In association with heise online

24 July 2010, 11:59

The H Week - PDF timebombs, OpenStack, Responsible Disclosure

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The H Week In the past week, The H reported on cooperative cloud projects, with NASA working with Rackspace and Canonical working with IBM. W3C announced new audio and video extensions to the HTML5 standard. The Symbian DevCo opened up Symbian Foundation membership to individual developers. The VideoLAN project released a new Blu-ray library. DrupalCON Europe opened for registration and the GENIVI alliance choose MeeGo as the basis of IVI. Google and Microsoft expressed their views on the correct approach to vulnerability disclosure and Microsoft was caught out on a basic flaw in the short cuts code. Following heavy criticism of the security of Adobe Reader, Adobe took corrective steps and a researcher demonstrated how the auto-complete function present in many browsers can be tricked into disgorging log-on details and other sensitive information. Suricata announced a new open source intrusion detection & prevention engine.

Featured

This week, The H published a feature on the new 11.3 point release of openSUSE, another feature in our CSI series on analysing malware and part 3 of our Kernel Log series on the 2.6.35 Linux kernel.

Open Source

The week has been a bit cloudy with NASA and Rackspace cooperating on a new open source cloud platform called OpenStack and Canonical working with IBM to release a new virtual appliance of IBM’s DB2 Express-C database software running on the Ubuntu cloud platform. W3C announced new extensions to the HTML5 standard, governing access to images and audio. Previously, membership in the Symbian Foundation was restricted only to companies, but this week a new cooperative, Symbian DevCo, opened membership up to individual developers. Blu-ray media gained further open source support, at least for non-DRM disks, with the announcement of the libbluray library from the VideoLAN project. DrupalCON Europe will be taking place at the end of August and is currently open for registration. The GENIVI Alliance announced the choice of MeeGo as the basis of their next release of IVI (In Vehicle Infotainment).

Open Source Releases

Security

This week saw Google's security team lay down a challenge with their announcement of their 60 day grace period for manufacturers before going public with an exploit. Microsoft responded by announcing their new "Coordinated Vulnerability Disclosure" policy. Microsoft has also been embarrassed this week by the .lnk short-cut flaw and its struggle to offer a viable work around. Another market leader – Adobe – having been the target for some time of criticism of the security of Adobe Reader, took steps to harden that product. Security researcher Jeremiah Crossman revealed a flaw found in many browsers that allows an attacker to use a crafted web site to easily extract cached log-on data from browsers auto-complete functions. Sponsored partly by the US Dept of Homeland Security, Suricata released a new open source intrusion detection & prevention engine.

Security Alerts

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1044582
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit