Microsoft warns of Internet Explorer Flaw

Microsoft warns of Internet Explorer Flaw
Microsoft has warned consumers that a vulnerability in its Internet Explorer browser could let hackers gain access and user rights to their computer.

The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of “limited, targeted attacks” to exploit it.

According to NetMarket Share, the IE versions account for more than 50% of global browser market.

Microsoft says it is investigating the flaw and will take “appropriate” steps. The firm, which issued a security advisory over the weekend, said the steps “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs”.

However, the issue may be of special concern to people still using the Windows XP operating system.  That is because Microsoft ended official support for that system earlier this month. It means there will be no more official security updates and bug fixes for XP from the firm.

Cyber security firm Symantec said it had carried out tests which confirmed that “the vulnerability crashes Internet Explorer on Windows XP”.  “This will be the first zero day vulnerability that will not be patched for Windows XP users,” it added.

About 30% of all desktops are thought to be still running Windows XP and analysts have previously warned that those users would be vulnerable to attacks from cyber-thieves.

Microsoft has suggested businesses and consumers still using the system should upgrade to a newer alternative.

Microsoft said that hackers looking to exploit the flaw could host a “specially crafted website” containing content that can help them do so. However, they would still need to convince users to view the website for them to be able to gain access to their computer. They could do this by getting them to click on a link sent via an email or instant messenger, or by opening an attachment sent through an email.

However, a hacker would have “no way to force users” to view the content.

If successful, a hacker could gain the same rights as the computer’s current user. “If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” the firm warned. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

But the firm added that Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which “mitigates this vulnerability”.

Regatta Weather Resistant Clothing

Regatta Weather Resistant Clothing
Direct Submit are pleased to be assisting with the online promotion of the Regatta weather resistant clothing, which offers great styling and supreme functionality. All their work wear clothing is proven to work and is constructed to keep the wearer protected from both the elements and the everyday environments in the working world.

We look forward to helping keep this business and their product range well ranked with the major Search Engines.

Tech Giants Spend Millions to stop another Heartbleed

Tech Giants Spend Millions to stop another Heartbleed

The world’s biggest technology firms will donate money to fund the support of OpenSSL, the software at the centre of the Heartbleed bug.

Heartbleed was one of the worst internet flaws ever uncovered.
The maintenance of the software, which secures around two-thirds of the world’s websites, was done by a group of volunteers with very little funding.

The new group set up by the Linux Foundation has a dozen contributors and has so far raised around $3m (£1.7m). As well as maintaining OpenSSL it will also support development of other crucial open-source software.

Firms supporting the initiative include Google, Facebook, Microsoft, Intel, IBM, Cisco and Amazon. Each will donate $300,000 over the next three years.

The industry has been forced to step up after Heartbleed brought chaos to the tech sector.

Experts estimate that the Heartbleed bug will cost businesses tens of million of dollars in lost productivity as they update systems with safer versions of OpenSSL. “Sometimes it takes a crisis to do the right thing,” Linux Foundation executive director Jim Zemlin told journalists.

The bug exposed more than just people’s passwords and credit card details. It also highlighted that the crucial piece of software is maintained by a small group of developers who receive donations averaging about $2,000 a year to support the project.

“It is kind of weird that such crucial software is run by a group of hobbyists on a shoestring budget,” said Mikko Hypponen, chief research officer with security firm F-Secure. “This software was invisible, behind the scenes and there are very few volunteers who have the skill and willingness to work on a project like this. There is no recognition, no money and it is very difficult.”

The details that have emerged about how the vulnerability came about speaks volumes about how little the industry has cared about the software that was securing their websites, he added.

“The fact that the code change which caused the bug was done by an individual working at 23:00 on a New Year’s Eve says a lot. The code simply wasn’t reviewed enough and it went undetected for two years,” he added.

Europe to get Universal Mobile Charger

Europe to get Universal Mobile Charger
The European Parliament has ruled that all mobile phone chargers on the European market must use a standard charger by 2017. This is likely to be a micro USB charger, which most mobile companies already use, but iPhones still use either lightning or 30 pin connections.

The ‘Which Magazine’ mobile phone experts have suggested that this is potentially good news, but it still remains to be seen how Apple will respond. In the past Apple have said that they would not redesign its phones and would only provide adaptors to make them compatible.

Google Buys Solar Powered Drone Maker Titan Aerospace

Google Buys Solar Powered Drone Maker Titan Aerospace
Internet search giant Google has bought US high-altitude drone maker Titan Aerospace for an undisclosed sum.  Google said the acquisition was intended to help the firm’s efforts to expand internet access.

