In association with heise online

« previous | next »
19 July 2009, 17:21

The H Week

The H Week logo The most interesting news this week has been mostly security related, although many of these security stories affect open source projects in one way or another. The recently released version 3.5 of the Firefox browser has been the subject of several stories this week of vulnerabilities found, then patched, then followed by reports of new holes.

Open Source news

Apart from fixing holes in Firefox Mozilla has also been in the news for releasing Jetpack 0.3 and, in what may prove to be a popular move, announcing a pilot scheme for “Contributions” for Firefox Add-ons, which allows independent developers to request a contribution payment to support their Add-ons work.

On Friday The H Open reported that the Google Chrome developers have achieved a drastic reduction in the size of Chrome updates through use of a new algorithm, dubbed "Courgette".

Also on Friday The H Open published an article on Btrfs which, over the next few years, seems set to replace Ext4 as the de-facto Linux file system.

Microsoft has been flexing its legal muscles again; the Melco group, the Japanese parent company of Buffalo Inc., has signed a licensing deal to avoid any IP claims from Microsoft over its Linux driven, Buffalo brand, Network Attached Storage devices and Microsoft have sued two Hong Kong based companies for Live Messenger phishing to sell mobile phone games and ring tones.

Security news

Just missing the previous edition of The H Week, The H Security covered news about a squabble over who was responsible for losing the keys to the current German trial of electronic health cards. One of the security procedures in place led to the automatic erasure of encryption keys. This is a typical example of how increasing levels of security almost always lead to greater inconvenience and difficulty of legitimate access to the protected data.

On Wednesday of the previous week the proprietor of the notorious Milw0rm exploits website announced he was [ticker:uk_11372 shutting up shop] due to overwork. Monday of this week saw the announcement that after a flood of concerned email and pledges of practical support, Milw0rm would continue.

Tuesday saw the announcement that researchers at the École Polytechnique Fédérale (EPFL) in Lausanne, Switzerland have, over a period of about six months, set a new record in cracking 112-bit encryption based on elliptical curves (ECCp-112). This is more of a minor skirmish, rather than a defeat for ECC encryption, since apart from the length of time taken, the weakest ECC encryption in practical use employs 160 bits.

The hacker group Anti-Sec declared war on the security industry claiming that the publication of discovered exploits, rather than being a beneficial warning, is a tactic used by a parasitic security industry to encourage attacks, increase paranoia and therefore boost the market for their services. Anti-Sec themselves might be accused of generating paranoia since their self-referential method of gaining publicity for their cause is to launch attacks against security websites.

Following last week's story on DDoS attacks on South Korea and the USA on Wednesday, The H Security reported that Korean researchers are now saying that, although they still suspect the North Korean “Hacker Army” as the source, the botnet driven attacks were orchestrated through a control server located in the UK.

Some serious problems have been found in the recently issued Firefox 3.5. On Tuesday The H reported on slow start times on Windows for Firefox 3.5 and then followed that story with notice, from the previously mentioned milw0rm, of the first zero day vulnerability in the new browser. By Friday the Mozilla coding team had released version 3.5.1 with fixes for both the start-up problem and the zero day hole. Then, today, The H Security reports a fresh hole in 3.5.1. Although this vulnerability had been found four days ago, at the time of writing it has not been patched.

On the subject of browser flaws in general, on Thursday The H Security reported on a DOM flaw that affects the majority of browsers. This is apparently due to a very old, and persistently repeated, coding mistake that was first noticed over nine years ago.

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(trk)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-742545

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Gigabyte GeForce GTX 670 OC
  7. Crucial m4 SSD 128GB
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit