Son of Heartbleed poses a major new threat to the internet

OptionsBleed is the name of a new major vulnerability which potentially threatens to expose data from servers in a similar sort of way that Heartbleed did a few years back.

If you recall, Heartbleed was the critical bug which made headlines in 2014, a vulnerability in OpenSSL which could be exploited to (relatively) easily pilfer data from a server (including the likes of security keys, usernames and passwords, and other sensitive details).

OptionsBleed is different in that it’s a bug in the Apache Web Server (as opposed to OpenSSL) leveraged by making HTTP OPTIONS requests (hence the name) in order to potentially cause data leakage as Heartbleed did.

The problem was first uncovered by security researcher Hanno Böck, but the good news is it’s far less widespread and serious than Heartbleed was.

As security firm Sophos reports, Böck’s testing found 466 incidents of OptionsBleed leakage from a million web servers, and given that around 40% of those would likely be running Apache, that means the bug was only triggered in 0.12% of vulnerable systems.

Deliberate provocation

Still, we shouldn’t underestimate the potential havoc that OptionsBleed could wreak, particularly now that knowledge of it has become widespread.

As Sophos observes: “It’s important to remember that on a server that’s hosting many different domains for many virtual hosts in many different directory trees, one malevolent customer could provoke this bug by deliberately setting an invalid option in their own .htaccess, and then repeatedly visiting one of their own URLs to see what data might leak out.”

A patch for the vulnerability is available from the Apache source code servers, but we’ve heard no official word from Apache on this matter yet, and it’s uncertain whether this fix is the best route to take – as you’ll need to apply the patch manually. Hopefully we’ll get an official security update from Apache before long.


CCleaner gets hit by a nasty malware infection

Popular system maintenance tool CCleaner has been compromised by a serious malware infection, which is a particularly embarrassing incident given that the app was bought up by antivirus giant Avast back in the summer.

According to security outfit Cisco Talos, if you downloaded CCleaner version 5.33 from Avast (or used CCleaner Cloud version 1.07.3191), then it was blighted with a multi-stage malware payload.

The security firm speculates that an external attacker compromised the program’s development or build environment to insert the malware, or it could have been an insider doing the same.

The malicious code in question is a two-stage backdoor which hooks up to a command and control server, capable of running code transmitted from a remote PC with obvious potential for various nastiness. Another worrying point was that this infection apparently went undetected by the vast majority of antivirus software.

Threat resolved

The good news is that the infected version of the software has already been pulled down, and according to Piriform, the developer of CCleaner: “The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version.”

Those using the cloud version of CCleaner have already received an automatic update to remove the exploit, and Piriform claims that “we were able to disarm the threat before it was able to do any harm”.

Even so, a large number of users could potentially have been affected given that CCleaner is reportedly downloaded 5 million times per week (and has racked up over two billion downloads since November of last year).

An investigation into how the code was inserted into the program is underway, Piriform says, and Avast is unsurprisingly involved in trying to work out what has gone on here (we’ve reached out to the latter for comment on this incident, and will update this story if we hear back).

Meanwhile, if you are running CCleaner v5.33, you need to update to the latest version of the program immediately.

  • Even the best laptops need a good antivirus to defend against malware


Surface Book 2 might not arrive until 2018

Many folks have been keenly awaiting the arrival of the Surface Book 2 for a long time now, but it seems that the wait will continue, at least according to a new report which claims that the hybrid sequel won’t be seen until 2018.

This comes from Mary J Foley at ZDNet, a well-respected source on all things Microsoft, who claims her inside contacts have said that the company might not start shipping a new Surface Book until early next year.

Obviously this is chatter from the grapevine so has to be taken with the usual caveats, and of course note the qualifying use of the word ‘might’ in the report.

But still, when we heard earlier this month that Microsoft is set to reveal at least one new Surface device at the Future Decoded event in London at the end of October, we had hoped that the timing was lining up for a new Surface Book to finally be revealed – and that seems far less likely now.

Surface spin

It seems the hardware in question will most likely be the LTE spin of the new Surface Pro (introduced earlier this year), which is nice, but obviously a far less exciting prospect than a Surface Book 2.

