CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.

CVE-2020-25688

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.

CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical – it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default – and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.

Gift Guide: 7 great gifts for anyone working from home

Let’s just get this out of the way: for the past several years, I’ve contributed the “Best Gifts for Frequent Travelers” segment to TechCrunch’s annual gift guide. I love it. It was easily my favorite gift guide to write, and it was an audience favorite, as well. But I am no longer a frequent traveler. I’ve left New York City exactly once since March. Odds are that special person in your life isn’t traveling much, either.

So, in honor of this new sedentary life to which we’ve all grown accustom over the past eight or nine months, I’m bringing you the polar opposite. This, friends, is the gift guide for those who have come to carve out office space in their homes. For everyone who’s come to blur the important lines between work and personal life.

The transition hasn’t been an easy one for everyone, but here are a handful of gifts that can help ease the transition and make someone’s home office a…well, a home, I guess. They’re not necessary the most fun gifts, but odds are someone in your life can really use them.

This article contains links to affiliate partners where available. When you buy through these links, TechCrunch may earn an affiliate commission.

Hyken Mesh Task Chair

Image Credits: Staples

I never truly appreciated the value of a good office chair until this pandemic. I’ve been lucky to work for a corporation that considers Herman Millers a necessary expense. I honestly can’t remember which manner of ratty Amazon bargain bin chair I had held onto for the last several years, but a month or two into this, I rolled it into the donation pile.

There’s truth in the conventional wisdom that you get what you pay for when it comes to office chairs. And, indeed, it’s an investment. But there are deals to be had. I didn’t spend an arm or leg, so I’m not going to encourage you to. After a good about of research, I landed on this beast from Staples. It’s big, and comfortable and offers great full body support that won’t leave you sore after eight hours in front of the computer (I mean, do get up and move around at least once an hour for your health and sanity).

Best of all, it’s almost shockingly affordable.

Price: $169-200 from Amazon, depending on color

Apple iMac

Image Credits: Brian Heater

Remember how I told you I wasn’t going to encourage you to spend an arm and a leg on the chair? Well, consider this a gift for the person in your life who was really good this year. If a good office chair is an investment, a computer is lifeline. I wouldn’t recommend an iMac for, say, a 3D designer, but for many or most, you can’t really argue with ease of use for Apple’s all-in-one.

Apple refreshed the system earlier this year, with some improved features, including, notably, an improved webcam — that’s obviously an important upgrade these days. There are no external monitors to deal with and minimal futzing required out of the box. There is, of course, a big Apple Silicon redesign coming in the next year or two, but that won’t do you a whole lot of good in the meantime.

Price: Starting at $1,019 from Apple

Razer Kiyo

Image Credits: Razer

Much like the office chair, Webcams were one of those those things I really didn’t pay much mind to before the pandemic. But the truth is this: Built-in webcams, as a category, suck. There are exceptions to this, of course, but unlike with smartphone makers, cameras have nearly universally been an afterthought with PC manufactures. I do suspect there’s a good chance this will finally shift in the next year or so, but for now, you really want to avoid using your computer’s built-in camera for those important Zoom meetings, if you can.

There are a ton of options out there, and you can get a decent webcam at a decent price — Logitech is usually a pretty solid choice. This time out, however, I’m giving the prize to Razer. The gaming company has delivered a clever and versatile camera. It’s got an adjustable clip/stand, can capture video at 1080p @ 30FPS / 720p @ 60FPS and best of all, there’s a built-in light ring. It’s not going to replace a pro-level camera set up, obviously, if they do a lot of conference appearances or frequently appear on CNN. But if they’re looking to liven up a Zoom call or two, this is a solid choice.

Price: $100 from Razer 

RØDE NT-USB Mini

Image Credits: Brian Heater

Okay, so, as a long-time podcaster this is something I’ve been thinking about well before the pandemic started. The truth is a decent set of headphones should double as an okay meeting mic. But if conference calls are central to work days, a good mic is a great way to up that game. And hey, everyone’s starting a podcast these days, right?

RØDE has some great USB mic options. The NT-USB Mini wouldn’t be by first (or probably even 10th) choice for podcasting. But its price and size make it a nice option for augmenting meetings and other calls. It also has the advantage of size and a removable stand that will make it a good travel companion if we’re able able to travel again.

