Darko on May 6th, 2008
Ubuntu, Linspire, and Freespire users can now install “Google Earth” with a single click, says Linspire. The desktop Linux distributor has added support for the free mapping application to its CNR (”click-n-run”) installer, a user-friendly tool currently beta-testing for a wide variety of desktop Linux distributions.
Linspire said the version of Google Earth that CNR supports will work with Ubuntu 7.04 and 7.10 (32-bit), Linspire 6.0, and Freespire 2.0. Presumably, it will also support Ubuntu’s Hardy Heron release scheduled for tomorrow, as Linspire has promised CNR support for that release.
Google Earth aims to provide a “globe inside your PC,” according to Linspire. It lets users browse maps of roads, dining establishments, schools, railroads, stadiums, as well as terrain, borders, and geographical features. Users can even build maps of their own by creating KML (keyhole markup language) overlays. Users can also import data from supported GPS devices, and use that data to create maps.
Other Google Earth features touted by Linspire include:
Web-based map services
Local search with business listings and driving directions
Tilt, zoom, and rotate tools
Virtual “Play” button gives virtual helicopter rides over a given route
3-D buildings
Placemarks save geographic data for easy return to favorites
Measure Tool helps users to get detail on a particular distance
Built using Trolltech’s Qt framework for cross-platform application development, Google Earth is also available for Windows and Macintosh PCs. More details may be available on Linspire’s CNR.com website, here.
CNR is a cornerstone of the Linspire (formerly Lindows) desktop. The company began beta-testing a free version of the user-friendly, “single-click” installer last December.
Darko on April 18th, 2008
The Ubuntu team announced today the Release Candidate for Ubuntu 8.04 LTS (Long-Term Support) on desktop and server. Codenamed “Hardy Heron”, 8.04 LTS integrates the latest open source technologies into a high-quality, easy-to-use Linux distribution.
The release candidate is complete, stable, and suitable for testing by any user.
Ubuntu 8.04 LTS Desktop Edition features incremental improvements to familiar applications, with an emphasis on stability for this second Ubuntu long-term support release, and is easier to try out with the new Wubi installer.
Ubuntu 8.04 LTS Server Edition follows in the footsteps of Ubuntu 7.10 with even more virtualization support and security enhancements - enabling AppArmor for more applications by default, improving protection of kernel memory against attacks, and supporting KVM and iSCSI technologies out of the box.
The Ubuntu 8.04 LTS family of variants, Kubuntu, Xubuntu, UbuntuStudio, and Mythbuntu, also reach RC status today.
The final release of Ubuntu 8.04 LTS is scheduled for 24 April 2008 and will be supported for three years on the desktop and five years on the server.
Desktop Features
—————-
Improved application selection: the GNOME desktop sports a number of improvements to the default applications, including more feature-full clients for BitTorrent and VNC, as well as an advanced UI for mastering CDs and DVDs.
File browsing: an enhanced filesystem layer brings greater performance and flexibility to Nautilus, the GNOME file browser.
Pluggable audio and video output: the PulseAudio sound server is integrated in the GNOME desktop for more flexible sound output, and a new Screen Resolution utility allows easier configuration of multiple video displays.
Wubi installer: a new Windows-based installer option makes it easier to try out Ubuntu, letting users install a full desktop on Windows systems without needing to partition their hard drive.
Server Features
—————
AppArmor profiles: a greater number of server applications are now protected by default with AppArmor, a kernel technology that limits the resources an application is allowed to access, providing added protection against undiscovered security vulnerabilities.
Memory protection: additional protection now prevents direct access to system memory through /dev/mem and /dev/kmem, and the lower 64K of system memory is no longer addressable by default, changes which help to defend against malicious code. The kernel now also loads Position Independent
Executables at randomized addresses, making it harder for application security vulnerabilities to be exploited.
Virtualization and iSCSI: KVM is now an officially maintained option, which combined with libvirt (CLI) and virt-manager (GUI) management tools allows for a simple and efficient virtualization option on hardware that supports virtualization extensions (AMD-V or Intel-VT). Mounting iSCSI targets is
now supported (including in the installer), allowing Ubuntu to interoperate with this class of cost-efficient Storage Area Network solutions.
