This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86).

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.

A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges.

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

Eighty-one percent of Americans have social media accounts, and that number is expected to grow each year. Nearly all brands have a social presence, and libraries are no different. Libraries are using social platforms now more than ever before.

The New York Public Library has 2.2 million followers on Twitter, more followers than the celebrity Kathy Griffin. Social media is playing a significant role in helping libraries stay relevant in our ever-growing digital society.

TechSoup recently teamed up with WebJunction to find out the details on how libraries are using social media. We wanted to know how often libraries are using platforms and what some of their biggest challenges are. We surveyed 311 libraries throughout the country and found out some interesting things.

In our survey, we found that 55 percent of respondents serve fewer than 25,000 patrons, so nearly half of the respondents were smaller libraries, probably mostly in rural areas. We found that libraries are using social, and they are eager to grow their channels.

More than half (55.7 percent) of libraries spend less than 5 hours per week on social media, and 28 percent spend only 6 to 10 hours a week.

Libraries use Facebook more than any other social platform. Twitter is the next most popular platform, and then Instagram.

Forty-four percent of libraries post daily on Facebook, and 25 percent also post daily on Twitter.

Libraries are using social media to share events and pictures, educate people about services, highlight their collections, and support other libraries.

Growing followers and finding staff support are some of libraries' biggest social media challenges.

Learn How to Grow Your Library's Social Media Channels with Our WebJunction Webinars

Registration is now open for the Social Media and Libraries Webinar Series, hosted by WebJunction and TechSoup for Libraries in collaboration. We'll help you build a social media strategy, including how to select platforms that work with different types of library content to create brand awareness, increase traffic, and meet community goals. This series will highlight social media best practices to keep patrons and library staff engaged, develop measurable goals, and cultivate new readers and learners in your community.

On October 24, join us to learn how libraries can effectively use social media tools, even with limited staff and time. Learn how to identify the appropriate social media platforms to market library services and events, and how to integrate best social media practices in your library's marketing plan. We'll help you build a foundation for your social media strategy and provide practical ideas and tactics for immediate use in your library.

Register for October 24

On November 30, join us to learn all about social media analytics. Now that you are using social media to engage with your community, how do you know if it's working? If you don't know where to start when planning your social media metrics, join us to learn the best methods to measure your library's social media outcomes. During this event, you will learn how to establish measurable goals, identify key performance indicators (KPIs), and evaluate your social media results

Register for November 30

On December 19, join us to learn how to take the next steps toward amplifying your library's social media program. During this third webinar in our social media series, we'll discuss best practices in growing your library's social media program and managing user engagement. You'll learn tips on assessing the members of your library's audience based on their preferred platforms, and ideas for converting your in-person library community into an online community.

Register for December 19

How Is Your Library Using Social Media?

Our survey is still going on! Take our survey and tell us how your library is using social media.

spanhidden

Paris Region has kept its fDi European Region of the Future title, while Dublin Region holds on to second place and North Rhine-Westphalia is in third. 

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

Philomène Dias, director of inward investment at Portuguese investment promotion agency Aicep, on how staff and organisation are working through lockdown.

In an announcement that was celebrated by the solar industry, yesterday U.S. trade officials said that bi-facial solar modules, which are solar modules that produce energy on both sides of the panel, would be exempt from import tariffs.

Today, solar power has become cheaper than the production cost of any other existing conventional power generation technology. The arrival of grid parity heralds a milestone in the history of energy production. It means solar energy being commercially viable without any subsidies or state support; producing energy with the lowest possible environmental impact.

U.S. Sens. Ron Wyden (D-Ore.), Jeff Merkley (D-Ore.), Angus King (I-Maine), Brian Schatz (D-Hawaii), and Jack Reed (D-R.I.), have reintroduced The Marine Energy Research and Development Act, intended to increase production of low-carbon, renewable energy from the natural power in ocean waves, tides and currents.

Ontario Power Generation (OPG) has entered into an agreement to acquire Cube Hydro, an operator of small and medium-sized hydropower facilities in the northeast and southeast U.S.

Plans are under way to rebuild one of Ontario Power Generation’s oldest hydroelectric generating stations, which was damaged by a tornado in 2018. Constructed in 1917, the 5-MW Calabogie Generating Station has produced renewable, low-cost electricity on the Madawaska River for decades.

Of all the efforts to break up utility monopolies in the U.S., the one unfolding in Arizona may be the most important to watch.

A report recently released by the U.S. Department of Energy defines and evaluates cost and performance parameters of six battery energy storage technologies (BESS) and four non-BESS storage technologies.

Under a 20-year agreement, AES will provide APS with the storage capabilities powered by Fluence’s Advancion platform.

Solar energy companies could fill the void created by the lack of secure energy transfer between UK and EU, the group says.

After announcing nearly a gigawatt of new clean-energy projects in February, APS is now seeking proposals to build two of them in different parts of the state. The first request for proposals (RFP) seeks partners to add batteries to existing APS solar plants in rural Arizona, storing their power for use after the panels stop producing each day. A second partner is being sought to develop a large (100-MW) solar plant paired with an equal amount of storage, to bring more clean energy to customers after dark. Both of these projects will provide APS customers with more solar after sunset, serving their evening energy needs with an even cleaner resource mix.

