| Severe Deserialization Vulnerabilities Found In Android, 3rd Party Android SDKs: Android Posted by: comforteagle
From the Ekkkkk! dept.:
Closely behind the discoveries of the Stagefright flaw, the hole in Android's mediaserver service that can put devices into a coma, and the Certifi-gate bug, comes that of an Android serialization vulnerability that affects Android versions 4.3 to 5.1 (i.e. over 55 percent of all Android phones). The bug (CVE-2015-3825), discovered by IBM's X-Force Application Security Research Team in the OpenSSLX509Certificate class in the Android platform, can be used to turn malicious apps with no privileges into "super" apps that will allow cyber attackers to thoroughly "own" the victim's device.
| Vulkan Added to Android: Android Posted by: comforteagle
From the 3D dept.:
Developers of games and 3D graphics applications have one key challenge to meet: How complex a scene can they draw in a small fraction of a second? Much of the work in graphics development goes into organizing data so it can be efficiently consumed by the GPU for rendering. But even the most careful developers can hit unforeseen bottlenecks, in part because the drivers for some graphics processors may reorganize all of that data before it can actually be processed. The APIs used to control these drivers are also not designed for multi-threaded use, requiring synchronization with locks around calls that could be more efficiently done in parallel. All of this results in CPU overhead, which consumes time and power that you’d probably prefer to spend drawing your scene.
| Google Announced Major ReOrg; New CEO: Google Posted by: comforteagle
From the Shake dept.:
Our company is operating well today, but we think we can make it cleaner and more accountable. So we are creating a new company, called Alphabet (http://abc.xyz). I am really excited to be running Alphabet as CEO with help from my capable partner, Sergey, as President.
What is Alphabet? Alphabet is mostly a collection of companies. The largest of which, of course, is Google. This newer Google is a bit slimmed down, with the companies that are pretty far afield of our main Internet products contained in Alphabet instead. What do we mean by far afield? Good examples are our health efforts: Life Sciences (that works on the glucose-sensing contact lens), and Calico (focused on longevity). Fundamentally, we believe this allows us more management scale, as we can run things independently that aren’t very related. Alphabet is about businesses prospering through strong leaders and independence. In general, our model is to have a strong CEO who runs each business, with Sergey and me in service to them as needed. We will rigorously handle capital allocation and work to make sure each business is executing well. We'll also make sure we have a great CEO for each business, and we’ll determine their compensation. In addition, with this new structure we plan to implement segment reporting for our Q4 results, where Google financials will be provided separately than those for the rest of Alphabet businesses as a whole.
| CentOS 6.7 Released: Linux Posted by: comforteagle
From the Not "Enterprise" dept.:
*sssd has a number of new capabilities
*Support for udev rules to restrict removable media to be mounted read-only for security
*LVM caching is now fully supported
*New package clufter can be used for analyzing and transforming cluster configuration formats
*SSLv3 and older insecure protocols are disabled by default, and various packages now have more configuration options to select the desired protocols
*vim has been rebased to version 7.4, with improvements to undo and regular expressions
*libreoffice has been upgraded to 18.104.22.168
*The KVM hypervisor can now handle up to 240 virtual CPUs per virtual machine
*IPv6 IP sets are now allowed in firewall rules
*squid has been rebased to version 3.1.23 and now supports HTTP/1.1 POST and PUT responses with no message body
*mdadm has been rebased to version 3.3.2, improving support for RAID level migrations and automatic array rebuilding the package yum-plugin-downloadonly is now superseded by the main yum package, as the feature has been integrated
| NSA Open Sources InfoSec Tool: Security Posted by: comforteagle
From the Challenge Accepted? dept.:
The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help beef up their security and counter threats.
The systems integrity management platform - SIMP - was released to the code repository GitHub over the weekend.
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security.
| Firefox 39: Mozilla Posted by: comforteagle
From the Chat dept.:
Firefox 39 has been released for both desktop and mobile systems. The new features include a social sharing tool for the Firefox Hello video chat subsystem. It is designed to make it easier to share Firefox Hello chat invitations over third-party social networks. In addition, Firefox's existing phishing-and-malware detection tool has been extended to cover downloads, support has been added for Unicode 8.0's multi-ethnic emoji characters, and there is improved support for the Accessible Rich Internet Applications (ARIA) standard.
| Open Container Project Launched: Open Source Posted by: comforteagle
From the Bucket dept.:
A broad coalition of industry leaders and users are joining forces to create the Open Container Project (OCP), chartered to establish common standards for software containers.
Housed under the Linux Foundation, the OCP’s mission is to enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation. As part of this initiative, Docker will donate the code for its software container format and its runtime, as well as the associated specifications. The leadership of the Application Container spec (“appc”) initiative, including founding member CoreOS, will also be bringing their technical leadership and support to OCP.
| Google Eavesdropping Through Chromium / Chrome?: Security Posted by: comforteagle
From the WAT!?! dept.:
Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to "we can do that".
| Fedora 22: Linux Posted by: comforteagle
From the New Arrival dept.:
In addition to the latest versions of all your favorite free and open source software, Fedora 22 marks our second release with distinctly-targeted offerings for cloud computing, the server room, and the desktops and laptops of software developers and creators everywhere. Thanks to the hard work of developers, designers, packagers, translators, testers, documentation writers, and everyone else, we're incredibly confident in saying that this is our best and most polished release yet.
Also with this release, we return to our traditional six-month cadence -- we'll see you back here sometime around Halloween!
| Mozilla Revamping Firefox Smartphone for Quality: Mozilla Posted by: comforteagle
From the Code for it stank dept.:
"Mozilla has revamped its Firefox OS mobile software project after concluding that ultra-affordable $25 handsets aren't enough to take on the biggest powers of the smartphone world, CNET has learned.
The nonprofit organization rose to prominence with the success of its Firefox Web browser a decade ago, but it's having trouble achieving the same success with its Firefox operating system for smartphones. According to a Thursday email from new Chief Executive Chris Beard, Mozilla has changed its strategy to a new "Ignite" initiative that emphasizes phones with compelling features, not just with lower price tags. It's also considering letting its operating system run apps written for its top rival, Google's Android."
|Thursday, May 14|
|·|| Wireless Charging Tech Adopted By Ford, Chrysler, and Toyota Goes Open Source (0)|
|Friday, May 08|
|·||Self-destructing virus kills off PCs (0)|
|Thursday, April 30|
|·||Debian 8 "Jessie" Released (0)|
|Monday, April 13|
|·||Linux 4.0 Kernel Released (0)|
|Thursday, April 09|
|·||Google Lets SMTP Certificate Expire (0)|
|·||Open Crypto Audit Passes TrueCrypt (0)|
|Wednesday, March 11|
|·||CIA 'tried to crack security of Apple devices' (0)|
|Monday, March 02|
|·||Xen Security Bug: Amazon, Rackspace Cloud Reboots (0)|
|Thursday, February 26|
|·||FCC Approves Net Neutrality Rules (0)|
|Tuesday, February 17|
|·||Kaspersky: Your HDDs were RIDDLED with NSA SPYWARE for YEARS (0)|
| ||Older Articles|