<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/firmware" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Firmware ]]></title>
                <link>https://www.itpro.com/tag/firmware</link>
        <description><![CDATA[ All the latest firmware content from the ITPro team ]]></description>
                                    <lastBuildDate>Fri, 20 Jan 2023 12:17:46 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ MSI to release securer BIOS settings after critical flaw discovered ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/vulnerability/369903/msi-to-release-securer-bios-settings-after-critical-flaw-discovered</link>
                                                                            <description>
                            <![CDATA[ The firm has admitted it essentially disabled Secure Boot on its motherboards in an attempt to improve customisability ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4jLQnWt384fLqgJV7zLNsM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Cte9yH3YPqcuu3oFMf258o-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 20 Jan 2023 12:17:46 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hacking]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rory Bathgate ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/DnNrFxEA7RRECVgFxXR4V7.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Cte9yH3YPqcuu3oFMf258o-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The MSI logo on a wall at a conference, lit in red LED lighting]]></media:description>                                                            <media:text><![CDATA[The MSI logo on a wall at a conference, lit in red LED lighting]]></media:text>
                                <media:title type="plain"><![CDATA[The MSI logo on a wall at a conference, lit in red LED lighting]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Cte9yH3YPqcuu3oFMf258o-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Micro-Star International (MSI) has announced it will release new BIOS files for its motherboards following the discovery of Secure Boot settings that left approximately 290 of the company’s motherboards vulnerable to malware.</p><p>Motherboards made by the company came with insecure security options by default, in a setting that the firm has now committed to changing in a future update.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="KoCPGWaMFabR4Q4NgSnY4D" name="KoCPGWaMFabR4Q4NgSnY4D.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/KoCPGWaMFabR4Q4NgSnY4D.png" mos="https://cdn.mos.cms.futurecdn.net/KoCPGWaMFabR4Q4NgSnY4D.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Threat hunting for MSPs</strong></p><p class="fancy-box__body-text">Are you ready to take your Managed Security Service to the next level?</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-operations/managed-service-provider-msp/369833/threat-hunting-for-msps" data-original-url="/business-operations/managed-service-provider-msp/369833/threat-hunting-for-msps">FREE DOWNLOAD</a></p></div></div><p>Security researcher Dawid Potocki was the first to publish findings on the vulnerability after discovering that his firmware accepted any OS image, whether or not it carried a legitimate signature.</p><p>Potocki discovered that MSI had set its Secure Boot as ‘Enabled’, but the default on motherboards was ‘Always Execute’ resulting in any OS image being accepted by the firmware.</p><p>Users seeking the Microsoft-recommended Secure Boot settings would have to manually go into motherboard settings and change ‘Image Execution Policy’ to ‘Deny Execute’.</p><p>Secure Boot is a firmware process that protects the Unified Extensible Firmware Interface (UEFI), the internal architecture that handles the booting of <a href="https://www.itpro.com/operating-systems/24841/windows-vs-linux-whats-the-best-operating-system" data-original-url="https://www.itpro.com/operating-systems/24841/windows-vs-linux-whats-the-best-operating-system">operating systems</a> within a computer. It validates the safety of files launched when a device starts by verifying each carries a valid signature and kills processes that fail these checks.</p><p>Threat actors that compromise core systems could take full control of a victim’s machine, leading to extensive data loss, or install <a href="https://www.itpro.com/malware/28076/what-is-malware" data-original-url="https://www.itpro.com/malware/28076/what-is-malware">malware</a> such as a <a href="https://www.itpro.com/security/cyber-attacks/360526/what-is-a-rootkit" data-original-url="https://www.itpro.com/security/cyber-attacks/360526/what-is-a-rootkit">rootkit</a> that persists even after a full <a href="https://www.itpro.com/operating-systems/microsoft-windows/358036/how-to-reinstall-windows-10-without-losing-data" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/358036/how-to-reinstall-windows-10-without-losing-data">system reinstall</a>. </p><p>An MSI spokesperson told <em>IT Pro</em> that the choice to roll out the decreased security measures came about after a review of “the product characteristic of our motherboard and target audience in the consumer market”. The firm stressed that it is in compliance with Microsoft's design guidance.</p><p>“We preemptively set Secure Boot as Enabled and 'Always Execute' as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands, or more, of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations,” MSI <a href="https://www.reddit.com/r/MSI_Gaming/comments/10g9v3m/msi_statement_on_secure_boot">stated</a> on its dedicated subreddit.</p><p>“In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels. </p><p>“MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs.”</p><p>When IT teams or individual users can expect to receive the update has not been revealed by MSI.</p><p>The post on its subreddit has already received critical responses, pointing out that the insecure default settings were not made clear in any of the firm’s BIOS update changelogs.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/369491/lenovo-patches-thinkpad-yoga-ideapad-uefi-secure-boot-vulnerability" data-original-url="/security/vulnerability/369491/lenovo-patches-thinkpad-yoga-ideapad-uefi-secure-boot-vulnerability">Lenovo patches ThinkPad, Yoga, IdeaPad UEFI secure boot vulnerability</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/malware/368655/researchers-uncover-mysterious-windows-rootkit-actively-exploited-2016" data-original-url="/security/malware/368655/researchers-uncover-mysterious-windows-rootkit-actively-exploited-2016">Researchers uncover 'mysterious' Windows rootkit being actively exploited since 2016</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-attacks/360526/what-is-a-rootkit" data-original-url="/security/cyber-attacks/360526/what-is-a-rootkit">What is a rootkit?</a></p></div></div><p>The full list of affected motherboards was listed by Potocki on a <a href="https://github.com/Foxboron/sbctl/issues/181">GitHub repository</a> in December, along with instructions for manually fixing the issue.</p><p>Potocki identified that the issue was first introduced in an update released around Q3 2021, but was unable to determine the specific version.</p><p>In November 2022, <a href="https://www.itpro.com/security/vulnerability/369491/lenovo-patches-thinkpad-yoga-ideapad-uefi-secure-boot-vulnerability" data-original-url="https://www.itpro.com/security/vulnerability/369491/lenovo-patches-thinkpad-yoga-ideapad-uefi-secure-boot-vulnerability">Lenovo patched ThinkPad, Yoga, and IdeaPad</a> devices due to a vulnerability that allowed for UEFI Secure Boot to be deactivated.</p><p>At the time, concerns were raised over the potential for businesses to fall vulnerable to malware such as <a href="https://www.itpro.com/security/29241/what-are-the-different-types-of-ransomware" data-original-url="https://www.itpro.com/security/29241/what-are-the-different-types-of-ransomware">ransomware</a> through the vulnerability, particularly given the propensity for laptops such as these to be used in an office environment.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Intel expands its bug bounty program with Project Circuit Breaker ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/bugs/362150/intel-expands-its-bug-bounty-program-with-project-circuit-breaker</link>