Community Solar in New York has a messaging problem. It is confusing, and even some industry professionals have given up in disgust because of aggressive marketing and a lack of clarity.

In an announcement that was celebrated by the solar industry, yesterday U.S. trade officials said that bi-facial solar modules, which are solar modules that produce energy on both sides of the panel, would be exempt from import tariffs.

Today, solar power has become cheaper than the production cost of any other existing conventional power generation technology. The arrival of grid parity heralds a milestone in the history of energy production. It means solar energy being commercially viable without any subsidies or state support; producing energy with the lowest possible environmental impact.

Of all the efforts to break up utility monopolies in the U.S., the one unfolding in Arizona may be the most important to watch.

The U.S. Department of Energy has awarded a total of $6.7 million in funding to six recipients, with the goal of developing innovative marine energy technologies "capable of generating reliable and cost-effective electricity from U.S. water resources."

On the premise that the nations of the world are not doing enough to meet the goals of the 2015 Paris Climate Agreement, Governor Jerry Brown, New York City’s former Mayor Michael Bloomberg and other dignitaries convened a high-profile international gathering in San Francisco September 12-14 to inspire more ambitious action and showcase successful efforts.

For most of their history, in North America, electrical utilities have been centralized distribution networks. Utility operated generation resources are the hub of the network and electricity flows one-way via distribution networks largely controlled by the same utilities. In this model, there has been little reason for utilities to share anything but a small slice of data about their operations with anyone else other than themselves.

Ontario plans to cut carbon gas emissions by 30 percent from 2005 levels by 2030, setting reduction targets for industries and encouraging private investments in clean technologies.

A problem with bearing cooling at the Lookout Shoals plant helped Duke Energy uncover several other issues that needed to be resolved. Through creative approaches and significant machining work, the units are now operating dependably.

Publicly, the United Nations climate-change talks look mired in disputes over everything from money to the length of the proposed agreement.

The Sustainable Energy Authority of Ireland (SEAI) is funding the Ireland division of U.S.-based Ocean Renewable Power Co. (ORPC) to identify feasible tidal energy sites in the coastal waters of County Donegal. 

Lignum Vitae North America LLC will donate bearings to any of the 20 teams advancing to the next phase in the Wave Energy Prize Challenge sponsored by the U.S. Department of Energy’s Water Power Program.  

The European Marine Energy Centre (EMEC) has signed Flemish wave energy developer Laminaria to test its marine hydrokinetic (MHK) energy device at EMEC’s grid-connected wave test site at Billia Croo, off the west coast of Orkney, Scotland.
 

Capping a busy February for the European Marine Energy Centre is an announcement that tidal turbine manufacturer Tocardo has signed a 20-year deal for testing at EMEC's array in Orkney.

Papua New Guinea recently became the first country to formally submit the final version of its national climate action plan (called a “Nationally Determined Contribution,” or NDC) under the Paris Agreement. The small Pacific nation’s plan to transition to 100 percent renewable energy by 2030 is no longer just an “intended” nationally determined contribution (INDC) — it is now the country’s official climate plan.

Scotland-based power and environmental consultant Aquatera Ltd. Has entered into a partnership with the Nagasaki Marine Industry Cluster Promotion Association in an effort to help Japan bolster its marine energy sector through international collaboration.

The Cascade Generation Station on the Seguin River in Parry Sound, Ontario, Canada, is being upgraded from 1.2 MW to 3.4 MW, according to the project’s owner, Parry Sound PowerGen Corp.
 

Less than two weeks after 175 nations signed the pivotal Paris Agreement on climate change, a question lingers: What happens now?

The 382-MW Ulu Jelai hydropower project, which began construction in 2011, is 95% complete and expected to be fully-commissioned in the third quarter of this year, in the district of Cameron Highlands, Pahang, Malaysia, according to state-owned power utility Tenaga Nasional Bhd (TNB), Malaysia's largest utility company and the project’s owner.
 

The G20 meeting in Hangzhou, China, this September brings together leaders of the world’s largest economies for the first such gathering since the 2015 Paris Agreement on climate. G20 Leaders Summits traditionally focus on economic growth and financial stability, but since more than 190 countries collectively agreed to greatly enhance mitigation of the causes and impacts of climate change, the need to tackle a changing climate and foster clean energy has become a clear economic and business reality.

The United States and China on Sept. 3 formally joined the Paris Agreement in a ceremony in Hangzhou, China, ahead of the G20 Summit. President Obama and President Xi both deposited their country’s official instrument with United Nations Secretary, General Ban-Ki Moon.

On Sept. 3, U.S. President Barack Obama and China's President, Xi Jinping, formally agreed to participation in the negotiated 2015 United Nations Climate Change Conference (COP 21) Paris Agreement, a global agreement on the reduction of climate change.