The H Week - Fedora 15, Linux Mint 11, Mac malware, 64-bit rootkits

In the past week, The H saw new versions of Red Hat Enterprise Linux and Fedora and there were hints that Linux could become version 3.0 in July. Romania recommended open source "wherever appropriate" and other reports gave advice on how to use it. Researchers concluded that banks were the key to combating spam, attacks on Sony continued and another Comodo SSL registrar was attacked.

Featured

This week on The H, Thorsten Leemhuis described the new features in Red Hat Enterprise Linux 6.1, reported on the Red Hat Summit 2011 and also examined the new Fedora 15. Glyn Moody had some suggestions for Amazon's relationship with open source and The H Community Calendar was published for June.

• Red Hat Enterprise Linux 6.1 and Red Hat Summit 2011
• Time for Amazon to pay its dues to open source?
• What's new in Fedora 15
• The H Community Calendar - June 2011

Open Source

Fedora 15 was released on Tuesday, Linux Mint 11 arrived two days later. Linus Torvalds considered assigning version 3.0 to the next kernel release, due in July. PathScale's libcxxrt C++ library was adopted by the FreeBSD and NetBSD Foundations, the openSUSE Build Service was renamed Open Build Service, and various MeeGo vendors announced upgrades to MeeGo 1.2.

• Fedora 15's Lovelock released
• Linux Mint 11 "Katya" released
• Linux 3.0 could be out in July
• FreeBSD and NetBSD's new C++ library
• openSUSE renames its Build Service
• MeeGo vendors announce upgrades to MeeGo 1.2

Romania's government recommended that public authorities use open source "wherever appropriate", the Free Software Foundation published a guide for developers on how to choose the right licence, and the US Department of Defense published its report on lessons learned from using open source. The Apache Libcloud project was adopted as a top-level project of the Apache Software Foundation and Citrix announced Project Olympus. Smartphone manufacturer HTC announced that it will no longer lock the bootloaders on its Android devices.

• Romania to recommend open source "wherever appropriate"
• FSF publish guide on choosing a licence
• US DoD reports on lessons learned from open source
• Apache Libcloud is now a top level project
• Citrix announces cloud infrastructure Project Olympus
• HTC to officially stop locking bootloaders on Android smartphones

Terracotta, home of open source caching projects, was acquired by Germany's Software AG. The Document Foundation appointed a committee to coordinate the development of LibreOffice. Novell's former open source strategist Nat Friedman became CEO of new venture Xamarin. Skype for Asterisk was discontinued and Mozilla said that it will not integrate the WebP format into Firefox.

• Software AG acquires open source caching experts Terracotta
• Document Foundation appoints Engineering Steering Committee
• Xamarin: Novell's former open source strategist to become CEO
• Skype for Asterisk disconnecting
• Google and Mozilla tussle over WebP image format

Open Source Releases

• Mozilla Labs: LessChrome HD add-on provides more space to browse
• Node.js 0.4.8 released
• Three signs of life from Apache Roller
• Miro 4.0 arrives with Android & IPv6 support
• Snowfinch: open source real-time analytics software
• Jaspersoft 4.1 unifies analysis from multiple data sources
• OpenLogic Exchange adds new collaboration features
• Puppy Linux "Wary" updated
• GParted Live updates underlying OS
• Lightspark open source Flash player gets Vimeo support

Development Releases

• Beta of Firefox 5 with CSS animations
• New alpha of real-time strategy game 0 A.D. features new civilisation
• KOffice evolves: first Calligra Suite snapshot released
• Qt 4.8 technology preview released
• First beta of KDE 4.7 arrives for testing
• SproutCore 2.0 developer preview available

Security

A group of researchers concluded that the banks are the best starting points for combating spam. Kaspersky discovered another rootkit with 64-bit Windows support which is targeting online banking customers in Brazil. Apple published a knowledgebase document detailing how users can avoid or remove the latest Mac Defender malware and a new variant of Mac Defender, MacGuard, was discovered. Professional exploit kits, BlackHole and Impassioned, were found to be freely available online.

• Spam control should involve banks
• 64-bit rootkit spies on online banking customers
• Apple publishes Mac Defender removal details, promises fix
• Mac Defender variant doesn't require admin password
• Professional exploit packs freely available online

Sony's troubles continued, with attacks on its servers in Thailand, Greece, Indonesia and Canada. The Brazilian Comodo SSL registrar ComodoBR fell victim to an attack. ElcomSoft researchers discovered how to copy and decrypt the memory of iPhones that have built-in hardware encryption. Researchers Billy Bob Brumley and Nicola Tuveri described how they calculated the secret key of a TLS/SSL server that uses the Elliptic Curve DSA.

• Attacks on Sony continue
• Another Comodo SSL registrar hacked
• ElcomSoft cracks iOS encryption system
• Successful timing attacks on elliptic curve cryptography

The LinkedIn social networking site was reported to have been careless with its users' account credentials, and a student managed to accumulate 15 million Google profiles within a month. An unpatched hole in Internet Explorer allows attackers to extract users' cookies. Kaspersky compared the security situations on Android and Windows.

• LinkedIn is careless with access cookies
• Internet Explorer: cookie theft made easy
• Kaspersky: Android is the new Windows
• Audio captchas: most can be cracked
• Student collects 15 million Gmail addresses

A security update of the Apache HTTP Server earlier this month was found to have exposed a related denial of service vulnerability. Four vulnerabilities, two of them critical, were addressed in the stable channel of Google's Chrome browser. The latest stable update to WordPress 3.1.x included a number of security fixes and introduced "clickjacking" protection on admin and login pages.

• Another DoS fix for Apache HTTP server
• Chrome 11 update patches critical holes
• WordPress 3.1.3 and 3.2 Beta 2 released

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)