Price: $100 from Amazon

Cubii Pro desk elliptical

Image Credits: Brian Heater

Living in Queens at the height of the pandemic in New York — and dealing with my own personal health issues — I basically didn’t leave my apartment in April or May. Cubii’s sit down elliptical isn’t a replacement for full body exercise, but it’s a nice supplement, if you’re housebound for any reason.

 

I might have to put it under my desk again as the weather starts getting cold. There’s a mobile component, as well, that tracks progress and integrates it into third-party trackers like Apple Health.

Price: $349 from Amazon

Nest Audio

Headphones are necessary for working from home, but I’d also recommend getting a semi-decent speaker for your desk. A smart speaker is likely the path of least resistance for listening to streaming services like Spotify, and Nest Audio is probably the most well-rounded of the bunch. Google Assistant is great for all of the smart stuff and the new hardware sounds really solid.

Price: $100 from Amazon

Aarke Carbonator

Image Credits: Aarke

Did I need to spend $200 on a seltzer maker? No, of course not. Do I regret spending $200 on a seltzer maker? Also no. Aarke’s system looks great, has a solid build and the pulling down that hand crank is decidedly satisfying. Hydration is important, friends. Honorable mention to the LARQ UV disinfecting bottle. You’ll need something to drink that carbonated water out of, after all.

Price: $200 from Aarke

Really good, customizable lighting for the entire office

Image Credits: Philips

Bonus entry, this one from TechCrunch Editor Greg Kumparak:

I’ve been working from home for a few years now, and honestly the most important change I’ve made this year is vastly improving my home office’s lighting situation. Lighting — both natural and artificial — is hugely important to how we feel throughout the day, and being able to customize the lights to your exact likings is one of the huge plusses of working from home. No more awful flickering fluorescent lights! Want to make the lights purple and blue? You do you.

Smart lighting lets you do fancy things like shifting the colors to those that make you feel alert/productive, or dim them as evening approaches. During the California wildfires, when smoke and haze dyed the sky a terrifying orange, I shifted all of my lighting to be way more blue than it otherwise would be to help my brain realize it was the afternoon and not, as it seemed, an impossibly long sunrise.

Philips Hue bulbs are a solid pick, generally. They offer a ton of flexibility and options, the downside being that they’re generally on the more expensive end. I also don’t expect Philips to drop support for the Hue line or go out of business any time soon. New competition has been entering the market at lower price points, but my hesitation there is always how well they’ll be supported in the years to come.

If they’ve already got other smart lights around their house though, try to stick within the same brand. It makes things considerably easier to not have to deal with new hubs, apps, etc.

Price: $90 for a starter pack of two Philips Hue color shifting bulbs from Amazon

Comcast extends 1.2TB monthly Xfinity data cap to nearly all customers

Comcast plans to implement monthly data caps for Xfinity home internet customers across nearly its entire service area in 2021.

The data cap will be 1.2 terabytes a month, and will apply to a slew of states in the northeastern U.S. starting in 2021. A similar cap is already in effect for non-unlimited customers across most of the other areas that Comcast services.

Starting in March, non-unlimited customers who exceed 1.2TB a month will be charged $10 per additional 50GB of data over that limit. The maximum additional charge per month is $100.

To ease users into the new caps, Comcast will give Xfinity customers who aren’t on an unlimited plan a credit for any usage over that data cap in January and February.

Comcast will implement the new data caps in Connecticut; Delaware; Massachusetts; Maryland; Maine; New Hampshire; New Jersey; New York; Pennsylvania; Virginia, Vermont; West Virginia; Washington, D.C.; and parts of North Carolina and Ohio.

According to the internet service provider, 95% of its customers don’t hit the 1.2TB-a-month threshold.

Will Brazil’s Roaring 20s see the rise of early-stage startups?

Since 2007, the number of publicly listed companies in Brazil has decreased from 400 to just a little over 300.

In the past six years there were only 21 IPOs — an average of just 3.5 public exits per year; by 2019, even Iran had more listed companies than Brazil. Global capital markets are heated given pandemic stimulus packages and low interest rates worldwide, but in Brazil the boom comes with a special feature: in Q3 2020, there were 25 primary and secondary equity offerings, and this year is on track to be the most active in history both in number of deals and dollar volume.

