"Just as per the schedule, OpenBSD 5.5 was released today, May 1,
2014. The theme of the 5.5 release is Wrap in Time, which represents a
significant achievement of changing time_t to int64_t on all
platforms, as well as ensuring that all of the 8k+ OpenBSD ports still
continue to build and work properly, thus doing all the heavy lifting
and paving the way for all other operating systems to make the
transition to 64-bit time an easier task down the line. Signed
releases and packages and the new signify utility are another big
selling point of 5.5, as well as OpenSSH 6.6, which includes lots of
DJB crypto like chacha20-poly1305, plus lots of other goodies."
-- source: http://bsd.slashdot.org/story/14/05/01/1656209
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"A notable security vulnerability has been discovered which impacts
both OAuth and OpenID, which are software packages that provide a
secure delegated access to websites. Wang Jing, a Ph.D student at the
Nanyang Technological University in Singapore, discovered that the
'Covert Redirect' flaw can masquerade as a login popup based on an
affected site's domain. Covert Redirect is based on a well-known
exploit parameter. For example, someone clicking on a malicious
phishing link will get a popup window in Facebook, asking them to
authorize the app. Instead of using a fake domain name that's similar
to trick users, the Covert Redirect flaw uses the real site address
for authentication. If a user chooses to authorize the login, personal
data will be released to the attacker instead of to the legitimate
website. Wang did already warn a handful of tech giants about the
vulnerability, but they mostly dodged the issue. In all honesty, it is
not trivial to fix, and any effective remedies would negatively impact
the user experience. Users who wish to avoid any potential loss of
data should be careful about clicking links that immediately ask you
to log in to Facebook or Google, and be aware of this redirection
attack."
-- source: http://it.slashdot.org/story/14/05/02/2015227
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"In a since-removed bug report on Launchpad, Ubuntu's issue tracker,
Canonical's Matthew Paul Thomas stated that Ubuntu for Android is no
longer in active development. In a statement, Canonical stated that
while the project is not completely dead, Canonical is currently
focusing on pushing Ubuntu for Phones. The company is open to working
with partners on Ubuntu for Android, but will not proceed with further
U4A development unless they can form a partnership with an OEM partner
to launch it. The Ubuntu for Android project was first announced in
early 2012."
-- source: http://mobile.slashdot.org/story/14/05/01/1822254
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