Ubuntu Education Edition
————————
Add-on configuration: Edubuntu is now provided as an add-on to Ubuntu rather than a separate stand-alone flavor, permitting even greater reuse of Ubuntu technologies.
Kubuntu Features
—————-
Kubuntu comes with the rock solid KDE 3 for those who want a commercially supported desktop.
For those who want something more exciting, a KDE 4 Remix is available bringing this cutting edge new version to you first.
Please see https://wiki.kubuntu.org/HardyHeron/RC/Kubuntu for details.
Xubuntu Features
—————-
Xubuntu comes with the light-weight Xfce 4.4.2 desktop environment for those who want to a desktop that is easy to use, but places particular emphasis on conserving system resources.
New Additions To The Family
—————————
Two new variants joins in for this Ubuntu release. UbuntuStudio and Mythbuntu have done releases separately in the past, and with Hardy Heron we’re happy to be able to welcome these fine community projects into the main Ubuntu release process.
For a more in-depth tour of the features new in 8.04 LTS, see http://www.ubuntu.com/testing/804rc
Darko on April 11th, 2008
Microsoft’s Vista Ultimate SP1 and Apple, Inc.’s MacBook Air have been hacked through applications, with only Ubuntu unbreached in the Pwn to Own challenge at CanSecWest. The zero-day vulnerabilities in Microsoft and Apple’s systems have been reported. Shane Macaulay won a laptop and $5,000 for hacking Microsoft Windows Vista.
Last week saw the MacBook Air hacked through a Safari browser at the CanSecWest security conference. But before the week ended, Microsoft ’s Vista Ultimate also fell victim to hackers in the Pwn to Own challenge.
CanSecWest organizers offered a Fujitsu U810 laptop running Vista Ultimate SP1 to any security researcher who could find a way to breach security and gain access to the contents of system files using a previously undisclosed zero-day attack.
Shane Macaulay from Security Objectives won the laptop by exploiting an Adobe Flash zero-day vulnerability. The vulnerability was disclosed to Adobe, which is reportedly working on the issue. No other information is available about the Adobe flaw. Macaulay also won a $5,000 cash prize.
At the end of the last day of the three-day hacker challenge, which was sponsored by 3Com’s TippingPoint , only the Sony VAIO laptop running Ubuntu (Linux) was left standing.
Shifting Rules
The first day of the contest, hackers were only allowed to hack into the computers over a network. No one was able to claim the prizes. On the second day, the rules changed. Contestants were allowed to use the machines to visit Web sites and open e-mail messages.
That rule change made it possible for Charlie Miller, a researcher at Independent Security Evaluators, to hack the MacBook Air using the Safari browser within two minutes.
But the Vista and Ubuntu laptops seemingly remained airtight. On the third day of the contest, the judges again broadened the rules, opening up the scope beyond just default installed applications on those laptops to any popular third-party application, such as Adobe’s Acrobat Reader, the Firefox browser, and voice-over-IP program Skype.
Macaulay installed Adobe Flash on the laptops and proceeded to compromise the system. Macaulay had some help from Security Objectives colleague Derek Callaway and independent researcher Alexander Sotirov.
Means Justifies the End
Contests such as this tend to be high profile and gain a great deal of attention, but people need to realize that similar vulnerabilities are discovered every day and many stay hidden in the underground where they are used by attackers for some time before they’re patched, according to Michael Sutton, director of security research at Safe Channel and a former director at VeriSign iDefense.
“Third-party researchers deserve to be rewarded for the considerable work that goes into uncovering vulnerabilities, so long as they handle the issues responsibly and report them to the appropriate parties to ensure that patches are created and distributed,” Sutton said. “In this case, the contest does just that, so the end justifies the means.”
Client-side vulnerabilities like the ones exploited in the hacking contest are an increasingly popular attack vector. It’s easy to protect a single server that’s guarded by a well-designed fortress of controls, Sutton explained, but it’s a nightmare to secure thousands of client-side applications under the control of nonsecurity-savvy end users.
