OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.

OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

Solaris version 11.4 xscreensaver local privilege escalation exploit.

This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86).

Windows Defender Antivirus version 4.18.1908.7-0 suffers from a file extension spoofing vulnerability.

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

This is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.

This article explains the technical procedure and challenges involved in extracting data and artifacts from iPhone backups.

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell meta-characters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

(Please visit the site to view this video)

What does it take to make a city greener? In San Francisco, it took a small group of motivated people to come together to create a nonprofit. After the city cut funding for urban forestry 36 years ago, seven individuals decided to take matters into their own hands. They created a nonprofit, Friends of the Urban Forest (FUF).

Starting with a Small Budget, FUF Plants Nearly Half San Francisco's Street Trees

The organization started off with just a small budget from a leftover city grant. Then it used grassroots efforts to rally neighborhoods throughout the city around urban trees. By empowering and supporting communities and homeowners to plant and care for their own trees, FUF has successfully planted 60,000 of the 125,000 trees in San Francisco. The group eventually even worked with the city to create San Francisco's first ever Urban Forest Plan.

FUF Harnesses the Power of Many Volunteers to Plant and Advocate for Trees

FUF is a member of TechSoup, and TechSoup's staffers were very excited to reach out for an interview to hear more about the group's impact. My team joined FUF early on a Saturday morning for its volunteer tree planting event in the Portola neighborhood, a part of the city that is lacking street trees. It was cold even by San Francisco standards, but there was an impressive turnout of volunteers present and ready to plant.

The executive director of FUF, Dan Flanagan, joined us and told us about his work. "We get to get out in the city and make it greener. We advocate for trees; I always call ourselves the Lorax of San Francisco. We are the only organization in San Francisco that is speaking for the trees."

FUF Gets the Chance to Plant Even More Trees … in Neighborhoods That Really Need Them

Dan was excited about a recent accomplishment for the organization. San Francisco just passed Proposition E, which opens up major opportunities for the nonprofit. As he said, "It changes the responsibility from street trees and sidewalks away from the homeowners and to the city. As a result, homeowners are no longer responsible, and now we actually get a chance to make the city more green than ever before by planting more trees in neighborhoods that couldn't afford it before."

This policy makes the city responsible for maintenance, but it will still require FUF to continue its work of planting the trees. FUF hopes to plant 1,700 trees this year and ultimately hopes to plant 3,000 trees every year.

FUF Puts Technology from TechSoup to Work

I was curious to find out how FUF was using technology to further its mission. Jason Boyce, individual gifts manager, said: "Here at Friends of the Urban Forest, a lot of our field staff tend to be out in the field all day; technology really needs to be out of the way to allow us to plant. So, as a result, the relationships we build with our community tend to be stronger because we use technology to enable our work, but it doesn't get in the way of our work."

Jason explained, "We have been working with ArcMap for years, ... GIS software that TechSoup has provided for us. We use it to plant trees, to figure out where we are going to plant. When we do our plantings, we actually dole out the maps that our volunteers use to do the plantings, and all that comes through ArcMap. We use Adobe Acrobat to put together our tree manuals for our new tree owners and volunteer manuals. We use AutoCAD to put together the permit drawings for our sidewalk gardens. Technology plays a really important role in doing our plantings and making San Francisco more green."

FUF Partners with the City to Calculate the Environmental Benefits of Trees

Jason also recently worked with the city on the Urban Forest Map, which is an interactive online map that tracks every tree in San Francisco. The map helps calculate the environmental benefits the trees provide, including stormwater mitigation, air pollutants captured, and carbon dioxide removed from the atmosphere. This platform has increased the visibility of the city's urban forest.

As Jason said, "We are now at the forefront of cities worldwide that are building software to manage their urban forests. … [This] really gives a lot of benefit to the people living in San Francisco."

TechSoup is proud to support organizations like Friends of the Urban Forest by enabling them with the technology they need. That support gives them more time to focus on their impact, like planting trees, or to build the communities that help them thrive.

spanhidden

The Gulf region is making extensive reforms to its foreign investment landscape in an effort to attract foreign investors to sectors outside oil and gas, according to a recent report by PwC. 

London event hears how the UK export credit agency is increasing its focus on trade with African countries. Jason Mitchell reports.

The situation between the US and China is bad news for South Korea’s investment climate.

Siemens Gamesa Renewable Energy (SGRE) said that is has begun operation of its electric thermal energy storage system (ETES), a milestone in the development of energy storage solutions, according to the company.

The 122.4-MW Bicentennial Wind Farm has been inaugurated in the Santa Cruz province of Argentina and is currently the largest wind farm in the country, according to BNamericas.

The Federal Energy Regulatory Commission in the U.S. has issued an original operating license to Kenai Hydro LLC for its proposed 5-MW Grant Lake Hydroelectric Project in Kenai Peninsula Borough, Alaska.

This week JinkoSolar held an opening ceremony at its new manufacturing facility in Jacksonville, Florida. The facility made headlines when it was announced due to the fact that the Chinese company decided to set up manufacturing in the U.S. in response to solar tariffs that are put on solar cells and modules imported from China. To date, Jinko is the only Chinese-owned solar manufacturer to set up a facility in the U.S.

Enel Foundation has signed a landmark agreement to become the exclusive Global Knowledge Partner of the 2019 Clarion Power and Energy series of events.

The President announced on Tuesday, March 28th at the Environmental Protection Agency his new Executive Order based on protecting 75,000 US coal jobs by threatening over 3 million US clean energy jobs.

Some context:

According to MorningConsult

The order directs officials to review the Environmental Protection Agency regulations on new and existing power plants, withdraw the Obama administration’s “social cost of carbon,” which puts a price on greenhouse gas emissions, end a moratorium on new coal leases on federal land, review regulations on methane emissions from natural gas systems, end a guidance for agencies to consider climate change, and end Bureau of Land Management restrictions on hydraulic fracturing.

The Trump administration has not yet released the text of the order  which is based solely on saving coal and other fossil jobs, but a senior White House official shared details with reporters in a call on March 27th.

Utilities across the country are increasingly taking a proactive role on initiatives to advance clean energy and grid modernization. But to hear a utility CEO like Kipp focus unequivocally on one of the most critical drivers for the growth of solar and storage was striking — and yet another sign of the sector’s ongoing transformation.

Utilities and renewable-energy advocates have long had a complicated relationship. Yet the prospect of PG&E Corp. tipping into bankruptcy by the end of January has sent shivers through the solar-and-wind sector.