Nat  Kutch

Nat Kutch

1597833600

Do Airplanes Use Floppy Disks for Critical Updates Even in 2020?

Airplanes are a luxury for most people to own, let alone toy with — given all the national security regulations. This year’s DEF CON, however, revealed a fascinating finding leaving many, including myself, surprised.

July this year, British Airways announced it would retire its BOEING-747 fleet “due to the downturn in travel caused by the COVID-19 global pandemic,” as stated by their spokesperson.

This enabled security researchers, Ken Munro and Alex Lomas of Pen Test Partners to get their hands on a BOEING-747, and show us what goes on behind the scenes in the aircraft.

In their DEF CON presentation, the researchers gave a thorough walkthrough of the aircraft and pointed out something that Gareth Corfield of The Register wasted no time in reporting on.

They revealed a critical component of the BOEING-747 jet, the “navigation database loader” which uses 3.5" floppy disks for updates, even in 2020!

The “diskette stowage” compartment next to the component has a number of floppies as the video (provided at the bottom) gives a quick glimpse of.

To update the navigation database, Lomas explained, an engineer would have to visit the aircraft every 28 days, with a set of floppy disks.

#aviation #aerospace #security

What is GEEK

Buddha Community

Do Airplanes Use Floppy Disks for Critical Updates Even in 2020?
Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Why Use WordPress? What Can You Do With WordPress?

Can you use WordPress for anything other than blogging? To your surprise, yes. WordPress is more than just a blogging tool, and it has helped thousands of websites and web applications to thrive. The use of WordPress powers around 40% of online projects, and today in our blog, we would visit some amazing uses of WordPress other than blogging.
What Is The Use Of WordPress?

WordPress is the most popular website platform in the world. It is the first choice of businesses that want to set a feature-rich and dynamic Content Management System. So, if you ask what WordPress is used for, the answer is – everything. It is a super-flexible, feature-rich and secure platform that offers everything to build unique websites and applications. Let’s start knowing them:

1. Multiple Websites Under A Single Installation
WordPress Multisite allows you to develop multiple sites from a single WordPress installation. You can download WordPress and start building websites you want to launch under a single server. Literally speaking, you can handle hundreds of sites from one single dashboard, which now needs applause.
It is a highly efficient platform that allows you to easily run several websites under the same login credentials. One of the best things about WordPress is the themes it has to offer. You can simply download them and plugin for various sites and save space on sites without losing their speed.

2. WordPress Social Network
WordPress can be used for high-end projects such as Social Media Network. If you don’t have the money and patience to hire a coder and invest months in building a feature-rich social media site, go for WordPress. It is one of the most amazing uses of WordPress. Its stunning CMS is unbeatable. And you can build sites as good as Facebook or Reddit etc. It can just make the process a lot easier.
To set up a social media network, you would have to download a WordPress Plugin called BuddyPress. It would allow you to connect a community page with ease and would provide all the necessary features of a community or social media. It has direct messaging, activity stream, user groups, extended profiles, and so much more. You just have to download and configure it.
If BuddyPress doesn’t meet all your needs, don’t give up on your dreams. You can try out WP Symposium or PeepSo. There are also several themes you can use to build a social network.

3. Create A Forum For Your Brand’s Community
Communities are very important for your business. They help you stay in constant connection with your users and consumers. And allow you to turn them into a loyal customer base. Meanwhile, there are many good technologies that can be used for building a community page – the good old WordPress is still the best.
It is the best community development technology. If you want to build your online community, you need to consider all the amazing features you get with WordPress. Plugins such as BB Press is an open-source, template-driven PHP/ MySQL forum software. It is very simple and doesn’t hamper the experience of the website.
Other tools such as wpFoRo and Asgaros Forum are equally good for creating a community blog. They are lightweight tools that are easy to manage and integrate with your WordPress site easily. However, there is only one tiny problem; you need to have some technical knowledge to build a WordPress Community blog page.

4. Shortcodes
Since we gave you a problem in the previous section, we would also give you a perfect solution for it. You might not know to code, but you have shortcodes. Shortcodes help you execute functions without having to code. It is an easy way to build an amazing website, add new features, customize plugins easily. They are short lines of code, and rather than memorizing multiple lines; you can have zero technical knowledge and start building a feature-rich website or application.
There are also plugins like Shortcoder, Shortcodes Ultimate, and the Basics available on WordPress that can be used, and you would not even have to remember the shortcodes.

5. Build Online Stores
If you still think about why to use WordPress, use it to build an online store. You can start selling your goods online and start selling. It is an affordable technology that helps you build a feature-rich eCommerce store with WordPress.
WooCommerce is an extension of WordPress and is one of the most used eCommerce solutions. WooCommerce holds a 28% share of the global market and is one of the best ways to set up an online store. It allows you to build user-friendly and professional online stores and has thousands of free and paid extensions. Moreover as an open-source platform, and you don’t have to pay for the license.
Apart from WooCommerce, there are Easy Digital Downloads, iThemes Exchange, Shopify eCommerce plugin, and so much more available.

