Entries with tag open source software.

Bug Leaves Linux, Open Source Users at Risk

Security researchers have discovered a new vulnerability in open source software that attackers could exploit to launch malware attacks. Developers have since released a patch for the bug in the GnuTLS cryptographic code library, which could place Linux and other open source software users at risk for problems such as buffer overflow attacks. GnuTLS is an open-source implementation of Internet encryption protocols including Secure Sockets Layer; Transport Layer Security; and Datagram Transport Layer Security, used in various Linux distributions. An infected server could exploit the vulnerability during the handshake between the Secure Sockets Layer and Transport Layer Security, culminating in the crash of vulnerable clients. It could also allow attackers to execute code on the system. The vulnerability was reported by Joonas Kuorilehto, a principal systems engineer at Codenomicon, the same vendor of vulnerability-testing tools responsible for finding the Heartbleed flaw in the OpenSSL Internet-security protocol earlier this year. (Ars Technica)(PC World)(Red Hat Bug Tracker)

Consortium Addresses Heartbleed Flaw and Other Open Source Software Issues

In the wake of the discovery of a serious flaw in the popular OpenSSL Internet-security protocol, a consortium of large technology companies—including Amazon, Cisco Systems, Dell, Facebook, Fujitsu, Google, IBM, Intel, and Microsoft—is pledging funding and support for improving open source software projects. Linux Foundation executive director Jim Zemlin founded the Core Infrastructure Initiative in response to the Heartbleed vulnerability in OpenSSL, a critical open source protocol that many websites use. Each founding partner will donate $300,000 to the group during the next three years three years. The consortium will support underfunded open source software projects and design a framework for developing such software. The initial efforts will focus on OpenSSL. (Reuters)(CNET)(Core Infrastructure Initiative @ Linux Foundation)

DARPA Goes Open Source

DARPA has placed some of its sponsored research data online and made it available to the public through its Open Catalog, which contains a list of the US Defense Department agency’s available software and peer-reviewed publications. The information has not traditionally been easy for interested researchers to find. The response to this criticism was the creation of this site, which currently includes links to peer-reviewed publications from DARPA’s XDATA open source software library for big data. The agency says it is making the information public to increase “the number of experts who can help quickly develop relevant software for the government” and eventually incorporate some of the software into their own products. Should the R&D community prove interested, DARPA said, it will release additional information from other programs including Broad Operational Language Translation (BOLT) and Visual Media Reasoning (VMR). The DARPA Open Catalog is at www.darpa.mil/OpenCatalog/index.html.  (PC Mag)(WIRED)(The Verge)(DARPA)
 

UK Government Plans Move to Open Source Software

UK politicians are proposing government offices shift to open source software to save money. Ministers report the government has spent £200 million on Microsoft Office alone since 2010. Cabinet Office Minister Francis Maude said it could reduce much of that expense by moving to applications able to create open document format files, such as OpenOffice and Google Docs. Maude added that this will also help departments more easily share information with one another and the public. (SlashDot)(The Guardian) 

Open Source Project Tackles Secure Password Storage


A newly launched open source project aims to help users safely store their online security credentials, particularly long, complex passwords. The project aims to combine hardware and software to solve the problems caused by users selecting insecure passwords, according to Mathieu Stephan, an electronics engineer at encryption vendor ID Quantique who will head the as-yet-unnamed project. The goal is to help users generate long, complex random passwords for the different websites they regularly access, which helps protect the user’s information from being compromised. Recent analysis of stolen passwords shows people are not good at selecting their own passwords, which makes them vulnerable to data or identity theft. The project seeks community input throughout the development of the device. As planned, the new technology will include a smart card and a device—able to store Advanced Encryption Standard (AES)-256-encrypted passwords and keys to help users secure their online credentials—that users can connect to a computer via USB. (SlashDot)(Hackaday)(IEEE Computer News Feed – December 2, 2013)

Google Broadens Reward Program Again

Google has expanded its Patch Reward Program, which is given to developers who proactively improve their open source software. Among the additions to the program are Web servers such as Apache and httpd; the OpenVPN application for implementing virtual private networks; and the Android Open Source Project, a Google-led initiative that has produced a software stack for a wide range of mobile devices. Last month, Google started providing incentives between $500 and $3,133.70 for proactive improvements to open source software, as opposed to patching a known bug. (SlashDot)(The Next Web)(Google)
 

Linux Proponents Fight Patents Threatening Open Source Software

A group known as Linux Defenders is using the law to identify and fight US patents that, they say, threaten Linux and other open source software. The group—which the Open Invention Network, Software Freedom Law Center, and Linux Foundation created—is using the recently passed America Invents Act to examine newly published patent applications. If one appears as if it could cause problems for open source software, Linux Defenders files defensive publications, documents describing existing technology that would invalidate some of the pending patent’s claims, to be read by US Patent and Trademark Office examiners during the review process. Linux Defenders has filed about 200 of these defensive publications. The concern is that either the granting of broad patents or those duplicating existing open source technology could damage open source applications. The threat is very real. “One good loss at trial on a serious set of patents could make Red Hat go away. It would be gone,” Tom Callaway, Red Hat's Fedora engineering manager, told Ars Technica. “That’s the seriousness of patents and that’s how chilling they are on our industry.” (SlashDot)(Ars Technica)
 

Open Source Software Used for Bioimaging Cells

Finnish and German researchers have developed open source software designed to make processing bioimaging data easier. BioImageXD will help scientists analyze cell and tissue functions, including the way molecules move and bond. They say it could enable scientists to better understand concepts such as how cancer cells spread or how targeted drugs enter cells. The software does not require users to have programming skills to create new analysis methods, simultaneously process thousands of images, or analyze millions of molecules. The application is important because although there have recently been significant advances in microscopy and 3D imaging, the software used for such work has not kept pace. The University of Jyväskylä, Max Planck Institute of Molecular Cell Biology and Genetics, and Turku Centre for Biotechnology have contributed to the development of BioImageXD over the past decade, with funding from the Academy of Finland, the EU, and the Finnish Funding Agency for Technology and Innovation. A forthcoming special issue of Nature Methods on biomedical imaging will feature the research. (Science Daily)(Academy of Finland)
 

Showing 8 results.