THREATS: BackStab Attack Takes Indirect Route To Mobile Data. Attack technique takes advantage of weak protections around mobile user’s backup files. While there are plenty of mobile device vulnerabilities just waiting for bad guys to pick up on, some of the lowest hanging fruit for mobile-oriented attackers isn’t on the device itself. Instead, the softest target comes in the form of insecure back-ups stored on a traditional desktop or laptop. Read more

COMPUTER SUPPORT: Vulnerabilities Found in Lenovo, Toshiba, Dell Support Software. The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect. The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges. Read more

GOOGLE: Patches Critical Media Processing and Rooting Vulnerabilities in Android. Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages. Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin. Read more

CLOUD: Security Worries Hamper Adoption of Cloud Technology. Companies migrating to the cloud plan to enforce internal security policies: 56 percent plan to improve identity and authentication management. Read more


SWIFT & IBM: IBM’s Swift Sandbox Lets Coders Try Apple’s Programming Language Easily. IBM announced its free, browser-based Swift Sandbox, which lets developers write in Apple’s programming language and execute their code in a server environment — on top of Linux. Read more

MICROSOFT: Treads on Node.js’s Turf with Chakra JavaScript Engine. Microsoft’s plan to open-source its Chakra JavaScript engine has far-reaching implications. Most of all, it shows that Microsoft wants to become a player in the JavaScript ecosystem that has ambitions to be a near-universal runtime for every kind of software. Read more

TYPESCRIPT: Version 1.7 is Here with Async/Await as Default for ES6. A new version of TypeScript has been unveiled with long awaited support for async functions for ECMAScript 6 (ES6). Future support plans are already in place for ES3 and ES5, too. TypeScript 1.7 also includes polymorphic this typing plus some breaking changes. Read more

SPRING BOOT 1.3: Version 1.3 Released Featuring DevTools and ASCII Art. Spring custodian Pivotal has released Spring Boot 1.3, which adds hot reload support of Java classes/Spring configuration (using a new spring-boot-devtools module), cache auto-configuration (for EhCache, Hazelcast, Infinispan, JCache, Redis and Guava), and fully executable archives for Linux/Unix. The release has extensive release notes detailing all of the changes. Read more


APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.


FYI: Federal & State CTOs CIOs CISOs: Daily Tech Update – December 8, 2015

Leave a Reply