TV Java

 

A recent update to Google’s browser Chrome, has disabled the Java plugin. So if your favourite Java game or app has stopped working I am going to show you how to re-enable Java.

As of Chrome Version 42, an additional configuration step is required to continue using NPAPI (Java) plugins.

  1. In your URL bar, enter:
    chrome://flags/#enable-npapi
  2. Click the Enable link for the Enable NPAPI configuration option.
  3. Click the Relaunch button that now appears at the bottom of the configuration page.

If you prefer to watch this on a video, I’ve created a short one for you.

Hope this helps

tv crime2A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned.
LISTEN AND MAKE PHONE CALLS REMOTELY
The vulnerability (CVE-2015-0670) actually resides in the default configuration of certain Cisco IP phones is due to “improper authentication“, which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request.
Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity.
AFFECTED DEVICES
The devices affects the Cisco’s small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these device may also be affected by the flaw.
It’s likely that some phones have been configured to be accessible from the Internet, so it would be very easy for hackers to locate the vulnerable devices that run on vulnerable software versions by using the popularShodan search engine.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device,” the Cisco advisory says. “This access requirement may reduce the likelihood of a successful exploit.

Cisco has confirmed the issue, which was discovered and reported by Chris Watts, a researcher at Tech Analysis in Australia, along with two other flaws — an XSS vulnerability (CVE-2014-3313) and a local code execution vulnerability (CVE-2014-3312).
VULNERABILITY UNPATCHED, YET SOME RECOMMENDATIONS
The company hasn’t patched the problem yet and is working on a new version of the firmware to fix the issue, although the company offers some recommendations in order to mitigate the risk:
  • Administrators are advised to enable XML execution authentication in the configuration setting of the affected device.
  • Administrators are advised to allow network access only to trusted users.
  • Administrators are advised to use Solid firewall strategies to help protect the affected systems from external attacks.
  • Administrators may also use IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  • Administrators are advised to closely monitor the vulnerable devices.

Windows TV

Discover a range of Microsoft books on Windows Server, Microsoft Azure, App Development and System Center as well as Windows books available free of charge! From technical overviews to drilldowns on special topics, these free Microsoft books are available in PDF, EPUB, and/or Mobi for Kindle formats. Download these eBooks at your convenience today.

App DevelopmentWindows Server

Microsoft AzureWindows 8.1

Microsoft System CenterOther Books

 

 

Read the rest of this entry »

tv-pure google

So sitting here looking out of my living room window across a very grey, cold and gloomy London I thought it might be time to spread some joy across the net.

So here are 6 fun tricks to try with Google.

1. Do a barrel roll trick:

Go to Google.com and simply type in the search box “do a barrel roll” and see the magic. The page will rotate two times.

barrel

2. Atari Breakout Trick:

Go to Google images and type “Atari Breakout”. The images will be transformed into blocks and you can play Breakout, classic arcade game of the 70’s era.

atari

3. Tilt page trick:

No this is not back to the 70’s again (that’s a pinball reference from the younger crowd). Search for “tilt” on Google and see how your page tilts a little.

tilt4. Recursion trick:

Search for “recursion” on Google and you will get stuck in an infinite loop much like recursion. Recursion means repeating. Google will show “did you mean recursion?” every time searching for recursion. Ok well that is not really fun, not like playing Breakout but at least you learn what recursion means. (Every day is a school day)

recursion

 

5. Google Gravity:

Type in “Google Gravity” in their homepage and then click on the “I’ m feeling lucky” button. It will redirect you to one of the fun projects called “Google Gravity”. It is a Chrome Experiment done by Hi-Res. See how gravity bring Google to its knees. You can even search anything.

gravity

6. Zerg Rush:

When you type “zerg rush” in Google .The ‘o’ and ‘o’ of Google appears from the top and the right of the Google page and slowly eats up the whole page leaving nothing. It’s fun to watch.

zergBonus: elgoog.im

A rotated version of Google.com, kind of google tricks. Provides you with a reversed Google site, known as Google backwards. You can also do surfing on elgoog.im, it’s fun.

elgoog

Well they cheered me up !

Ghost in the Machine

Posted: 29/01/2015 in Uncategorized
Tags: , , , ,

tv crime2A newly disclosed flaw opens up most Linux-based Web and mail servers to attack, researchers from Redwood Shores, California-based security firm Qualys disclosed today (Jan. 27).

The flaw, dubbed “GHOST” by its discoverers, “allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials,” (i.e. administrative passwords), Qualys staffer Amol Sarwate said in a company blog posting.

“As a proof of concept, we developed a full-fledged remote exploit against the Exim mail server, bypassing all existing protections (ASLR, PIE, and NX) on both 32-bit and 64-bit machines,” Qualys researchers posted on the Openwall security mailing list earlier today.

MORE: 5 Worst Security Fails of 2014

GHOST is of immediate and urgent concern to any IT professional administering a Linux-based server, but users of desktop Linux should also install patches, which have already been pushed out by Red Hat and Ubuntu, among others. (Red Hat Fedora 20 and later, and Ubuntu 13.10 and later, were already immune.)