The most important event, however, is not necessarily the reversal of a shrinking public market but the fact that startups are issuing stocks for the first time, a dramatic change for a market previously dominated by industries like commodities and utilities.

Growth versus value: Revert the shrinking market and internet companies

Not only is Brazil’s IPO market roaring, the waitlist is even more impressive: More than 47 companies have filed at CVM (equivalent to the the Securities and Exchange Commission) to issue equity and are waiting for approval. In other words, the IPO is equivalent to more than 15% of the number of publicly listed companies. In the first half of October, six companies were approved to issue equity. Obviously construction and retail names are still predominant as they take advantage of the lower rates, but the main novelty are new entrants in internet and technology.

In the past decade, there were 56 IPOs in Brazil and only two were in the software space, both in 2013. That is a reflection of the profile of the investors who dominate local markets, which are used to allocating assets to companies in sectors like oil, paper and cellulose, mining or utilities. Historically, publicly listed companies in the country were value plays, as few of them had significant exposure to the domestic market and derived a significant share of revenue from commodities and exports.

As a result, companies that focused on the domestic market or on growth were never quite embraced by local investors. Many investors deploying capital in Brazil were mostly foreign and very risk-averse to the dynamics of the domestic market; in 2007, when Brazil went through a similar IPO boom, 70 percent of the demand for equity offerings came from foreign investors.

Along with an undervalued currency, growth companies struggled to find attractive valuations on the local exchange. As a result, growth companies such as Stone Payments, Netshoes, PagSeguro, Arco Educação and XP Investimentos did their IPOs in New York where they attained higher valuations. It’s ironic that there were three times more IPOs of Brazilian growth companies in the U.S. in the past five years than there were in the domestic market in the last decade.

Roaring 20s: New investors and massive portfolio relocations

Vettery acquires Hired to create a ‘unified’ job search platform

Two large job search and recruiting platforms are coming together, with Vettery acquiring Hired.

The news follows a report last week in The Information claiming that Hired had begun to sell off its assets and wind down the company. The report also stated that Hired CEO Mehul Patel “abruptly resigned” via Zoom in early October.

Today’s announcement simply says that Patel is moving on “to pursue new opportunities,” with Vettery CEO Josh Brenner becoming chief executive of the combined companies.

Brenner told me that the two platforms are largely complementary, with only a 5% overlap in their respective customer bases. Hired, he said, has built AI job-matching tools (as well as talent assessment and bias reduction features) that are particularly well-suited for software and engineering positions, while Vettery offers “a little bit more breadth in the verticals that we support.”

“The key is bringing scale to these marketplaces,” Brenner said. “We see this as a formidable competitor to any of the legacy hiring solutions.”

Hired and Vettery logos

Image Credits: Vettery

The plan, he added, is to create a single “unified solution” that brings together the best of both platforms. Vettery says this soluton will offer job-matching AI that draws on combined data from 1.5 million interviews and over 21,000 job placements.

Asked whether the combined site would operate under the Hired or Vettery brand name, Brenner said, “We believe there will be one brand in the future. Right now, we’re continuing to keep both brands while we do the research figure to out what the best approach is.”

Hired was founded in 2012 and raised more than $130 million in funding, according to Crunchbase. Vettery, meanwhile, launched in 2014 and was itself acquired two years ago by HR services firm Adecco Group.

The financial terms of the acquisition were not disclosed.

Asked how many Hired employees would be joining Vettery, Brenner said it was too early in the transition to specify, but he added, “Not only does Hired have a great client base, they’ve also got an amazing team that we’ve admired as well and gotten to know over the last period of time … so we’re extremely hopeful that we can bring together as many of those talented people as possible.”

Black Friday starts now at Sonos: save $100 on Move speaker, Beam soundbar, Sub

Sonos Black Friday deals are going on right now, offering triple-digit discounts on some of the company’s top speakers.

Sonos Black Friday deals on Beam, Sub, Move speaker

Sonos Black Friday deals

The premium speaker company has already started its Black Friday sale, including $100 off the Move speaker, Beam Soundbar, and Sub Gen 3. Sonos is of Apple’s biggest HomePod rivals, with connected speakers known for hi-fi audio quality as evidenced in our hands-on Move and Beam reviews. This is a chance to save big on gifts that are sure to please the music lover in your life.

Read more…