                                                                            <description>
                            <![CDATA[ The initiative aims to address vulnerabilities in Intel’s firmware, GPUs, hypervisors, and chipsets ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uTQdLCR37RM3d86LpYZJbW</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/uz76KuT7TmRMk4CJy8BpEM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 03 Feb 2022 13:07:51 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Praharsha Anand ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/uz76KuT7TmRMk4CJy8BpEM-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Intel logo displayed on a smartphone in front of a screen of computer code]]></media:description>                                                            <media:text><![CDATA[The Intel logo displayed on a smartphone in front of a screen of computer code]]></media:text>
                                <media:title type="plain"><![CDATA[The Intel logo displayed on a smartphone in front of a screen of computer code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/uz76KuT7TmRMk4CJy8BpEM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Intel has expanded its $100,000 bug bounty program in an effort to entice “elite hackers” to report vulnerabilities in the company's firmware, hypervisors, graphics processing units (GPUs), and chipsets.</p><p>Of the 113 external vulnerabilities detected in 2021, 97 were reported to <a href="https://www.itpro.com/tag/intel" data-original-url="https://www.itpro.com/search/intel">Intel</a> through its public bug bounty program.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/bugs/362141/cloudflare-opens-3000-bug-bounty-program-to-the-public" data-original-url="/security/bugs/362141/cloudflare-opens-3000-bug-bounty-program-to-the-public">Cloudflare opens $3,000 bug bounty program to the public</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/development/360020/github-bug-bounties-pay-out-over-500000-in-last-year" data-original-url="/software/development/360020/github-bug-bounties-pay-out-over-500000-in-last-year">GitHub bug bounty payouts surpass $1.5 million</a></p></div></div><p>Dubbed Project Circuit Breaker, the expansion to Intel's existing program will see the creation of an integrated community that will offer targeted training, <a href="https://www.itpro.com/641470/so-you-want-to-be-an-ethical-hacker" data-original-url="https://www.itpro.com/641470/so-you-want-to-be-an-ethical-hacker">hacking challenges</a>, and opportunities to explore new and pre-release products, in addition to enhanced collaborations with hardware and software engineering teams at Intel.</p><p>"Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers," explained Intel.</p><p>"Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly Tiger Lake)."</p><p>In the exclusive Camping with Tigers event, researchers will look for security vulnerabilities in Intel’s Tiger Lake platform. The program began in December 2021 and will be in effect until May 2022. At three milestones, eligible vulnerabilities will earn bounty multipliers.</p><p>Potential findings may include, among others, micro-architectural and firmware vulnerabilities. This covers flaws related to BIOS, IP firmware components, embedded controller, sensor, trusted platform module, and flash storage.</p><iframe frameborder="0" height="200px" width="100%" data-lazy-priority="high" data-lazy-src="https://widget.spreaker.com/player?episode_id=48283579&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=false&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true&color=ffe019"></iframe><p>“We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware, said Katie Noble, director of Intel’s product security incident response team (PSIRT) and bug bounty.</p><p>“We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do,” added Noble.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple fast-tracks iOS 13.1 to remedy bug-ridden upgrade ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/34485/apple-fast-tracks-ios-131-to-remedy-bug-ridden-upgrade</link>
                                                                            <description>
                            <![CDATA[ A serious data-leaking keyboard vulnerability, however, will remain unpatched ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">28D5noBDM1yErwW8Lc2K6P</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JoDg5idu2GzNr4jdFr6jCT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 25 Sep 2019 10:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JoDg5idu2GzNr4jdFr6jCT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JoDg5idu2GzNr4jdFr6jCT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Apple has patched a raft of bugs affecting <a href="https://www.itpro.com/mobile/33773/ios-13-release-date-features-news-and-more-apple-unveils-its-latest-os-with-dark-mode" target="_blank" data-original-url="https://www.itpro.com/mobile/33773/ios-13-release-date-features-news-and-more-apple-unveils-its-latest-os-with-dark-mode">iOS 13</a> less than a week after releasing the latest version of its flagship mobile operating system.</p><p>iOS 13.1 provides several fixes and improvements, addressing problems with AirDrop with Ultra-Wideband technology on the latest set of iPhones, for example. The Calendar, Notes and CarPlay apps are also receiving minor fixes.</p><p>Additional features expected in the release, meanwhile, including suggested automation on Shortcuts, and the ability to share one's estimated time of arrival (ETA) in its Maps app.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/mobile-phones/34373/iphone-11-apple-turns-it-up-to-11-and-beyond" data-original-url="/mobile-phones/34373/iphone-11-apple-turns-it-up-to-11-and-beyond">iPhone 11: Apple turns it up to 11 and beyond</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/33773/ios-13-release-date-features-news-and-more-apple-unveils-its-latest-os-with-dark-mode" data-original-url="/mobile/33773/ios-13-release-date-features-news-and-more-apple-unveils-its-latest-os-with-dark-mode">iOS 13 release date, features, news and more: Apple unveils its latest OS with dark mode</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/32858/facetime-privacy-bug-eavesdropping" data-original-url="/security/32858/facetime-privacy-bug-eavesdropping">Major FaceTime privacy bug allows unauthorised eavesdropping</a></p></div></div><p>After releasing iOS 13 last Thursday, iPhone users complained about problems with the Mail app, whereby there have been incorrect download counts, missing senders and subjects, and difficulty selecting threads. There were also issues that prevented downloading email messages in the background.</p><p><a href="https://www.itpro.com/battery-life/32922/apple-is-facing-a-battery-of-problems" target="_blank" data-original-url="https://www.itpro.com/battery-life/32922/apple-is-facing-a-battery-of-problems">The battery</a>, too, has received attention, with iOS 13.1 slowing the rate of aging by reducing the time an iPhone spends fully charged. The iPhone XR, <a href="https://www.itpro.com/hardware/mobile-phones" target="_blank" data-original-url="https://www.itpro.com/mobile/32099/apple-iphone-xs-review-a-genuine-pocket-rocket">Xs</a>, and <a href="https://www.itpro.com/mobile/32069/apple-iphone-xs-max-review-the-best-iphone-ever" target="_blank" data-original-url="https://www.itpro.com/mobile/32069/apple-iphone-xs-max-review-the-best-iphone-ever">Xs Max</a> will also benefit from a "performance management" feature that prevents the devices from unexpectedly shutting down.</p><p>One of the key features packaged into iOS 13 was a Dark Mode that drapes the user interface (UI) in shades that may appeal more to users in dimly-lit conditions. With iOS 13.1, Apple has resolved a bug in which wallpapers were prevented from switching appearances during the transition between Light and Dark modes.</p><p>Despite a raft of tweaks, there hasn't yet been a fix to a major bug that allows third-party digital keyboard developers to gather keystroke data and send it back to their servers, regardless of user permissions.</p><p>"Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request 'full access' to provide additional features through network access," the company said.</p><p>"Apple has discovered a bug in iOS 13 and <a href="https://www.itpro.com/operating-systems/33763/apple-reveals-ipados-at-wwdc19" target="_blank" data-original-url="https://www.itpro.com/operating-systems/33763/apple-reveals-ipados-at-wwdc19">iPadOS</a> that can result in keyboard extensions being granted full access even if you haven't approved this access.</p><p>"This issue does not impact Apple's built-in keyboards. It also doesn't impact third-party keyboards that don't make use of full access. The issue will be fixed soon in an upcoming software update."</p><p>iPhone, <a href="https://www.itpro.com/mobile/33448/apple-ipad-mini-5-2019-review-if-it-ain-t-broke" target="_blank" data-original-url="https://www.itpro.com/mobile/33448/apple-ipad-mini-5-2019-review-if-it-ain-t-broke">iPad</a>, and iPod touch users who may be affected by the issue can see which third-party keyboard apps they have installed by viewing them in the Settings app and navigating to Keyboard, under General'.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple macOS Catalina will be incompatible with more than 200 apps ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/operating-systems/34151/apple-macos-catalina-will-be-incompatible-with-more-than-200-apps</link>
