Free Republic

The link titled, "See help for more information" just above the text input box for replies is a dead link. Clicking it does absolutely nuffin'. (This has been my experience for what seems several months using Apple's Safari browser and other browsers.)

A remotely exploitable vulnerability in web application code, first discovered 15 years ago, has returned to haunt server admins who are being urged to take action immediately to avoid being hit. Researchers from New Zealand point of sale software company Vend, Dominic Scheirlink, Richard Rowe, Morgan Pyne and Scott Geary, worked with Red Hat product security staffer Kurt Seifried to document the flaw, which they have nicknamed Httpoxy. On vulnerable applications, the Httpoxy flaw is easily exploitable, the researchers said. Attackers can proxy outgoing HTTP requests and direct the server to open outwards connections to arbitrary IP addresses and transport...

There could be a very serious problem with the past 15 years of research into human brain activity, with a new study suggesting that a bug in fMRI software could invalidate the results of some 40,000 papers. That's massive, because functional magnetic resonance imaging (fMRI) is one of the best tools we have to measure brain activity, and if it’s flawed, it means all those conclusions about what our brains look like

The iMessage vulnerability got a lot of attention, but another bug allows for remote execution over Wi-Fi, which is a much bigger threat. Apple released new versions of several operating system products earlier this week, fixing vulnerabilities in OS X El Capitan and iOS 9 among others. Because encryption and Apple are big news these days, the attention mostly went to an admittedly interesting flaw in Apple's encryption for iMessage, reported by a research team, led by well-known cryptographer Matthew Green. But the bug is not an easy one to exploit and doesn't even expose a lot. There are much...

Cisco has scrambled to fix a serious vulnerability in its Adaptive Security Appliances and Next-Generation Firewalls products which can be used to remotely take over and reboot the devices. Unauthenticated remote attackers can exploit a bug in the internet key exchange (IKE) version 1 and 2 protocol code running on Cisco ASA software, and trigger a buffer overflow. IKE is used to authenticate connections and to set up secure virtual private networks, landing on the firewalls. Security researchers David Barksdale, Jordan Gruskovnjak and Alex Wheeler said the algorithm for reassembling fragmented IKE payloads "contain a bounds-checking flaw that allows a...

Researchers have discovered a second set of serious vulnerabilities in Google's Android mobile operating system, leaving over a billion new and old devices open to attack. Dubbed Stagefright 2.0, the newly discovered vulnerabilities stem from two flaws in how Android handles audio and video files. It was found by Joshua Drake of security vendor Zimperium, who also discovered the original Stagefright vulnerability affecting just under a billion Android devices in July this year. The first Stagefright flaw in the Android media processing software library allowed attackers to send a specially crafted multimedia messaging service (MMS) missive which, when received in...

First link upper left; malware notice! http://www.freerepublic.com/%5Ehttp://abc7.com/news/suspect-arrested-in-attack-on-83-year-old-man-in-oc/1004031/ Link at end of excerpt; OK. http://abc7.com/news/suspect-arrested-in-attack-on-83-year-old-man-in-oc/1004031/

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something."...

NEW YORK (CNNMoney) —So much for the argument "Apple computers are safer and bug-free." It's not true. We're accustomed to annoying glitches in PCs. But the past few years have shown that Macs, iPads and iPhones have them too. So far in 2015, five major flaws have affected Apple products. Just this week, we encountered a nasty bug that lets hackers bury computer viruses so deep inside Macs, you'll never find it. A week earlier, a flaw appeared that lets a text message crash an iPhone. These are significant issues, and neither has been fixed yet. Faulty code is found...

The bug that causes an iPhone to collapse when it accepts a text message with a specific string of characters also affects other Apple products, such as iMacs, MacBooks, iPads and Apple Watches. A glitch within the central system common to all of Apple's iOS products that manages text messages causes the crash. When introduced with non-Latin special characters in a particular sequence, which includes Marathi, Arabic, and Chinese, the CoreText system chokes, pushing it to break down and terminate the whole operating system.Apple had informed several media outlets that the company is aware of the iMessage glitch and expect...

Apple instructs users on how to recover from a crash Softpedia was among the first to report a couple of days ago that a newly discovered iOS bug in the Messages app will crash or reboot any iPhone, iPad, or Apple Watch device that receives a specially crafted text message.We have also told our users how to prevent their iPhone, iPad, or Apple Watch devices from getting crashed by the nasty Messages bug in the iOS 8 or later mobile operating system from Apple.On May 27, WSJ reported immediately after talking with Apple representatives that the Cupertino company is aware...

Attackers could use fake certificate to get around protections. Mozilla has disabled an "opportunistic encryption" feature added to its Firefox browser last week, in order to fix a critical security flaw that allowed attackers to bypass HTTPS protections. The company last week released Firefox 37, which came with a new feature allowing connections to be encrypted even if a server didn't support HTTPS. This so-called "opportunistic encryption" acted as a bridge between plaintext HTTP and HTTPS connections based on either transport layer security (TLS) or the older secure sockets layer protocol. It allowed website owners who are unable to fully...

Recent outbreaks of an unpleasant intestinal illness in Massachusetts, California and Pennsylvania are due to a drug-resistant version of a bacteria that causes travelers' diarrhea, the Centers for Disease Control and Prevention warned this week. Since May 2014, Shigella sonnei bacteria that have shown resistance to the antibiotic ciprofloxacin have sickened 243 people across 32 states and Puerto Rico, the federal agency said. "Research by the CDC found that the drug-resistant illness was being repeatedly introduced as ill travelers returned and was then infecting other people in a series of outbreaks around the country," the CDC explained. Shigellosis is often...

**SNIP** President Obama is playing golf today with a few of his usual crew of younger White House aides. It’s the 46th time he’s played this year and the 203rd of his presidency.

Remember Heartbleed? Well, this is probably worse. Here's a (somewhat simplified) explanation of what Shellshock actually is. Don't worry: I haven't included instructions on how to actually exploit it. The moral of the story is: keep your security patches up to date!

A serious vulnerability in the popular OpenSSL cryptographic library has been discovered that allows attackers to steal information unnoticed. Known as the Heartbleed bug, the vulnerability allows anyone on the Internet to read the memory of systems that run vulnerable versions of OpenSSL, revealing the secret authentication and encryption keys to protect the traffic. User names, passwords and the actual content of the communications can also be read. ... OpenSSL recommends that uses immediately upgrade to version 1.0.1g. If that's not possible, users should recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag to remove the the heartbeat handshake. The 1.0.2 version of...

It’s been a rough week in terms of eaters finding disgusting things in their food. There was Jon Hughes of North Wales, who found a dead shrew inside his bag of potato chips , and Robin Sandusky of New York who found a lizard’s head and arm inside her salad . Making this a trifecta is Natalie Estrella, who found a large, disgusting bug in her soup from a New York restaurant, as WPIX 11 News reports. After finding the bug (and taking a picture), she alerted her waiter. The waiter took the soup away and disposed of the bug,...

The FR main page/display bug seems to have returned... ... No sidebar... Minimum first pages displayed Time to GIT-R-DONE.... (again)

We’ve all run across the pill bug in our gardens. At the first sign of danger, the tiny paranoid crustacean suddenly turns into a ball — in hopes the danger will have passed when he unrolls. That roly-poly bug can serve as a fair symbol of present-day U.S. foreign policy, especially in our understandable weariness over Iraq, Afghanistan, and the scandals that are overwhelming the Obama administration.

What's an FR enthusiast to d