Attachmate’s purchase of Novell is done, and now we’re beginning to see it plans develop for the open-source power. First, and foremost, Attachmate is dividing up Novell’s programs into three nominally independent divisions. These are NetIQ, which gets Novell identity and security programs and some of Novell data center solutions; Novell, which will manage the company’s older technologies such as NetWare; and SUSE, which will produce SUSE Linux and oversee the openSUSE community Linux distribution.
In the wake of the revelation that there’s a huge security hole in Android’s Wi-Fi communications with Google applications, Google told me and other journalists on May 18th that, “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.” Fair enough, but how?
While many people use Skype for its free voice over IP (VoIP) services, Linux users have a love/hate relationship with it. Yes, Skype will run on some versions of Linux, but it doesn’t run on all of them, and the Linux version (2.2-beta) lags far behind the Windows version (Skype 5.3). That’s three major generations behind. Need I say more?
Much as I dislike Microsoft’s recent purchase of Skype and even though I think Skype’s technology is held together by bailing wire and duct tape, maybe Skype will become better for Linux with Microsoft. After all, it couldn’t be much worse!
That said, there are numerous Linux VoIP programs and they’re also free as in “free beer,” as well as free as in “free software.” Most of these programs use the open SIP (Session Initiation Protocol) standard or Extensible Messaging and Presence Protocol (XMPP) If they use the same protocol, you should be able to use one client to call another. To do this, of course, they must be on the same SIP or XMPP network. For example, I use the Ekiga.net VoIP network for SIP calls.
As expected, Red Hat has released its latest server business operating system: Red Hat Enterprise Linux (RHEL) 6.1. This is the first major update to the platform since RHEL 6 shipped in November 2010.
RHEL 6.1 features optimized KVM virtualization, new hardware support, improved operational efficiency, and high availability (HA) improvements. It also includes improved development and monitoring tools such as an updated Eclipse development environment includes enhanced breakpoint and code generation for C/C++ and Java.
The company also announced, to no surprise, that it’s improved RHEL’s virtualization and cloud offerings. The company also claimed customers will see faster performance with HP and IBM hardware. You can see it for yourself. RHEL 6.1 is available to subscribing Red Hat customers today worldwide via the Red Hat Network.
Yeah. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use that, “1 out of every 14 programs downloaded is later confirmed as malware.”
If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”
Windows has far, far more malware trouble than Macs, and I can’t resist mentioning that after in twenty-years of Linux, we’ve seen a real-world example of Linux malware. Ironically, this latest appalling Windows malware numberis shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.
A trio of German security researchers from the University of Ulm have looked into the question of whether “it was possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs (application programming interface).” In other words: We are so hosed.
The problem is in the way that applications which deal with Google services request authentication tokens . These tokens are sometimes not even encrypted themselves and are good, in some cases, for up to two weeks. All a hacker has to do is grab these off an open Wi-Fi connection and you have the “key” to someone’s Gmail account, their Google calendar, or what have you.
It’s not just limited to Android apps though. The researchers also report that “this vulnerability is not limited to standard Android apps but pertains to any Android apps and also desktop applications that make use of Google services via the ClientLogin protocol over HTTP rather than HTTPS.”
Grabbing this information off the air is trivial. While it’s not as easy as using Firesheep to hi-jack a Web session, anyone with a lick of hacking talent and a network protocol analyzer such as WireShark can grab your tokens. With those in hand they can then change your Google passwords or do anything else they want with your various Google accounts.
