All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

RSA Security 1024 V3: The Unclaimed Root Certificate Mayhem in Firefox

Mozilla security saw a new bug-report filed at bugzilla reporting an unclaimed RSA root certificate. The certificate goes by the name of RSA Security 1024 V3. Both Verisign and RSA have declined ownership of this certificate.

Kathleen Wilson, an active Consultant at Mozilla Corporation has been actively digging through Mozilla security issues. He writes at this Mozilla security Google group saying,

I propose that the “RSA Security 1024 V3″ root certificate authority be
removed from NSS.

OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76

I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.

This issue got everyone worried about this being a rouge certificate. However, later Wilson assured the certificate’s origin by saying,

I have received email from official representatives of RSA confirming
that RSA did indeed create the “RSA Security 1024 V3″ root certificate
that is currently included in NSS (Netscape/Mozilla) and also in Apple’s
root cert store.

He also added that that RSA has since, dropped the root certificate and so should Mozilla. In another mail from RSA, it was told that the private key for this root was safe with RSA. This assures that this flaw was not exploited and now the certificate will be removed from NSS (Network Security Services).

[ Via: LinuxToday ]

HCL Beanstalk is Back With a Bang, Launches New Ranges in India

Do you still remember the much advertised HCL Beanstalk desktop range? Surprisingly it just vanished into thin air a few years ago and was not heard of for long. The good news is, it is back now. HCL India has announced a new range of products out of its Beanstalk powerhouse to cater to the growing demand for better equipped and powerful desktops.

The Executive Vice-President George Paul was quoted saying,

With power-packed features and advanced technologies, the all new range will offer convenience of productivity, connectivity and new entertainment experience.

The return of Beanstalk is a significant step towards expanding our leadership positioning in the high-end desktop space.

He has laid out the pricing for the desktop range to be  between Rs.39,990 to Rs.85,000.

The desktop comes in three variants, the Beanstalk Xtreme,  Beanstalk Classic and Beanstalk Ultima. They feature core-i7 processors and come with Windows 7. This puts them on the cutting edge of technology. The Beanstalk debuted way back in 1995 and it is good to have it back with better features.

Apple iPad Has Been Launched, Get Yours Today

The much awaited Apple iPad launch lived up to its hype. From 9:00 AM today, it is finally available at Apple and Best Buy stores around the country. Long waits are over and people are buying this device, the cheapest of which costs $499 without giving it a second thought.

ipad-launch

CNet has already brought out a review of the Apple iPad. The lines outside the stores explains the frenzy for this new Apple product.

Those who pre-ordered the product got it delivered to their doorsteps. Those with recent plans of buying this product have to rush to the nearest store and get in that line.

CNet and NYTimes have started live blogging on this event giving key updates on the sales and the current happenings at the stores. The first to buy an iPad at Apple’s 5th Avenue store was Richard Gutjahr who is also a blogger.

For more viewer comments and live reviews of first hand customer experiences with the iPad, do not forget to see the live blogs. If you had any reservation regarding the iPad,head over to the nearest store and join the crowd.

Firefox 3.6.3 Patches Pwn2Own Flaw, Back to Security

Mozilla has released a quick update to its flagship Firefox Browser. This release 3.6.3 fixes the security flaws exploited at the Pwn2Own contest. The security flaw discovered at Pwn2Own affected only Firefox 3.6and later versions directly.

firefox-logo

The Mozilla Security Advisor had added this flaw to their website writing,

A memory corruption flaw leading to code execution was reported by security researcher  Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

This flaw was address on April 1st, 2010 by Nils who also happens to be a security researcher. Mozilla has been quick in responding to this zero day exploit. The exploit of this flaw was a big challenge in itself, it being a zero day flaw.

To get the latest secure version of Firefox which has a fix for this flaw, go to Help -> Check for Updates and install the latest suggested release.

