Johan Olofsson discovered an authentication bypass vulnerability in
Stunnel, a program designed to work as an universal SSL tunnel for
network daemons. When Stunnel in server mode is used with the redirect
option and certificate-based authentication is enabled with verify = 2
or higher, then only the initial connection is redirected to the hosts
specified with redirect. This allows a remote attacker to bypass
It was discovered that the Jackrabbit WebDAV bundle was susceptible to a
XXE/XEE attack. When processing a WebDAV request body containing XML,
the XML parser could be instructed to read content from network
resources accessible to the host, identified by URI schemes such as
http(s) or file. Depending on the WebDAV request, this could not
only be used to trigger internal network requests, but might also be
used to insert said content into the request, potentially exposing it to
the attacker and others.
It was discovered that unattended-upgrades, a script for automatic
installation of security upgrades, did not properly authenticate
downloaded packages when the force-confold or force-confnew dpkg options
were enabled via the DPkg::Options::* apt configuration.
MakeTechEasier: Remember RSS? You know, the short headlines and sentences of a few words each. Every major news site and blog has a feed. You can still get news the old fashioned way, only in a much nicer format.
Buying a phone in combination with a contract - the mislabeled "free phone" - just became a whole lot more complicated in my home country of The Netherlands. Today, our minister of finance, Jeroen Dijsselbloem (if you follow international news - yes, that one) today announced that he is not going to create an exemption in Dutch finance laws specifically for mobile carriers offering "free" phones on contract.
Last year, The Hoge Raad der Nederlanden (our supreme court) ruled that if carriers offer a loan of â¬250 or higher, they need to abide by the same rules as any other company, institution, or entity providing such loans - meaning, they will have to perform an income check, check if people have prior debts, and in general, if their financial situation is sound enough for them to be able to take on a loan for a smartphone. They will also need to be a lot more transparent and upfront about the fact they are offering a loan, including warnings, the terms, and so on.
This, of course, affects carriers a great deal; a lot of expensive, high-end phones, like iPhones or the latest Galaxy phones, are sold in combination with contracts, their true price hidden in monthly payments. Making it harder for consumers to take on these loans hurts their business model. As such, carriers had asked our minister of finance to create an exemption specifically for them - but he refused.
Carriers are, of course, not happy. T-Mobile, Vodafone, and KPN - our three major carriers - have already voiced their displeasure. They're complaining they will have to do considerable investments to change their sales model, and that it will become a lot harder for customers to buy high-end phones. To be fair to the carriers, all this does mean consumers will have to reveal a considerable amount of private information to carriers if they want to take out a loan to buy a phone.
That being said, there are alternatives: carriers could simply charge the price of the phone upfront. This, of course, is not something they want - they'd much rather be a little bit shady and fuzzy about the true price of smartphones. Samsung, Apple, and other smartphone makers surely won't be happy with this either, as they rely on these somewhat shady deals to peddle their wares. Half of Dutch consumers are already on SIM-only contracts, and this will only push more consumers to cheaper phones.
As a Dutchman, I find this great news. My financial means are such that I don't have to worry about this sort of thing, but there are enough people out there for whom this is not the case, and there are certainly quite a few people lured into these seemingly "cheap" phones, only to suffer for it down the line. While I'm sure people living in Libertarian la-la-land will scream bloody murder, the fact of the matter is that if left to their own devices, these companies will abuse people left and right.
Later this year, Ultima Online will turn 18 years old. In the genre of MMOs, that makes the game positively ancient - and it's even more remarkable when you consider that it's still funded via a subscription model.
I've never played an Ultima game, much less one that's nearly my age. I wanted to find out what the game is like to play today as a newcomer, and to ask people why theyâve continued visiting Britannia for nearly two decades.
I have little to no interest in MMOs, but seeing one of them run for this long is fascinating.
A recent draft of the Trans-Pacific Partnership free-trade deal would give U.S. pharmaceutical firms unprecedented protections against competition from cheaper generic drugs, possibly transcending the patent protections in U.S. law.
This article focuses on pharmaceuticals, but just imagine what similar restrictions would mean for technology. This is disastrous.
The 4MLinux project has announced a new release of the independent Linux distribution. The latest release, 4MLinux 13.0, ships with the GNU Compiler Collection 5 and offers miscellaneous desktop improvements. "The status of the 4MLinux 13.0 series has been changed to S. Major changes in the core of....
David Purse has announced the availability of the beta release of Simplicity Linux 15.7, a lightweight Puppy-based distribution for netbooks and desktops. Due to unresolved issues, the "Desktop" edition is only available in a 32-bit build for now. From the release announcement: "Simplicity Linux 15.7 beta is now....
Matthias Klumpp has announced the availability of a release candidate for Tanglu, a Debian based distribution for desktop users. Tanglu 3 RC1 introduces experimental support and is presented in three editions (GNOME, KDE and Core). "We are pleased to announce the release of the first release candidate (RC)....