The most important addition to Firefox 38 is undoubtedly integration with the Adobe Content Decryption Module (CDM) to play back DRM-wrapped content on Windows Vista and later. Mozilla announced the controversial (given the closed nature of DRM) move just under a year ago.

The CDM in question is downloaded from Adobe shortly after you install Firefox 38 or higher, and it activates when you first interact with a site that uses Adobe CDM. Mozilla says some premium video services, including Netflix, have already started testing the solution in Firefox.

The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort.

“Protocol designers should stick to known good algorithms or even the ‘NIST-approved’ short list,” Crain said. “In this instance, the researchers analyzed the OMA digest function and found weaknesses in it. The weaknesses in it can be used to determine the private key in a very small number of trials.”

The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability yesterday in a patch numbered MS15-034.

The problem stems from HTTP.sys not safely handling the Range header in a HTTP request; this mechanism is used to fetch part of a file from a server, which is sometimes handy for resuming downloads. If you set the range way too large, it causes the Windows kernel to crash.

The Linux 4.0 kernel is very much a "solid code progress" release, according to Torvalds. The live kernel patching capability is not a new feature in the broader Linux ecosystem. Oracle has a technology capability known as Ksplice that enables live kernel patching, although Ksplice is not open source code that is directly integrated in the upstream mainline Linux kernel.

In addition to the new live patching code, there is a new Linux "code of conflict" that was merged into the kernel during the Linux 4.0 development cycle. The code of conflict is an attempt to help deal with potential conflict between Linux kernel developers.

Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system.

Unlike Docker, which uses Linux as its core operating system, Windows Server Container will rely on the Windows Server operating system. This will allow organizations to package into containers their applications specifically built to run on Windows Server, and Microsoft's .Net framework.

The hacker, using the alias NinjaDoge24, analyzed the NQ Vault app, which supposedly encrypts files on smartphones and other gadgets. Ninja claims the software uses only XOR (exclusive or) and a single-byte key to scramble the first 128 bytes of a .PNG test subject.

Independent security bod Wade Alcorn (@WadeAlcorn) says the findings render the app insecure. "The research suggests that the NQ’s Vault software attempts to only encrypt the first 128 bytes leaving the remainder of the file in the clear. If this is the case it should not be considered a mechanism to protect data," Alcorn said.

Though XP's grip on the market continues to loosen, it remains the No. 2 most-used operating system based on Net Application's Web stats, beating Windows 8 and 8.1 and their collective share of 14 percent. Windows 8.1 took the third spot with a 10.5 percent share, leaving Windows 8 in fifth place with just 3.5 percent.

Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.

4K video needs more powerful compression technology. To that end, dozens of industry players created a new compression standard called the High Efficiency Video Coding, aka HEVC or H.265. A well established group called MPEG LA announced in 2014 a mechanism to license a pool of HEVC patents for use in products like Blu-ray players, video editing software and smartphones.

HEVC Advance promises a "transparent" licensing process, but so far it isn't sharing details except to say it's got 500 patents it describes as essential for using HEVC.

Sixty-one percent of companies have at least one instance of Windows Server 2003 running within their environment, representing millions of installations across both physical and virtualized infrastructures, according to a recent survey of 1,300 business and IT professionals conducted by Spiceworks.

"After July 14, 2015, Microsoft will no longer release patches for WS2003, essentially leaving the OS defenseless against new threats – and hackers are well aware of this," Peter Tsai, IT content manager at Spiceworks, told eWEEK.