The H Week - Firefox 4 delayed, MeeGo 1.1 arrives, Adobe updates & zero days

In the past week, The H took an in-depth look at the Rosegarden Project, several OpenOffice.org Council members resigned, Mozilla delayed Firefox 4 and MeeGo 1.1 was released. Adobe patched its Shockwave Player and warned of a critical vulnerability in Flash, Reader and Acrobat.

Featured

This week, Richard Hillesley took an in-depth look at the open source Roesegarden MIDI and audio music composition application for Linux. Following a heart attack, our editor-in-chief Dj Walker-Morgan reflected on just how much the UK health care system relies on paper documentation.

• Rosegarden - An open source MIDI / audio multi-tracker
• Open source needs an attack of the heart

Open Source

Following a call to resign on the grounds that their involvement with The Document Foundation constituted a conflict of interest, a number of OpenOffice.org Council officially stepped down. Oracle drew criticism for its policy towards the Java Community Process (JCP) and Mozilla announced that Firefox 4 would be delayed until next year. Canonical announced its custom Unity desktop would be the default in Ubuntu 11.04 rather than GNOME and Intel and Nokia released the first major update to their open source MeeGo mobile operating system, version 1.1.

• OpenOffice.org Council members resign
• Oracle draws criticism for policy towards JCP
• Mozilla: Firefox 4 delayed until 'early 2011'
• Ubuntu to replace GNOME Shell with Unity
• MeeGo 1.1 for Core, Netbooks, IVI and Handsets arrives

Rumours spread that the Google Android developers have completed Android 3.0, code named "Gingerbread", the Android Market officially surpassed 100,000 applications and Oracle claimed that Android contains code copied directly from Java.

• Google completes Android 3.0?
• Google: Android Market has 100,000 apps
• Oracle claims some Android code directly copied from Java

Microsoft announced that it is working with Cloud.com to provide integration and support for Windows to the OpenStack software project and ForgeRock launched the OpenIDM Project for open source identity management.

• Microsoft's server to run in OpenStack cloud
• ForgeRock announces OpenIDM Project for Open Source Identity Management

Hadoop service provider Cloudera and Cassandra service provider Riptano both received venture capital funding.

• Hadoop service provider Cloudera receives $25 million in funds
• Cassandra service provider Riptano receives $2.7 million in funding

The Linux Foundation announced that it would merge with the Consumer Electronics Linux Forum, which will become a Foundation work group, and Linux helped the London Stock Exchange to achieve world record breaking trading speeds.

• Linux Foundation to merge with Consumer Electronics Linux Forum
• Linux boosts Stock Exchange trading speeds

Open Source Releases

Mozilla released browser building blocks, Firefox and Thunderbird security updates and a new add-on prototype for Firefox. There were releases for the Miro HD Internet TV / podcast downloader and player, MontaVista Carrier Grade Linux and a new version of the Lotus Symphony office suite. Updates arrived for Nokia's N900 and KDevelop and development versions of Skolelinux and CyanogenMod were released.

• Mozilla's browser building blocks
• Mozilla issues Firefox & Thunderbird security updates
• Mozilla Labs launches browser add-on for A / V recording
• Miro 3.5 adds video conversion capabilities
• MontaVista Carrier Grade Linux 6.0 - with configurable real-time environments
• IBM releases Lotus Symphony 3 office suite
• Nokia releases Maemo update for N900
• Open source Plex media centre updated
• KDevelop 4.1 adds Git support
• Skolelinux 6.0.0 Alpha 1 released
• CyanogenMod 6.1 RC1 brings 'insane performance boosts'

Security

The Firesheep extension for Firefox made it easy for attackers to access social networking accounts, a 12-year old was awarded $3,000 for reporting a Firefox vulnerability and a trojan was discovered on the Nobel Peace Prize web site.

• Firefox extension steals Facebook, Twitter, etc. sessions
• 12-year old awarded $3,000 for Firefox vulnerability
• Trojan attack on Nobel Peace Prize site

Java replaced Adobe Reader as the most frequent attack target and Adobe patched 11 holes in its Shockwave Player.

• Java replaces Adobe Reader as the most frequent attack target
• Adobe patches 11 holes in Shockwave Player

Kaspersky's anti-virus software caused problems with some corporate servers, a flaw in the iPhone allowed access to private data despite a passcode lock and the developer of the ZeuS trojan toolkit handed over his code to his rival, the developer of SpyEye.

• Kaspersky Anti-Virus cripples Servers
• iPhone allows access to telephone app and address book despite passcode lock
• Spy swallows spy

Anti-botnet specialist Damballa published an analysis that showed German ISP 1&1 was the most popular host for bot herders then, following criticism of its methods, Damballa removed the blog post about the statistics.

• Analysis finds 1&1 to be popular host for bot herders
• Damballa's analysis of botnet C&C servers criticised

Security Alerts

Attackers exploited a zero day vulnerability in Firefox and the Mozilla developers issued security updates within 48 hours of the first report of a flaw. A variant of the Koobface trojan appeared on Mac OS X, Adobe announced yet another critical hole in its Flash, Reader and Acrobat products and Cisco fixed an issue in its CiscoWorks Server.

• Attackers exploit zero day vulnerability in Firefox
• Mozilla issues Firefox & Thunderbird security updates
• Koobface variant as a trojan for Mac OS X
• Another critical hole in Adobe Flash, Reader and Acrobat
• Vulnerability in CiscoWorks Server

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)