MonthApril 2013

Ubuntu 13.04 will be available on Thursday

Raring Ringtail, also known as Ubuntu 13.04. The latest version of the popular Linux distro is set for general availability tomorrow, which follows a beta release and a controversial amount of secrecy. Raring Ringtail is characterized as “the fastest and most visually polished Ubuntu experience to date,” with a particular emphasis on a smaller memory footprint and greater responsiveness. Much of the streamlining effort was in preparation for Ubuntu’sfuture life in mobile, and to coincide with that effort, developers will find a preview SDK for app development and the ability to test apps within the MIR display server. The release is now a mere hours away, and yes, it’ll be a good day.

raring-ringtail

Ubuntu Press Release

Ubuntu 13.04 brings dramatic graphical performance enhancements

London, 25th April, 2013: Today’s release of Ubuntu 13.04 on the desktop brings a host of performance and quality improvements making it the fastest and most visually polished Ubuntu experience to date.

Performance on lightweight systems was a core focus for this cycle, as a prelude to Ubuntu’s release on a range of mobile form factors. As a result 13.04 delivers significantly faster response times in casual use, and a reduced memory footprint that benefits all users.

This release also illustrates Ubuntu’s ongoing commitment to quality and dependability. “Our kaizen approach to development as well as community engagement result in a high quality alternative for people worldwide,” commented Jane Silber, CEO at Canonical. “This release, our 17th on a regular cadence, meets the needs of enterprises, organisations, governments and communities looking for a secure and intuitive computing experience.”

Canonical’s next generation display server, MIR is available as an option for developer testing and contribution. MIR will enable the seamless convergence of Ubuntu across phone, tablet and PCs in the next set of releases. Having just one codebase for all devices simplifies the lives of both developers and end-users, and makes possible a new generation of devices that combine the portability of the mobile phone with the productivity of a laptop.

Ubuntu 13.04 includes the Developer Preview SDK for developers to build native applications for Ubuntu devices. Using this SDK, developers can make a single application for all Ubuntu form factors and publish it in the Ubuntu Software Centre with a single upload. Developers have already started to create applications for Ubuntu across different devices.

 

Testing Ubuntu Touch Images

Ubuntu touch images are now available for testing on the isotracker. And further, the images are now raring based! As such, the ubuntu touch team is asking for folks to try out the new images on there devices and ensure they are no regressions or other issues.

There are 4 product listings representing each of the officially supported devices; grouper (nexus 7), maguro (galaxy nexus), mako (nexus 4), and manta (nexus 10).You can help by installing the new images following theinstallation instructions, and then reporting your results on the isotracker.

App-dev-tablet-GoMobilehere are handy links for download and bug information at the top of the testcases to help you out. If you do find a bug, please use the instructionsto report it and add it to your result. Never used the tracker before? Take a look at this handy guide or watch the youtube version.

Once all the kinks and potential issues are worked out (your feedback requested!) the raring based images will become the default, and moving forward, the team will continue to provide daily images and participate in testing milestones as part of the ‘s’ cycle.

Happy testing 🙂

Google outage affects customers worldwide

Gmail, Drive and the central administrative control panel for Google Apps suffered widespread disruptions.Access to several of Google’s most popular web services, including Gmail, Drive and the main administrative console was disrupted for around two hours Wednesday morning.

The first to go down, according to Google’s Apps Status Dashboard, was the Admin control panel, which also provides API access to the company’s web services.

Google dashboard

Google’s press team told Network World that the company is currently looking into the root causes of the service disruptions, and will post additional information when the investigations have been completed.

This isn’t the first large-scale outage for Google’s services in recent weeks – Google Drive suffered three separate disruptions during the week of March 18-22, including three hours on Monday, two more on Tuesday and a hefty 12 hours on Thursday.

Gmail, as well, has had high-profile misfires of late, though they have been comparatively less common. That service went down for about an hour on Dec. 10, 2012, provoking widespread grumbles among the user base.

Nexus7 in India via Google Play Store

Google Nexus7 is now available in India for buying from Google Play.

nexus7

Tech Specs

SCREEN
7″ 1280×800 HD display (216 ppi)
Back-lit IPS display
Scratch-resistant Corning® glass
CAMERA
1.2MP front-facing camera
SIZE
198.5 x 120 x 10.45mm
WEIGHT
340g
WIRELESS
WiFi 802.11 b/g/n
Bluetooth
NFC (Android Beam)
MEMORY
16 GB internal storage (actual formatted capacity will be less)
1 GB RAM
USB
Micro USB
BATTERY
4325 mAH (Up to 8 hours of active use)
OS
Android 4.1 (Jelly Bean)
CPU
NVIDIA® Tegra® 3 quad-core processor
SENSORS
Microphone
NFC (Android Beam)
Accelerometer
GPS
Magnetometer
Gyroscope

For buying click here

Worst Computer data breaches till now

The Identity Theft Resource Center, which tracks disclosed data breaches, has recorded 131 for the first three months of 2013, with 874,667 personal records related to medical, Social Security numbers, payment card and other information exposed.

