Put away the pitchforks, penguin fans, we're not hating on Linux or dropping a deuce on open-source software in general (you're welcome for the visual). What we're referring to is an actual distro called "Damn Vulnerable Linux," which is not like any other Linux distro you've seen before.
"Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't," the DVL website explains. "Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop -- it's a learning tool for security students."
Like many Linux distros, DVL can be used as a Live CD or installed on your system, preferably a virtual machine. According to DVL's website, the distro contains "older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons," as well as an assortment of tools to help you break apps running on these services.
"The main idea behind DVL was to build up a training system that I could use for my university lectures," explains Dr. Thorsten Schneider, who conceived the project. "My goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, bug overflows, shellcode development, Web exploitation, and SQL injection."
A few days ago, Microsoft revealed that it had sold 150 million Windows 7 licenses since the OS first hit the market, making it the fastest selling operating system in history with a 7-copies-per-second sales rate. Going a little further back in time, Steve Jobs suggested at the D8 conference that the PC's days as the most dominant force in computing might be numbered. He even likened PCs to trucks: “PCs are going to be like trucks. They're still going to be around, they're still going to have a lot of value, but they're going to be used by one out of X people.”
While Jobs' prognostication was rebuffed at the very same event by Microsoft CEO Steve Ballmer, the debate is likely to persist deep into the future. Now, Microsoft is again blowing its own vuvuzela.
Frank X. Shaw, Microsoft' corporate vice president of Corporate Communications, was full of big numbers in a recent blog post avowedly inspired by “the Windows 7 milestone.”Although the blog post highlighted Microsoft's success across a wide array of businesses by citing relevant statistics, it was also meant to remind ambitious rivals like Apple that Microsoft is not, after all, going to hell in a “Truck.”
Shaw pointed out that while Apple is expected to sell 7 million units of its “groundbreaking” tablet this year, PC sales are expected to top 350 million units. He even reminded Apple that it still trails Nokia and RIM in the global smartphone market. Shaw was so determined to target Apple that he conveniently overlooked the fact that Microsoft remains a fringe player in the smartphone market - someone clinging onto dear life by the skin of its teeth.
The initial buzz surrounding Chrome OS became a bit watered down the moment Google bared its cloud- and Linux-based operating system to peering eyes at a special event last November. Skeptics have been wondering whether the world is prepared for a cloud-based operating system. Leave aside the question of humanity's preparedness, doubts have also been cast on the product itself, with some doubters even writing it off as being little more than a glorified web browser.
But PC vendors can not ignore Chrome no matter what the skeptics have to say, for a bad bet might be better than no bet at all. According to a Reuters report, quoting a top Dell executive, the PC vendor is not going to be a mere spectator when Chrome OS debuts in the “late fall.” Amit Midha, Dell's president for Greater China and South Asia, has revealed that his company is currently discussing shipping Chrome OS netbooks with Google. Midha told Reuters that Dell wants to be at the vanguard of innovation.
According to a bulletin from Adobe Labs, Adobe Systems has decided to halt the development of the Labs program of Flash Player 10 software for 64-bit flavors of Linux. Adobe insists this is only temporary, as well as necessary in order to making significant architectural changes and beef up security.
"We are fully committed to bringing native 64-bit Flash Player for the desktop by providing native support for Windows, Macintosh, and Linux 64-bit platforms in an upcoming major release of Flash Player," Adobe added. "We intend to provide more regular update information on our progress as we continue our work on 64-bit versions of Flash Player. Thank you for your continued help and support."
According to InfoWorld, an Adobe representative expressed the same sentiment, saying that the company is not killing development, and instead working to improve the underlying code for this version of the runtime.
The tech media has gone into full "told you so" mode after it was discovered that hackers managed to plant a Trojan in the popular Unreal IRC server, proving that Linux users need to worry about malware too.
"This is very embarrassing... We found that the Unreal188.8.131.52.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it," an announcement on the Unreal IRC forum states. "This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."
While a single outbreak doesn't constitute an insecure OS platform by any stretch of the imagination, perhaps the media has a point. The announcement goes on to state that the "replacement of the.tar.gz occurred in November 2009 (at least on some mirrors," which means it took nearly a year for it to be noticed. What most of the write-ups are insinuating -- and we'll just come out and say it -- is that perhaps this was left unnoticed in the Linux community because of an arrogance that suggests the open source OS is impenetrable. Obviously that isn't the case, but despite reports you may read elsewhere, the opposite isn't true either -- Linux users needn't worry that the sky is falling because of one high profile outbreak.
