Newsletter Archives

  • MS-DEFCON 4: Consumers get a break

    Posted on June 25, 2024 at 02:45 CDT by Comment in the Forums

    alert banner

    ISSUE 21.26.1 • 2024-06-25

    MS-DEFCON 4

    By Susan Bradley

    We’re halfway through the patching year!

    It’s time to install the June updates, which is why I’m lowering the MS-DEFCON level to 4. I’m not seeing any widespread issues or major impacts. Most side effects seem to be with Win11 Insider versions and 24H2.

    It appears that new technology allowing you to sync your phone with your computer is causing a bit of a CPU hit in the 24H2 release. Microsoft is trying to fix this issue before it gets released to the rest of us. That’s good news.

    In the very good news category is the delay in releasing Microsoft Recall, the much-hyped “reminder” software. The company pulled back at the last minute, due to concerns from security researchers and businesses.

    Anyone can read the full MS-DEFCON Alert (21.26.1, 2024-06-25).

    AskWoody Plus Alert, MS-DEFCON , , , , , , , , , , , , ,

  • EU is going to fund a bug bounty program for 7-Zip, KeePass, Notepad++, VLC Media Player and more

    Posted on December 30, 2018 at 08:23 CST by Comment in the Forums

    Bug bounty programs — where software bug catchers get rewarded for identifying security holes and disclosing them to the manufacturer — have proven popular and worthwhile, although they do have some downsides.

    Bug bounty programs are usually carried out by software manufacturers, who pay to have a chance to fix their mistakes before the bad guys have a chance to clobber their products.

    Folks who make open source software don’t have the same presumably-deep pockets as their commercial counterparts. When it comes to bug bounty programs, there’s no bounty to tap.

    Enter the European Union. As part of the Free and Open Source Software Audit project, EU will offer bug bounty programs for several Windows products I use all the time — 7-Zip, KeePass, Notepad++, VLC Media Player — and a bunch of products that I may use indirectly, including Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), midPoint, PuTTY, the Symfony PHP framework, and WSO2.

    As Catalin Cimpanu explains on ZDNet:

    Starting with January, security researchers and security companies can hunt vulnerabilities in these open source projects and report them to the bug bounty programs… in the hopes of a monetary reward, if the bug report is approved and results in a patch.

    Other , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.