Free Republic

The Shellshock vulnerability in the commonly used Bash command line interpreter shell is likely to require more patches, as security researchers continue to unearth further problems in the code. Google security researcher Michal "lcamtuf" Zalewski has disclosed to iTnews that over the past two days he has discovered two previously unaddressed issues in the Bash function parser, one of which is as bad as the original Shellshock vulnerability. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw,...

We reported yesterday that AOL’s hyper-local news service would lose hundreds of employees today, and now we have confirmation from a well-placed Patcher privy to the call that AOL CEO Tim Armstrong did indeed confirm to employees that hundreds would be laid off, with notifications of who will be let go coming throughout the coming week. (Disclosure: AOL owns TechCrunch). In a call Armstrong held with the Patch team today, he explained that “AOL is going to be running the show” at the restructured Patch along with new CEO Bud Rosenthal. Rosenthal replaces outgoing CEO Steve Kalin, who was reported...

WINDOWS-7 USERS: Microsoft is recommending an update released on Patch Tuesday be uninstalled. reported incidents of the "blue screen of death" after installation. Microsoft released two critical security updates and others rated as "important" for Windows and Internet Explorer as part of its latest round of Patch Tuesday updates. However, a number of Windows 7 users have reported issues with security update 2823324, which is part of security bulletin MS13-036. MS13-036 was meant to fix three privately disclosed flaws and one publicly disclosed flaw in an NTFS kernel-mode driver related to the elevation of privileges when a user is logged...

Summary: Microsoft expects to see exploit code targeting at least one of the vulnerabilities within the next 30 days. Microsoft today warned that cyber-criminals could soon aim exploits at critical security flaws in Internet Explorer browser and Windows to hijack and take complete control of vulnerable machines. The warning comes as part of this month’s Patch Tuesday where Microsoft released 7 bulletins with fixes for at least 26 documented vulnerabilities affecting the Windows ecosystem. The company is urging users to pay special attention to MS12-037 and MS12-036, which provides cover for “remote code execution” vulnerabilities that could be used in...

The Second Amendment Foundation has released a pro-gun patch bearing the slogan "COME AND TAKE THEM." Guns.com is guessing that the phrase, "You'll have to pry it from our cold, dead hands" was too long to fit on a patch. Alan Gottlieb, the founder and Executive Vice President of SAF, notes that the patch can be sewn into just about any garment, and the hook-and-loop nylon fastener allows the patch to be mounted and removed. Gottlieb also has strong words about the meaning behind the patch, directing his ire at politicians and police agencies, "What the police are doing is...

Apple will patch its Safari browser before the Pwn2Own hacking contest kicks off next week, security researchers hinted Thursday.If accurate, Apple will join both Google and Mozilla, which earlier this week issued security updates for Chrome and Firefox as preparation for Pwn2Own. On Wednesday, Apple patched a record 57 vulnerabilities in its iTunes music software; 50 of those bugs were attributed to WebKit, the open-source browser engine that Safari’s built on. iTunes relies on WebKit to render its online store component. “Anti-pwn2own again: Apple fixed a record of 50 vuln[erabilities] in WebKit (iTunes), and is preparing the update for Safari/Mac...

"CNet is reporting that Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. ... Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.'" More details here...

Friends remember last survivor of the trenches, who died last month at the age of 111, in service at Wells cathedral... They said it many different ways, but the message was essentially the same. In most respects, Henry John "Harry" Patch was an ordinary man...But just about everyone who attended Patch's funeral service in the cathedral city of Wells today also seemed to agree that, somehow, he had become something quite extraordinary. It was not just that he became the last man to remember, first hand, the horrors of the first world war trenches, but also that he became both...

Here is a video report on the death of Harry Patch, the last known British World War I veteran. Patch died today at the age of 111. He fought in the ghastly trench warfare that was the trademark of World War I fighting. Below is a video describing what it was like in the trenches . . . . . . (Watch Videos)

Overview of the August 2008 Microsoft patches and their status.

