Computer news

[Google]

VMware Looks To Acquire Novell's SUSE Unit

"According to the Wall Street Journal, VMware is attempting to acquire Novell's SUSE Linux operating system business. This move would give VMware a full stack of enterprise software and allow it to establish itself as a full-blown infrastructure and software vendor in direct competition with Red Hat." The WSJ report is behind a paywall, but it's accessible in full through a Google search.

[Google]

Developers Fork Mandriva Linux, Creating Mageia

"As most of the Mandriva employees working on the Linux distribution were laid off due to the liquidation of Edge-IT (a subsidiary of Mandriva SA) and trust in the company has diminished, the development community (including the core developers) has decided to fork the project. The new Linux distribution, named Mageia, will be managed by a not-for-profit organization that will be set up in the coming days. There are already many people that have decided to follow the fork, but the people behind it are still welcoming any help offered in the various tasks related to establishing the new distribution."

[Google]

Security a Concern As HTML5 Advances

"Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."

[Google]

Researchers Demo ASP.NET Crypto Attack

"The crypto attack against ASP.Net Web apps has gotten a lot of attention this week, and with good reason. Microsoft on Friday night issued a security advisory about the bug, warning customers that it poses a clear danger to their sites. Also on Friday, the researchers who found the bug and implemented the attack against it released a slick video demo of the attack, clearly showing the seriousness of the problem and how simple it is to exploit with their POET tool."

[Google]

Google Apps Gets Two-Factor Security

"Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."

[Google]

Intel Threatens DMCA Using HDCP Crack

Intel is apparently threatening to use the DMCA against anyone using the HDCP crack under the DMCA's anti-circumvention clause. 'There are laws to protect both the intellectual property involved as well as the content that is created and owned by the content providers,' said Tom Waldrop, a spokesman for the company, which developed HDCP. 'Should a circumvention device be created using this information, we and others would avail ourselves, as appropriate, of those remedies.'"

[Google]

Twitter Suffers Web Interface Exploit

"We're seeing lots of re-tweets on Twitter.com right now, all containing a fragment of JavaScript, which re-tweets itself when moused-over on the Twitter web interface. This could easily be muted into a more sinister attack, so it is recommended that you use a third party client application, or refrain from social media altogether until the problem is resolved."

[Google]

Stuxnet Worm May Have Targeted Iranian Reactor

"Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."

[Google]

Twitter Closes Hole After Attack Hits Up To 500K Users

"Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."

[Google]

Interpol Chief's Identity Spoofed On Facebook

"Ronald Noble, Interpol's Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information. 'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,' Noble said. 'This Operation was bringing investigators from 29 member countries at the Interpol General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.'"