Richard Stallman, the pioneer of free software, has asked a South American free software association to not promote Ubuntu at any event, giving reasons that it “spies on its users” by collecting desktop search activity, and then handing it over to Amazon.
Canonical, developers of Ubuntu, a Linux-based operating system, released version 12.10 with the desktop search last October. Users can opt out of this, in which Canonical claims it retrieves anonymous user data, which is shared with third parties.
After calling Ubuntu spyware, it seems it might be a ridiculous banter by Stallman. It may not be spyware, but it’s no surprise any software collects data. Wouldn’t you be shocked if you found out software didn’t collect data?
A lot of heated criticism has been over this desktop search, however, Stallman’s request was declined. The FLISOL event organizer stated that users should have freedom of choice. As we know, limited freedom of choice is bad when it comes to software.
Whether Stallman wants Ubuntu promoted anymore is irrelevant to the fact that Ubuntu is one of the fastest growing distros of Linux.
Adobe has released its emergency patch after a string of events in the past nearly ten days on dealing with a zero-day vulnerability. This was originally reported by FireEye in a blog post.
The FireEye blog stated the following:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
After that was published, the FireEye researchers sent the bug report & sample to Adobe. Soon after, Adobe released a notification that there is a problem.
Eventually, Adobe detailed this past weekend that a patch would be available next week…well it’s here.
Adobe released its patch yesterday, in efforts to remediate the situation.
According to Adobe, the following versions are now available:
- Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
- For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
- For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
- Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
- Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
- Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
- Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.
Google released a new update for the stable version of Chrome, now at version 23.0.1271.97. All of the supported platforms have an update: Windows, Mac, Linux, and Chrome Frame.
One the issues fixes is involved with a website settings popup having texts trimmed under certain conditions. Another problem fixed involves a Linux bug and consists of <input> selection rendering white text on a white background making the string invisible. Also, repaired is the issue with plugins such as Google Voice and Unity Player that would stop working. This revision also includes the latest version of Adobe Flash.
Check for the latest Chrome download on www.google.com/chrome or in the Chrome browser, hit the settings button on the top right, select About Google Chrome. Usually, Google Chrome updates are automatically applied using Google Updater.
Linux users and developers alike can expect some trouble with a new rootkit on the move. This time, it’s working as an iFrame attack on HTTP servers. The sample itself is pretty dynamic overall, and has the ability to infect Linux successfully AND hide its presence on the system.
The attack is characteristic of a drive-by download scenario, in which the rootkit attempts to attack an HTTP server through iFrame-related injections. Now for the dirty details…
- Attempts to ‘call’ modules in the file system by using set_http_injection_conf, start_get_command_web_injection_from_server_thread, cs:start_get_command_web_injection_from_server_value, hide_folder_and_files, hide_process_init, etc.
- It currently works on Debian Squeezy kernel version 2.6.32-5-amd64 (at least it matches).
- Unstripped coding size is 500K.
- Some functions are not fully working, so some have assumed it is in development stages or not fully complete.
- Adds startup entry to /etc/rc.local script:
- Uses one of two methods to retrieve kernel symbols to /.kallsyms_tmp:
/bin/bash -c cat /proc/kallsyms > /.kallsyms_tmp
/bin/bash -c cat /boot/System.map-`uname -r` > /.kallsyms_tmp
- Other than that, it does a good job trying to hide files/folders/processes/etc.
- The inject mechanism is neatly designed as a PHP script, which is pretty common for contemporary injections.
- Substitutes the TCP building functions by tcp_sendmsg to its own function.
- Once the C&C callback is done on the command server, the command server sends back malicious code specific for the situation.
- Probably being used in cybercrime operations rather than just targeted attacks.
- A Russia-based attacker is likely. Experts are not revealing any names, and seCURE Connexion has no information sadly.
- This was discovered on Seclists’s Full Disclosure Mailing List.
Election Day brings Adobe’s critical updates for Flash and AIR, so update today to fix seven (7) vulnerabilities.
Updates are currently available as follows:
- Windows & Mac – 11.5.502.110
- Linux – 184.108.40.206
- Android 4.* – 220.127.116.11
- Android 3.* & 2.* – 18.104.22.168
- Google Chrome automatically updates the Flash version built in.
- Windows, Mac, SDK for iOS and Android – 22.214.171.1240
Be sure to download the Flash updates for both Internet Explorer, and then for Firefox/Safari/Opera/Other browsers.
Also, note Windows Update will help install the updates in Windows 8/IE 10, reference here
Adobe has released a critical update for Shockwave Player after several serious vulnerabilities were found.
- Users of 126.96.36.1997 and earlier versions should now update to version 188.8.131.528 – Update Now
- Updates are available for Windows and Mac systems.
- There is no active propagation of exploits.
- Check to see if you have Shockwave Player.
- Shockwave Player is not the same as Adobe Flash Player, which update October 8.
- Check release notes.
- Uncheck the Norton Security Scan, if it shows.