Foley also claimed that the sequel to the Surface Hub won’t be appearing this year either, and is also set for an early 2018 launch.

Meanwhile, in other Microsoft news, we just heard that the firm is planning a Windows Mixed Reality event for the start of October which will further detail the vision for these more affordable VR headsets (such as the Dell Visor or Lenovo Explorer).

Via: Neowin


The best rugged tablets 2017: the best drop-proof tablets you can buy

If you work outside, or in a busy environment where accidents can occur, then you’ll want the very best rugged tablet. These tablets boast many of the features regular tablets offer, such as bright and vibrant touchscreens, huge collections of apps, and easy-to-carry designs, while also adding a layer of ruggedness that keeps them protected.

The best rugged tablet will feature reinforced screens to stop them cracking, and durable bodies that won’t break if you drop them. However, they should also maintain their slim and light designs.

While you won’t get a rugged tablet that’s as slim and light as the iPad Air 2, it doesn’t mean you should have to lug around a chunky and unwieldy tablet either.

So, to help you find the best rugged tablet, we’ve put together this list, which gather the top shock and drop-proof tablets on the market today.

If you’re working outside, then the Panasonic Toughpad FZ-M1 is easily one of the best rugged tablets on the market today. This is thanks not only to its tough design that is shock resistant to to drops of up ton 180cm, but also because the display has been designed to be used outdoors in bright sunlight – so you’ll still be able to use the Panasonic Toughpad FZ-M1 no matter how bright your surroundings are. The screen supports 10-finger multi-touch, it runs on Windows 10 Pro, it’s water and dust resistant and comes with a configuration port for a variety of expansions (serial, LAN, 2D Barcode Reader, NFC).

Samsung Galaxy Tab S2

If you’re looking for a rugged Windows tablet that can withstand an impressive amount of punishment, then the Getac F110 is an excellent choice. Its durable body can withstand moisture, extreme temperatures and drops, without it being bulky or heavy. It is certified to MIL-STD 810G, 1P65 and MIL-STD-461F standards. The most recent version of this tablet comes with 6th generation Intel Core processors, so there’s plenty of power here, and a dual battery system means you can easily swap them out without having to pause.

iPad Pro 9.7

The HP ElitePad 1000 is a fantastic business laptop, and it can be configured to come in a rugged design that is IP65 and MIL-STD 810G tested. It can withstand a 6ft drop onto linoleum-covered concrete. It features an Intel Atom processor, which isn’t the most powerful CPU, but it’s still capable of handling most business applications. Biometric security keeps your important data safe, and HP also offers a range of accessories, such as docking stations and additional batteries.

iPad mini 4

The Panasonic Toughbook CF-33 is a 2-in-1 rugged device, which means it has an attachable keyboard that allow it to work as either a laptop or as a tablet. When in tablet mode, the Toughbook CF-33 is an excellent durable machine , with MIL-STD-461F, MIL-STD-810G and IP65 certification, which means it can survive shocks, drops liquids and dust. The battery life is a bit on the short side compared to other rugged tablets on this list, but you can quickly swap out the battery when you need extra time. You can also buy extended batteries that double the run time from 10 hours to 20. This is an additional cost, however.

Dell is another well-known brand that produces rugged tablets. The Dell Latitude 12 is one such device, and Dell has recently updated the model with more up-to-date components, though the processor still feels a little outdated. However, you do get an excellently-built tablet that has IP65, MIL-STD-810G and IP-810G certifications (rather than merely meeting the standards in laboratory tests). Dell’s customary high build quality is evident here, and while it isn’t the most glamorous looking tablet, it does the job of withstanding harsh conditions, and accidental drops. Price-wise, the Dell Latitude 12 is also pretty competitive, and as with other Dell products, you’re able to configure the hardware to meet your specific needs and budget.

Unlike other rugged tablets on this list, the Samsung Galaxy Tab Active isn’t designed for industrial-grade protection. However, what it does provide is IP67 certification for dust and water ingress, and a battery that lasts between eight to 10 hours. Plus, it supports replaceable batteries, so you can keep on working even if you’re away from a power supply, and it’s drop-tested to 1.2 metres. A decent camera and NFC technology are included, and it’s rounded off with Samsung’s customary excellent build quality.

