source compliance program. In this series of articles, based on The Linux Foundation’s e-book, Open Source Compliance in the Enterprise, we discuss some of the most common challenges, and offer recommendations on how to overcome them.
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.
On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.
Microsoft has no plans to issue updates for two vulnerabilities, one a zero-day and the other being one publicised by Google, before the scheduled date for its next round of updates rolls around in March.
The company did not issue any updates in February, even though it had been scheduled to switch to a new system from this month onwards.
It gave no reason for this, apart from saying: "This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
"After considering all options, we made the decision to delay this month’s updates. We apologise for any inconvenience caused by this change to the existing plan."
The Google-disclosed bug was made public last week, and is said to be a flaw in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory.
Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.
The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.