6. Security Features
WordPress takes security very seriously. It offers tons of external solutions that help you in safeguarding your WordPress site. While there is no way to ensure 100% security, it provides regular updates with security patches and provides several plugins to help with backups, two-factor authorization, and more.
By choosing hosting providers like WP Engine, you can improve the security of the website. It helps in threat detection, manage patching and updates, and internal security audits for the customers, and so much more.

Read More

#use of wordpress #use wordpress for business website #use wordpress for website #what is use of wordpress #why use wordpress #why use wordpress to build a website

Justyn  Ortiz

Justyn Ortiz

1603465200

Oracle Kills 402 Bugs in Massive October Patch Update

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update (CPU), which fixes 402 vulnerabilities across various product families.

Well over half (272) of these vulnerabilities open products up to remote exploitation without authentication. That means that the flaw may be exploited over a network without requiring user credentials.

The majority of the flaws are in Oracle Financial Services Applications (53), Oracle MySQL (53), Oracle Communications (52), Oracle Fusion Middleware (46), Oracle Retail Applications (28) and Oracle E-Business Suite (27). But overall, 27 Oracle product families are affected by the flaws. Users can find a patch availability document for each product, available here.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches,” according to the company’s release on Tuesday. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.”

While details of the flaws themselves are scant, two of the critical vulnerabilities disclosed by Oracle rank the highest severity score – 10 out of 10 – on the CVSS scale.

These include a flaw in the self-service analytics component of Oracle Healthcare Foundation, which is a unified healthcare-analytics platform that is part of the Oracle Health Science Applications suite. The flaw (CVE-2020-1953), which can be remotely exploited without requiring any user credentials, requires no user interaction and is easy to exploit, according to Oracle. Affected supported versions include 7.1.1, 7.2.0, 7.2.1 and 7.3.0.

The second severe flaw (CVE-2020-14871) exists in the pluggable authentication module of Oracle Solaris, its enterprise operating system for Oracle Database and Java applications (part of the Oracle Systems risk matrix). The flaw is also remotely exploitable without user credentials, requires no user interaction and is a “low-complexity” attack. Versions 10 and 11 are affected.

Sixty-five of the vulnerabilities also had a CVSS base score of 9.8 (and six had a score of 9.4) out of 10, making them critical in severity.

Oracle did offer some workarounds, advising that for attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Users can also reduce the risk of successful attack by blocking network protocols required by an attack.

However, both these approaches may break application functionality, and Oracle does not recommend that either approach be considered a long-term solution as neither corrects the underlying problem.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible,” according to the company.

Oracle releases its CPUs on the Tuesday closest to the 17th day of January, April, July and October.

Previous quarterly updates have stomped out hundreds of bugs across the company’s product lines, including one in April that patched 405. There are also out-of-band updates; in June for instance, Oracle warned of a critical remote code-execution flaw in its WebLogic Server being actively exploited in the wild.

#vulnerabilities #web security #cpu #critical patch update #cve-2020-14871 #cve-2020-1953 #oracle #oracle communications #oracle e-business suite #oracle financial services applications #oracle fusion middleware #oracle mysql #oracle retail applications #quarterly patch update #remote code execution #security update

I am Developer

1599275499

PHP Code for Update Data in MySQL Database - Tuts Make

php code for updating data in mysql database. Here, i will show you how to fetch and update data from mysql in php.

PHP Code for retrieve and update data form mysql database

  1. Step 1 - Connect to MySQL database
  2. Step 2 - Fetch data from the database
  3. Step 3 - Update data from database

https://www.tutsmake.com/php-code-for-update-data-in-mysql-database/

#how to edit data in php using form #how to update data in php using form mysqli #how to fetch and update data from database in php #php code for updating data in mysql database #php #update

Nat  Kutch

Nat Kutch

1597833600

Do Airplanes Use Floppy Disks for Critical Updates Even in 2020?

Airplanes are a luxury for most people to own, let alone toy with — given all the national security regulations. This year’s DEF CON, however, revealed a fascinating finding leaving many, including myself, surprised.

July this year, British Airways announced it would retire its BOEING-747 fleet “due to the downturn in travel caused by the COVID-19 global pandemic,” as stated by their spokesperson.

This enabled security researchers, Ken Munro and Alex Lomas of Pen Test Partners to get their hands on a BOEING-747, and show us what goes on behind the scenes in the aircraft.

In their DEF CON presentation, the researchers gave a thorough walkthrough of the aircraft and pointed out something that Gareth Corfield of The Register wasted no time in reporting on.

They revealed a critical component of the BOEING-747 jet, the “navigation database loader” which uses 3.5" floppy disks for updates, even in 2020!

The “diskette stowage” compartment next to the component has a number of floppies as the video (provided at the bottom) gives a quick glimpse of.

To update the navigation database, Lomas explained, an engineer would have to visit the aircraft every 28 days, with a set of floppy disks.

#aviation #aerospace #security