Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Xerox provides a fix for a printer software glitch

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 23, 2013

Less than fifteen days after it was first made aware of the issue, Xerox is now rolling out a fix for a printer software glitch that caused numbers in documents scanned by certain of its WorkCentre multi-function printers (MFPs) to come up garbled and unformatted.

Xerox said late last night-- "Our engineering team has been working around the clock to deliver the patch. We have conducted extensive testing both in our labs and in the field to ensure a quality result and an easy installation for your IT staff."

The printer glitch can cause certain digits to be transposed when documents are scanned in as PDFs. For example, the number "6" might become an "8", a potential nightmare for accountants and others who rely on copies of spreadsheets and similarly number-heavy documents.

Xerox says it has determined that the bug only crops up when scanning what it terms "stress documents" – documents containing very small type, for example, or other issues that make them hard to read with the naked eye.

Initially, Xerox had believed that the copier issue could be fixed by changing certain settings. Upon further investigation, however, that turned out not to be the case, and the self-styled "Document Company" warned customers that producing a patch for the glitch could take several weeks.

It will take at least a few more days to patch all of the affected devices, but some lucky few Xerox customers could begin updating their printers today after the company issued its first round of patches late last night.

The first devices to get the fix include the Xerox ConnectKey, WorkCentre 75xx, WorkCentre 57xx and ColorQube 93xx series.

Xerox says it will release more patches for "the remainder of the affected products". The company said in early August that 14 models were affected in its next round of fixes, which it hopes to ship the week of August 26.

To further simplify the patch process, Xerox has created a one-stop website at www.xerox.com/scanpatch where customers can download both the appropriate patches and support documents explaining how to apply them.

Xerox says that customers can either download and install the patches themselves or contact local service or support reps to take care of it.

In other internet security news

The Guardian’s photo of the computers it claims to have smashed in order to appease the British government over the Snowden affair has been called into question over both what it shows, and what it doesn’t.

Guardian editor Alan Rusbridger yesterday revealed that GCHQ operatives in July paid the newspaper a visit in order to vet the wrecking of one or more computers so that the encrypted contents of their hard drives could no longer be accessed and perhaps one day fall into the wrong hands.

A follow-up story featured a snap of the remains of a computer that held files leaked by Edward Snowden to the Guardian and destroyed at the request of the British government. The photo is the one you see at the left.

The photo certainly shows the remains of a MacBook all right. But Guardian photographer Roger Tooth’s photo also contains what is clearly a second MacBook laptop, along with an old graphics card. You can see the three output connectors on the backplane, and another motherboard, possibly a small desktop computer or maybe another device, given the large areas empty of circuitry.

The larger of the three motherboards seems too small to have played host to the graphics card, suggesting the Guardian picture shows the remains of at least four computers - and incomplete ones at that. The photo is actually too small to identify the graphics card and the three motherboards precisely.

But even at this size, it’s clear there is no sign of either hard drives or solid-state storage. Given the vigor with which “a senior editor and a Guardian computer expert” clearly applied themselves to the destruction of the devices that’s perhaps not surprising - these components must have been reduced to invisible dust.

According to the paper, its two staffers “used angle grinders and other tools to pulverise the hard drives and memory chips” while being watched by GCHQ techies “who took notes and photographs, but who left empty-handed”.

If that’s the case, why does the Guardian picture show so little of the three, possibly four machines? There’s not much beyond motherboard, storage and memory inside modern Mac laptops, but what about the desktop’s or desktops’ wiring, power supplies, fans, chassis, optical drives and casings?

Nor does the Guardian’s second story explain why the paper’s computer specialist felt the need to vent such spleen on a graphics card which surely couldn’t be used to cache Snowden’s encrypted leaks.

The apparent destruction of chippery on the pictured boards could give some credit to wild conspiracy theories to the effect that the world's major investigative agencies could even read information out of RAM after it has lost power, perhaps through some ultra-advanced scanning of residual quantum ghosts in the computer.

Or maybe they simply feared that if they didn't destroy all the chips they might miss a non-volatile one. Rusbridger himself describes the destruction as a “peculiarly pointless piece of symbolism”, not least because he admits the paper has plenty of other copies of the Snowden files.

