The H Week - openSUSE 11.4, Chrome 10, Pwn2Own & Android malware
In the week of the Pwn2Own hacker contest, The H published an interview with Charlie Miller and Dino Dai Zovi, as well as two new editions in the Kernel Log series. Google released Chrome 10 and openSUSE 11.4 arrived, Nokia sold off the services arm of Qt and Panasonic joined the Linux Foundation. Google worked to remove malware from Android devices and Apple released a variety of software updates for its products.
This week, Glyn Moody took a look at Microsoft's monoculture and The H published the full text of an interview with Charlie Miller and Dino Dai Zovi, co-authors of "The Mac Hacker's Handbook", as well as two new editions of the Kernel Log series looking at what's coming in the next release of the Linux kernel.
- Moving beyond the Microsoft monoculture
- Kernel Log: Coming in 2.6.38 (Part 5) - Architecture, infrastructure and virtualisation
- Hackers versus Apple: interview with Miller and Zovi
- Kernel Log: Coming in 2.6.38 (Part 6) - Drivers
This week, Google released a major update to the stable branch of its Chrome web browser, as well as a new version of the VP8 Codec SDK for the free VP8 web video format. A new logo for the open source Chromium web browser upon which Chrome is based appeared, and, according to reports, the United States Department of Justice is now investigating the MPEG LA patent licensing company.
- Google VP8: "Bali" to offer faster encoding
- Report: US DoJ investigating MPEG LA
- Chromium gets a new sharper logo
Nokia confirmed that it is selling the commercial licensing and professional services arm of its Qt group, the MeeGo architects made changes to architecture plans for the mobile operating system, and, OpenLogic announced that its survey of iOS and Android applications found that 71 per cent of mobile apps with FOSS code do not comply with the terms of the licence for that code.
- Nokia sells off commercial and services arm of Qt
- MeeGo changes architecture plans
- OpenLogic survey: 71% mobile apps with FOSS code do not comply
The Free Software Foundation announced that it has appointed a new executive director and Panasonic joined the Linux Foundation as a Gold Member, the organisation's second-highest corporate membership tier. VMware's SpringSource acquired graphical web development tool WaveMaker and Rackspace announced that it would be providing commercial support, training and services for OpenStack.
- New executive director at the Free Software Foundation
- Panasonic joins the Linux Foundation as Gold member
- VMware's SpringSource has acquired WaveMaker
- OpenStack gets wider support, reworks governance
In Linux news this week, the final version of openSUSE 11.4 was released, as was version 11 of Gentoo Linux, and, Java was removed from the latest version of the Linux Standard Base. Mark Shuttleworth announced the new name for Ubuntu 11.10 and the Ubuntu developers confirmed that with the next major release, Ubuntu 11.04, the Netbook Edition would be folded into the main branch.
- openSUSE 11.4 final arrives
- Gentoo Linux 11 released
- Java removed from Linux Standard Base 4.1
- Ubuntu 11.10 to be an "Oneiric Ocelot"
- Ubuntu dropping Netbook Edition
Open Source Releases
- Mozilla patches Java applet problems in Firefox
- KDE SC 4.6.1 arrives with various bug fixes
- Inkscape 0.48.1 closes bugs
- Jython 2.5.2 released and benchmarking 20% faster
- IPFire open source firewall updates PHP
- Cyberduck 4.0 arrives for Mac OS X and Windows
- CouchDB gets comfortable on the iPhone and iPad
- Jolicloud becomes Joli OS, releases version 1.2
- SourceForge open sources its own source
- Pidgin 2.7.11 closes DoS bug
- Wine 1.3.15 brings reflections support to shader compiler
- Work has started on the next generation of Apache
- Gingerbread-based CyanogenMod 7.0 approaches
- Alpha version of Fedora 15 released
- More data integration and virtualisation in Red Hat's SOA platform
- First release candiate of Firefox 4 is ready
- Visual Studio plug-in for Python developers
- First release candidate of Slackware 13.37 arrives
- RockMelt social web browser goes into public beta
- LibreOffice 3.3.2 RC1 arrives
This week, Google used the "remote removal function" built into Android to remove malware from devices and closed a cross-site scripting hole in the Android Market that allowed attackers to install apps to devices without user consent. Security services provider Kaspersky criticised Google's handling of the recent Android malware problems and it was discovered that a group of criminals had installed a trojan into the Android Market Security Tool that was released by Google.
- Google remotely removes Android malware
- Android Market: XSS hole allows unauthorised installation of apps
- Kaspersky: Google's handling of Android malware is debatable
- Google's security tool infected with trojan
Apple released a number of updates this week, including security updates for Java, a new version of the iOS mobile operating system and a maintenance release of the Safari web browser. On the first day of the Pwn2Own hacker contest, no one attacked Google's Chrome web browser; on day two both the iPhone and BlackBerry handhelds were hacked.
- Apple releases Java security updates
- Apple's iOS 4.3 fixes security holes
- Pwn2Own 2011: no-one goes after Chrome
- Pwn2Own 2011: Day 2 - iPhone and Blackberry hacked
Investigations into the WordPress attacks began, the internet activist group Anonymous attacked the site of Broadcast Music Inc., and the European Network and Information Security Agency (ENISA) released a report on methods for detecting, measuring and fighting botnets. The French Budget Minister confirmed a report by Paris Match magazine which said that his ministry fell victim to a cyber attack in December 2010, and, The H reported on vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection that could allow commands to be injected into a connection.
- Further attacks on WordPress under investigation
- Anonymous now attacks the US music industry
- Botnet report: size isn't everything
- PCs at French Ministry of Finance infected with spyware
- Vulnerabilities in STARTTLS implementations
- USB driver bug exposed as "Linux plug&pwn"
- Microsoft closes critical holes in Windows Media Player and Media Center
- Apple updates Safari web browser
For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.