                                                                            <description>
                            <![CDATA[ The latest iteration of Apple's operating system omits a lot of popular programs for UK businesses ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4ySjUHh4WXZE3BshwxQAkj</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/4xQFdgbMr7ZCL7iH9yNfmT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 06 Aug 2019 09:41:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Laptops]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/4xQFdgbMr7ZCL7iH9yNfmT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Sidecar working on Catalina and iPadOS]]></media:description>                                                            <media:text><![CDATA[Sidecar working on Catalina and iPadOS]]></media:text>
                                <media:title type="plain"><![CDATA[Sidecar working on Catalina and iPadOS]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/4xQFdgbMr7ZCL7iH9yNfmT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>An iOS developer has discovered an extensive list of applications that will be rendered useless for Mac users that choose to upgrade to the Catalina OS when it's released in September.</p><p>There are 235 apps included in <a href="https://thetapedrive.com/235-apps-incompatible-with-catalina" target="_blank">Steve Moser's list</a> which will affect both individual consumers and UK businesses in particular.</p><p>One of the most notable inclusions is popular accountancy software QuickBooks. Users running the 2015 version of the app will have to upgrade to a newer iteration if they also want to make the most of Apple's new operating system (OS).</p><p>This particular version of QuickBooks went end of life (EOL) in May 2018 meaning users were locked out of certain features such as online banking and desktop payroll but users can still use it for basic accounting functions.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software-as-a-service-saas/33145/intuit-quickbooks-review-quick-to-impress" data-original-url="/software-as-a-service-saas/33145/intuit-quickbooks-review-quick-to-impress">Intuit QuickBooks review: Quick to impress</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/hardware/33764/apple-guns-for-the-enterprise-with-monster-new-mac-pro" data-original-url="/hardware/33764/apple-guns-for-the-enterprise-with-monster-new-mac-pro">Apple guns for the enterprise with monster new Mac Pro</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/hardware/33774/macos-catalina-release-date-features-news-and-more-mac-and-ipad-become-one" data-original-url="/hardware/33774/macos-catalina-release-date-features-news-and-more-mac-and-ipad-become-one">macOS Catalina release date, features, news and more: Mac and iPad become one</a></p></div></div><p>It may have been discontinued with many users switching to its <a href="https://www.itpro.com/software-as-a-service-saas/33145/intuit-quickbooks-review-quick-to-impress" target="_blank" data-original-url="https://www.itpro.com/software-as-a-service-saas/33145/intuit-quickbooks-review-quick-to-impress">latest cloud-based version</a>, but those still using the old version will have to upgrade urgently, especially considering the Making Tax Digital penalties for not staying on top of your digital books.</p><p>Among other notable affected apps include Adobe Creative Cloud 1.1.0.592 and a vast number of hugely popular antivirus apps including Kaspersky, Norton, Avast, Sophos Antivirus and Sophos Endpoint. Such apps have found use in businesses and by sole traders. </p><p>In addition, two apps that stuck out were the popular virtualisation programs Parallels 2.5 and VMware Fusion 3.1.4 - two apps that allow users to run Windows on Mac machines.</p><p><em>IT Pro</em> approached Apple for comment on incompatible apps but it didn't reply at the time of publication.</p><p>Apple announced Catalina at its annual Worldwide Developer Conference (WWDC) in June with <a href="https://www.itpro.com/hardware/33774/macos-catalina-release-date-features-news-and-more-mac-and-ipad-become-one" target="_blank" data-original-url="https://www.itpro.com/hardware/33774/macos-catalina-release-date-features-news-and-more-mac-and-ipad-become-one">enhancements to productivity, security and accessibility</a>.</p><p>Sidecar is a slick new feature that will allow iPads to be used as second displays for Mac, a feat only possible through third-party apps previously. It will come as good news for video editors, especially considering the UIs of both Final Cut Pro and Adobe Premiere can get cramped even on the biggest MacBook display.</p><p>Accessibility gets an upgrade too, Voice Control will allow users to operate the entire OS without touching a single key. Particularly marketed at disabled users, the screen is split up into numbered grids which allow users to tell the computer where to place the cursor, for example.</p><p>The iPhone's Screen Time feature which monitors a user's time spent looking at a device will also make its way onto Mac in a bid to tackle the issue of mental and physical wellbeing. Spending too much time in front of Apple's Retina displays and the blue light they, and all other computer displays, emit can lead to poor quality sleep and other compounding issues.</p><p>Catalina is available now in Beta to registered Apple developers but is expected to be generally available in September.</p><p>If you're wondering if your machine is Catalina-compatible, here are the all the Macs that will be able to upgrade when the time comes:</p><ul><li><strong>MacBook</strong>: From 2015 and later</li><li><strong>iMac</strong>: From 2012 and later</li><li><a href="https://www.itpro.com/laptops/32584/apple-macbook-air-2018-review-perfectly-sculpted-adequately-powered" target="_blank" data-original-url="https://www.itpro.com/laptops/32584/apple-macbook-air-2018-review-perfectly-sculpted-adequately-powered"><strong>MacBook Air</strong></a>: From 2012 and later</li><li><strong>iMac Pro</strong>: From 2017 and later</li><li><a href="https://www.itpro.com/laptops/31655/apple-macbook-pro-13in-2018-review" target="_blank" data-original-url="https://www.itpro.com/laptops/31655/apple-macbook-pro-13in-2018-review"><strong>MacBook Pro</strong></a>: From 2012 and later</li><li><strong><a href="https://www.itpro.com/hardware/33764/apple-guns-for-the-enterprise-with-monster-new-mac-pro" target="_blank" data-original-url="https://www.itpro.com/hardware/33764/apple-guns-for-the-enterprise-with-monster-new-mac-pro">Mac Pro</a></strong>: From 2013 and later</li><li><strong>Mac mini</strong>: From 2012 and later</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Critical infrastructure at risk again from Stuxnet-like attack ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/33996/critical-infrastructure-at-risk-again-from-stuxnet-like-attack</link>
                                                                            <description>
