Sanrio Digital Fixes Hello Kitty Security Vulnerability

Sanrio Digital fixed a security vulnerability on December twenty second two thousand fifteen. This security hole could have affected their SanrioTown.com members. This security flaw left personal information accessible to public outside sources.

This vulnerability has been fixed and this company is performing investigations. They are not aware that any personal information was taken or any member accounts compromised.

Chris Vickery, a security researcher claimed on December nineteen two thousand fifteen that personal information like names, date of birth, gender, were publicly available. SanrioTown.com members data was accessible potentially to people that knew specific internet protocal addresses of servers with this vulnerability. Sanrio Digital claims that payment information including credit card numbers was not accessible.

SanrioTown.com members passwords were accessible but encrypted with Secure Hash Algorithm one function. Also, Sanrio Digital claims that their other websites data was not vulnerable and seperate from this security flaw. Fixes were applied and those vulnerable servers were secured once again.

An internal investigation is currently being performed into this security hole. Personal member information that may have been accessible to public users:

* Both first and last name
* Date of birth
* Gender
* Country
* Personal email address
* Password encrypted with Secure Hash Algorithm
* Password hint questions

Around three million three hundred thousand member account data was potentially publicly accessible. Sanrio Digital claims this vulnerability was caused by server misconfiguration. They recommend SanrioTown.com members change their passwords.

Sanrio Digital claims they installed additional security measures. You can read Sanrio Digital’s official security advisory. Also, you can contact them at info@sanriodigital.com.

VideoLAN Releases VLC Media Player For Chrome Operating System

VideoLAN Organization announced on December seventeen two thousand fifteen their release of VideoLan Client media player for the Google Chrome operating system. VideoLan Client for Google Chrome operating system can play most popular audio and video files. This software is entirely free and open source.

Also, you can play network streams and DVD movies. VideoLan Client’s audio player includes an equalizer, filters, database, and can play most audio formats. Most audio and video formats are supported, including MKV, MP4, AVI, MOV, Ogg, FLAC, TS, M2TS, Wv as well as AAC. All audio and video codecs are included with no separate downloads necessary.

This VideoLan Client software includes a media library with an ability to browse file folders directly. VideoLan Client supports:

* Multi track audio
* Subtitles
* Automatic rotation
* Aspect ratio adjustments
* Gestures controlling volume, brightness and seeking
* Audio headsets control
* Cover art
* Complete audio media library

Also, this media player includes a built in widget to control audio. This initial VideoLan Client version for Google Chrome operating system is 1.7.0. This installation file is 21.05 megabytes in size.

Also, this media player supports up to forty eight languages. This software was actually ported to Google Chrome operating system from an Android version. You can download VideoLan Client media player from the Chrome web store.

Juniper Networks Finds Backdoor Vulnerability in Their Firewalls

Juniper Networks Incorporated announced on December seventeen two thousand fifteen, that they found a backdoor code vulnerability in their firewalls. Knowledgeable attackers could potentially gain administrative access remotely via Juniper’s Netscreen firewalls and decrypt Virtual Private Network connections. Juniper Networks has since released a critical patch update.

These patches have been released for ScreenOS which is Juniper’s firewall software. Juniper Networks claim they found this backdoor security flaw through an internal code review. Juniper recommends their customers install recently released patches. Also, Juniper claims they know of no known exploitations of this security risk.

Bob Worrall Juniper Networks’ Senior Vice President and Chief Information Officer was quoted as saying:

“On behalf of the entire Juniper Security Response Team, please know that we take this matter very seriously and are making every effort to address these issues. More information and guidance on applying this update to systems can be found in the Juniper Security Advisories (JSAs) available on our Security Incident Response website at http://advisory.juniper.net.”

All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require installation of released patches. This security backdoor vulnerability only affects Juniper Networks ScreenOS software. You can check out Juniper’s security announcement for more information.

A user could potentially gain administrative access remotely via Secure SHell or telnet. Also, a user could potentially monitor Virtual Private Network traffic via encryption. Both issues are independent from each other.

This Juniper Security Bulletin addresses more technical information about both of these potential backdoor security flaws.

Linux Vulnerability Found in Grub Bootloader

A recent Linux vulnerability was found with Grub bootloader. Grub2 bootloader version 1.98 from nineteen ninety nine to version 2.02 December of two thousand fifteen has a potential security hole. Users can potentially bypass any plain or hashed password authentication.

This would allow someone to take control of your Linux based computer. Grub2 is used by most modern Linux systems. You can test this vulnerability on your Linux machine by pressing a backspace twenty eight times at Grub’s username login box. If your computer reboots or drops into a rescue shell, then your machine is affected by this security hole.

A grub rescue shell allows:

* Elevation of privilege: allows full access to grub shell commands
* Information disclosure: allows installation of a rootkit and or ability to copy entire hard disk contents
* Denial of service: allows any and all data to become destroyed even grub itself

This actual bug is quite a bit more convoluted and complex than this blog post. However, you can check out this detailed Grub2 authentication bypass article. Malware and infections can be installed on a Linux machine without an owner’s knowledge.

