The H Week - PDF timebombs, OpenStack, Responsible Disclosure
In the past week, The H reported on cooperative cloud projects, with NASA working with Rackspace and Canonical working with IBM. W3C announced new audio and video extensions to the HTML5 standard. The Symbian DevCo opened up Symbian Foundation membership to individual developers. The VideoLAN project released a new Blu-ray library. DrupalCON Europe opened for registration and the GENIVI alliance choose MeeGo as the basis of IVI. Google and Microsoft expressed their views on the correct approach to vulnerability disclosure and Microsoft was caught out on a basic flaw in the short cuts code. Following heavy criticism of the security of Adobe Reader, Adobe took corrective steps and a researcher demonstrated how the auto-complete function present in many browsers can be tricked into disgorging log-on details and other sensitive information. Suricata announced a new open source intrusion detection & prevention engine.
Featured
This week, The H published a feature on the new 11.3 point release of openSUSE, another feature in our CSI series on analysing malware and part 3 of our Kernel Log series on the 2.6.35 Linux kernel.
- What's new in openSUSE 11.3
- CSI:Internet – PDF timebomb
- Kernel Log: Coming in 2.6.35 (Part 3) - Network support
Open Source
The week has been a bit cloudy with NASA and Rackspace cooperating on a new open source cloud platform called OpenStack and Canonical working with IBM to release a new virtual appliance of IBM’s DB2 Express-C database software running on the Ubuntu cloud platform. W3C announced new extensions to the HTML5 standard, governing access to images and audio. Previously, membership in the Symbian Foundation was restricted only to companies, but this week a new cooperative, Symbian DevCo, opened membership up to individual developers. Blu-ray media gained further open source support, at least for non-DRM disks, with the announcement of the libbluray library from the VideoLAN project. DrupalCON Europe will be taking place at the end of August and is currently open for registration. The GENIVI Alliance announced the choice of MeeGo as the basis of their next release of IVI (In Vehicle Infotainment).
- Rackspace and NASA launch OpenStack project for open clouds
- Canonical brings IBM database to Ubuntu on the cloud
- HTML5: Access to cameras and microphones
- Cooperative to represent Symbian developers
- Blu-ray project for free media players launched
- DrupalCon Europe 2010
- GENIVI chooses MeeGo for in-car infotainment systems
Open Source Releases
- Wine 1.2 adds support for 64-bit applications
- openSUSE 11.3 Edu Li-f-e arrives
- Microsoft releases version 1.0 of bioinformatics toolkit
- Winamp media player adds VP8/WebM support
- Yellow Dog Linux for CUDA updated
- Lightspark 0.4.2 open source Flash player released
- Apache FOP gets a 1.0 release
- PC-BSD 8.1 "Hubble Edition" released
- SQLite 3.7.0 adds Write-Ahead Logging
- NoSQL in the cloud
- Kaltura CE 2.0 released
- VLC Media Player updated to V 1.1.1
- ClearOS Enterprise 5.2 released
- Blender 2.5 Beta 1 released
- ForgeRock releases version 9.5 of OpenAM
Security
This week saw Google's security team lay down a challenge with their announcement of their 60 day grace period for manufacturers before going public with an exploit. Microsoft responded by announcing their new "Coordinated Vulnerability Disclosure" policy. Microsoft has also been embarrassed this week by the .lnk short-cut flaw and its struggle to offer a viable work around. Another market leader – Adobe – having been the target for some time of criticism of the security of Adobe Reader, took steps to harden that product. Security researcher Jeremiah Crossman revealed a flaw found in many browsers that allows an attacker to use a crafted web site to easily extract cached log-on data from browsers auto-complete functions. Sponsored partly by the US Dept of Homeland Security, Suricata released a new open source intrusion detection & prevention engine.
- Google's security team redefines "responsibility"
- Microsoft's new rule for dealing with security flaws
- .lnk vulnerability: Microsoft fix causes icon chaos
- Adobe aims to get Reader out of the firing line
- Auto-complete: browsers disclose private data - Update
- Suricata: Free intrusion detection & prevention engine
Security Alerts
- Microsoft confirms USB trojan hole
- Exploit demonstrates critical Windows .lnk vulnerability
- Apple fixes flaw in iTunes
- Mozilla releases Firefox & Thunderbird security updates
- Cisco's Content Delivery System discloses files
- vBulletin divulges MySQL login
To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(crve)