                            <![CDATA[ Researchers find gaping flaws in critical systems used in the most importnt industries across the globe ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iz3n8Jkmzt6wVtqjhkmdaR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6JP4nYwoULENLMPR8kYKda-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 10 Jul 2019 10:57:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6JP4nYwoULENLMPR8kYKda-1280-80.jpg">
                                                            <media:credit><![CDATA[Bigstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacker typing on a keyboard]]></media:description>                                                            <media:text><![CDATA[Hacker typing on a keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Hacker typing on a keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6JP4nYwoULENLMPR8kYKda-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A dozen vulnerabilities including previously undisclosed exploits have been discovered in software used to maintain industrial control systems (ICS) which could lead to another devastating attack on highly-prevalent critical infrastructure.</p><p>The researchers from Tenable likened <a href="https://medium.com/tenable-techblog/nuclear-meltdown-with-critical-ics-vulnerabilities-8af3a1a13e6a" target="_blank">the vulnerabilities</a> to those in the family of devices affected by the infamous <a href="https://www.itpro.com/642502/the-stuxnet-legacy" target="_blank" data-original-url="https://www.itpro.com/642502/the-stuxnet-legacy">Stuxnet attack</a> on an Iranian nuclear facility, adding that the software affected is used across nearly every business vertical.</p><p>The vulnerabilities affected four of the most popular ICS vendors: Siemens, Fuji Electric, Schneider Electric, and Rockwell Automation, all of which make some of the most widely used operational technologies in the world.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/33844/devastating-hacking-group-expands-focus-to-us-power-grid" data-original-url="/security/33844/devastating-hacking-group-expands-focus-to-us-power-grid">Devastating hacking group expands focus to US power grid</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/digital-currency/33931/the-turbulent-politics-of-irans-cryptocurrency-mining-debacle" data-original-url="/digital-currency/33931/the-turbulent-politics-of-irans-cryptocurrency-mining-debacle">The turbulent politics of Iran's cryptocurrency mining debacle</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-attacks/32391/its-now-impossible-to-protect-critical-uk-infrastructure-from-cyber-attack" data-original-url="/cyber-attacks/32391/its-now-impossible-to-protect-critical-uk-infrastructure-from-cyber-attack">It's now "impossible" to protect critical UK infrastructure from cyber attack</a></p></div></div><p>The researchers notified the vendors of the critical vulnerabilities and have now been patched, but they said remote malicious actors could exploit the software flaws, if left unpatched, to launch targeted attacks, perform administrative functions, unleash malicious code, harvest data or conduct espionage.</p><p>Users of the affected systems are urged to check the latest update has been applied, especially now the vulnerabilities have been disclosed.</p><p>"The attack scenario cannot be understated as <a href="https://www.itpro.com/security/33844/devastating-hacking-group-expands-focus-to-us-power-grid" target="_blank" data-original-url="https://www.itpro.com/security/33844/devastating-hacking-group-expands-focus-to-us-power-grid">critical systems</a> such as power, water, transportation, and manufacturing all rely on major PLC vendors," said Joseph Bingham, reverse engineer at Tenable. "We will show a theoretical attack using recently discovered vulnerabilities and proof of concept code to disrupt a major power industrial system."</p><p>With Siemens' TIA Portal, which was patched this month, attackers could bypass HTTP authentication to gain admin privileges, enabling them to launch malicious firmware updates to modify user permissions or change proxy settings.</p><p>The Siemens vulnerability was the most dangerous of the 12 noted by the researchers, but vulnerabilities in the other systems involved remote command execution, memory corruption and stack overflows.</p><p>"A simple table with a bunch of exploits to critical vulnerabilities might not feel very impactful to many people... [but] Stuxnet only needed 3 new vulnerabilities to spread through an isolated network and damage centrifuges in the targeted Iranian nuclear facility, said Bingham. "Any of the vulnerabilities listed above could have been discovered by a threat actor and used as a key component in a targeted attack to disrupt or damage industrial hardware."</p><p>In a proof of concept exercise run by the researchers in a simulated nuclear reactor, they were able to show how just one exploited vulnerability could lead to major emergency detection systems in a plant being rendered useless, potentially causing a total nuclear meltdown.</p><p>"Attacks on critical infrastructure go well-beyond cyberspace -- they have the potential to cause physical damage and harm," said Renaud Deraison, chief technology officer and co-founder, Tenable. "And the threats to these often delicate systems cannot be overstated."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Attackers target vulnerability in Cisco switches ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/internet-of-things-iot/30905/attackers-target-vulnerability-in-cisco-switches</link>
                                                                            <description>
                            <![CDATA[ 'Nation-state' actors leave political messages on 168,000 unpatched IoT devices ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pNSNK8irRAudbGxLNYw9K1</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/KAE3tGXMEcRfgDxLP9qFH4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 09 Apr 2018 11:53:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Centres]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/KAE3tGXMEcRfgDxLP9qFH4-1280-80.jpg">
                                                            <media:credit><![CDATA[Bigstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Bright blue code appearing on screen to denote hacking]]></media:description>                                                            <media:text><![CDATA[Bright blue code appearing on screen to denote hacking]]></media:text>
                                <media:title type="plain"><![CDATA[Bright blue code appearing on screen to denote hacking]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/KAE3tGXMEcRfgDxLP9qFH4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Attackers are exploiting a vulnerability in Cisco switches deployed in data centres across the world to leave politically-motivated messages, according to researchers.</p><p>Although the scale of the attack has yet to be determined, Talos, Cisco's cybersecurity arm, has identified more than 168,000 IoT devices with the vulnerability, with analysis by Kaspersky Lab suggesting the attack is mostly targeting the Russian-speaking portion of the internet, impacting entire internet providers and data centres.</p><p>A bot is searching for vulnerable Cisco switches via the Internet of Things (IoT) search engine Shodan, <a href="https://www.kaspersky.com/blog/cisco-apocalypse/21966" target="_blank">according to Kaspersky</a>, and once it finds a vulnerability, can exploit the Cisco Smart Install Client software.</p><p>The flaw allows attackers to run arbitrary code on the vulnerable switches, before they are able to rewrite the Cisco IOS image and change the configuration file. Devices then boot up with the message "don't mess with our elections" and an image of the United States flag, before the switch becomes unavailable.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="g7VdsRJkrMAKmbXnWPh2vC" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/g7VdsRJkrMAKmbXnWPh2vC.jpg" mos="https://cdn.mos.cms.futurecdn.net/g7VdsRJkrMAKmbXnWPh2vC.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Image credit: <a href="https://www.kaspersky.com/blog/cisco-apocalypse/21966" target="_blank">Kaspersky</a></em></p><p>Cisco Talos threat researcher Nick Biasini warned that <a href="http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html" target="_blank">network administrators need to be especially vigilant</a>, suggesting the simplest way to mitigate these issues is to run the command <em>novstack </em>on the affected device. