Privacy & Google Search Alternatives

When it comes to privacy, using Google search is not the best of ideas. When you use their search engine, Google is recording your IP address, search terms, user agent, and often a unique identifier, which is stored in cookies.

Here are a few Google search alternatives

 

DuckDuckGo is a US-based search engine that was started by Gabriel Weinberg in 2008. It generates search results from over 400 sources including Wikipedia, Bing, Yandex, and Yahoo. DuckDuckGo has a close partnership with Yahoo, which helps it to better filter search results. This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads.

Searx is a very privacy-friendly and versatile open source metasearch engine that gathers results from other search engines while also respecting user privacy. One unique aspect with Searx is that you can run your own instance

Qwant – is a private search engine that is based in France and was started in 2013. Being based in Europe, the data privacy protections are much stricter, as compared to the United States.

Metager – is a private search engine based in Germany, implementation of free access to knowledge and digital democracy. Ref: https://metager.de/en/about

StartPage – StartPage gives you Google search results, but without the tracking.
Ref: https://classic.startpage.com/eng/protect-privacy.html#hmb

 

Patch Tuesday, June 2018 | Pushing 11 Critical Security Updates

Are you ready for the latest in security patch updates?  I’m not, but it’s that time again.

Ref: https://www.catalog.update.microsoft.com/Search.aspx?q=windows+security+update+2018

 

Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.

Only one of these vulnerabilities: CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability is a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user.

There are a few others included are:

CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability

The most critical bug Microsoft patched this month is a remote code execution vulnerability (CVE-2018-8225) exists in Windows Domain Name System (DNS) DNSAPI.dll, affecting all versions of Windows starting from 7 to 10, as well as Windows Server editions.

The vulnerability resides in the way Windows parses DNS responses, which could be exploited by sending corrupted DNS responses to a targeted system from an attacker-controlled malicious DNS server.

CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability

The critical bug is a remote code execution flaw (CVE-2018-8231) in the HTTP protocol stack (HTTP.sys) of Windows 10 and Windows Server 2016, which could allow remote attackers to execute arbitrary code and take control of the affected systems.

CVE-2018-8213 | Windows Remote Code Execution Vulnerability

Critical remote code execution vulnerability (CVE-2018-8213) affecting Windows 10 and Windows Server exist in the way the operating system handles objects in memory. Successful exploitation could allow an attacker to take control of an affected Windows PC.

Microsoft is reportedly acquiring #GitHub

#Microsoft is reportedly acquiring #GitHub – and we are now expecting the announcement sometime this week.

New reports out of Redmond this weekend have Microsoft set to purchase the popular coding site GitHub. Bloomberg is citing “people familiar with the matter,” stating that the deal could be announced as early as tomorrow.

The new story follows similar reports late last week of discussions between the two parties. The deal certainly makes sense for Microsoft, as the software giant continues to actively court developers. As for GitHub, the company is said to have been “impressed” by Satya Nadella, who has actively courted coders and coding initiatives since taking the reins at the company, back in 2014.

“The opportunity for developers to have broad impact on all parts of society has never been greater,” Nadella told the crowd at his address during last year’s Build. “But with this opportunity comes enormous responsibility.”

Dramatic, perhaps, but acquiring GitHub would give the company access to some 27 million software developers — though not all of them are thrilled by the idea of GitHub being taken over by Microsoft.

More to come.

Kaspersky lawsuits over government ban, dismissed

Last year, the US government made moves to ban the use of Kaspersky security software in federal agencies, claiming the company’s ties to the Russian government represented a security risk. In September, the Department of Homeland Security issued an order that required federal departments and agencies to remove the company’s software from their systems. Then, Congress passed and President Trump approved a bill — the National Defense Authorization Act (NDAA) — that also banned Kaspersky software from federal government use. Kaspersky subsequently filed two lawsuits combatting both bans, but a judge has now dismissed them.

CyberScoop reports that Colleen Kollar-Kotelly, US District Judge for the District of Columbia, rejected Kaspersky’s claims that the bans were unconstitutional. Kaspersky argued that the NDAA inflicted an unconstitutional “punishment,” but Judge Kollar-Kotelly disagreed. She said the act wasn’t a punishment but instead, “eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.”

Further, because she dismissed the lawsuit against the NDAA, the suit against the Department of Homeland Security’s order was rendered moot since the act would supersede any change to the order. “These defensive actions may very well have adverse consequences for some third-parties,” she said in her opinion. “But that does not make them unconstitutional.”

The NDAA’s Kaspersky ban goes into effect on October 1st.

This article originally appeared on Engadget.

VMware vCenter 6.7a and other released

VMware has released vCenter 6.7a, vSphere Replication 8.1.0.2, vSphere Integrated Containers 1.4, and PowerCLI 10.1.

Download link