Titan Aerospace, which is building two types of solar-powered drones that can fly for years, says it expects “initial commercial operations” by 2015.

The firm, which has about 20 employees, will continue to be based in Moriarty, New Mexico. “It’s still early days, but atmospheric satellites could help bring internet access to millions of people, and help solve other problems, including disaster relief and environmental damage like deforestation,” Google said in a statement.  “It’s why we’re so excited to welcome Titan Aerospace to the Google family.”

Google’s purchase follows Facebook’s announcement earlier this year that it had bought UK-based drone maker Ascenta for $20m (£12m).

The two firms are competing to be able to use cutting-edge technology, like drones and high-altitude balloons, to deliver internet to more of the world’s population.

Avoca Consulting Engineering Services

Direct Submit are now working with Avoca Consulting Engineering services to help promote their website on the Internet. Avoca Consulting who provide modern dynamic and responsive consulting engineering services, including mechanical & electrical design and sustainable & renewable design services, are hoping to improve their online profile as well as extend their client base to a much wider audience.

Direct Submit will be assisting Avoca with both the Search Engine Optimisation (SEO) to their website, plus their online marketing strategy.

If you would like to know more about how Direct Submit could help your business website work harder for you then why not call us now on 0845 272 2350 for a free SEO review and quotation.

Scramble to Repair Huge ‘Heartbleed’ Security Bug

Scramble to Repair Huge ‘Heartbleed’ Security Bug

A bug in software used by millions of web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers. The bug is in a software library used in servers, operating systems and email and instant messaging systems. Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth. It is not clear how widespread exploitation of the bug has been because attacks leave no trace.

“If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle,” said a blog entry about the bug published by the Tor Project which produces software that helps people avoid scrutiny of their browsing habits.

A huge swathe of the web could be vulnerable because OpenSSL is used in the widely used Apache and Nginx server software. Statistics from net monitoring firm Netcraft suggest that about 500,000 of the web’s secure servers are running versions of the vulnerable software.

“It’s the biggest thing I’ve seen in security since the discovery of SQL injection,” said Ken Munro, a security expert at Pen Test Partners. SQL injection is a way to extract information from the databases behind web sites and services using specially crafted queries.

Many firms were scrambling to apply patches to vulnerable programs and others had shut down services while fixes were being worked on, he said. Many were worried that with proof of concept code already being shared it would only be a matter of time before cyber thieves started exploiting the vulnerability.

Mojang, maker of the hugely popular Minecraft game, took all its services offline while Amazon, which it uses to host games, patched its systems.  The bug in OpenSSL was discovered by researchers working for Google and security firm Codenomicon.

In a blog entry about their findings the researchers said the “serious vulnerability” allowed anyone to read chunks of memory in servers supposedly protected with the flawed version of OpenSSL. Via this route, attackers could get at the secret keys used to scramble data as it passes between a server and its users.

“This allows attackers to eavesdrop [on] communications, steal data directly from the services and users and to impersonate services and users,” wrote the team that discovered the vulnerability. They called it the “heartbleed” bug because it occurs in the heartbeat extension for OpenSSL.

The bug has been present in versions of OpenSSL that have been available for over two years. The latest version of OpenSSL released on 7 April is no longer vulnerable to the bug.  “Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously,” wrote the researchers.

Installing an updated version of OpenSSL did not necessarily mean people were safe from attack, said the team. If attackers have already exploited it they could have stolen encryption keys, passwords or other credentials required to access a server, they said.

Full protection might require updating to the safer version of OpenSSL as well as getting new security certificates and generating new encryption keys. To help people check their systems some security researchers have produced tools that help people work out if they are running vulnerable versions of OpenSSL.

APT Sound Testing – UK Noise Consultants

APT Sound Testing – UK Noise Consultants
Direct Submit are pleased to announce they are now working with UK noise consultants, APT Sound Testing, who offer the complete acoustic consultancy and sound testing service. A UKAS accredited company providing a friendly proactive service for all your sound insulation testing & acoustic consultancy requirements, they also provide sound test services to help developers and self builders attain building control compliance.

Working alongside their marketing team, we will be looking at ways to improve their online ‘Search Engine Ranking’ performance and also improve their online reputation and profile.

Direct Submit can help you grow your business using effective Internet Marketing and Search Engine Marketing processes. We provide a complete set of ethical Internet marketing services that have been developed to achieve online promotion and sales results. Call us now on 0845 272 2350 for more information on making your website work harder for your business.