Resolved Bugs
1221588 – phpMyAdmin-4.0.10.10 is available
1221580 – CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup
1221581 – CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub<br
phpMyAdmin 4.0.10.10 (2015-05-13)
=================================
– [security] CSRF vulnerability in setup
– [security] Vulnerability allowing Man-in-the-middle attack
Monthly Archives: May 2015
Fedora EPEL 7 Security Update: phpMyAdmin-4.4.6.1-1.el7
Resolved Bugs
1221418 – phpMyAdmin-4.4.6.1 is available
1221580 – CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup
1221581 – CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub<br
phpMyAdmin 4.4.6.1 (2015-05-13)
===============================
– [security] CSRF vulnerability in setup
– [security] Vulnerability allowing man-in-the-middle attack
Stepping Up Efforts to Support Emerging Women Entrepreneurs
The White House brought together emerging entrepreneurs from across the United States and the globe – joined by several of the celebrity investors from the hit TV show Shark Tank. The stated goal was to raise awareness of “the importance of investing in women and young entrepreneurs to create innovative solutions to some of the world’s toughest challenges, including poverty, climate change, extremism, as well as access to education and healthcare.”
Brava!
The White House event comes as President Obama prepares for the Global Entrepreneurship Summit in Kenya later this summer. You can read more about this week’s event here and get the transcript of the President’s remarks here.
A highlight of the White House event was the President’s announcement of the creation of the Spark Global Entrepreneurship initiative and its goal to generate over a billion dollars in private investment for emerging entrepreneurs around the world by the end of 2017. Half of this goal will be specifically for women and young entrepreneurs.
The White House event also featured the introduction of the newest Presidential Ambassadors for Global Entrepreneurship (PAGE). Nine new ambassadors were named to join 17 who were appointed when he launched PAGE last year.
I’m thrilled to say one of the new ambassadors is my friend Julie Hanna, the executive chair of the board of the non-profit Kiva, the first and largest crowdfunding marketplace for underserved entrepreneurs.
Julie joins Airbnb CEO Brian Chesky; Elizabeth Holmes ,the founder of Theranos; and Alison Rosenthal, the vice president of Strategic Partnerships Wealthfront, among other new appointments to PAGE.
As part of her commitment, Julie introduced Kiva’s new $100 million initiative, “Global Capital Access,” which is committed to delivering crowdfunded Kiva loans to 200,000 women and young entrepreneurs across 86 countries, including the U.S. Entrepreneurs will have an opportunity to receive crowdfunded loans through Kiva and its global network of 1.3 million lenders in 198 countries. (Since 2005, Kiva and its global community have crowdfunded $700 million loans to 1.6 million entrepreneurs in 86 countries. For as little as a $25 loan, anyone can back an entrepreneur.)
Julie is truly an amazing entrepreneur, leader and mentor. She also generously participated in a video for my SXSW “Boardroom or Baby” presentation earlier this year, to give advice to young women seeking VC investment.
Video
Boardroom or Baby 2015
I am particularly delighted to say that I will be joining her for a “Women in Tech Executive Roundtable 2015” sponsored by the Churchill Club this Friday in Palo Alto, CA. For more info and to sign up to attend go to www.churchillclub.org.
The roundtable is designed to be a frank and lively conversation about what matters most for advancing women in business and technology. We hope to share actionable insights and takeaways to empower women and to help create a new conversation in the year ahead.
I’m looking forward to our discussion, as well as the opportunity to personally congratulate Julie and hear about the White House event and her plans as ambassador.
As Julie noted at the White House event, one of the most encouraging things happening toward empowerment of female entrepreneurs is the public conversation occurring about public and hidden bias. As she said: “We need to elevate the discourse to make it an issue for humanity, not just for women – much like Martin Luther King did on Civil Rights.”
Title image courtesy of Levo.com
Introducing the new “App Manager†for AVG Cleaner for Android
Our AVG Android App Performance report paints a clear picture: apps cause some of the most common headaches that Android users experience.
Having lots of apps installed on your device can cause a number of issues including:
- Slow performance and lack of stability
- High battery drain leading to short battery life.
- Hogging storage space leaving no room to save photos and videos
- Racking up high data costs as apps quietly download and upload data all the time.
There’s good news though: AVG Cleaner for Android, with its enhanced ‘App Manager’, makes it easier than ever to manage the apps on your device.
App Manager is only available in version 2.3.1, which you can get today from the Google Play store.
The new ‘App Manager’ feature gives you an immediate overview over their apps and helps you get rid of them once and for all.
App Manager has three display modes to help you identify which apps could be causing problems.
Running Apps:
Smartphones can often become slow and sluggish when multiple apps are running in the background. App Manager shows all running apps on a single screen and details how much RAM they consume.
Unused Apps:
It can be easy to forget just how many apps we install on our devices and forget about. The unused apps view shows you how many of your apps you’ve not used in a long time so you can reclaim valuable space for the things you love.
Data Usage, Battery Usage and Storage:
This view helps you understand which apps are affecting the performance of your device. By consuming data, battery or storage space, removing these apps can help you squeeze more out of your device.
In this example, it shows that doubleTwist probably downloaded 1.25 GB worth of podcasts onto my device and also consumed the most battery. As I stopped using it a while ago, that was a nice reminder to uninstall the app – and not have it eat up the resources of my Android.
Let us know how you like the new ‘App Manager’ and how many apps you were able to get rid of.
Cisco Patches Flaws in TelePresence
Cisco patched command injection, authentication bypass, and denial of service vulnerabilities in a number of its TelePresence products.
The Triumphant Finale of CSI: Cyber
It’s been a couple of months since we left our heroes on CSI: Cyber, and boy, have they been busy. They have apparently solved many crimes using cyber-sleuthing, acquired some decidedly non-cyber firearms skills, and, in the case of our man Krumitz, taken up running. We wanted to check in and see how our merry band […]
CVE-2012-5849
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
CVE-2014-8162
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
CVE-2015-1848
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.