Red Hat Enterprise Linux 5.5 Released; Beta Version of RHEL 6 Coming Soon

RedHat has recently upgraded its Linux server product to RHEL 5.5 with many new features and performance improvements. The latest OS from RedHat has improved  Windows Interportability and  Kernel-based Virtual Machine (KVM)  Virtualization which allows running unsupported hardware through an emulator. It also includes support for newer hardware of Intel and AMD.

Tim Burke, vice president of platform engineering at Red Hat, reported to InternetNews.com that,

We overlap on our releases as it takes many years to produce the new version – RHEL 6 – which is currently in development, Within the coming month we’ll have our beta release of Red Hat Enterprise Linux 6.

The hardware is of nominal value until you’ve got the software to enable it and that’s what really shines in RHEL 5.5. We’ve done a huge number of scalability enhancements for both bare metal and virtualization environments.

RedHat will also announce the availability of RHEL 6 in June. This will be the next major version after the release of RHEL 5 in 2007.

One major improvement in RHEL 5.5 is the support for new processor families from Intel (Westmere) and AMD (Opteron). One major feature improvement is the Runtime Allocation which allows processes to scale their memory requirements at runtime. Interportability with Windows 7 has also been improved through improvements in Samba.

Get a 30 days trial version of RHEL 5.5 through the RedHat Network.
(Via: Serverwatch)

Linux Mint 8 Helena Announces the Release of Xfce Version

Linux Mint developers are proud to announce the release of the Xfce version of Linux Mint 8. This latest release features the lightweight Xfce desktop environment and has most of the nautilus features in built.
mint-helena
Based largely on Xubuntu 9.10 Karmic Koala, the Latest Release from Mint team has been built upon Xubuntu. This ensures it has all the features present in Xubuntu and maybe more.

  • The Software Manager has been redesigned. This new software manager allows for displaying more content. Moreover, the package cache is updates automatically and the package size and installation status is also shown in this new Software Manager.
  • The earlier Upload application mintUpload  has been divided into a File Uploader and an Upload Manager. The upload manager allows different transfer protocols like FTP, SFTP etc.
  • Firefox has the stylish add-on inbuilt.
  • The Mint tools branding has been removed to make this tool available and usable across other distros.
  • Mint is using its own repository for Community Edition packages.

You can check the Linux Mint 8 Helena Xfce release notes for a complete changelog.

Linux Mint 8 Helena Xfce supports both torrent and http download.  The download link can be found on this official announcement page.

Download Firefox For Android Pre-Release

We have recently seen a lot of movement in the Firefox world. The mobile version of Firefox was dropped from plan as Windows left no stone unturned to make its own browser, the last man standing on the Windows Mobile 7. Next, Pwn2Own brought out some unresolved vulnerabilities in Firefox.

Following the buzz, today, Firefox is available as a pre-release download from the Android Forum. Although this build is not feature complete, it has the basic bookmarks and some add-on support. The Firefox available is for the Droid and does not run on all handsets equally well. The application is availabe as GeckoApp.

If you want to check out the looks and feel without actually installing the latest Firefox, see this Youtube video for a demo.

(Via: DownloadSquad)

Tech Giants Want There to be a “Digital Due Process” to Access Personal Data

A board of companies including non-profit companies, private companies and others have joined hands to protect the privacy of people over the Internet. The board has tech giants like Google, Microsoft and others as its members. Their presence adds weight to the efforts and plans of the board.

The group has recently announced a reformed Electronic Communications Privacy Act (ECPA) which ensures privacy of individual over the Internet. The act was formulated way back in 1986 and much has changed since. This bill also aims at protecting people from unauthorized law enforcement access to their personal data over the Internet.

The principles of the new plan as laid out by the board stands as,

  1. A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
  2. A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
  3. A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
  4. Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.

This will protect all user data until it is publicly accessible. The Congresss approval will implement them through the ECPA for a better web.