But the GCHQ has apparently been happy to take his word for it that the only ones on British soil have now been destroyed completely.

A more cynical observer might conclude that the Guardian staff simply took a handful of IT department cast-offs of the kind all large organizations have lying about somewhere and set about destroying them for the spies' benefit.

But then why did the GCHQ team fall for it? Or perhaps there was subsequently some confusion at the Graun photo desk.

According to Rusbridger, the GCHQ team never touched the hard drives so presumably had to take the Guardian’s word that the computers contained the contentious content the government would prefer we didn’t see.

In other internet security news

Upstart security consultancy firm LastPass says it has patched a security hole that meant several Windows versions of its password-management software were capable of leaking login credentials that had been auto-filled into fields by its password manager.

The security hole which affected Internet Explorer users on Windows only meant that an attacker who managed to obtain a memory dump of Internet Explorer would be able to extract unencrypted password strings as well.

"This is the same type of attack that we have written about frequently in the context of banking malware," writes security researcher Paul Ducklin on the Sophos security blog.

Pulling off the attack would normally require either physical access to a targeted machine or an attack involving the planting of malware on a mark's PC, a level of compromise that makes most security protections redundant.

LastPass resolved the issue with a security update that also comes with a variety of performance enhancements and other tweaks. The relevant portion of the advisory explains-- "Resolved - The security issue with IE exclusively while logged in to LastPass only-- Prevent IE from adding passwords to in memory decryption cache".

The security repair is one of eighteen items in LastPass v2.5.0/1/2, which also offers improved synchronisation and support for upcoming versions of Windows 8 and Internet Explorer 11.

In other internet security news

Yesterday, Syrian online hacktivists once again claimed that they are responsible for defacing the websites of CNN, Time Magazine and The Washington Post. This isn't the first time it happens, and will most likely happen again.

However, these latest attempts by the Syrian Electronic Army (SEA) are somewhat misleading, according to computer security experts who say that the hacking crew actually ransacked Outbrain, a marketing firm used by The WashingtonPost.com, Time.com and many others to provide links to related articles.

It's generally understood that the miscreants, who back Syria's President Bashar al-Assad, compromised Outbrain's online systems and hijacked those embedded links to point to the SEA's website.

Outbrain confirmed its security was breached, which it said was pulled off using phishing emails posing as messages to various staff from its CEO.

Marc Gaffan, co-founder of web security firm Incapsula explains-- "The cause of the breach was actually performed by sending phishing emails to all Outbrain employees which caused them to surrender their email passwords. With access to employee email accounts, the hackers were able to obtain or reset passwords to the admin areas of the content marketing platform, leading to the visible part of the breach."

"If Outbrain's admin areas had two-factor authentication enabled on them, this could have been prevented," he suggested.

In a statement, The Washington Post added that one of its staffers did have his Twitter profile compromised by the SEA earlier this week, but explained that the main aspect of Thursday's hack relied on breaking into Outbrain's systems.

Earlier this week the Twitter account of one of our journalists was compromised as part of a larger attack aimed at social media management group SocialFlow, and Thursday an attack on content recommendation service Outbrain caused some some content to redirect to the the SEA homepage.

Outbrain responded to the hack by temporarily suspending its services. The SEA, meanwhile, congratulated itself on drilling into Outbrain's control panels on its official Twitter account.

"@TIME, @CNN, @Washingtonpost websites hacked in one strike by hacking @outbrain #SEA #SyrianElectronicArmy #Syria pic.twitter.com/5OI1BE2oCM— SyrianElectronicArmy (@Official_SEA16) August 15, 2013," read the Twitter post.

Outbrain's content-recommendation app embedded into web pages is supposed to help internet publishers boost their online traffic. Users are offered links to articles and other items to read or watch.

SEA foot soldiers alleged they obtained access to Outbrain's email spools, but as of this morning, this still remains unconfirmed.

The Syrian Electronic Army is a loose-knit hacker group loyal to President al-Assad. Its campaign of online disruption began in mid-2011, and has involved distributed denial-of-service attacks against servers, phishing emails to access passwords, pro-Assad graffiti on websites, and spamming against governments, online services and media outlets that are perceived hostile to the government of civil-war-torn Syria.