Currently, there is a username password vulnerability patch for Grub2 version 2.02 from Github. Successfully exploitating this security hole depends on the Basic Input Output System version, GRand Unified Bootloader version, amount of Random Access Memory, and whatever modifies that computer’s memory layout. This flaw allows a potential physical security risk.

Users should install any Grub2 related updates available as soon as possible. Major linux vendors such as Debian, Red Hat, and Ubuntu have released patches for this security flaw. Obviously, not allowing physical access to your Linux machine(s) is one way to avoid this security bug being exploited.

WordPress Update – 4.4 Clifford & Twenty Sixteen Theme Released

WordPress released a major update 4.4 Clifford, on December eight two thousand and fifteen. This is an update for all previous versions of WordPress. This update includes a free brand new WordPress twenty sixteen theme and some new features.

These new features are supposed to make your website more responsive. Twenty sixteen theme is mobile friendly and will work on any device out of box so to speak. Images in this 4.4 update are more responsive meaning images will automatically fit appropriately depending on what device is used to browse that particular website.

You can embed your posts on other sites and now WordPress is an oEmbed provider of Cloudup, Reddit Comments, ReverbNation, Speaker Deck, and VideoPress. This 4.4 Clifford update includes REpresentational State Transfer Advanced Programming Interface for developers. REST API is accessible via an official WordPress REST API plugin.

You can update your version of WordPress to 4.4 by clicking on your “Dashboard” if not already there. Then select “Updates”. Finally click on “Update Now”.

If your WordPress site was configured with automatic background updates, then you should already be updated to 4.4. Also, you can download update 4.4 directly from WordPress.org. Finally, check out this WordPress 4.4 update blog post for more details.

Sony Corporation Reduces Playstation Now Subscription Price

Sony Corporation has reduced their subscription price potentially for their Playstation Now game streaming service. You can now purchase a yearly subscription for $99.99. Previously Sony Playstation Now subscriptions were priced at $20 per month or $45 per three months.

Now you can potentially subscribe to ther Playstation Now game streaming service for $8.33 per month with a yearly subscription. Also, you can try before you buy free for seven days. You will have access up to one hundred and five games at time of this blog post creation.

PlayStation Now is available on PlayStation four, PlayStation three, PlayStation Vita, PlayStation television, some select Sony 2015 televisions, some select Sony Blu-ray players, and some select Samsung Smart televisions. You will need to register for a Free Sony Television Network account to gain access.

Those afore mentioned devices now include:

* Game Streaming Capability
* Access to Increasing Playstation Three Games Library
* PlayStation Now Cloud Save Capable
* PlayStation Store Integration
* PlayStation Now Integration
* Single Player Mode
* Online Multiplayer and Coop Mode with some games

PlayStation Now requires a steady broadband Internet connection and Sony Corporation recommends a five megabits per second connection or better. An input device is required for these devices either dualshock three or dualshock four on most systems. Also, you will need to create a free Sony Network account for gaming access.

Below is a current list of compatible hardware devices.

Sony Blu-ray Player
* BDP-S6500
* BDP-S5500
* BDP-S3500
* BDP-S1500

Sony Televisions
* XBR-X940C/930C series
* XBR-X910C/900C series
* XBR-X850C series
* XBR-X830C series
* XBR-X810C series
* KDL-W850C series
* KDL-W800C series
* KDL-W700C series
* XBR-X950B series
* XBR-X900B series
* XBR-X850B series
* XBR-X800B series
* KDL-W950B series
* KDL-W850B series
* KDL-W800B series
* KDL-W630B series
* KDL-W600B series

Yahoo Unveils New Messenger Version on Mobile Web and Mail

Yahoo Incorporated today December third two thousand fifteen released a new verson of Yahoo Messanger. This communications software is available on Mobile, Web, and Yahoo Mail platforms. You can share, retract sent messages, and like messages.

You can add people to group conversations. Jeff Bonforte, a Senior Vice President at Yahoo is quoted as saying about this latest Yahoo Messenger:

“We’re excited to introduce the next generation of Yahoo Messenger. It has long been one of our core products but it was time to redesign the product from the ground up and reinvest in one of the most important products in our history as a company,”

and

“The messaging space has grown dramatically, yet people ultimately want a fast and easy way to communicate with each other. The new Yahoo Messenger was designed first and foremost to meet those needs. This is just the beginning of what’s to come.”

You can share photos with a built in Flickr utility. You can retract sent messages, photos, and GIF’s. You select a message, photo, and or gif and click on “unsend”.

This will remove that message, photo, and or gif from your view as well as people you sent it to. Also, you can now like messages, photos, and GIF’s. This newest version of Yahoo Messenger is available on Apple App Store, Google Play, on the web at messenger.yahoo.com, and via your Yahoo Mail account.

This software is available for both Android and iPhone devices. Your contacts are maintained by a Xobni platform. You can find out more information on Yahoo’s official Reintroducing Yahoo Messenger Tumbler post.