This 10.1-inch Android tablet can withstand drops up to five feet, as well as being water and dust resistant. While it’s bulkier and heavier than non-rugged tablets, it’s still portable enough to be easily carried around worksites. Its screen isn’t the highest resolution, but with a 500 Nit backlight, it is excellent for use in direct sunlight. It’s not the most powerful tablet on this list, but it’s a more affordable alternative for people who want to use an Android device outside and on the road.

The Getac Z710 is a handy rugged tablet that does pretty much everything you’d want from an Android tablet, while coming in a rugged body. Design-wise the Getac Z710 is one of the better looking rugged tablets we’ve seen, and it comes with a number of business-orientated features that make it an excellent choice for enterprise use. The 7-inch screen is crisp and responsive to touch, but it does have a habit of showing off glare in direct lights. It has been tested for drops up to six foot, and is MIL-STD-810G certified, while Corning Gorilla glass protects the screen from shattering.

  • Looking for a laptop that can withstand the elements? Check out our list of the best rugged laptops


Flipkart rolls out new features on its mobile app

With the onset of festival season in India, the online retailers have geared up to serve best deals and offer to their customers. Big players in the online shopping sphere like Amazon and Flipkart have already announced their sales where they will be offering a bundle of offers and discounts on numerous products. Interestingly, both the Amazon’s Great Indian Sale and Flipkart’s Big Billion Days will be happening this week from September 20 to September 24. So, this will turn out to be a bonanza week for the buyers.

Adding flavour to this extravaganza, Flipkart has started to offer EMI on debit cards to its customers on its mobile app. For this, the e-commerce company has partnered with HDFC and Axis bank. The bank is offering this feature at a slightly higher interest rate of more than 15%. However, no processing fee is charged during the transaction. The EMI offer is available on selected goods falling under the categories like consumer electronics, furniture etc. Also, the users can avail this offer with zero balance in their account.

To avail the offer, users need to click on “HDFC Consumer Durable Loan” under the EMI section while checking out the product. After selecting the loan period and making the payment via debit card an OTP will be sent to the user for verifying the purchase. Once the user confirms the purchase amount, it will be converted into EMI. Also, if the user buys the product before 20th of the month, the EMI will be applicable from 5th of the coming month. In case, if the purchase is made after 20th, the EMI will be payable from the 5th of next to next month.

The e-commerce giant is also offering a Festive Pass to its customers at Rs 99 from Oct 5. To avail this offer, the customers have to register themselves before Sep 30. Under the Festive Pass, customers will get Hotstar Premium membership for three months, three-month subscription to Gaana+, a discount of 10% on purchase of anything above Rs 1000, free delivery on all Flipkart Assured items etc.

Apart from these, options like No Cost EMI’s, Product Exchange offers, Buyback Guarantee, Pay Later will also be available to the customers during the Big Billion Day sale. There’s also a 10% cashback on all payments made using PhonePe.


Bing will now fact check your news for you too

It can be hard to tell fact from fiction these days, but to make the job a little easier, Microsoft is adding new tools to its Bing search engine that should spot the worst fake news stories before they have a chance to be widely reported as genuine.

Google rolled out a similar feature last year that it expanded back in April, and it’s an issue the likes of Facebook and Twitter have had to deal with as well. With so much information out there, how do you know who you can trust (besides TechRadar of course)?

In Bing’s case the search site will throw up what it calls “fact check labels” next to stories of a dubious nature – in practice that means you might see a debunking link from Snopes or PolitiFact next to the news or the article you were originally looking for.

A trustworthy internet

Bing says these sort of labels are going to be popping up in a broad range of categories covering news, health, science and politics, and if webmasters want to prove they’re on the level they can add certain references and backup links to their original posts.

“The label may be used on both news articles and web pages that Bing has determined contain fact check information to allow users to have additional information to judge for themselves what information on the internet is trustworthy,” says the Bing team.

The new features are unlikely to be able to spot every fake news story but they should at least filter out the worst offenders from your search results. The latest stats show Bing has climbed to a 33% share of the desktop market in the US and 26% in the UK.


Differentz Ways of Fun

Facebook Iconfacebook like buttonTwitter Icontwitter follow buttonBlog