Story

Arch Linux has updated firefox (multiple vulnerabilities).CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).Debian has updated gnutls28 (denial of service), iceweasel (multiple vulnerabilities), and wordpress (multiple vulnerabilities).Fedora has updated devscripts (F22; F21: twovulnerabilities), kernel (F22; F21: information leak), pure-ftpd (F22: denial of service), xen(F22; F21:code execution), and xfsprogs (F22:information disclosure from 2012).Mageia has updated firefox(MG4,5: multiple vulnerabilities), flash-player-plugin (MG4,5: multiplevulnerabilities), and qemu (MG4,5: multiple vulnerabilities).openSUSE has updated gnutls(13.2, 13.1: denial of service).Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).Red Hat has updated firefox(RHEL5,6,7: multiple vulnerabilities) and kernel (RHEL6.5: use-after-free flaw).Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).SUSE has updated flash-player (SLE12; SLED11SP4,SP3: multiple vulnerabilities).Ubuntu has updated firefox(15.04, 14.04, 12.04: multiple vulnerabilities) and ubufox (15.04, 14.04, 12.04: multiple vulnerabilities).

Vulnerability revealed in diagnostic dongles used for vehicle tracking and insurance that lets them take control using just an SMSResearchers have hacked a car, remotely activated its windscreen wipers, applied its brakes and even disabled them, all via simple text messages.

Ever since Microsoft announced their Bridge technologies at Build 2015 questions about how they work (and how well) have been asked. The tools let developers port over Android apps (Project Astoria), iOS apps (Project Islandwood), web apps (Project Westminster) and classic Win32 apps (Project Centennial) to Windows 10 including phone.This morning, the actual tools for Project Astoria have leaked onto the web and users can freely (and illegally) download Android APKs and sideload them to their Windows Phone running Windows 10 Mobile. This follows yesterday's leak of the documentation for the project.Project Astoria is fascinating. If you look at the leaked documenation, you'll see Microsoft is running (parts of) the Android subsystem and Linux kernel in kernel mode. This should be nice for performance, but at the same time, it doesn't seem like something that'll be good from a security standpoint.The leaked documentation also explains that in Project Astoria, all activities belong to a back stack within a single task. In regular Android, activities can belong to different tasks, with their own back stacks. If I'm reading this right (and please, do correct me if I'm wrong - this isn't exactly my expertise), this should simplify the back button behaviour - and is probably a consequence of Project Astoria only being able to run one process at a time.Another fun part of Astoria: there's a WebKit rendering engine in there. Yes, Windows 10 Mobile will have a WebKit rendering engine. Fascinating.

There must be a glitch in the Matrix. I feel like I'm writing the same news again and again. A pair of researchers from IBM's X-Force Application Security Research Team has discovered a set of vulnerabilities in Android and some popular app SDKs. The worst of the bugs can let a seemingly innocuous app run arbitrary code on the device, and it's present in Android versions 4.3 and above—affecting 55% of handsets worldwide. Check out the proof-of-concept video, where the Facebook app is replaced with Fakebook:...Read more...

Team of Guardia Civil officers to provide escort for walkers on ancient route to cathedral after reports of harassment and disappearance of American pilgrimFor hundreds of years, pilgrims have trekked along Spain’s Camino de Santiago to the cathedral at Santiago de Compostela, believed to be the final resting place of St James.But this year, pilgrims and hikers have a police escort for part of the way, with a team of five Guardia Civil police officers on horseback covering up to 18 miles a day of the ancient Catholic pilgrimage. Continue reading...

Comments

Arch Linux has updated ppp (denial of service).Debian has updated subversion (two vulnerabilities).Debian-LTS has updated opensaml2 (denial of service).Fedora has updated elasticsearch(F22: multiple vulnerabilities), lxc (F22; F21: twovulnerabilities), and rubygems (F22: DNS hijacking).

Location of current incumbent unknown... Anyone seen Art Gilliland lately? HP has called on channel sales veteran Sue Barsamian to take charge of the enterprise security products unit in the software division amid the breakup of the corporation.…

Comments

Google has chosen Vulkan, the low-overhead variant of OpenGL, as the next-generation graphics API for Android. The company details the new API's benefits in a post on its developer blog. Specifically, it believes that better CPU usage and parallellization will be the key benefits for Android developers, particularly in multithreaded scenarios. For a demonstration of Vulkan's capabilities on mobile-class hardware, check out Imagination Technologies' gnometastic demo.Vulkan is, of course, the OpenGL counterpart to Microsoft's DirectX 12 and Apple's Metal graphics APIs. Unlike the other two, though, Vulkan is an open standard published by the Khronos Group , comprised of academic and industry ...Read more...