VLC, the exceptional open-source media player that pretty much runs on everything, has been one of the first programs I install on a new computer or smartphone for years. It's simple, powerful and free—I couldn't ask for anything more. Well, except maybe not having it play host to a
critical (See update below) security vulnerability
Discovered by German security agency CERT-Bund (via WinFuture), a new flaw in VLC (listed as CVE-2019-13615) that has been given a base vulnerability score of 9.8, which classifies it as “critical.”
The vulnerability allows for RCE (remote code execution) which potentially allows bad actors attackers to install, modify, or run software without authorization, and could also be used to disclose files on the host system. Translation: VLC’s security hole could allow hackers to hijack your computer and see your files.
VideoLAN, makers of VLC, tweeted
to say that VLC is not vulnerable.
"About the "security issue" on #VLC : VLC is not vulnerable. tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Gizmodo reports that the National Vulnerability Database's entry for the bug was downgraded, specifying that the “Victim must voluntarily interact with attack mechanism.”
This post has been corrected to reflect VideoLAN's debunking of the security researchers' claims — Rob Beschizza
The Universal Serial Bus specification was introduced by a consortium of large tech companies in 1996 to standardize the way peripherals connect to computers. In this episode of Nostalgia Nerd on YouTube, you can learn about the history of USB, and why the connector configurations change so frequently. This 20-minute video was more interesting than […]
The miniature model supercomputers that Cray salespeople carried sometimes hit eBay, and they’re getting quite pricey. This 3.75″ tall scale model of the Cray X-MP, once the world’s fastest computer, is on offer for $700. I wonder, if you put a Rasberry Pi in it, would the resulting machine be faster than a Cray X-MP? […]
D-Wave Systems opened up free cloud access to its quantum computing resources for researchers responding to COVID-19. They’re also enlisting their staff, partners, and customers to help others get up to speed on programming quantum computing for their specific tasks. By taking advantage of quantum weirdness – the ability of quantum bits (qubits) to exist […]
“It’s better to have it and not need it than to need it and not have it.” – “Lonesome Dove,” Larry McMurtry If the past few months have taught us anything, it’s that we need to be prepared now more than ever. Emergency situations can happen quickly and there’s no telling when you may need […]
Just as in almost any industry that seeks high-demand, well-trained workers, certification often becomes key. For project managers, that means anyone who’s serious about serving in that role with a respected company knows they’re going to need the seal of approval in one of the field’s most recognized methodologies before they stand much of a […]
Popping a new battery in a smoke detector or adding salt to your water softener are easy fixes. But if you run into trouble or a necessary repair in a cramped, tight place, sometimes with no obvious fix or easy access, it can be a pretty frustrating exercise. Since flying blind is the absolute worst, […]