Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was
possible to reuse cached SSL sessions in unrelated contexts, allowing
virtual host confusion attacks in some configurations by an attacker in
a privileged network position.
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and use-after-frees may lead to the execution of arbitrary code
or denial of service.
Oh, right, there's an entirely new version of Android right around the corner. It could be days away, it could be weeks away. We're not totally sure what Google has planned for what is easily the most ambitious and promising update to the platform since Android 2.1. It's easy to forget that there's a whole new world right around the corner, because Android is in this seemingly constant state of change now. We have core apps updating on a regular and consistent bases, manufacturers pushing their apps to the Play Store in order to update them in a timely manner, and the beating heart of the platform is on a six week release cycle. Of all the incredible things that we saw and heard about at Google I/O this year, Sundar Pichai's announcement that Google Play Services would be updating and improving every six weeks is one of those things that didn't get nearly as much attention as it probably should have.
It really is quite remarkable. In some ways, Android is starting to faintly look like a rolling release, with more and more core smartphone applications, as well as several core smartphone APIs, updated continuously through Google Play. The pace is quick, and I like it.
Still, the Android update situation has not been resolved. There's a lot more work to do.
With all the hype and interest in wearables these past few months, you'd think more companies would be looking to compete with Google's Glass headset, but up until now that hasn't really been the case. Sony teased an alternative to Google's gear in the form of a SmartEyeglass prototype first shown off at CES 2014, which aims to be as versatile as Glass while bettering it in some respects as well. The rather awkward-looking SmartEyeglass is peppered with sensors - there's an accelerometer, gyroscope, electronic compass, ambient light sensor, and a 3-megapixel camera - and comes with a wire connecting it to an external battery pack equipped with an extra touch sensor and microphone.
If Apple's iPhone Mini won't make you look enough like a dork, there's always this thing.
Two good pieces of news today. Both Apple and Google have announced that the most recent versions of their mobile operating systems will encrypt user data by default. Google:
The next generation of Google's Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.
Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones.
Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company - or anyone but the device's owner - from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.
The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings.
Paul Seelig has announced the release of Window Maker Live 0.95.6-1, a Debian-based Linux distribution featuring the latest version of the Window Maker window manager: "ISO images of Window Maker Live 0.95.6-1 for both amd64 and i386 are now available from for immediate download. What is new since....
Kai Hendry has announced the release of Webconverger 26.0, a new update of the specialist distribution designed for web-only computers - now with Firefox 32.0: "Webconverger 26 release. Highlights of this 26.0 signed and tagged snapshot: revised boot menu, helping you get started with Neon, our web signage....
Klaus Knopper has released KNOPPIX 7.4.1, a bug-fix update of the project's Debian-based live CD/DVD that provides the LXDE (default), GNOME 3.12 and KDE 4.13.3 desktops, as well as a separate "ADRIANE" edition designed for visually impaired users: "Version 7.4.1 of KNOPPIX is based on the usual picks....