The H Week - Novell sold, Ubuntu rolling release denied & Stuxnet for sale
Following its acquisition by the Attachmate Corporation, Novell stated it would be retaining the copyrights to the UNIX OS. Rumours that Ubuntu would be switching to a rolling release were denied. OpenStreetMap's founder joined Microsoft's Bing Maps team and Google Wave has been submitted to the Apache Incubator. There were reports the Stuxnet worm is on sale on the black market, Google patched its GMail service, Apple's iOS 4.2.1 update closed a variety of security holes and BitDefender reported that 20% of Facebook news feeds contain infections.
Featured
This week, the latest Kernel Log took a look at Linux kernel development, including a new patch that should significantly increase the responsiveness of desktop applications in some situations where CPU load is high.
Open Source
On Monday, Novell announced that it had agreed to a merger proposition from the Attachmate Corporation for $2.2 billion (£1.25 billion). Following that announcement, Attachmate confirmed that the openSUSE project will continue to operate as it always has in the past and Novell said that it would be retaining the copyrights to the Unix operating system.
- Novell acquired by Attachmate
- Attachmate: Novell's openSUSE project is safe
- Novell to retain UNIX copyrights
Following rumours from several online publications, Ubuntu's Engineering Director Rick Spencer denied that the distribution is changing to a rolling release schedule. The kernel.org infrastructure received several major system upgrades in the form of new servers and Google confirmed that it will begin showing content ratings for all applications and games in the Android Market.
- Ubuntu: Rolling release rumours wrong
- Kernel.org gets major system upgrades
- Google's Android Market to gain content ratings
OpenStreetMap project founder Steve Coast announced that he had joined Microsoft's Bing Maps team, Google Wave was submitted to the Apache Incubator by Google and Novell employees, and France's social security system, the Caisse Nationale d'Allocations Familiales (CNAF), announced that it had switched to using the open source PostgreSQL database management system (DBMS) running on Red Hat Linux servers.
- OpenStreetMap founder joins Microsoft's Bing Maps team
- Google Wave to become Apache project
- French social security now run on PostgreSQL and Red Hat Linux
The winners of the inaugural Packt Publishing Open Source Awards were announced. A new computer farm with a wide range of systems, set up by the Open Source Automation Development Lab (OSADL) will be used to continually study the real time performance of various versions of the Linux kernel and Moonlight, the free Mono-based Silverlight clone for Linux, can now use graphics card hardware acceleration to render 3D effects and play back videos.
- 2010 Packt Open Source Award winners announced
- OSADL opens embedded farm for real-time kernel tests
- Hardware acceleration for Moonlight
Open Source Releases
- NetBSD 5.1 feature update arrives
- FreeNAS 8.0 Beta released
- Pidgin 2.7.6 fixes MSN connection issues
- OpenWGA content management system includes new social plug-ins
- Tiny Core Linux 3.3 released
- Opsview Enterprise 3.10 released
- digiKam 1.6.0 adds new options
- NVIDIA CUDA Toolkit 3.2 available
- Mozilla releases Thunderbird 3.3 Alpha 1
- WordPress for Android adds post status option
- New features in KDE SC 4.6 Beta 1
- KDE releases openCloud web-based storage app update
- Ultimate Edition 2.8 Gamers released
- Moodle 2.0 released
Security
Microsoft patched three of the four security holes exploited by Stuxnet, while almost at the same time, an exploit appeared for the fourth unpatched hole. The Stuxnet code itself was reported as being sold on the black market. Anti-virus vendor F-Secure reported a new version of the Zeus worm that makes an apparently botched attempt at a timing analysis to detect the presence of a debugger. As a consequence it tends not to infect older, slower CPUs.
- Exploit released for unpatched Stuxnet hole
- Report: Stuxnet code being sold on black market
- Trojan spurns low-spec systems
Google patched a hole in its Google Mail email service that can even be exploited in Private Browsing mode and Avira's WebGuard anti-virus proxy blocked access to the beta of Secunia's PSI 2.0 security tool.
The Chronic Dev team released one of the major components of their software for jailbreaking Apple devices running the iOS operating system and Apple released a major update to iOS that uses a baseband check to prevent users from unlocking SIM locked iPhones.
- Main component of latest iPhone jailbreaking code released
- iOS 4.2.1 closes a number of holes, but has already been hacked
- New iOS prevents users from unlocking their iPhones
BitDefender claimed that approximately 20% of user's news feeds and wall posts on the Facebook social-networking site contain infections. The European ATM Security Team (EAST) reported that ATM skimming attacks are on the rise in Europe and Secunia's domain was hijacked through manipulated DNS entries.
- BitDefender: 20% of Facebook news feeds contain infections
- Report: European ATM skimmer attacks on the rise
- Secunia's domain hijacked
Prevx reported that a zero-day exploit for a previously unknown security vulnerability in Windows' win32k.sys kernel mode driver was published on a Chinese forum, security expert Guillaume Delugré showed that rootkits can be concealed in other places than inside a computer and the Firefox extension HTTPS Everywhere was updated to include more encryption and new rules for popular sites and services. Cornell University released the first version of a programming language designed for creating secure applications that run on distributed systems.
- Another zero-day vulnerability in the Windows kernel
- The enemy in the network card
- HTTPS Everywhere brings more encryption
- Secure Java programming with Fabric
Security Alerts
To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(crve)