Debian Security   [more] [xml]
 2014-07-31 DSA-2994 nss - security update

Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library:

 2014-07-29 DSA-2992 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:

 2014-07-27 DSA-2991 modsecurity-apache - security update

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.

Debian Wiki   [more] [xml]
 2014-07-31T14:16:19Z DebianEeePC/HowTo/UpgradeBIOS
Added a link to a demo video.
 2014-07-31T13:53:21Z FreedomBox/TargetedHardware
Add NanoPC-T1.
 2014-07-31T13:44:43Z ppviewerFonts   [more] [xml]
 Thu, 31 Jul 2014 07:00:00 -0700 Lawsuit threatens to break new ground on the GPL and software licensing issues When Versata Software sued Ameriprise Financial Services for breaching its software license, it unwittingly unearthed a GPL violation of its own

 Thu, 31 Jul 2014 06:00:00 -0700 Setup Flexible Disk Storage with Logical Volume Management (LVM) in Linux ??? PART 1

 tecmint: Logical Volume Management (LVM) makes it easier to manage disk space.

 Thu, 31 Jul 2014 05:00:00 -0700 Nostalgic Gaming On Linux With Good Old Games

 The Linux Rain: Thanks to the recent Linux support provided by DRM-free classic games provider,, getting that nostalgic kick on Linux has never been easier.

 Thu, 31 Jul 2014 04:00:00 -0700 Palm-sized mini PC projects display, uses IR for touch

 LinuxGizmos: TouchPico is prepping an Android 4.2 mini-PC that doubles as a pico-projector and approximates touch input via an infrared stylus and camera.

 Wed, 30 Jul 2014 23:00:00 -0700 Heartbleed Flaw Is Still a Risk, Report Finds

eWEEK: A Venafi report claims that only 3 percent of big companies have fully patched for Heartbleed.

 Wed, 30 Jul 2014 19:00:00 -0700 Linode Releases Open Source Cloud Hosting Documentation

 The VAR Guy: Cloud hosting provider Linode has made the documentation for its platform open source, allowing anyone to access the information and contribute to it.

 Wed, 30 Jul 2014 15:00:00 -0700 Red Hat starts work on 64-bit ARM servers

 ZDnet: Red Hat and its partners are betting that 64-bit ARM processors are ready for the data center.

 Wed, 30 Jul 2014 14:00:00 -0700 OrFoxOS combines Firefox OS and Tor on a $25 smartphone

 ITworld: OrFoxOS combines Firefox OS and Tor to help protect your privacy.

 Wed, 30 Jul 2014 13:00:00 -0700 The making of the Raspberry Pi Model B+

 Raspi: The Director of Hardware at the Raspberry Pi Foundation, James Adams, walks through the making of the new and improved Raspberry Pi Model B+