Various flavors of Linux power at least a third of the world’s Web servers and mail servers, but it’s likely that administrators at top Web-based companies were tipped off ahead of today’s disclosure.

GHOST, designated CVE-2015-0235 per security-industry convention, is the fourth major vulnerability in open-source software found in the past 10 months. The stampede began with the discovery of the Heartbleed flaw in OpenSSL in April, then continued with the Shellshock hole in the Bash command-line shell in September, followed by the POODLE weakness in Web encryption in October.

Such technical talk may be gobbledygook to most computer users, but arcane open-source software runs the Internet and the Web that rides on top of it. Any major open-source flaw threatens not only the massive global Internet economy, but your ability to check your own Facebook page.

“To be clear, this is NOT the end of the Internet,” wrote Jen Ellis of Boston information-security firm Rapid7 in an official blog posting. “It’s also not another Heartbleed. But it is potentially nasty, and you should patch and reboot your affected systems immediately.”

GHOST vulnerability explained

The flaw exists in older versions of the GNU C library, or glibc, a repository of open-source software written in the C and C++ coding languages. Newer versions of glibc, beginning with glibc 2.18, released in August 2013, are not affected. But many builds of Linux may still be using older versions.

In addition to Exim, server software vulnerable to GHOST includes Apache, Sendmail, Nginx, MySQL, CUPS, Samba and many others, according to a post by Qualys researchers on the Full Disclosure mailing list. CORRECTION: The applications listed on the Full Disclosure page are NOT vulnerable to GHOST.

The risk to users of massively subscribed services such as Twitter, Facebook and all of Google’s online services should be low, presuming that administrators of those company’s servers have already implemented or are currently implementing patches. (It’s possible that last night’s 40-minute Facebook outage was the result of this.)

But implementation of the patches will have to be manual, which means that millions of websites and mail servers that don’t get the same degree of administrative attention will continue to be vulnerable for an extended period of time.

Thanks to Qualys and Tom’s Guide

tv crime2

Ransomware malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody’s blood. Sad, but it’s True!

Joseph Edwards, a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he’d been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him.
The scam email pushed the well-known Police Ransomware onto the boy’s laptop and also downloaded malware that locked up his system once it was opened.
Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday.
Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was found hanged at his family home in Windsor by his mother Jacqueline Edwards, who told the coroner that he probably didn’t understand the implications of his actions.

He didn’t seem to have any worries known to me. I don’t think he really understood,” Jacqueline Edwards told the coroner. “Joseph was subjected to a scam on the internet, a threatening, fake police link that was asking for money,” his mother said in a statement. “He would have taken it literally because of his autism and he didn’t want to upset Georgia [his sister] or me.

As far as we all know, a Police ransomware of this type does not encrypt files and usually asks a victim to pay a small fine that last around £200 or €200. It’s normally much easier to remove the threat from infected systems by using dedicated tools specially designed to remove such infections.
According to Detective Sergeant Peter Wall, it will be almost impossible to trace the fraudsters behind the ‘crude’ email, but believe it may have originated outside the UK.
This is not first time when Ransomware has become deadly reason to take someone’s life. Over a year ago, a Romanian family faced same Police Ransomware threat and the Romanian victim hanged himself and his four-year-old son, scarring that his young son would pay for his mistake and his life would be spend in the moment of delusion.
Ransomware is one of the most blatant and obvious criminal’s money making schemes out there, from which Cryptolocker threat had touched the peak, and cyber criminals have developed many Cryptolocker versions (prisonlocker, linkup, icepole, cryptobit) by which you have to safeguard your system.

TV failure

It’s 2015 and it would be nice to think that people had learned what makes a good password by now. They haven’t. And this list of the 25 most popular passwords of 2014—maybe also make that the worst—proves it.

SplashData’s annual list compiles the millions of stolen passwords made public throughout the year and assembles them in order of popularity. A glance down the list reveals that we’re all still morons, with “123456”, “password”, “12345”, “12345678” and “qwerty” making up the top five. No, really.

Now is clearly a good time to remind yourself not to be one of those morons, and start using sensible passwords, LastPass or some other system to keep your personal information safe. But anyway, enough of that, here’s the list. You’re welcome.
1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345 (Up 17)

4. 12345678 (Down 1)

5. qwerty (Down 1)

6. 123456789 (Unchanged)

7. 1234 (Up 9)

8. baseball (New)

9. dragon (New)

10. football (New)

11. 1234567 (Down 4)

12. monkey (Up 5)

13. letmein (Up 1)

14. abc123 (Down 9)

15. 111111 (Down 8)

16.mustang (New)

17. access (New)

18. shadow (Unchanged)

19. master (New)

20. michael (New)

21. superman (New)

22. 696969 (New)

23. 123123 (Down 12)

24. batman (New)

25. trustno1 (Down 1)