EDWARDS AFB ­- Space shuttle Endeavour astronauts are going into space wearing a mission patch designed by NASA Dryden Flight Research Center research pilot Mark Pestana. Mission STS-123 will take to the international space station the Japanese Kibo module, which will hold electronic equipment and serve as a storage area for experiment materials. It also carries the Canadian Dextre robot, which will attach to the station's robotic arm and allow astronauts to replace hardware outside the station without doing a spacewalk. Pestana's logo depicts a shuttle with its mechanical arm extending the Kibo module to the station. Behind the shuttle...

August 24, 2007 -- The tennis-prodigy niece of former Knick star Kiki Vandeweghe was stunned when a referee told her to remove her American flag patch just before her debut at the U.S. Open. Coco Vandeweghe, 15, one of the most promising young American women players, was unnerved by the bizarre incident before her first-round qualifying match at the U.S. Tennis Center in Queens on Wednesday. She was warming up for her match against Spain's Maria José Martinez Sanchez when an assistant referee pulled off Coco's Stars and Stripes patch, a U.S. Tennis Association official said yesterday. "They profusely apologized...

BEIJING (Reuters) - China is looking into claims of a herbal weight loss patch which its makers said helped former U.S. President Bill Clinton's daughter, Chelsea, shed 12 kg (26.5 lb) in under a month, state media reported on Monday. Customers are instructed to stick the patch to the area of the body where they want to lose weight and then just wait for the fat to flow out of them...

On Thursday, Apple issued a megapatch of bug-fixes for its Mac OS X desktop and OS X server systems. The fixes, 25 in all, are itemized in the company's Security Update 2007-004. Apple recommended that all OS X users install the update. It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer. The fixes relate to various components and services in the Mac OS X operating system, including the AirPort driver, the Help view and the Installer application. About half of the patches relate to security Relevant Products/Services,...

Would appreciate for some guidance .. their patches have messed up my Dell Windows XP before. I have the Service Pack 2 installed. Thanks a million!

Microsoft quietly posted a Windows XP SP2 patch to make surfing public wireless hotspots safer, but did not include it with the December security updates released Tuesday and has not posted it as a download from Microsoft Update. The update fixes a long-standing security problem in Windows XP SP2, which starts an automatic scan for wireless networks when a laptop boots or powers up from hibernation. Windows' Wi-Fi client goes through a list of previously-used wireless networks, and if it finds one, connects. The convenience, however, is offset by possible "man-in-the-middle" attacks, where criminals monitor hotspot traffic and then dupe...

Microsoft on Tuesday broke with its regular security update schedule for only the second time this year to issue a patch for a critical Internet Explorer vulnerability that's been exploited for more than a week. MS06-055 provides a fix for the flaw in IE 5.01 and IE 6.0, Microsoft said in the accompany bulletin, and should be applied immediately. The Redmond, Wash. developer pegged the bug as "Critical," its most dire warning, for editions of IE running on Windows 2000, Windows XP, and Windows Server 2003 machines. Windows Server 2003 SP1 is at slightly less risk. "An attacker who successfully...

Microsoft, on Tuesday, issued yet another bumper crop of security updates to fix over 20 flaws in its software, its biggest update since it began the regular bulletins. The 12 updates fix a staggering 23 flaws in Windows software, with 15 of them rated as critical, Microsoft's most severe rating. One of the 15 critical vulnerabilities has been tagged as a possible worm candidate; anonymous users can exploit the Service Server vulnerability remotely, regardless of the operating system. Three of the flaws were discovered in Office products, including Powerpoint, while 20 were present in the Windows system. Mac users also...

Attack code for a new security hole in Excel has surfaced on the Internet, just as Microsoft is scrambling to respond to a separate bug in the spreadsheet program. The latest vulnerability could cause Excel to crash after a malicious file is opened, according to an alert Symantec sent to customers on Monday. The security company also said there was a risk that an intruder could commandeer a PC. "Attackers may also be able to execute arbitrary code…but this has not been confirmed," it said. The security hole exists because Excel fails to properly check user-supplied input before copying it...

Windows 98 in factory, AP Microsoft has decided Windows 98 is too old to continue patching One of the biggest security updates for more than a year is due to released by Microsoft to fix 12 software flaws. Nine of the updates apply to the Windows operating system and one is deemed critical, a rating reserved for the most serious security problems. At least one of the loopholes being patched is already being actively exploited by malicious hackers. Windows users are being urged to download the patches as soon as they become available on Tuesday 13 June. Support shift Microsoft...