Its 'expertise' is firing off spear-phishing emails to hijack Twitter accounts and other social-networking profiles run by media organizations and then to use the compromised logins to push links to pro-Assad propaganda.

Over recent months, victims include Al Jazeera, the Associated Press, the BBC, the Daily Telegraph, the Financial Times, the Guardian, Human Rights Watch, America's National Public Radio, Thompson Reuters and a few more.

Over recent weeks, the group also diversified into attacking into the backend systems of VoIP apps, namely Viber and Tango. We will keep you posted on these and other security-related stories.

In other internet security news

According to an internal agency audit obtained by The Washington Post, the NSA (National Security Agency) exceeded its legal authority and broke agency rules thousands of times since it was granted broader powers five years ago.

And it appears that the situation is getting worse going forward. Most violations involved unauthorized surveillance of Americans or foreign intelligence targets in the United States, according to the documents which were supplied to the newspaper by NSA whistleblower Edward Snowden.

The documents show infractions ranging from serious legal violations to typographical errors that resulted in unintended data collection, The Post reported.

That's on top of all the internet monitoring and sniffing that the NSA does on a daily basis. The agency was not always forthcoming with the details of its transgressions, the Post found. A quality assurance report not shared with an oversight committee found that a "large number" of calls were placed to Egypt in 2008 when the U.S. area code 202 was mistakenly entered as 20.

In another case, the Foreign Intelligence Surveillance Court, which reviews NSA warrant requests, wasn't made aware of a new collection method until it had been in place for several months. The court ultimately ruled it unconstitutional, the Post reported.

The audit, dated May 2012, uncovered no less than 2,776 separate incidents in the preceding twelve months of unauthorized collection, storage, access to or distribution of legally protected communications, the Post reported.

One of those cases involved the unauthorized use of data on 3,000 Americans and green-card holders. "We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line," the senior NSA official said, speaking with White House permission.

"You can look at it as a percentage of our total activity that occurs each day. You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different," he added.

The Obama administration, which has defended the NSA activities, has never publicly addressed the agency's compliance record, the Post noted. But the NSA Director of Compliance John DeLong defended the agency's procedures, saying it had in recent years quadrupled the number of personnel working in its privacy compliance program.

"We want people to report if they have made a mistake or even if they believe that an NSA activity isn't consistent with the rules. NSA, like other regulated organizations, also has a hotline for people to report -- and no adverse action or reprisal can be taken for the simple act of reporting. We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well, all as a part of NSA's internal oversight and compliance efforts," he added.

"What's more, we keep our overseers informed through both immediate reporting and periodic reporting. Our internal privacy compliance program has more than 300 personnel assigned to it-- a fourfold increase since 2009. They manage NSA's rules, train personnel, develop and implement technical safeguards, and set up systems to continually monitor and guide NSA's activities. We take this work very seriously," DeLong said.

The NSA later offered this as a substitute statement-- "NSA's foreign intelligence collection activities are continually audited and overseen internally and externally. When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers, and aggressively gets to the bottom of it," the agency said.

In other NSA news

The NSA has issued a document in the U.S. titled 'The National Security Agency: Missions, Authorities, Oversight and Partnerships' that briefly explains some of its operations, and it includes a claim that it touches about 1.6 percent of all daily Internet traffic.

The report also adds that only about 0.025 percent of that 1.6 percent is actually selected for review in the first place. If you're skeptical when reading this, you're not alone...

Released quietly over the weekend - albeit amid fresh claims that the NSA is scrutinizing every email in and out of the US - the document's prologue explains that the NSA lacked tools to track one of the 9/11 hijackers.

As a result “several programs were developed to address the U.S. Government's needs to connect the dots of information available to the intelligence community and to strengthen the combined coordination between foreign intelligence agents and domestic law enforcement agencies”.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Xerox Corp.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

















Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Click here to order our special clearance dedicated servers.


Get your Linux or Windows dedicated server today.





Click here to order our special clearance dedicated servers.





Click here to order our special clearance dedicated servers.