Microsoft adds option to disable JScript in Internet Explorer

As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer.

The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft’s own dialect of the ECMAScript standard (the JavaScript language).

Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE.

Across the years, threat actors realized they could attack the JScript engine, as Microsoft wasn’t actively developing it and only rarely shipped security updates, usually only when attacked by threat actors.

CVE-2018-8653CVE-2019-1367CVE-2019-1429, and CVE-2020-0674 are some of the recent JScript zero-days that Microsoft had to deal with over the past

Read More

HPE to deliver Pawsey’s new AU$48m research supercomputer

The Pawsey Supercomputing Centre in Western Australia will be receiving a new supercomputer thanks to a AU$48 million contract signed with Hewlett Packard Enterprise (HPE).

The new supercomputer will deliver up to 30 times more compute power — 50 petaflops — than its predecessor systems Magnus and Galaxy.

Magnus, a Cray XC40, was commissioned in 2014 and the Galaxy, a Cray XC30, in 2013. The new supercomputer will be built using the HPE Cray EX architecture and it is expected the new single general-purpose supercomputer will boast the capability to handle the workloads of both systems.

The HPE Cray EX supercomputer will be used by researchers in fields such as medicine, artificial intelligence, and radio astronomy.

Magnus and Galaxy currently occupy 11 cabinets; the new system will occupy eight. The Cray EX will boast more than 200,000 cores across 1,600 nodes, over 750 GPUs, and more than 200,000 AMD CPU

Read More

Jersey launches contact-tracing app

After the Isle of Wight played a key role in testing the UK contact-tracing app, 175km to the southwest, Jersey has now introduced a smartphone app designed to alert users when they have been near another app user who has recently discovered that they have Covid-19.

Available immediately for islanders to download, the Jersey Covid Alert app is the result of a partnership between the government of Jersey, Digital Jersey – a government-backed economic development agency and industry association dedicated to the growth of the island’s digital sector – and Irish technology developer NearForm.

The app uses Bluetooth Low Energy (BTE) and API technology from Google and Apple to enable mobile phones with the app to recognise when they are near other phones also running the app and then securely and anonymously alert users who have been in close contact with someone who tested positive for Covid-19 and also

Read More

Pakistan says it is lifting the ban on TikTok after assurances that it would moderate content in accordance with societal norms and laws (Manish Singh/TechCrunch)

Manish Singh / TechCrunch:

Pakistan says it is lifting the ban on TikTok after assurances that it would moderate content in accordance with societal norms and laws  —  Pakistan Telecommunication Authority said on Monday it has lifted the ban on TikTok, 11 days after the South Asian nation’s telecom authority blocked … … Read More

Microsoft releases emergency security updates for Windows and Visual Studio

Microsoft has published today two out-of-band security updates to address security issues in the Windows Codecs library and the Visual Studio Code application.

The two updates come as late arrivals after the company released its monthly batch of security updates earlier this week, on Tuesday, patching 87 vulnerabilities this month.

Both new vulnerabilities are “remote code execution” flaws, allowing attackers to execute code on impacted systems.

Windows Codecs Library vulnerability

The first bug is tracked as CVE-2020-17022. Microsoft says that attackers can craft malicious images that, when processed by an app running on top of Windows, can allow the attacker to execute code on an unpatched Windows OS.

All Windows 10 versions are impacted.

Microsoft said an update for this library would be automatically installed on user systems via the Microsoft Store.

Not all users are impacted, but only those who have installed the optional HEVC or “HEVC

Read More

An iPhone-loving Best Buy rep told me which phone to buy and I’m stunned

This was the phone I wanted to see.

Cho Mu-Hyun/ZDNet

When October comes, you can get jittery.

You stare at your phone and wonder whether it’s the best expression of who you are. Or, perhaps, of what you’ve become.

Cynically, smartphones makers know this. So they bombard you with their latest wares at your most vulnerable time.

Why, I look down at my black, somewhat scratched iPhone XR and I see a reflection of a dark, damaged soul.

And then there was last week’s iPhone 12 event which tantalized with a gamut of phones that all have very similar capabilities but very different sizes.

I went, therefore, for psychological guidance to the home of physical retail objectivity, Best Buy.

I hadn’t been to one for quite a while and I needed some cheery, forthright advice.

Now She Sees It, Now You Don’t.

I confess I’ve been teetering toward the

Read More