Why build your own Linux-based quick-boot OS when you can just snatch one up for someone else? That seems to be the philosophy with HP, which will grab the HyperSpace software from Phoenix for about $12 million, Phoenix said.
Like other quick-booting OSes, HyperSpace is built around Linux and loads within a few seconds. HyperSpace, Splashtop, and other similar software are ideal for users who want to quickly surf the web, fire off an email, view an image, or perform other basic tasks in a hurry without waiting for Windows to load, which can take up to several minutes, depending on how old the machine is and what shape it's in.
In addition to the OS, HP will also buy the assets surrounding HyperCore, an embedded hypervisor that allows HyperSpace to run certain core services along with the Windows OS, Networkworld.com reports. Phoenix expects to close the transaction by the end of the month.
It's already a foregone conclusion that Google's Android OS will hop in the handheld tablet ring with Apple's iPhone OS and duke it out for tablet supremacy, and despite canceled products like HP's Slate and Microsoft's Courier, some still believe it will be a Windows 7 device that knocks the iPad from its perch. But what about Ubuntu?
Fear not, Canonical fans, because the open-source software maker has every intention of competing in the tablet space and is busy readying a version of Ubuntu for slates.
"The devices world is a really exciting space right now and we're really bullish on it," said Chris Kenyon, Canonical's vice president of OEM services. "Hats off to the iPad team for doing what they did."
As Kenyon explains it, the OS will be a slimmed down version of Ubuntu 10.10 with a simplified, touch-friend user interface.Canonical is currently in talks with tablet makers and component manufactures to make the OS run faster while consuming less power. If all goes to plan, expect to see Ubuntu-based tablets start to materialize in the first quarter of 2011.
Here's a scary thought - you may soon have to worry about security on your smartphone just as you do on your PC. Up to this point, cell phone security has almost been an afterthought, at least in the public's eye, but that's about to change. Two researchers from Trustwave -- Nicholas J. Percoco and Christian Papathanasiou - are scheduled to demo a rootkit running on an Android-based smartphone at the Defcon security conference in Las Vegas next month.
"We have developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number'. This ultimately results in full root access on the Android device. This will be demonstrated (live)," the two researchers wrote.
As the security duo point out, "the implications of this are huge." With full rootkit access, attackers would be able to read all SMS messages on the phone, drive up long distance phone bills, and could even hunt down the owner's exact GPS location. The flexible rootkit can be installed over-the-air or alongside a rogue app, the researchers says.
Percoco and Papathanasiou didn't say exactly how they were able to bypass Android's security measures to install the rootkit in the first place, but did say why they zeroed in on Android.
"Android forms a perfect platform for further investigation due to its use of the Linux kernel and the existence of a very established body of knowledge regarding kernel-level rootkits in Linux," they wrote.
A new report from security expert Bernard Marienfeldt illustrates a fairly big security hole in the way the iPhone secures user data. When plugged into a Windows or OSX box, and iPhone will only display the DCIM pictures folder. But on the newest Lucid Lynx build of Ubuntu Linux, users can get full read access to the phone. If you think setting a security PIN will help, you're wrong - it doesn't seem to do a thing.
This doesn't require the phone to be specially configured, or compromised in any way. Part of the problem is that in order to make syncing easier, the iPhone does not need any software switches to be flipped in order to exchange data with a computer. Another problem that allows this bug is the iPHone's lack of data encryption.
Marienfeldt says that full write access may be easy to gain as well with further investigation. If this is accomplished, an unauthorized party could access phone functions like calls and text messaging. The real lesson here is that maybe enterprise users should think twice about deploying iPhones. Does this change to calculation for anyone out there?
Google Chrome 5 has finally graduated from beta and is now a stable release, Google announced in a blog post on Tuesday. The latest version of Chrome also happens to be the first stable release for Linux and Mac users.
"Today’s stable release also comes with a host of new features," Google said. "You’ll be able to synchronize not only bookmarks across multiple computers, but also browser preferences -- including themes, homepage and startup settings, web content settings, preferred languages, and even page zoom settings. Meanwhile, for avid extensions users, you can enable each extension to work in incognito mode through the extensions manager."
In addition, the Chrome 5 browser incorporates several HTML5 elements, including Geolcation APIs, App Cache, web sockets, and file drag-and-drop, Google said. To try some of these features out, you can navigate to HTML5 specific websites like scribd.com, or head over to your Gmail account and drag and drop attachments.
Not included in Chrome 5 is Adobe Flash integration, though Google says this will change with the full release of Flash Player 10.1.