Tuesday, 27 January 2015

By  No comments Edit This

Bug in Wi-Fi Direct Android Implementation Causes Denial of Service

A vulnerability in the way Android handles Wi-Fi Direct connections leads to rebooting the device when searching for peers to connect to, which can be anything from other phones, cameras, gaming devices, computers, or printers.


A vulnerability in the way Android handles Wi-Fi Direct connections leads to rebooting the device when searching for peers to connect to, which can be anything from other phones, cameras, gaming devices, computers, or printers.
The Wi-Fi Direct technology allows devices capable of wireless connection to establish communication directly, without the need to join a local network.

Security company insisted on proper coordination for a fix

The vulnerability allows an attacker to send a specially crafted 802.11 Probe Response frame to the device and crashes it due to an unhandled exception occurring on the WiFi monitoring class.

Core Security discovered the flaw (CVE-2014-0997) through its CoreLabs team, and reported it to Google back in September 2014. The vendor acknowledged it but classified the glitch as having low severity, with no timeline for a fix being provided.

The same answer was received by Core Security each time they contacted the Android security team to inform of a timeframe for rolling out a fix. The last reply of this kind was received on January 20, meaning that there is no patch for the time being. On Monday, the security company made their findings public.

The security company created a proof-of-concept to demonstrate the validity of the results obtained during their research.

According to the technical details of the vulnerability, some Android devices can be induced a denial-of-service condition if they receive a malformed wpa_supplicant event, which makes available the interface between the wireless driver and the Android platform framework.

Google is not in a hurry to eliminate the problem

The relaxed stance from the Android security team regarding the issue may be on account of the fact that denial-of-service condition occurs only for a short period of time, when scanning for peers.

More than this, the result is not severe in nature as it consists in rebooting the device. There is no risk of data exfiltration or an attack that could lead to this, which would make it unappealing to a threat actor. On the other hand, a patch should be provided regardless, in order to mitigate any potential future risks.

Core Security says that the issue was not detected on Android 5.0.1 and above, and among the devices affected they found Nexus 5 and 4 running version 4.4.4 of the mobile operating system, LG D806 and Samsung SM-T310 with Android 4.2.2, and Motorola RAZR HD with build 4.1.2 of the OS.

For the time being, mitigation consists in refraining from using Wi-Fi Direct or updating to a non-vulnerable version of Android.
Via http://news.softpedia.com/
By  No comments Edit This

Ubuntu Touch Apps Running in Unity Desktop – Video

Unity 8 for Ubuntu is coming along and Mir is also making good progress. One of the byproducts of all these improvements is that some of the apps that are designed for the Ubuntu Touch are also working on the Ubuntu desktop, with very little help.



Unity 8 for Ubuntu is coming along and Mir is also making good progress. One of the byproducts of all these improvements is that some of the apps that are designed for the Ubuntu Touch are also working on the Ubuntu desktop, with very little help.
The idea of converging the Ubuntu platforms into a single one must have seemed pure madness just a couple of years ago, but that thought is now making more sense than ever. It's now possible to get an application from Ubuntu Touch and run it on the desktop. Sure, it's only a handful of applications and the implementation is far from perfect, but the difficult part has been solved.

A video put together by Popescu Sorin features all the apps that are currently working cross-platform, although this term will soon become irrelevant. You can see stuff like the Calculator, a file manager, and a music player. As you can see from the video, the interface scales very well and all the functions work as they should.

Some of you will comment that the apps look a little too much like the ones for the phone, but there is a simple reason for that. The fact that they can run on the desktop hasn't been taken into consideration just yet and they are not working in a Unity 8 environment, where they fit much better.

You can download the Ubuntu 15.04 Daily Build and test the apps for yourself.






Via  http://linux.softpedia.com/
By  No comments Edit This

Meet KDE Plasma 5.2, the Beautiful Future of the KDE Project

The KDE Community announced that Plasma, the desktop for the KDE project, is now at version 5.2 and the developers have made a number of important changes and improvements.




The KDE Community announced that Plasma, the desktop for the KDE project, is now at version 5.2 and the developers have made a number of important changes and improvements.
The KDE project now has a different face. The Plasma component is actually the desktop that greets the users and it's the most easily recognizable piece of software. Sure, some of the other KDE components might be more important and complex, but the vast majority will care about the improvements made to the desktop.

The one thing that you will definitely notice is the facelift, which will probably divide the community into users who like it and users who don't. The impact of the newly released Plasma desktop can't be quantified yet because there are very few distros that actually adopted it. KaOS is one of them and Arch Linux users have access to it from the repositories. Kubuntu, which is the most used operating system with this desktop, will get the next update in April.