  • Cbr Systems, a blood-bank operator in California that stores what’s known as cord blood from newborn infants for healthcare purposes, settled Federal Trade Commission charges that inadequate security practices contributed to a breach in 2010 related to stolen equipment that exposed Social Security numbers and payment-card information on about 300,000 individuals.
  • In February, Twitter’s director of information security Bob Lord, said in a blog item that Twitter had detected “unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data” and “one live attack” that Twitter shut down, leading Twitter to suspect “extremely sophisticated” attackers may have access to usernames, e-mail addresses, session tokens and encrypted/salted versions of passwords for 250,000 users. Twitter, as a precautionary measure, reset passwords and revoked session tokens for these accounts.
  • Central Hudson Gas & Electric in New York determined about 110,000 customers may have been impacted by a cyber-security attack, and is working with law enforcement to try and find out if customer personal and financial information was stolen.
  • The Florida Department of Juvenile Justice reported a data breach to the Florida Department of Law Enforcement that occurred because a mobile device — neither encrypted nor password-protected — with records on up to 100,000 employees and youth offenders was taken from a secure DJJ office.
  • Lucile Packard Children’s Hospital at Stanford notified patients that a password-protected laptop containing 57,000 records of medical information on pediatric patients was stolen from a physician’s office.
  • The Department of Health and Human Services in North Carolina disclosed that Computer Sciences Corp., the contractor on its Medicaid billing system, had lost a thumb drive containing information on 50,000 Medicaid providers nationwide.
  • Froedtert Hospital in Wisconsin disclosed a computer hacker may have information on 43,000 patients at its hospitals and some of its clinics.
  • An outside accountant working for the Central Laborers’ Pension Fund and related fund organizations in Illinois lost information on about 30,000 beneficiaries.
  • North Carolina officials warned that Social Security numbers for about 26,000 retired government employees may have been exposed to public view due to the envelopes used in a mailing by the N.C. Department of State in January. Schneider Electric disclosed a similar bulk-mail mistake impacting some of its employees.
  • Salem State University in Massachusetts disclosed a data breach that may have compromised the personal information of an estimated 25,000 current and former employees.The Department of Energy, Savannah River Site, which runs sensitive programs related to nuclear-material storage and energy, said they’re investigating a security breach that allowed access to the personal information of at least 12,000.
  • Savannah River site workers.The Department of Energy, Savannah River Site, which runs sensitive programs related to nuclear-material storage and energy, said they’re investigating a security breach that allowed access to the personal information of at least 12,000 Savannah River site workers.

PostgreSQL database fixes “persistent denial-of-service” bug

Maintainers of the PostgreSQL open-source database have patched a vulnerability that allowed attackers to corrupt files and in some cases, execute malicious code on underlying servers.

The bug, categorized as CVE-2013-1899, opened users to “persistent denial-of-service” attacks, in which unauthenticated hackers could corrupt files in a way that caused the database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable.

The bug also allowed limited users of a PostgreSQL database to escalate their privileges when it was configured in a way that assigned the same name to the user and the database. When those conditions are met “then this vulnerability may be used to temporarily set one configuration variable with the privileges of the superuser,” PostgreSQL maintainers wrote. Such users who also had the ability to save files to the system could also execute malicious code, except in cases where the database is running on the SELinux operating system.

The vulnerability was reported to maintainers on March 12. More details are available in this advisory.

How to install a .bin file

A binary file(.bin) is a computer file that is not a text file, it may contain any form of data encoded in binary form for computer storage and processing purposes.

For installing a .bin file in Unix or Linux systems, follow the steps below.

  1. Make sure the file is executable, 

#chmod +x file.bin

This command gives execute permission for the file.

 2. # ./file.bin

     This will execute the file.

If you want to install this for all users, the file should be executed as a root or superuser

 

 

A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.

A flaw in a library used by BIND 9.7, 9.8, and 9.9, when compiled on Unix and related operating systems, allows an attacker to deliberately cause excessive memory consumption by the named process, potentially resulting in exhaustion of memory resources on the affected server.  This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine.

Please Note: Versions of BIND 9.7 are beyond their “end of life” (EOL) and no longer receive testing or security fixes from ISC.  However, the re-compilation method described in the “Workarounds” section of this document will prevent exploitation in BIND 9.7 as well as in currently supported versions.

For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions.

Additional information is available in the CVE-2013-2266 FAQ and Supplemental Information article in the ISC Knowledge base, https://kb.isc.org/article/AA-00879.

Impact:

Intentional exploitation of this condition can cause denial of service in all authoritative and recursive nameservers running affected versions of BIND 9 [all versions ofBIND 9.7, BIND 9.8.0 through 9.8.5b1 (inclusive) and BIND 9.9.0 through BIND 9.9.3b1 (inclusive)].   Additionally, other services which run on the same physical machine as an affected BIND server could be compromised as well through exhaustion of system memory.

Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition.  Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used.

Workarounds:

Patched versions are available (see the “Solutions:” section below) or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support.

Compilation without regular expression support:

BIND 9.7 (all versions), BIND 9.8 (9.8.0 through 9.8.5b1), and BIND 9.9 (9.9.0 through 9.9.3b1) can be rendered completely safe from this bug by re-compiling the source with regular expression support disabled.  In order to disable inclusion of regular expression support:

  • After configuring BIND features as desired using the configure script in the top level source directory, manually edit the “config.h” header file that was produced by the configure script.
  • Locate the line that reads “#define HAVE_REGEX_H 1” and replace the contents of that line with “#undef HAVE_REGEX_H“.
  • Run “make clean” to remove any previously compiled object files from the BIND 9 source directory, then proceed to make and install BIND normally.

Active exploits: 

No known active exploits.

Solution:

Compile BIND 9 without regular expression support as described in the “Workarounds” section of this advisory or upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads/all.

  • BIND 9 version 9.8.4-P2
  • BIND 9 version 9.9.2-P2

Shared Via  Internet Systems Consortium (ISC)

© 2017 My techbook

Theme by Anders NorénUp ↑