In association with heise online

12 February 2011, 11:59

The H Week – Nokia and MeeGo, Debian 6 and USB worms

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The H Week Logo In the past week, The H reported on the release of Debian 6.0, on the now uncertain future of MeeGo and on the development of IcedRobot which aims to free Android apps from the Dalvik virtual machine. Security expert Jon Larimer showed that Linux too can be attacked by USB worms, Google opened the Android Market on the internet, opening another possible attack vector for remote installation of malware. Fraunhofer researchers showed it was still possible to read passwords from an iPhone that had been locked with a passcode.


As a de-facto reference or base distribution, a new Debian release is always worth a look and this week Mirko Dölle did just that in his article on the newly released Debian 6.0 Squeeze. In the latest issue of the Kernel Log, Thorsten Leemhuis reported on developments in RAID support, graphics and audio drivers in the Linux kernel. Daniel Bachfeld examined online tools for checking for virus infection in files on the internet which avoid downloading the suspect file to your system.

Open Source

The battle for a share of the mobile market intensifies and we are starting to see casualties. This week, although the MeeGo roadmap was updated, it seems the longer-term survival of MeeGo is unsure, with some MeeGo related projects apparently being put on hold. Even Nokia has now announced it will move its phones to Windows Phone 7 and MeeGo is now earmarked for "longer-term exploration" on next generation devices.

Coinciding with the release of Debian 6.0, Debian also announced it was time to change its signing key, which it does every three years. Canonical announced the release of a database of certified components for Ubuntu and Linux, and the Ubuntu developers said there would be no release candidate before the release of 11.04, aka Natty Narwhal, on April 28th.

INSIDE Secure said it would shortly release its Open NFC stack for Android, claiming that its hardware abstraction layer makes it easier to re-configure for different NFC hardware compared to the native Android NFC stack. The IcedRobot project announced a replacement for Dalvik and Apache Harmony which will allow Android apps to run on OpenJDK and on desktops. Swiss software vendor Myriad announced the launch of Alien Dalvik, a version of the Android virtual machine for other platforms.

Rackspace, co-founders of the OpenStack project with NASA, which is building an open operating system for cloud computing, has announced it will acquire Anso labs, the developers of NASA's own cloud platform. NoSQL specialists CouchOne and Membase are to merge and become Couchbase.

The Firefox developers have updated their browser roadmap and plan to release versions 4 through 7 of the browser this year. Nuxeo, the French provider of ECM (Enterprise Content Management) systems, announced that it is handing its Nuxeo Core content repository technology over to the Eclipse Foundation, and the TIOBE Index showed that although Java and C remain the most popular programming languages both Python and C# are gaining in popularity.

Open Source Releases


At the ShmooCon hacker conference this week, security expert Jon Larimer showed that Linux too can be attacked by USB worms. Google's opening of the Android Market on the internet was shown to introduce a possibility of remote installation of malware. Facebook dealt with incompatibilities between its recently introduced encryption and certain third party applications by offering the user a choice to switch to unprotected http, but without telling the user it was permanently turning https off. Fraunhofer researchers Jens Heider and Matthias Boll showed it was still possible to read passwords from an iPhone that had been locked with a passcode. Mac security experts Dino Dai Zovi and Charlie Miller demonstrated a further zero day exploit for the 64-bit version of Safari 5.

Microsoft announced the RTM of SP1 for Windows 7 and Server 2008. General distribution of SP1 starts on 22 February. Microsoft also released a patch via Windows Update that modifies the AutoPlay dialogue, for USB flash drives and other mobile storage media, to help reduce the spread of malware that propagates through AutoRun. IE9 RC, released this week, now includes Tracking Protection controls.

Less than two weeks after OpenSSH 5.7 arrived, version 5.8 / 5.8p1 of the open source SSH (Secure Shell) implementation was released to address a legacy certificate signing vulnerability. WordPress released version 3.0.5 to address several security vulnerabilities in the open source blogging and publishing platform that could lead to, for example, privilege escalation. Adobe patched various vulnerabilities with the release of Flash Player 10.2 and updates for Reader X and 9.4.1, Acrobat X, ColdFusion and the Shockwave player, to patch a multitude of holes. Google released an update to Chrome 9 to patch several high risk vulnerabilities and the phpMyAdmin developers released version and of their database administration tool to fix a path disclosure vulnerability.

Security Alerts

For all of last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit