Maruti Suzuki is recalling over 1 lakh units of Swift, DZire and Ertiga for replacing a faulty fuel filler neck that may cause fuel smell and leakages
Maruti Suzuki India Ltd (MSIL), the country's largest car maker on Friday said it will replace the ‘fuel filler neck’ of 1.03 lakh units of its popular cars like Swift, DZire and Ertiga. It will replace fuel filler neck in these vehicles free of cost.
In a regulatory filing, MSIL said, 42,481 units of DZire, 47,237 units of Swift and 13,593 units of Ertiga manufactured between 12 November 2013 and 4 February 2014 would be recalled.
There is a possibility of fuel smell in the affected vehicles and in extreme condition, there may be some fuel leakage if fuel is filled up to the Fuel Cap beyond the ‘Auto cut-off level’, it added.
MSIL said dealers would contact owners of all vehicles and would replace the ‘fuel filler neck’ free of cost.
The statement added that this exercise is limited to vehicles within the above specified range and does not pertain to any other vehicle.
Maruti Suzuki closed Friday 1.5% down at Rs1,930.5 on the BSE, while the benchmark Sensex ended the day marginally down at 22,629.
The Heartbleed bug, a serious ‘catastrophic’ vulnerability in OpenSSL allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users
A new serious vulnerability in the popular OpenSSL cryptographic software library, nicknamed as the Heartbleed Bug (http://heartbleed.com/ ) has affected over 5 lakh or 17% of the servers across the world. The vulnerability allows the Bug to scrape the server's memory, like usernames, passwords as well as credit card numbers. An analysis posted on GitHub of the top 1,000 most visited websites as of 8 April 2014 revealed vulnerabilities in sites including Yahoo.com, Imgur.com, flickr.com, addthis.com, archive.org and whether.gov.
In his blog post, renowned security technologist and author, Bruce Schneier, said, “Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it. ‘Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”
According to internet research firm Netcraft, this an extremely serious issue and would affect about 5 lakh servers across the world. At its disclosure on 7 April 2014, some 17% or half a million of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to the attack. Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66%, says Netcraft's April 2014 Web Server Survey.
However, contrary to claims by certain media, websites like Google, Facebook, YouTube, Yahoo, Wikipedia, Twitter, Amazon and Paypal are found to be not vulnerable, says GitHub . Sites like Baidu, Live.com, eBay.com, MSN.com, Bing are not affected as they do not use SSL.
Kurt Baumgartner, researcher at Kaspersky Lab, said, "Shortly after news of the Heartbleed Bug first surfaced, we uncovered evidence that a few hacking groups believed to be involved in state-sponsored cyber espionage were running such scans. We identified such scans coming from 'tens' of actors. The numbers were gradually increasing and this was even more evident when security software company Rapid7 released a free tool for conducting such scans. This problem is insidious and devices besides servers could be at risk because they run software programs with vulnerable OpenSSL code built into them."
OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols designed to provide communication security over the Internet.
On 7th April, the Tor Project advised that anyone seeking "strong anonymity or privacy on the Internet" should "stay away from the Internet entirely for the next few days while things settle." The Canada Revenue Agency (CRA) closed down its electronic services website over Heartbleed bug security concerns.
"The problem, disclosed Monday night, is in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too," said CNET in a report.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What makes the Heartbleed Bug unique?
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
Most of us assume that any secure site with https and a lock icon would be safe. "However," said, Eswar Santosh, "the discovery of this bug which was 'open' for the past two years brings that assumption into question. The worst thing about the bug is that there is no way to detect a data theft that has happened already."
Several financial sites including banks, payment gateways and online shopping sites use OpenSSL, and therefore are open to risk. Many of these financial sites may be using Microsoft's IIS server that is not vulnerable to Heartbleed But. But then one cannot be sure about the server used by her bank or online shopping site.
Am I affected by the bug?
According to Heartbleed.com, almost everyone is likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services, it says.
To check if a site is still vulnerable, you may use the tool at: http://filippo.io/Heartbleed/
How to stop the leak?
As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.
What versions of the OpenSSL are affected?
Status of different versions:
•OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
•OpenSSL 1.0.1g is NOT vulnerable
•OpenSSL 1.0.0 branch is NOT vulnerable
•OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14 March 2012. OpenSSL 1.0.1g released on 7 April 2014 fixes the bug.
To resolve the bug, server administrators are advised to either use 1.0.1g or to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS, thus disabling the vulnerable feature until the server software can be updated.
Indian Medical Association -IMA has appealed to its 2.75 lakh doctor-members across India to give a 25% discount in doctor’s fees to voters
The Indian Medical Association (IMA) has appealed to its 2.75 lakh doctor-members across India to give a 25% discount in doctor’s fees for one week to all patients who visit them with their fingers bearing the voting ink mark.
The Bengal chapter of the IMA has gone one step ahead by appealing to doctors, based in the state, to give the 25% discount in pathological tests as well for two weeks.
The IMA with a 86-year-old history behind it took the unusual initiative to raise awareness about the importance of voting.
“We want to raise awareness about the importance of voting. So we have made this appeal to all our 1,700 local branches spread across 29 states to give the rebate to patients,” IMA secretary general Narendra Saini said.
Saini said the association was also in the process of sending text messages to all its member-doctors informing them of the rebate.
“Some branches in northern India have said that they will offer 50% rebate on doctor’s fees. We are getting a good response from the doctors and our associations,” he said.
State secretary and national joint secretary Shantanu Sen said that they had decided to increase the time-frame to two weeks and also appealed to all pathological clinics to offer 25% discount on all tests.
In Bengal IMA has 17,000 doctors as its members.
“If the parents vote, their children will also get a discount on fees when visiting child specialists or pathological labs,” Sen said.
Asked how the IMA will know that the doctors are actually giving discounts, Saini said, “We can only appeal to the conscience of the doctors to be a part in the cause.”
Even if 25% to 40% of IMA members responded to the appeal, it would be deemed as having set an example, Sen said.
Saini says that more than one crore patients are treated everyday by 2.5 lakh member-doctors of the association spread across India.