KDE Plasma 5.2 is impressive

Even if it's possible that some of the users won't like the new direction, it's hard not to observe the hard work poured into the project and we're not talking only about the artwork and some of the more obvious changes. The fact is that you really need to run it and see for yourself, you can't really get the right impression from screenshots.

Some of the biggest improvements are the addition of new apps and functionalities, like SDDM, which is the new login manager, Muon to install and manage packages, a tool for multiple monitor support called KScreen, a new library, KDecoration, that makes it easier to build themes, and a new module lets you configure theming of applications from GNOME. And all of these are just scratching the surface.

Image

The new KDE Plasma update will take a while to land in repositories, but Arch Linux and Kubuntu (the Plasma 5 edition) should be among the first to get the new desktop. You can also download the latest KDE Plasma 5.2.0 source packages from Softpedia or you can tryKubuntu 15.0 Alpha 2 as a Live CD, if you want to see what the fuss is all about.




Via http://news.softpedia.com/
By  No comments Edit This

Ubuntu Touch Spotted Running on Former Windows 8.1 Tablet Lenovo ThinkPad 8

Ubuntu Touch is a new operating system made by Canonical for mobile devices like phones and tablets. The only supported platforms are Nexus 4 and Nexus 7, but it looks like developers now have an easier time to make it work on other platforms, such as the Lenovo ThinkPad 8 with Intel processor.



Ubuntu Touch is a new operating system made by Canonical for mobile devices like phones and tablets. The only supported platforms are Nexus 4 and Nexus 7, but it looks like developers now have an easier time to make it work on other platforms, such as the Lenovo ThinkPad 8 with Intel processor.
The Lenovo ThinkPad 8 is powered by an Intel Atom Z3770 processor (Bay Trail) shipped with Window 8.1 by default, but it looks like someone has managed to port Ubuntu Touch on it, although there is no information about the porting process or if the developer is considering to further support this device.

There are not too many tablets out there with Windows as the main operating system. There are far more Android-powered ones and they are usually the main target for this kind of ports, but they don't provide the same challenge.

Ubuntu Touch has been ported many times

It's important to know that Ubuntu Touch has been made to work with various devices already, although many of them were phones. In fact, the community has already taken care of Nexus 5, for example, and there were some working ports for devices like Samsung Galaxy S4 or S5.

"check it out... from someone in our community, Simon Raffeiner. Unity8 on a Baytrail Intel. Nice to see Unity8 & Mir quite easily brought up on other hardware.," wrote Canonical's Kevin Gunn on Google+.

The number of devices that have been made to work with Ubuntu Touch has been decreasing in the past year, but it's probably because the developers are waiting for a more stable iteration of the operating system. 

For now, if you want to see Ubuntu Touch in action, you can check our report on the latest update for this operating system. Also, the first devices powered by this Linux distro that can be found in stores are expected to arrive very soon, in the coming months.
via http://news.softpedia.com/
By  No comments Edit This

Exiv2 Vulnerability Closed in Ubuntu 14.10

Canonical has published details in a security notice about an Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This is not a major issue, but users should upgrade nonetheless.



Canonical has published details in a security notice about an Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This is not a major issue, but users should upgrade nonetheless.
A number of problems were corrected in the past week or so and this latest Exiv2 problem is just one of them. From the looks of it, Exiv2 (EXIF/IPTC metadata manipulation tool) could have been made to crash under certain conditions.

"It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service," reads the security notice.

For a more detailed description of the problems, you can see Canonical's securitynotification. The problem can be corrected if you upgrade your system(s) to the latest libexiv2-13 package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):

Via http://linux.softpedia.com/
By  No comments Edit This

Firefox 35 Lands in Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS

Canonical has updated the Firefox packages for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. If you have this application already installed, you only need to update your system.



Canonical has updated the Firefox packages for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. If you have this application already installed, you only need to update your system.
The Ubuntu maintainers for the Firefox package have been very quick and they've pushed the new Firefox 35 release very fast. All the supported Ubuntu OSes now have access to the new release and users will find them available in the repos.

"Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions" reads the security notice from Canonical.

This is just one of the many security issues that have been corrected and there are many more where that came from. If also want to see the new features landed in Firefox 35, you should check our initial report.

Ubuntu 12.04 LTS and Ubuntu 14.04 LTS users will get the latest Firefox version by updating their system via the Software Update or through a terminal. It's also possible to download the binary Firefox 35 package and run it without having to install it.

Via http://linux.softpedia.com/