Category Archives: Tech News

Tech News

Adobe Releases Lightroom Fix

In a quick turnaround, Adobe patched a bug causing its Lightroom program to crash after a software update.

“I’d like to personally apologize for the quality of the Lightroom 6.2 release we shipped on Monday”, stated Adobe Product Management Photography Director Tom Hogarty on the company’s official blog this past Friday, “in our efforts to simplify the import experience we introduced instability that resulted in a significant crashing bug”. However, the apology wasn’t met with enthusiasm, as the bug-fixing patch also eliminated some desired features of the program. The update, aside from improving the import process, was intended to enhance several other features of the program including improving haze elimination. It was originally intended to simplify and streamline the program, however this may have been overdone, according to rising user responses expressing discontent with the deleted features.

Hogarty explained that Lightbox’s very birth was based on an open dialogue with photographers and artists who would be most interested in the program, and that a breach of such communication as with these past several updates created many of the issues Adobe is now dealing with. Historically, Adobe has been very responsive with patches, however users have been frustrated in the past with a lack of compensation (such as the ability to back out of a long Adobe Creative Cloud contract), or as with this case, a bug fix which also carries undesirable results with it, which Hogarty addressed with his explanation that “we removed some of our very low usage features to further reduce complexity and improve quality”. Whether or not those features were indeed ‘low usage’ is coming to the surface after a weekend with the new update.

Tech News

AWS unleashes ‘Snowball’ appliance for physical migration to clou

Aside

Also signs pact with Accenture.

Amazon Web Services has released a rented device that physically migrates data from on-premises hardware to its public cloud. Amazon senior vice president of web services Andy Jassy launched the new Snowball service in front of 19,000 attendees at the vendor’s re:Invent conference in Las Vegas. “Even for companies that have pretty good connections, it’s very unlikely you want to saturate the network with moving data to AWS,” Jassy said, adding that it would take 100 days to move 100TB of data to the cloud even if 10 percent of bandwidth was dedicated from a 100Mbps corporate network. “That’s why people say: never underestimate the bandwidth of a FedEx truck.” AWS vice president of engineering Bill Vass then showed the crowd a tamper-proof, shock-proof device that looks like a large briefcase. The 50TB storage device, lent out by AWS, is delivered to the customer’s premises for ten days to copy the data on. The Snowball is “rugged enough to withstand a 6G jolt” and weighs 23kg. The device has an external electronic ink display panel, which Jassy described as “a Kindle”, that dynamically changes the delivery address for the courier. The self-contained units have a 10GB network connection for fast data transfer, and the data is encrypted as it is copied onto the device. The Snowball units are then sent back by the customer for AWS staff to decrypt the data and “copy it to the S3 bucket(s) that you specified when you made your request”, according to an AWS blog post.

Bill Vass explains the end-to-end process for Snowball

Pages: 1 2
Tech News

Outlook Web Application under attack

Image

Malware targeting Microsoft Outlook Web App is after your password

 

A newly discovered malware targets Microsoft’s Outlook Webattack mac keyboard security malware virus App, the company’s web-based email client. The news was unveiled by security firm Cybereason, which said the advanced persistent threat (APT) can enable patient attackers to steal an organization’s email passwords over time.

By using this approach, the hackers managed to collect and retain ownership over a large set of credentials, allowing them to maintain persistent control over the organization’s environment, Cybereason says.

The company found the malware after an organization’s IT team spotted “behavioral abnormalities” in its email servers.

The security firm goes on explaining the malware: “The Cybereason platform found a suspicious DLL loaded into the Outlook Web App (OWA) server (a webmail component of Microsoft Exchange Server), with several interesting characteristics. Although it had the same name as another benign DLL, the suspicious DLL went unsigned and was loaded from a different directory. Since OWA servers typically load only legitimately signed DLLs, the Cybereason behavioural engine immediately elevated this event to a suspicion”.

Cybereason says the attack is important, as whoever has access to the OWA server, owns the organization’s domain credentials:

“The attack on OWA is significant”, claims Cybereason, because OWA authentication is based on domain credentials. “Whoever gains access to the OWA server becomes the owner of the entire organisation’s domain credentials”, it says.

“The hackers installed a back-doored malicious OWAAUTH.DLL which was used by OWA as part of the authentication mechanism, and was responsible for authenticating users against the Active Directory (A/D) server used in the environment. In addition, the malicious OWAAUTH.DLL also installed an ISAPI filter into the IIS server, and was filtering HTTP requests”.

“This enabled the hackers to get all requests in cleartext after SSL/TLS decryption. The malware replaced the OWAAUTH by installing an IIS filter in the registry, which enabled the malware to automatically load and persist on every subsequent server restart”, adds Cybereason.