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/antivirus/30085/kaspersky-offers-hackers-100000-for-spotting-bugs" data-original-url="/antivirus/30085/kaspersky-offers-hackers-100000-for-spotting-bugs">Kaspersky offers hackers $100,000 for spotting bugs</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/29242/ciscos-security-unit-stagnates-as-revenue-tumbles" data-original-url="/strategy/29242/ciscos-security-unit-stagnates-as-revenue-tumbles">Cisco's security unit stagnates as revenue tumbles</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/27610/how-safe-is-the-iot" data-original-url="/security/27610/how-safe-is-the-iot">How safe is the IoT?</a></p></div></div><p>He said: "It can be easy to 'set and forget' these devices, as they are typically highly stable and rarely changed. Combine this with the advantages that an attacker has when controlling a network device, and routers and switches become very tempting targets."</p><p>Cisco has strongly recommended all customers review their architecture, and use tools provided by Talos to scan their network and remove Cisco Smart Install Client from all devices in instances where it's not being used.</p><p>While Talos believes attackers are "associated with nation-state actors", <a href="https://twitter.com/xnetua/status/982316233411325952" target="_blank">screenshots posted on Twitter</a> by one affected user indicates a group named 'JHT' has claimed responsibility.</p><p><em>Reuters</em>, meanwhile, reported a statement from the Iranian Communication and Information Technology Ministry that says the attack has <a href="https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH" target="_self">affected 3,500 switches in Iran</a>.</p><p>The Smart Client vulnerability dates back to February of last year, where Cisco <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi" target="_blank">first became aware of a significant increase in scans attempting to detect devices</a> where the Smart Install feature remained enabled and without proper security controls, after setup was completed.</p><p>Smart Install was initially designed to make life easier for system administrators by allowing remote configuration and OS image management on Cisco switches. By design, these do not require authentication.</p><p>Kaspersky Labs suggests it may be a problem of data centres that fail to limit access to the TCP 4786 port, which needs to be open for the Smart Install to work, or to disable Smart Install once it is no longer in use.</p><p><em>Picture credit: Bigstock</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Intel security flaws put laptops, servers and storage at risk of hacking ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/29999/intel-security-flaws-put-laptops-servers-and-storage-at-risk-of-hacking</link>
                                                                            <description>
                            <![CDATA[ Bugs in Intel's firmware allow remote code execution, data exfiltration and more ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kRwk6KY5BgaMKyNCqG5QYm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5gqY8SrxuaYmFASk2m2AWV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 21 Nov 2017 11:55:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hacking]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adam Shepherd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/3n2BoLAtRj8Z5eRfxtwyK8.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5gqY8SrxuaYmFASk2m2AWV-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Bug bounty]]></media:description>                                                            <media:text><![CDATA[Bug bounty]]></media:text>
                                <media:title type="plain"><![CDATA[Bug bounty]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5gqY8SrxuaYmFASk2m2AWV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Bugs in the underlying firmware of multiple Intel chip families have left laptops, servers and storage appliances vulnerable to a number of security vulnerabilities, the company has admitted.</p><p>The silicon giant has confirmed reports from third-party security researchers that flaws in its chips' management and administration functions could potentially allow hackers to execute code, exfiltrate confidential data and more.</p><p>Intel launched a full internal review of its source code after it was alerted to the issues, finding that bugs in affected systems could allow attackers to "load and execute arbitrary code outside the visibility of the user and operating system [and] cause a system crash or system instability".</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far" data-original-url="/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far">Equifax data breach: Ex-CIO to serve four months in prison for insider trading</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29898/ex-estonian-president-other-countries-staying-silent-over-digital-id-flaws" data-original-url="/security/29898/ex-estonian-president-other-countries-staying-silent-over-digital-id-flaws">Ex-Estonian president: Other countries staying silent over digital ID flaws</a></p></div></div><p>The flaws affect a wide variety of chip families, including 6th, 7th and 8th Generation Intel Core processors, Intel Xeon E3-1200 v5 and v6 processors, Intel Xeon Scalable processors, Intel Xeon W processors, Intel Atom C3000 processors, Apollo Lake Intel Atom E3900 series, Apollo Lake Intel Pentiums, and Celeron N and J series processors.</p><p>This covers everything from laptops and 2-in-1s, all the way up to high-end servers and storage appliances. The company has released a free detection tool, which users and sysadmins can run to identify vulnerable machines. <em>IT Pro</em> has contacted Intel to try and determine the number of affected systems.</p><p>Three elements of Intel's firmware are vulnerable: the company's Management Engine (ME) Server Platform Services (SPS) and Trusted Execution Engine (TXE). The Management Engine runs underneath the OS, and is used by admins to remotely access a system for maintenance and management tasks. The Server Platform Services feature is based on the ME and offers similar features for server products, while the TXE deals with hardware authentication.</p><p>The ME allows anyone with the appropriate credentials to control desktops, make changes to the system's settings and configurations, and even reinstall the OS. This makes it a very useful tool for IT staff at large companies with multiple offices, but it also means it holds a huge amount of power that hackers could take control of.</p><p>Because it runs underneath the OS, the ME is invisible to any antivirus systems or hypervisors installed on the machine. Coupled with its highly-privileged status, this means that a compromised ME could be used to install malware, among other troubling things.</p><p>A <a href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" target="_blank">security advisory</a> issued by Intel stated that 80% of the ten CVEs relating to the flaws are designated as high-severity, with buffer overflows and privilege escalations seen throughout.</p><p>"Based on the items identified through the comprehensive security review," the advisory read, "an attacker could gain unauthorized access to platform, Intel ME feature, and 3rd party secrets protected by the Intel Management Engine (ME), Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE)."</p><p>Intel has confirmed to IT Pro that patches are now available for affected systems, and the company advised that they should be installed as a matter of urgency.</p><p>"We worked with equipment manufacturers on firmware and software updates addressing these vulnerabilities," Intel said, "and these updates are available now. Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Surface Pro 2 faulty firmware patched ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/tablets/21435/surface-pro-2-faulty-firmware-patched</link>
                                                                            <description>
