The H Week – iPhone tracking, Sony's PSN disaster, Ubuntu 11.04, Novell deal done

This week, Sony's PSN "intrusion" became a personal data disaster, Apple located answers to questions over iOS location logging, Google circled the patent wagons to protect WebM, Novell became part of Attachmate, Canonical released Ubuntu's Narwhal into the wild, DragonFly BSD got fresh wings and Slackware 1337 arrived for the elite.

Featured

In The H this week, Thorsten Leemhuis looked at the storage and file system enhancements which will appear in Linux 2.6.39 and Daniel Bachfeld looked at Foca, a tool which reveals what information is inadvertently hiding in documents on your websites.

• Kernel Log: Coming in 2.6.39 (Part 2) – Storage and file systems
• Treacherous metadata in company documents

Open Source

Google and sixteen other companies got together to create a patent cross-licencing deal to protect the open sourced WebM video codec, Novell completed the process of being acquired by Attachmate and OpenGamma showed the first developer preview of its open source financial analytics platform.

• WebM Community Cross-License initiative launched
• Novell deal completed
• OpenGamma financial analytics platform now open sourced

Canonical released Ubuntu 11.04, Natty Narwhal, into the wild but some people aren't wild about its new unity interface, Germany's LVM insurance are moving ten thousand systems to Ubuntu 10.04 LTS and a well known web site says that recent Linux kernels are wasting energy on laptops and desktops.

• Canonical releases Ubuntu 11.04 "Natty Narwhal"
• LVM insurance company switches 10,000 systems to Ubuntu 10.04 LTS
• Recent Linux kernels waste energy in certain situations

DragonFly BSD 2.10 arrived with more hardware and multiprocessor support among its many enhancements, the venerable Slackware Linux saw a new release with version 13.37 and the JVM-based language Groovy got a major update.

• DragonFly BSD 2.10 brings more hardware and multiprocessor support
• Slackware Linux 13.37 released
• Groovy 1.8 final is released

Google's Chrome 11 got the ability to listen to speech, Firefox 4 passed the 100 million download mark, custom Android ROM CyanogenMod 7.0 got its first update and Sony tried to shrug off its troubles (see Security below) and showed two rather different Android tablets due later this year.

• Chrome 11: Google's web browser learns to listen
• Firefox 4 surpasses 100 million downloads
• Gingerbread-based CyanogenMod 7.0 updated
• Sony shows off two Android 3.0 tablets

Open Source Releases

Updates for Blender, Virtual Box and Ext JS 4, security fixes for Firefox and Thunderbird and a fresh beta for the Mandriva fork Mageia and OpenOffice.org fork LibreOffice.

• First Blender 2.57 bug fix update released
• VirtualBox 4.0.6 adds support for up to 256 host cores
• "Model View Controller" for JavaScript library Ext JS 4
• Mozilla patches Firefox and Thunderbird
• Mageia 1 Beta 2 released for testing
• The Document Foundation releases LibreOffice 3.4 Beta 3

Security

It all went wrong for Sony's PlayStation Network (PSN) (and Qriocity music and video service) as a shutdown which started the previous week was revealed to be down to an external intrusion. Sony then revealed that the intruder had taken the unencrypted personal details of 77 million users and possibly the (encrypted) credit card details for many of them. The H suggested what Sony customers should be looking out for. And as if to not miss out on the fun, Microsoft warned users of their gaming network that phishers were on the prowl.

• PlayStation Network temporarily shut after attack
• PSN hack: Personal data of millions of customers stolen
• Attack on the PlayStation Network: what customers should now watch out for
• Microsoft warns Xbox Live users of potential phishing attempts

Apple's problems with the discovery, or not, of the iPhone's location cache database continued. The H's associates at c't in Germany found that the cache database was not a detailed log of the phones GPS location, but an oddly patchy list of mobile cell towers and Wi-Fi hotspots. Apple officially responded and explained that two bugs were making the location database larger than it should be and has promised updated firmware for the iPhone.

• iPhone location data doesn't include a full movement profile
• Apple officially responds to iPhone location tracking concerns

A new variant of the Zeus trojan is inserting fake investment advertisements into Google and Bing pages, while a new variant of SpyEye is faking alerts on Chrome and Opera. In the US, the FBI has warned of trojans enabling fraudulent bank transfers to China and gained permission from a court to remotely delete the Coreflood botnet from some infected computers.

• Zeus trojan adds fake investment adverts
• Online banking trojans target Chrome and Opera
• FBI warns of fraudulent bank transfers to China
• US authorities to delete Coreflood bot from computers

Researchers found they could hide data in the block fragmentation of files on a hard disk, Microsoft has begun disclosing third party vulnerabilities, Nikon's image signing cameras can have their signing faked and Google is adding protection against the persistent Flash cookie to the Chrome browser.

• Targeted hard drive fragmentation as a covert data channel
• Microsoft now disclosing third party vulnerabilities
• Signed Nikon images can be forged
• Google adds Flash cookie protection to Chrome

Holes in WordPress and PowerPoint 2003 were closed, Microsoft released an unexpected update for its anti-malware tool and Dropbox released an experimental client to stop the recently discovered ease with which access to the online file server could be obtained.

• WordPress 3.1.2 fixes security vulnerability
• Hotfix resolves PowerPoint 2003 problem
• Microsoft releases out-of-schedule update for anti-malware tool
• Dropbox experiment with update to solve security vulnerability

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(djwm)