The H Week - Oracle & Java, Stuxnet, Adobe vulnerabilities
In the past week, The H looked at what's new in Red Hat Enterprise Linux 6, as well as openSUSE and its community. Oracle asked the Apache Software Foundation to reconsider its position on Java, AMD joined the MeeGo project and Google's CEO confirmed that Android 2.3 "Gingerbread" is coming in the next few weeks. Further details about the Stuxnet worm and its probable purpose surfaced, McAfee said that malware is on the rise while spam is at a two year low and Apple re-posted its Mac OS X Server 10.6.5 update with fixes for a built-in mail server.
Featured
The H took an in-depth look at what's new in the latest version of the Red Hat Enterprise Linux distribution and our latest edition in the Health Check series discussed openSUSE and its community.
Open Source
This week, Oracle asked the Apache Software Foundation to reconsider its position on Java, high profile Java developer Bob Lee declined to support Oracle's current Java standardisation efforts, new draft Java 7 and 8 specifications and the new JDK 7 roadmap were released.
- Oracle asks Apache to reconsider its position on Java
- Bob Lee declines to support Java standardisation "charade"
- Java 7 and 8 specifications released
- New JDK 7 roadmap released
Processor manufacturer AMD announced at this year's MeeGo Conference in Dublin that it had joined the MeeGo open source project, Google CEO Eric Schmidt confirmed that Android 2.3, code named "Gingerbread" is coming "in the next few weeks" and Google Docs added support for document editing on Android and iOS devices.
- AMD to contribute to MeeGo development
- Google CEO: Android 2.3 coming "in the next few weeks"
- Edit Google Documents on Android and iOS
Google manager Chris DiBona confirmed that in future Google will no longer be checking the names of new projects created on the Google Code Project Hosting service against those already on SourceForge, SourceForge apologised to the Audacity team for malicious ads that appeared on their download page and Black Duck Software acquired software tools and services provider SpikeSource.
- Google Code to stop checking SourceForge names
- SourceForge apologises to Audacity team for malicious ads
- Black Duck Software acquires SpikeSource
The Mono developers announced that they plan to make Microsoft's F# programming language available under Linux and Mac OS X, the Indian government has agreed a policy on the use of open standards in e-governance and Mozilla re-examined its mission statement.
- F# development under Mac OS X and Linux
- India to implement open standards
- Mozilla re-assesses its mission
Open Source Releases
- Linux Mint 10 released
- Google releases Refine 2.0 data sifting tool
- OTRS 3.0 adds new Ajax-powered GUI
- Mozilla Labs launches F1 link sharing add-on
- Fourth alpha of Python 3.2 released
- Ruby on Rails update with faster Active Record
- Version 2.10.0 of the Parrot virtual machine released
- openSUSE Medical 0.0.6 released
- GNOME 2.32.1 released
- Open source add-in for Word supports MediaWiki
- Public preview version of IntelliJ IDEA 10
- JavaScript server Node.js updated
- Red Hat Network Satellite 5.4
- CollabNet releases ScrumWorks Pro 4.5
Security
A Command-and-Control server for the Koobface social networking botnet was discovered in the UK and was subsequently taken off-line. A new rootkit was discovered that is able to bypass kernel protection and driver signing in 64-bit Windows. Reports this week first revealed it was extremely likely that the Stuxnet worm payload was specifically designed to target the Iranian uranium enrichment program and then that the worm had a double payload that could also target power station turbines. In its latest report, McAfee said that malware is still on the rise and spam is at a two year low.
- Koobface server taken down
- Rootkit able to bypass kernel protection and driver signing in 64-bit Windows
- Symantec: We finally understand Stuxnet
- Stuxnet has a double payload
- McAfee: Malware still on the rise
Adobe released Reader X with support for sandboxing on Windows, the VLC developers released an update for their open source media player to address a Windows-only security issue and the Chaos Computer Club (CCC) published a first version of the event schedule for the 27th Chaos Communication Congress (27C3). Apple posted a new version of its Mac OS X Server 10.6.5 update, correcting a security vulnerability related to a built-in mail server, security expert Dan Kaminsky announced Phreebird, an easy-to-use tool set for creating digital signatures based on the DNS Security Extensions (DNSSEC), and Thomas Roth demonstrated the potential of cloud GPUs to perform fast, brute force attacks on SHA1 hash encrypted passwords.
- Adobe Reader X released with Windows sandbox
- VLC Media Player 1.1.5 fixes Windows vulnerability
- 27C3: Preparations for hacker congress are gaining momentum
- Apple re-posts Mac OS X Server 10.6.5 update
- New tool to make child's play of DNSSEC signatures
- GPUs crack passwords in the cloud
Security Alerts
- Update for Adobe Reader fixes 19 holes
- Red Hat warns of hole in OpenSSL
- Apple closes 23 critical holes in Safari
To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(crve)