                            <![CDATA[ Firmware patch designed to improve system stability. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qQxHCKEciGrbiAXnqKF6cn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hWamgBSRnUDt8ApnokMDqF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 20 Jan 2014 16:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Caroline Donnelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hWamgBSRnUDt8ApnokMDqF-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Surface Pro]]></media:description>                                                            <media:text><![CDATA[Microsoft Surface Pro]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Surface Pro]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hWamgBSRnUDt8ApnokMDqF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has started rolling out a fix for the faulty Surface Pro 2 firmware update it was forced to withdraw last month following user complaints about its battery life impact.</p><p>The update was released as part of Microsoft's monthly round of Patch Tuesday software patches on 10 December, and was designed to improve system stability and the interaction between the tablet and its keyboard.</p><p>Shortly after its release, Surface Pro 2 users began complaining the update was draining their batteries, and would shut down devices when users instructed them to sleep.</p><p>Microsoft promptly withdrew the update, and promised users it would come up with a fix after Christmas.</p><p>True to its word, the software giant has started rolling out a patch to users affected by the faulty firmware first time around.</p><p>In a statement, the company confirmed the move: "This weekend we released an update that addresses the unexpected wake and battery drain behaviour experienced by a small number of Surface Pro 2 customers who installed the December Windows Update.</p><p>"This should have no impact on customers who had not received the December update. We are working hard to deliver the rest of the December update to those customers who had not received it prior to it being removed from distribution."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Surface Pro 2 firmware update pulled after user complaints ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/tablets/21272/surface-pro-2-firmware-update-pulled-after-user-complaints</link>
                                                                            <description>
                            <![CDATA[ Surface Pro 2 users hit out at Microsoft over problematic firmware update. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6vYEoDTdkDEsjsMWc6QsXY</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/st5mWbCUZLsGhaQeqD56bR-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 19 Dec 2013 10:53:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Caroline Donnelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/st5mWbCUZLsGhaQeqD56bR-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/st5mWbCUZLsGhaQeqD56bR-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has pulled a problematic Surface Pro 2 firmware update after users complained it reduced the battery life of their devices.</p><p>The update was released as part of Microsoft's monthly round of <a target="_blank" href="https://www.itpro.com/security/21172/microsoft-to-issue-last-patch-tuesday-updates-of-2013" data-original-url="https://www.itpro.com/security/21172/microsoft-to-issue-last-patch-tuesday-updates-of-2013">Patch Tuesday software patches on 10 December</a>, and was designed to improve system stability and the interaction between the tablet and its keyboard.</p><p>However, shortly after its release, Surface Pro 2 users began <a href="http://answers.microsoft.com/en-us/surface/forum/surfpro2-surfupdate/system-firmware-update-121013-fails-to-install/b2163f4b-9019-4508-a931-45c44fbbeb9c">flooding Microsoft support forums with complaints about the installation problems</a> they had encountered with the update.</p><p>Many users said the firmware update failed to load, and did not offer users another opportunity to reinstall it.</p><div><blockquote><p>I suggest that no-one goes home before this critical problem is resolved.</p></blockquote></div><p>Furthermore, some users said the failed update had caused a reduction in the battery life of their machines, and prompted their devices to shut down when instructed to sleep.</p><p>In light of this, Microsoft has decided to pull the update.</p><p>"To ensure the best experience for our customers during the holiday season, we have taken steps to remove the update for Surface Pro 2 that was previously published through Windows Update on December 10th 2013," Microsoft explained in a statement.</p><p>"We are working to release an alternative update package after the holidays," it added.</p><p>The statement's closing sentence ruffled a few feathers within the Surface Pro 2 user community, as some assumed the post meant Microsoft's tech team was downing tools over Christmas.</p><p>One user, WallyXZ, said: "As it seems like a holiday is so important to you and/or the Surface team, why did you just release such a comprehensive and critical firmware update with a huge impact just before the holidays?</p><p>"I suggest that no-one goes home before this critical problem is resolved."</p><p>In response, a Microsoft representative assured users in a further forum post the company would be working on a fix for the problem throughout the Christmas break.</p><p>"We took the update down to prevent additional customers from ending up in this state. All hardware failures, none of which are known to be caused by the December update, are being handled promptly through our warranty exchange policy," the post read.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Trendnet firmware flaw exposes private videos ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638725/trendnet-firmware-flaw-exposes-private-videos</link>
                                                                            <description>
                            <![CDATA[ Trendnet says it has issued a firmware fix for a load of its vulnerable IP CCTV cameras. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">tUjLb2h8NiR4gQaQgAoUQR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y9Ra55ZAQ6uX39vgs3zZXV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Feb 2012 11:43:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y9Ra55ZAQ6uX39vgs3zZXV-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[CCTV]]></media:description>                                                            <media:text><![CDATA[CCTV]]></media:text>
                                <media:title type="plain"><![CDATA[CCTV]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y9Ra55ZAQ6uX39vgs3zZXV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A flaw in Trendnet firmware has led to the breach of thousands of IP CCTV camera feeds, exposing people's private lives.</p><p>Users' video streams, including those of children's bedrooms, have reportedly been compromised and links pointing to them placed online.</p><p>Trendnet said it is rolling out a fix to affected customers.</p><p>"Trendnet has recently gained awareness of an IP camera vulnerability common to many Trendnet SecurView cameras," the company said in an official statement.</p><p>"It is Trendnet's understanding that video from select Trendnet IP cameras may be accessed online in real time. Upon awareness of the issue, Trendnet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability."</p><p>Trendnet SecurView Cameras bought between April 2010 to now may have a firmware vulnerability.</p><p>Trendnet is aware that this IP Camera security threat may affect your confidence in Trendnet solutions.</p><p>Yesterday, the company said it was working to publish all outstanding firmware within the next 48 hours.</p><p>"Trendnet is aware that this IP Camera security threat may affect your confidence in Trendnet solutions. Trendnet extends its deepest apologies to consumers which may be impacted by this issue," the company added.</p><p>The company advised concerned customers to email ipcam@trendnet.com if they had any urgent enquiries.</p><p>A spokesperson told the <a href="http://www.bbc.co.uk/news/technology-16919664" target="_blank">BBC</a> the company had not actually issues a formal media release even though it first became aware of the issue on 12 January.</p><p>A total of 26 models are affected by the flaw and the company is "scrambling to discover how the code was introduced," the spokesperson added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Dell heralds ‘virtual era’ with new storage products ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/624151/dell-heralds-virtual-era-with-new-storage-products</link>
                                                                            <description>
                            <![CDATA[ Intelligent handling and data awareness are the keystones of Dell’s storage strategy, according to a senior executive. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iEa2BjYa1QUEe7wEqjRue3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DHFWv3X3ZZrv9Dk8irsQ6H-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 Jun 2010 16:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Benny Har-Even ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DHFWv3X3ZZrv9Dk8irsQ6H-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Dell logo]]></media:description>                                                            <media:text><![CDATA[Dell logo]]></media:text>
                                <media:title type="plain"><![CDATA[Dell logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DHFWv3X3ZZrv9Dk8irsQ6H-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="http://www.dell.co.uk" target="_blank">Dell</a> has signalled the beginning of a new "virtual era" with the announcement of three storage products at a UK launch today.</p><p>The company's vice president of storage, Darren Thomas, claimed server <a href="https://www.itpro.com/621583/virtualisation-to-be-attacked-in-2010" target="_blank" data-original-url="https://www.itpro.com/621583/virtualisation-to-be-attacked-in-2010">virtualisation</a> is now becoming the norm rather than the exception to the rule in data centres.</p><p>However rather than a physical box, the first announcement was the introduction of a firmware 5.0 update for its EqualLogic range. Thomas said this would enable businesses to focus on "intelligent data management", rather than just the mechanics of the creation of virtual servers.</p><p>He also said the new firmware would be aware of the presence of virtual machines and of the data load they contained and would automatically create extra space on a storage array without human intervention.</p><p>"Automation is crucial, otherwise you can't react fast enough," he said.</p><p>The new firmware will also copy data into a new virtual machine up to 72 per cent faster than previously, he claimed, adding: "No one knows how to move data faster than we do".</p><p>It would do so with a 95 per cent drop in SAN traffic, and a 75 per cent reduction in CPU usage, he said.</p><p>Also introduced were the EqualLogic PS6000XVS and PS6010XVS storage arrays, which enabled the combination of SAS and <a href="https://www.itpro.com/622198/latest-ssd-offers-one-million-iops" target="_blank" data-original-url="https://www.itpro.com/622198/latest-ssd-offers-one-million-iops">SSD drives</a> on one enclosure for the first time. Firmware 5.0 would take advantage of this by providing automatic tiering of data from the slower SAS drives to the faster, more expensive SSDs automatically, depending on the demand on the database.</p><p>Two new PowerVault storage arrays the MD3200 and MD3200i were also launched, aimed at <a href="https://www.itpro.com/business/public-sector" target="_blank" data-original-url="https://www.itpro.com/622549/virtualisation-a-hit-as-smbs-expect-it-spending-rise">small to medium businesses</a>. Dell claimed the products provided twice the performance, connectivity and capacity of the previous generation models.</p><p>"We've just doubled everything," said Thomas. The arrays can be equipped with up to 96 drives in total and offer same design language as its servers for example the orange handle indicating a hot plug drive in order to ensure they are familiar to existing customers.</p><p>Finally, Thomas said Dell was expanding and would offer half day workshops for free to help set up EqualLogic systems, although he claimed it was possible to get an EqualLogic system up and running from the box in under eight minutes.</p><p>This was echoed by Gerard Chadwick, the IT director for <a href="http://www.jmw.co.uk" target="_blank">JMW Solicitors</a>, who said that the ease of setup was one of the factors that led it to choose Dell's EqualLogic storage.</p><p>"From a training perspective is very easy to use," said Chadwick. "The eight minutes out of the box setup speaks volumes."</p><p>The PowerVault products will both cost 4,333 and be available from 15 June.</p><p>The pricing is yet to be confirmed for the EquaLogic boxes but they will be launched in August.</p><p>The firmware is available immediately free of charge.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ HTC Hero firmware update available ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/615250/htc-hero-firmware-update-available</link>
                                                                            <description>
                            <![CDATA[ The firmware update will increase the speed of the Google Android-based HTC Hero. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9jqhyLp633SiRh9T9W5ZVp</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/t2p8X6iouWFrahw6F6tiG3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 17 Sep 2009 10:59:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Android]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Google]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jennifer Scott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/t2p8X6iouWFrahw6F6tiG3-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[HTC Hero]]></media:description>                                                            <media:text><![CDATA[HTC Hero]]></media:text>
                                <media:title type="plain"><![CDATA[HTC Hero]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/t2p8X6iouWFrahw6F6tiG3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="http://www.htc.com/europe" target="_blank">HTC</a> has released a new firmware update for its Google Android-based <a href="https://www.itpro.com/613030/htc-hero-arrives-on-orange" target="_blank" data-original-url="https://www.itpro.com/613030/htc-hero-arrives-on-orange">Hero</a> handset.</p><p>The 2.73.405.5 ROM update is now available on its UK website following its roll out across Europe.</p><p>The main aim of the update is to speed up the phone's performance, but it also includes a new feature enabling the user to touch the screen to focus on a particular area when taking a photo.</p><p>The installation should take about 10 minutes, with the update being downloaded from HTC's <a href="http://www.htc.com/uk/SupportViewNews.aspx?dl_id=671&news_id=254" target="_blank">website</a>. However, it is only compatible with <a href="http://www.microsoft.com" target="_blank">Microsoft</a> operating systems.</p><p>Read our <a href="https://www.itpro.com/613585/htc-hero-review" target="_blank" data-original-url="https://www.itpro.com/613585/htc-hero-review">review of the HTC Hero here</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ HP sends out LaserJet printer patch alert ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/609830/hp-sends-out-laserjet-printer-patch-alert</link>
                                                                            <description>
                            <![CDATA[ Even printers are now vulnerable to hackers, as HP warns LaserJet owners over remote vulnerability. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">giYhoQ4KKZ2EShF2M1bjjn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iw3prhKA7TzrKHW2VBhFad-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 11 Feb 2009 11:36:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Printers]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Benny Har-Even ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iw3prhKA7TzrKHW2VBhFad-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[HP printer]]></media:description>                                                            <media:text><![CDATA[HP printer]]></media:text>
