Linux vendors rush to patch privilege escalation flaw after root exploits emerge

According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. “Any Linux distributions providing these kernel versions should be vulnerable,” Eiram said.

via Linux vendors rush to patch privilege escalation flaw after root exploits emerge – security, secunia, Exploits / vulnerabilities – Malware – Security – Techworld.

Fedora 14 is stuck on 2.6.35 something.  This shouldn’t affect CentOS builds either.  Sometimes it’s beneficial not to upgrade the OS!

Symantec ‘fesses up: ‘Code theft worse than we thought’

A hacker calling himself “Yama Tough”, acting as a spokesperson for the group, claims the source code had been pulled from insecure Indian government servers, implying that Symantec was required to supply their source code to Indian authorities. In a series of Twitter updates, Yama Tough talked about various plans to release the source code before committing to release the secret sauce of pcAnywhere.

via Symantec ‘fesses up: ‘Code theft worse than we thought’ • Channel Register.

Even so the whole Symantec hack soap opera/pantomime (‘You’ve been hacked!”, “Oh no we haven’t”… “Oh maybe we have”) raises serious questions about the security of Symantec’s ecosystem as well as turning the security giant into the punchline for jokes. For example, famed Apple hacker Charlie Miller quipped: “How could Symantec have gotten hacked? Don’t they use AV?” ®

Yahoo Challenges Apple with a Cocktail of Mobile Publishing Tools

It turns out that Yahoo (NASDAQ: YHOO) has ambitious plans to help publishers get more efficient about how they push content out to mobile devices. Specifically, Yahoo wants to become the new middleman of the mobile publishing world, giving media companies software that they could use to reach users of iPhones, Android devices, Windows phones, and other gadgets without having to bow to the programming approaches favored by their powerful makers—namely Apple, Google, and Microsoft.

via Yahoo Challenges Apple with a Cocktail of Mobile Publishing Tools | Xconomy.

The first thing you need to understand about Yahoo’s publishing vision is that it’s coming from the Platform Technology Group. This is the same part of the company that created and then open-sourced key technologies that are now part of the Web’s infrastructure, such as Hadoop, which allows companies to run big, distributed software systems,

First ‘Super Wi-Fi’ network goes live in North Carolina

“Super Wi-Fi” is essentially a buzzword created by the FCC to describe mobile data networks that run over the white spaces spectrum. The spectrum band’s low frequency allows for signals to travel farther and penetrate more walls than traditional Wi-Fi networks.

via First ‘Super Wi-Fi’ network goes live in North Carolina.

The debate over white spaces has been a contentious one, with tech companies such as Google and Microsoft pitted against all the major broadcasting companies, as well as major telecom carriers such as Verizon. Proponents of unlicensed white space use have often argued that opening up the spectrum would help bring mobile broadband to underserved regions and would help close the so-called “digital divide” between many urban and rural areas in the United States. On the other side, the National Association of Broadcasters has argued that mobile Internet devices cannot operate on unlicensed spectrum without clashing with broadcasts on nearby frequencies.

Congrats North Carolina!

SPDY: Google wants to speed up the web by ditching HTTP

In an attempt to avoid these issues, SPDY uses a single SSL-encrypted session between a browser and a client, and then compresses all the request/response overhead. The requests, responses, and data are all put into frames that are multiplexed over the one connection. This makes it possible to send a higher-priority small file without waiting for the transfer of a large file that’s already in progress to terminate.

via SPDY: Google wants to speed up the web by ditching HTTP.

This article is two years old.

Google works on Internet standards with TCP proposals, SPDY standardization

Google’s focus is on reducing latency between client machines and servers, and in particular, reducing the number of round trips (either client to server and back to client, or vice versa) required. When data is sent over a TCP connection, its receipt must be acknowledged by the receiving end. The sending end can only send a certain number of packets before it must wait for an acknowledgement. The time taken to receive an acknowledged is governed by the round-trip time (RTT). With high bandwidth, high latency connections, clients and servers can end up spending most of their time waiting for acknowledgements, rather than sending packets.

via Google works on Internet standards with TCP proposals, SPDY standardization.

More far-reaching than these SSL tweaks is Google’s proposed alternative to the HTTP protocol that underpins the Web: SPDY.