Topics - app103 [ switch to compact view ]

Pages: prev1 ... 8 9 10 11 12 [13] 14 15 16 17 18 ... 89next
61
Developer's Corner / Microsoft gives app developers 180 days to fix bugs
« on: July 16, 2013, 05:41 PM »
But the Redmond giant has also announced a change to the Security Policy for its Store Apps, in order to make the apps available on Windows Store, Windows Phone Store, Office Store, and Azure Marketplace safer for users.

"The policy, which is effective immediately, requires developers to fix security vulnerabilities in their apps and enables Microsoft to remove an app from sale if the developer does not provide an effective fix. The requirement applies to all apps available in the online stores, including Microsoft apps," the company explained.

"Developers will have a maximum of 180 days to submit an updated app for security vulnerabilities that are not under active attack and are rated Critical or Important according to the Microsoft Security Response Center rating system. The updated app must be submitted to the store within 180 days of the first report that reproduces the issue."

Screenshot - 7_16_2013 , 6_39_20 PM.png
http://www.net-security.org/secworld.php?id=15211

62
Living Room / Feds asked to avoid DEF CON this year
« on: July 16, 2013, 05:14 PM »
Jeff Moss (aka “The Dark Tangent”), founder and director of the Black Hat conference and DEF CON, has officially announced that employees of US federal agencies should keep away from this year's edition of DEF CON, which is scheduled for the beginning of August.

"For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect," he wrote in a statement titled "Feds, we need some time apart."

"When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year. This will give everybody time to think about how we got here, and what comes next," he concluded.

Screenshot - 7_16_2013 , 6_09_07 PM.png
http://www.net-security.org/secworld.php?id=15219

63
General Software Discussion / Amazon sets the ball in motion to crack down on link hijacking browser plugins
« on: June 24, 2013, 08:22 AM »
They have amended their affiliate agreement, effective July 1, 2013, with the following:

7. Except as agreed between you and us in a separate written agreement referencing this Participation Requirement, you will not use any Content or Special Link, or otherwise link to the Amazon Site, on or in connection with:

a. any client-side software application (e.g., a browser plug-in, helper object, toolbar, extension, or component or any other application executable or installable by an end user) on any device, including computers, mobile phones, tablets, or other handheld devices;

This means no more building Firefox or Chrome add-ons that do something nice, then hijack every link to Amazon's site by inserting the developer's affiliate ID, often replacing the affiliate ID in links on sites created by people that play fair.

https://affiliate-program.amazon.com/gp/associates/help/operating/compare

64
Living Room / If you have a Wordpress blog and are using a caching plugin, please update NOW!
« on: April 25, 2013, 09:05 AM »
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

    
…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia


It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.

http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html

65
Living Room / Tip of the Day: How to make your zip files less annoying
« on: April 24, 2013, 09:23 PM »
When you zip up files with the intention of giving, selling, emailing to others, please do not include the following files and folders:

  • _MACOSX
  • .DS_Store
  • Thumbs.db

Nobody wants this crap!  >:(

Besides, leaving it out makes smaller zip files, which means faster up/downloads, takes up less space on your server, uses less bandwidth.

Pages: prev1 ... 8 9 10 11 12 [13] 14 15 16 17 18 ... 89next
Go to full version