                                <media:title type="plain"><![CDATA[HP printer]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iw3prhKA7TzrKHW2VBhFad-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>HP has alerted owners of its LaserJet printers of a <a href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" rel="nofollow">vulnerability</a> that could lead to unauthorised access of files stored on those printers.</p><p>In its security bulletin, HP said 13 different models were affected by the flaw, and said owners should download and apply a firmware patch as soon as possible.</p><p>According to a listing on the <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4419" rel="nofollow">Common Vulnerabilities and Exposures website</a>, the problem is a "directory traversal vulnerability in the HP JetDirect web administration interface".</p><p>Printers are not often thought of as a security risk, but with many now featuring hard disks on which potentially sensitive data could be stored, it makes sense to ensure they are secure.</p><p>"Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come," said analyst Adrien de Beaupre of the <a href="http://isc.sans.org/diary.html?storyid=5809" rel="nofollow">Internet Storm Center</a>.</p><p>"The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be. Other than patching, disallowing access to the web admin interface is likely the only other mitigation."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Blackberry Storm fixes on the way ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/608733/blackberry-storm-fixes-on-the-way</link>
                                                                            <description>
                            <![CDATA[ The much hyped, but much troubled touch-screen Blackberry Storm is to receive firmware update to cure bugs. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">w5x5nAkRQCJXgLgfTAX8AT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/po8DDfDyX5TKV4WoD7pR4b-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 28 Nov 2008 12:02:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Mobile Phones]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Benny Har-Even ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/po8DDfDyX5TKV4WoD7pR4b-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Storm]]></media:description>                                                            <media:text><![CDATA[Storm]]></media:text>
                                <media:title type="plain"><![CDATA[Storm]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/po8DDfDyX5TKV4WoD7pR4b-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="http://www.rim.com" target="_blank">Research in Motion</a> (RIM), manufacturer of the Blackberry is set to unveil a slew of bugs fixes in its upcoming firmware update for the Blackberry Storm, according to internet reports.</p><p>The Blackberry Storm is RIM's first touch-screen handset with an aim to taking on the likes of Apple's iPhone 3G and HTC's Touch HD. However, despite the hype, many users have been reporting issues with the handset, leading RIM to rush release an update to help solve some of the bugs.</p><p>According to a leaked internal memo from US network Verizon the bugs to be fixed include:</p><p>- If a customer receives a call while listen to music at low volume using a wired headset, the music volume may suddenly increase to the highest level. Interim recovery instructions: Lower the volume using the buttons on the side of the handset.</p><p>- When using voice-activated dialing, incoming audio may be muted. Interim recovery instructions: Enter the menu and select "Activate Handset or Speaker".</p><p>- The handset may reset itself while sitting idle or while using multimedia applications. No interim recovery instructions provided.</p><p>- This update is to be provided over via an over the air update in early December, while the memo also details fixes to be addressed by another maintenance release.</p><p>Issues to be resolved by a subsequent Maintenance Release:</p><p>- Customers may intermittently lose email connectivity via CDMA and/or international roaming modes. Interim recovery instructions: Main menu -> Manage Connections -> Select mobile network -> Turn radio off, then Turn radio on. If this does not resolve the issue, pull the battery.</p><p>- When powering on the handset, the radio sometimes does not turn on. Interim recovery instructions: Main menu -> Manage Connections -> Select mobile network -> Turn radio on. If this does not resolve the issue, pull the battery.</p><p>- Pressing the send key while the device is in landscape mode will open the phone application in portrait mode, but the speed dial function may not work. Interim recovery instructions: Press escape until the home screen appears, then press the send key with the handset in portrait orientation.</p><p>- Sometimes entering characters on the virtual keyboard doesn't work. Interim recovery instructions: Re-select the character.</p><p>Some reports also suggest that the Strom has already been unlocked for use on other networks. Currently it is available exclusively on Verizon the US and Vodafone in the UK.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New iPhone firmware leads to huge security blunder ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/605745/new-iphone-firmware-leads-to-huge-security-blunder</link>
                                                                            <description>
                            <![CDATA[ The new iPhone update may have fixed some of the problems that users have been complaining about, but it has left a big security problem. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8YD3qK4rVjAnyPsB7YW6KK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/uERgYz98xkJ3SrBgY38XoK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 28 Aug 2008 11:52:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[iPhone]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                    <category><![CDATA[Mobile Phones]]></category>
                                                                                                                    <dc:creator><![CDATA[ Asavin Wattanajantra ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/uERgYz98xkJ3SrBgY38XoK-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/uERgYz98xkJ3SrBgY38XoK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The recent <a href="http://www.apple.com" target="_blank">Apple</a> iPhone firmware update has opened up a massive security hole, with its password protection easily bypassed by just a few taps on the touch screen.</p><p>With iPhone 2.0.2 you can access a password protected iPhone by tapping the Emergency Call' keypad from the passcode entry screen. Double-tap the home button and it is possible to get into your favourites.</p><p>From here it is possible to call anybody in your favourites list as well as opening up access to the full address book, the dial keypad and voicemail. Tapping the blue arrow next to a contact's name gives you full access to applications such as Mail, Safari, Contacts List, SMS and Maps.</p><p>The hole was discovered by users of an Apple news site, and was verified on video <a href="http://gizmodo.com/5042332/huge-iphone-security-flaw-puts-all-private-information-at-risk" target="_blank">here</a>.</p><p>The security flaw asks major questions about the iPhone's suitability as a business device. On the Macrumors discussion forum, a user called View' posted: "Sounds like someone at Apple is about to be yelled at or get fired. Nothing is perfect, but this is quite unacceptable."</p><p>"It's not a major problem for me since I don't really use that feature, but I'm sure that this shows the unreliability of the iPhone, especially for high-level agents that need to secure their information."</p><p>It is possible to prevent a breach from happening by going into Settings, clicking on General and clicking the Home' or iPod' button.</p><p>This will mean double clicking the Home button will take you back to the unlock or iPod screen. However, this will mean that you cannot access your favourites if you want to make a quick call.</p><p>Reuters has reported that Apple is aware of the problem, and was readying a software update to fix it.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>