JuntoSoft Blog

Vulnerability in Magento Sites

This major vulnerability announced today effects virtually all versions of Magento Community Edition and Enterprise Edition prior to 1.9.2.3 and 1.14.2.3, particularly any utilizing registration forms.

Remote Execution Vulnerability in D-Link & Trendnet Routers

If you have one of these routers at home or at work, get a new router right away. Since other brands may be vulnerable as well, do some homework first. Our recommendation would be to flash any compatible router over to Tomato, but that might be more than many people want to tackle. Regardless, don’t ignore this if you have one of these!

Google to Enter Wireless Business with Hybrid Service

Google is set to enter the wireless market with devices that switch automatically between cell and WiFi service, depending on what’s available.

Canonical Announces End of Ubuntu One

While the headline here says it all, I can’t say I’m all that surprised. With so many competing products tripping over themselves to give away a few GB of free cloud storage, there doesn’t seem much of an upside for Canonical to continue offering this service.

Read Full Story

Daylignt Savings Time & Heart Attacks?

Since I’m such a fan of all things Benjamin Franklin, I feel compelled to respond to the story about Daylight Savings Time causing an increase in heart attacks. While this may or may not be factual, and it makes sense that it would be, it’s important to note that Benjamin Franklin did not, in fact, propose Daylight Savings Time. While serving as an ambassador to France, Franklin anonymously published a letter suggesting that Parisians economize on candles by rising earlier to use morning sunlight. This 1784 satire proposed taxing shutters, rationing candles, and waking the public by ringing church bells and firing cannons at sunrise. 18th-century Europe did not keep precise schedules like we do today.

The Target Security Failure

At the very least, this case should provide interesting insight into the many vulnerabilities that are present in our current credit card processing systems.
Will Target’s Lawsuit Finally Expose the Failings of Security Audits?

Google Apps / Android Patch Being Rolled Out to Fix Security Issue

As I mentioned in my post yesterday regarding Google’s Chromebooks and the “cloud” based model for data storage, there are potential security vulnerabilities with this approach. Today’s news is that the Google/Android vulnerability announced yesterday will be patched. This from Google:

“Today [May 18th] we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”

Of course, this follows the announcement a few days before that Dropbox, a poplular remote file synch and storage service, also put user’s data at some degree of risk. http://www.informationweek.com/news/storage/security/229500683

For the vast majority of users, these issues are probably not big deals. These examples really should only serve as reminders that anything done digitally is potentially vulnerable. Opening the process up to a network only adds a different layer of risk that should be considered when thinking about moving all apps to the network.

Chromebooks? Why all the fuss?

There was a lot of press this week regarding Google’s announcement that it would begin offering “Chromebooks” as a sort of subscription-based computing option for businesses. The idea of a small, lightweight, and inexpensive computing option for business users does definitely sound appealing. And it goes without saying that any time Google does something, it’s generally perceived as a big deal.

The WiFi Acer model will reportedly to sell for about $350, while the Samsung WiFi and 3G models will sell for $450 and $500 respectively. Not a bad deal. And unlike Chromium OS, these will be the only manner one will be able to use Chrome OS – à la Apple and OS X.

When the above video ends with “It’s kind of a new thought,” I just groan and feel as though I’m back in 1980 using a PC as a terminal emulator. There is no “Cloud” okay? That’s just tech-zecutive snake oil. There are clients and servers or server clusters and networks. They aren’t fluffy things floating in the sky, they’re in terrestrial data centers. When the network, or servers go down, so do you. There are also potential privacy concerns that should really be the subject of another post.

The difference between 1980 and now is network speed, infrastructure, and the more user-friendly interface of the web along with vastly more powerful and compact computer hardware on both the client and server ends. Most ofl the advantages to general users as shown in the above video are indeed true. However, there are some stunning over-simplifications being drawn:

Yes, there is too a computer – not a computer-like-object.
Yes, there is too an operating system, which is actully called Chrome OS. It is a custom distribution of Linux that will be installed and shipped only on these new machines. See http://en.wikipedia.org/wiki/Google_Chrome_OS for more details regarding this.
And yes, if you throw it in a river, you will definitely need a new notebook computer. Your filew may still be available, but no more so than if you’d used any number of other backup services.

When Sergey Brin said that Windows and other traditional PC operating systems are “torturing users” at Google’s Chrome OS Launch, he was correct. And I applaud the simplification of the desktop, but there is a better way. Today, a 1 Terabyte hard drive can be purchased for about $30 and excellent netbooks or laptops can be purchased for under $450 that can be configured to provide all of the benefits touted by the Chromebook announcement and then some. Simply install Ubunutu, which is free, and away you go – even if you aren’t connected to the internet.

I will be writing more about the most recent Ubuntu release soon.

Leading@Google:Bill George

Although this is a little dated, the message is timeless. Bill George should serve as a grounding wire and an inspiration at the same time.