OSNews   [more] [xml]
 Wed, 30 Jul 2014 22:46:18 GMT BlackBerry Passport first look
Phone Arena has a short video up in which the BlackBerry Passport gets introduced. The unique hardware keyboard whose entire surface is also a touchpad gets demonstrated. Typical of a BlackBerry, the Passport employs a portrait style QWERTY keyboard. However, this time around, they've minimized the layout by shrinking the row of buttons to a mere 3 - as opposed to the 4 we're normally accustomed to seeing. Additionally, numbers and punctuations aren't available through the keyboard, but they've been turned into virtual keys that sit above the top row for quick access. And during our demo, we got the chance to see the keyboard be used to scroll through web pages by lightly brushing your finger over the QWERTY. This has been a long time coming: innovation in the hardware keyboard space. Currently, there are effectively no decent high-end smartphones with hardware keyboards, and that's a shame. I'm glad BlackBerry has the guts to go against the grain here and try to breath new life into this severely neglected form factor.
 Wed, 30 Jul 2014 22:40:58 GMT Microsoft reveals Update 1 for Windows Phone 8.1
As expected, Microsoft is finally revealing all there is about Update 1 for Windows Phone 8.1. Known internally as GDR1 for 'general distribution release,' this update is one of two for the 8.1 operating system in 2014. The news comes out of Beijing, China where Microsoft's Joe Belfiore announced the release during his keynote, in addition to the expansion of Cortana to the UK and China. Coming next week for Preview for Developers. If Microsoft can keep this pace of updates up, they've got something very good going. A very welcome contrast to the slow and monolithic approach the company took in the first few years of Windows Phone's existence.
 Tue, 29 Jul 2014 18:28:36 GMT Another day, another sensationalist, unfounded security story
Dan Goodin, at Ars Technica, is writing about a security flaw in Android. It's got all the usual scary-scary language about doom and gloom, quotes from antivirus peddlers, and it wasn't long until sensationalist Apple site AppleInsider took it all one step further (relevant). So, is this a real security threat, or are we looking at sensationalism run amok? This is the issue in a nutshell. The Fake ID vulnerability stems from the failure of Android to verify the validity of cryptographic certificates that accompany each app installed on a device. The OS relies on the credentials when allocating special privileges that allow a handful of apps to bypass Android sandboxing. Under normal conditions, the sandbox prevents programs from accessing data belonging to other apps or to sensitive parts of the OS. Select apps, however, are permitted to break out of the sandbox. Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support. Similarly, Google Wallet is permitted to access Near Field Communication hardware that processes payment information. Sounds serious! Should you be worried? Is it time to stock up on canned beans and switch to a Nokia 3310? Of course, it's always time to switch to a Nokia 3310, but not really because of this "issue". Buried deep within the Ars Technica article is Google's response to the issue. After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to AOSP. Google Play and Verify Apps have also been enhanced to protect users from this issue. At this time, we have scanned all applications submitted to Google Play as well as those Google has reviewed from outside of Google Play, and we have seen no evidence of attempted exploitation of this vulnerability. First, a patch been sent to OEMs and AOSP, but with Android's abysmal update situation, this is a moot point. The crux, however, lies with Google Play and Verify Apps. These have already been updated to detect this issue, and prevent applications that try to abuse this flaw from being installed. This means two things. First, that there are no applications in Google Play that exploit this issue. If you stick to Google Play, you're safe from this issue, period. No ifs and buts. Second, even if you install applications from outside of Google Play, you are still safe from this issue. Verify Apps is part of Play Services, and runs on every Android device from 2.3 and up. It scans every application at install and continuously during use for suspect behaviour. In this case, an application that tries to exploit this flaw will simply be blocked from installing or running. As a sidenote, you can actually disable Verify Apps, but unlike what some people seem to think, the dialog you get about sending data to Google when trying to sideload an application has nothing to do with this (that dialog just covers sending data about the application to Google, which is not required for Verify Apps to work). To actually completely disable Verify Apps, you need to go into the Google Settings application (or the Android settings application in 4.2 and up), navigate to Security, and disable it from there. To get back to the matter at hand: this means that every Android user with Google Play Services is 100% protected from this issue. The only way an Android user can potentially be affected by this issue is if she, one specifically allows installation from unknown sources, and two, specifically disables Verify Apps - all accompanied by several warnings. Luckily, not a single application in or outside of Google Play is currently trying to exploit this issue. While one can expect sensationalist nonsense from a site like AppleInsider - you don't blame TMZ for reporting on a fart by Miley Cyrus; you don't blame AppleInsider for spreading sensationalist nonsense - I'm very disappointed that a respected site like Ars Technica resorts to spreading this kind of fear, uncertainty, and doubt, especially since this isn't the first time the site has done so. Recently, it has become very clear that the security industry - antivirus peddlers and similar companies - have focussed all their attention on Android, resorting to all sorts of dirty tactics to scare unsuspecting users into buying their useless software. Since I can't stress this often enough: do not install antivirus on Android (or iOS, for that matter). It is not needed in any way, shape, or form. This is not the first time they have tried to spread and exploit fear, uncertainty, and doubt. Back when Windows started properly shoring up its security, Microsoft released MSE, and the mass infections of the early XP days became a thing of the past, they tried to use the exact same tactics to try and scare the rapidly growing number of OS X users into buying their junk. I advocated against this practice then (more here), and I will advocate against it now. When you come across stories like this, you can almost always assume it's FUD, whether it covers Android, OS X, or iOS. They almost always originate from antivirus peddlers, who know full well that operating system security - on both desktop and mobile - has increased so much these past decade or so that their core business model is at stake, and as such, they have to drum up the FUD. I just wish respected websites would not dance to their tunes for clicks. And yes, you should totally get a 3310. News   [more] [xml]
 2014-07-31T05:34:27+00:00 Distribution Release: SolydXK 201407
Arjen Balfoort has announced the release of SolydXK 201407, an updated build of the project's Linux distributions with a choice of Xfce (SolydX) or KDE (SolydK) desktops, based on Debian's "Testing" branch: "The Home editions were upgraded to the latest upgrade pack and the Business editions were upgraded....
 2014-07-31T01:29:41+00:00 Distribution Release: Simplicity Linux 14.7
David Purse has announced the release of Simplicity Linux 14.7, a set of lightweight, Puppy-based Linux distributions in four editions: "Simplicity Linux 14.7 is now available for everyone to download for free. Obsidian is our cut-down edition, pretty much just Firefox 30, a network manager and not....
 2014-07-30T21:28:55+00:00 Distribution Release: Zorin OS 9 "Educational"
Artyom Zorin has announced the release of Zorin OS 9 "Educational" edition, an Ubuntu-based distribution packed with specialist software suitable for use in educational environments: "We are pleased to release Zorin OS 9 Educational. Zorin OS 9 Educational brings the latest and greatest software into the hands of....

powered by zFeeder





Translate to Spanish