(Via: searchengineland)

Adobe Flash Player and Google Chrome; Just Married

Adobe Flash and Google Chrome got close when Adobe announced the availability of Flash support on Google Chrome. Adobe Flash player will be available on future versions of Google Chrome by default and they will no longer require to download am extra third-party plugin for this.

Further, any update to the Flash player will be delivered as Chrome’s browser update eliminating all security issues.

This adds more security to the already secure Chrome browser. The latest update keeps out any hack attempts and does not annoy users for updates. The flash player can also be disabled easily.

In addition to this, Adobe is also working on a new browser API, which is built on top of the NPAPI of Firefox. The now API will help plugins to integrate more tightly with the host browser. This will also improve sandboxing and provide added security.

The Chromium blog has said,

Improving the traditional browser plug-in model will make it possible for plug-ins to be just as fast, stable, and secure as the browser’s HTML and JavaScript engines.

It is good to see Internet movers and shakers like Google, Adobe and Firefox work together towards a better web.
(Via: Neowin.net)

iPhone Can Turn the Tables; Verizon Market Share Skyrockets After Rumors of iPhone Arriving on Verizon

Verizon Communications is the largest CDMA wireless carrier in the US. A recent rumor of Apple iPhone arriving on Verizon’s CDMA network has sent the sales of Verizon to an all-time high in the last four months.

The Wall Street Journal reported yesterday on this matter saying that CDMA iPhones are already being developed. Now, there is only one possible CDMA network the iPhone can be preparing for and it is Verizon. Both Apple and Verizon have refused to comment on this though.

Analysts have predicted a 3.5 million growth in subscribers if the launch is successful. Craig Moffett, an analyst from New York has said,

There is undoubtedly enormous pent-up demand for the iPhone on Verizon’s superior network. iPhone availability will therefore mean an immediate acceleration for Verizon’s subscriber growth and, conversely, immediate share losses for AT&T.

Last year, AT&T made itself 3.1 million customers with its iPhone deal. AT&T is a GSM based network and is the only competition Verizon and Sprint CDMA networks face. iPhone availability on these networks will weaken AT&Ts position. AT&T already suffers from network congestion. The rumor has given people better hopes of using their iPhones on a better network.
(Via: Businessweek)

Sony PS3 Will Feel the GeoHot Heat; GeoHot Threatens to Release Custom Firmware with Other OS Support

We are all familiar with the genius hacker George Hotz (GeoHot)  for successfully hacking the Sony PS3 three years after its release  and the Apple iPhone jailbreaking. To counter his efforts, Sony has recently announced the latest firmware upgrade for its PlayStation 3. This firmware upgrade has removed the Other OS support which allowed us to install another OS on the gaming console.

Now, this upgrade from Sony has upset many people, especially George Hotz. GeoHot has written in a blog post saying,

I never intended to touch [custom firmware], but if that’s how you want to play…

GeoHot has threatened to release a custom firmware which will enable the support for the Other OS feature. This is a direct threat to Sony and should get it seriously worried. As we all know, GeoHot has it in himself to make this happen and he will if he says so. He has done it in an earlier instance already.

Another important question that GeoHot has raised is that Sony is changing the advertised features on offer with PS3. This may not be legally wrong but it is ethically. The Other OS feature was what made many people buy this powerful piece of hardware. Running  PS3s in clusters gave them near-supercomputer powers for various purposes.

He puts an argument that if a possible exploit is found in iPhone’s Safari browser, the solution does not lie in removing browser support for iPhone! At least, we can have something to learn from Internet Explorer. They can spend a lifetime releasing patches.

(Via: ars technica)

Google Mobile Services in China Moved to Partially Blocked Category

We had earlier covered Google’s decisions on China and the outcomes of this event. Now, Google has started serving partially blocked mobile content in China.  A detailed availability of different services from Google is available at this page. This follows the Google decision to redirect visitors of the Google China homepage to the uncensored Google Hong Kong domain of google.com.hk.

