The H Week - China hacks Google and VMware buys Zimbra

This week, following a recent cyber attack originating in China, Google is considering closing its Chinese operations and Microsoft warned of a critical hole in the ActiveX control of Flash Player 6.x, which is a standard component of Windows XP.

Open Source

Following previous rumors, virtualisation specialist VMware officially acquired open source groupware provider Zimbra from Yahoo. Mozilla said that, in addition to add-ons, it's planning to focus on its Jetpack extension system and Personas themes in future versions of the Firefox web browser. in late breaking news, new features in Firefox will be pushed with security updates and there will be no more point releases. Sun Microsystems released update 18 for Java 6, adding support for Windows 7. With the recent arrival of Google's Nexus One smartphone running version 2.1 of Android, Google finally released an Android 2.1 software development kit. Theodore "Ted" T'so left his position as the Linux Foundation's Chief Technology Officer for a position at Google and Facebook became the Apache Software Foundations latest Gold Sponsor by pledging to donate $40,000 per year to the open source organisation.

• VMware buys Zimbra
• Mozilla to focus on Jetpack and Personas
• Java 6 update supports Windows 7
• Android 2.1 SDK now available
• Ted T'so moves to Google
• Facebook becomes Apache Software Foundation Gold Sponsor

Open Source Releases

• Canonical releases Ubuntu 10.04 LTS Alpha 2
• Mandriva Linux 2010 Spring Alpha 1 released
• OpenOffice 3.2 RC2 arrives
• Version 1.0 of OpenShot Linux video editor arrives
• Ubuntu Tweak 0.5.0 released
• SpringSource release dm Server 2.0

Security

For this month's Patch Tuesday, Microsoft released only one update to fix a Windows hole for processing "Embedded OpenType" fonts. The Chaos Computer Club (CCC) cracked chip-based airport staff ID cards in Germany, allowing them access to restricted areas. A team of Israeli cryptologists developed an attack against the second generation mobile phone encryption standard primarily used in UMTS networks. A solution for the Transport Layer Security (TLS) renegotiation vulnerability from early last November may be in sight as the Internet Engineering Task Force (IETF) has amended version 1.2 of the protocol, introducing a new TLS extension to store a connections cryptographic information, and it was reported that the web server of the BerliOS (Berlin Open Source) open source platform had been successfully attacked.

• Microsoft closes one Windows hole
• Chip-based ID cards pose security risk at airports
• UMTS encryption also dented
• Solution for SSL/TLS design weakness in sight
• BerliOS open source project portal falls victim to attack

Security Alerts

• Security update released for Adobe Reader and Acrobat
• Oracle patches 24 holes
• Recent attacks on Google exploited previously unknown hole in IE
• Mac OS X vulnerability left unpatched for months
• Pidgin update addresses emoticon vulnerability

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)