Friday, 9 January 2015

Microsoft's Azure 16 times less reliable than Amazon AWS in 2014



Trying decide which cloud to use, Azure or AWS? (no mention of google's offering)

Microsoft may be gaining traction in the cloud, but Amazon Web Services is still widening the gap when it comes the reliability of those platforms — or at least that's what one benchmarking groups says.
According to data from California-based CloudHarmony, Microsoft Azure's Virtual Machines spent 16 times as many hours offline as AWS's similar service over the past year.
That includes one unprecedented global outage from Azure in November that shut down websites, took Microsoft's Xbox Live gaming platform offline and seriously shook faith in the company's system.

http://www.topix.com/com/microsoft/2015/01/microsofts-special-spartan-browser-for-windows-10-gets-further-detailed

Microsoft Dynamics security vulnerability - when is a security issue not a security issue... when we tell you it isn't?



A "DOM-based self-XSS vulnerability" for Microsoft Dynamics CRM 2013 SP1 was recently discovered by IT security firm High-Tech Bridge. If exploited, it could be used for cross-site scripting (XSS) attacks against authenticated Dynamics CRM users.

"We do not consider this a security vulnerability as it requires the use of social engineering to convince an authenticated user to enter some specific malicious code – in this instance putting it into a field on the Dynamics CRM application. We recommend that our customers always exercise caution when accepting content from untrusted sources. Additional protection guidance can be found at: www.microsoft.com/protect.” 

http://msdynamicsworld.com/story/new-dynamics-crm-2013-sp1-security-vulnerability-sparking-all-hands-deck-response-microsoft

Security begins at home - serious security vulnerability in many ASUS routers



There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution.

“Several models of ASUS’s routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN interface. It’s used by one of ASUS’s tools to ease router configuration by automatically locating routers on the local subnet. This service runs with root privileges and contains an unauthenticated command execution vulnerability,” - See more at: https://threatpost.com/root-command-execution-flaw-haunts-asus-routers/110276

Wednesday, 7 January 2015

Moonpig security flaw remained unfixed for 17 months!



A major security vulnerability in card company Moonpig's website means that the personal data of 3 million customers - including partial credit card details - have been exposed.

According to the security researcher who discovered the vulnerability , Paul Price, Moonpig has known about the problem since August 2013 but it's remained unfixed for 17 MONTHS.

http://www.mirror.co.uk/news/technology-science/technology/moonpig-security-flaw-leaves-3-4926441