Google has not made itself completely unavailable in China. Some of the services are still available at different levels, marked as having no issues, partially blocked, blocked or information available. The decision to serve mobile content as “partially blocked” was made on the 28th of March at the official update page.

Alan Davidson, director of U.S. public policy for Google  responded on this redirection saying,

We have already seen intermittent censorship of certain search queries on both  Google.com.hk and  Google.com.

Google is struggling hard to maintain its position, authority and integrity after leaving China. Moving out of such a huge market with an  enormous  potential upsets many key people but Google has the guts to raise a voice against a bully.

China, on the other hand is still clinging to comments like,

Google has violated the written promise it made when entering the Chinese market by stopping filtering its searching service and making thinly veiled accusation against China.

Though, one thing is for sure. The Chinese will miss Google services like hell.

Google Adds File Transfer to Orkut and iGoogle Chat, Arriving Soon on GMail Google Chat

Sending files to friends just got easier with chat on iGoogle and Orkut. Google has added a nifty feature in Google Chat on iGoogle and Orkut which allows users to send files to friends, just like in the GTalk chat client.
orkut-file-tansfer
As seen in this image from the Orkut Blog, to use this feature, all you need to do to send a file is go to Actions -> Send a File and select the file. Similarly, to receive a file, confirm the reception and there you go.

Earlier, there were only two options to send files while chatting. One, was to use the GTalk chat client and secondly, we could email the file. This method of file transfer allows for a much close integration with the native Google chat.

The post on the official Orkut blog has given confirmed reports that this feature will appear on GMail soon.  It is a surprise to see this basic feature appear only after advanced features like video chat. Though, as the saying goes, better late than never.

Photoshop’s Content Aware Fill Rant Finally Matches GIMP’s Age Old Feature

On one hand, when the whole Internet is going crazy about the new feature of  “Content Aware Fill” in the latest Photoshop available with Adobe CS5, Gimp, which has had this feature, is remaining quiet.

The latest feature in Photoshop was demoed by Photoshop product manager Bryan O’Neil Hughes. You can see the  Content Aware Fill preview video on Youtube. Basically, with this new feature, we can remove an object from an image safely. Photoshop will automatically create a background with a suitable fill.

Apart from that Photoshop features many new selection technologies and texture generation algorithms. According to the countdown on the homepage, the release is due 19 days from now.

Resynthesizer in Gimp has had this feature from a long time. Add the Gimp resynthesizer to your Gimp with the command:

sudo apt-get install gimp-resynthesizer

Joey at OMG!Ubuntu has posted images of how well this feature works in Gimp. The object removed here is a tree which is definitely harder to remove than regular shapes.

(Via: OMG!Ubuntu)

PS3 Latest Firmware Removes Support for Linux and Other OS

The latest firmware release for PS3 from Sony will remove the “Other OS” feature. The update is scheduled to arrive on the 1st of April. Do not go by that date because Sony has confirmed that this is not an April Fool’s Day joke.

The update which is scheduled to arrive on Thursday this week will not be mandatory though. It will be an optional upgrade but those using the older firmware will be devoid of many features of the latest 3.21 firmware. Sony says it has released this update for security concerns.

Though, after the PS3 hack by the famous iPhone hacker, this looks more like an insecurity concern.

For those going for this update,

  • You will not be able to use another OS on your PS3.
  • No more playbacks of unsupported formats like MKV.
  • No more interesting PS3 hack reports.
  • No more fun.

If you are planning on not using this update,

  • You will miss out on all the security Sony will probably talk about.
  • You will not be able to play the latest games requiring the latest firmware.
  • You will not be able to play Blu-ray discs.
  • You will not get access to PSN (PlayStation network) anymore.

Gaming consoles like PS3 are a power juice machine and are used in researches as well. The removal of Other OS feature will affect many more communities apart from gamers.
(Via: Techherald)