Information freedom for open source users.
08
Deep inside millions of computers is a digital Fort Knox, a special chip [TPM] with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.
08
Many eons ago, GNOME 1.4 still lived, and it was good. It was extremely configurable and hackable. You could use either Enlightenment or Sawfish as the window manager, and could customize it to your heart’s content. It was even friendly to homegrown GTK+ hacks. And then tragedy struck: the GNOME maintainers decided that 1.4 needed a ground-up rewrite, and thus GNOME 2.0 was born.
08
The Microsoft Office productivity suite has risen to become the dominant application of its type for business IT management. But there are open source office productivity suites available that may provide a suitable alternative to Office, depending on your requirements. Despite the scores of additional features found in products like Microsoft Office, most workers only need a simple word processor or spreadsheet to complete their day-to-day office tasks. If your staff are not “power users” then having a full-blown office suite on their desktop can be overkill. In this edition of 5 open source things to watch, we take a look at office suites that can manage you business information without emptying the company coffers.
08
HP Security Bulletin – A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.
08
Mandriva Linux Security Advisory 2010-034 – Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
08
HP Security Bulletin – Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
08
Computerworld UK: “Regular readers of this blog will know that I’m a big fan of OpenOffice.org, and that I think it has the potential to break through into the mainstream. Maybe it’s already begun…”
08
After just a few weeks, SourceForge has backed off its policy of imposing a blanket ban on all users trying to access the site from countries on the U.S. “banned” list. Instead, it announced on Sunday that it’s putting the decision in the hands of each project that hosts on the site. According to SourceForge’s Lee Schlesinger, the company has no way of knowing which projects should or shouldn’t trigger a block.
08
bridges writes “The V3VEE project has announced the release of version 1.2 of the Palacios virtual machine monitor following the successful testing of Palacios on 4096 nodes of the Sandia Red Storm supercomputer, the 17th-fastest in the world. The added overhead of virtualization is often a show-stopper, but the researchers observed less than 5% overhead for two real, communication-intensive applications running in a virtual machine on Red Storm. Palacios 1.2 supports virtualization of both desktop x86 hardware and Cray XT supercomputers using either AMD SVM or Intel VT hardware virtualization extensions, and is an active open source OS research platform supporting projects at multiple institutions. Palacios is being jointly developed by researchers at Northwestern University, the University of New Mexico, and Sandia National Labs.” The ACM’s writeup has more details of the work at Sandia.
Read more of this story at Slashdot.
08
Former Intel executive Rajiv Goel has pleaded guilty to two charges of conspiracy and securities fraud in connection with the Galleon insider trading case. Goel is the tenth person to plead guilty in the case, which the FBI and the US attorney’s office in Manhattan call the largest hedge fund inside trading case in US history.…
08
Standards Blog: “Our story so far: Security expert Frank Adversego comes under suspicion when the Library of Congress is hacked by a mysterious cracker with motives unknown and a taste for the bizarre; to protect himself, Frank had better get to the bottom of things”
08
Posted by CORE Security Technologies Advisories on Feb 08
Core Security Technologies – CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
1. *Advisory Information*
Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05…
08
An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.…
08
Posted by m . mahdjoub on Feb 08
- Night Da Hack 2010
Date: June 19-20 2010
Time: 4 PM – 7 AM
Location: Paris, France
What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.
Around computer security related talks, workshops and contests, Night da Hack aims at bringing…
08
Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week.…
08
Posted by Matthias -apoc- Hecker on Feb 08
– Product
JDownloader[1] is an open source download manager for One-Click-
Filehoster like Rapidshare or Megaupload. The Click’n'Load[2] interface
allows external applications and websites to send URLs to the local
running JDownloader. With Click’n'Load2 [3] it is possible to sent
AES-CBC encrypted URLs (for some kind of link ‘obfuscation’).
The encrypted payload _and_ key are sent with an HTTP-POST submit on
localhost port 9666 (default port,…
08
Posted by Stefan Kanthak on Feb 08
Dan Kaminsky wrote on February 06, 2010 6:43 PM:
OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN’T need admin rights!
[snip]
Stefan
08
Last month many developers were scurrying to prepare for the 2.6.33 merge window. When they weren’t doing that, here are a few of the items that were under discussion, starting with the Big Kernel Lock…
08
Linux User and Developer: “As I’ve mentioned before, one of the longer-term goals of the kernel development community is to kill off the Big Kernel Lock (BKL).”
08
angry tapir writes “Microsoft’s XML-based office document format, OOXML, does not meet the requirements for governmental use, according to a new report published by the Norwegian Agency for Public Management and eGovernment (DIFI). The agency wants to start a debate over the report as part of its work on standards in the Norwegian government. (As we discussed a week ago, Denmark has already decided to choose ODF over OOXML)”
Read more of this story at Slashdot.