•   Distro Watch
•   Linux Today News Service
•   News for nerds, stuff that matters
•   The O'Reilly Network ONLamp Articles and Weblogs

Source: LinuxTracker.org

Category: Kubuntu Size: 663.78 MB Status: 20 seeders and no leecher Added: 2007-07-14 14:08:38

Source: LinuxTracker.org

Category: Ubuntu Size: 697.13 MB Status: 8 seeders and 2 leechers Added: 2007-07-14 14:05:59

Source: LinuxTracker.org

Category: Helix Size: 700.61 MB Status: 4 seeders and 7 leechers Added: 2007-07-14 13:27:50

Source: LinuxTracker.org

Category: UbuntuStudio Size: 867.54 MB Status: 7 seeders and 2 leechers Added: 2007-07-14 09:29:46

Source: freenas

A new beta release of FreeNAS, a tiny FreeBSD-based operating system providing free Network Attached Storage (NAS) services, is now available. From the release notes and changelog: "Lot's of things has been changed in this release. The proprietary boot sequence has been replaced by the FreeBSD used sys5init .

Source: pioneer

Technalign has announced the second beta release of Pioneer Explorer 1.0, a desktop Linux distribution based on Ubuntu: "Beta 2 is a self-booting Live CD originally based on Kubuntu that allows you to test the operating system before installation. Explorer includes additional wireless support out of the box .

Source: ark

The Ark Linux team is pleased to announce the immediate availability of Ark Linux 2007.1-rc1: "There have been many changes since the previous 2006.1 release - all components have been updated to current versions (for example, Ark Linux 2007.1-rc1 includes KDE 3.5.7, OpenOffice.org 2.2.1, Linux 2.6.22-rc6, glibc 2.6, .

Source: helix

Helix is a KNOPPIX-based live CD with a large collection of tools dedicated to incident response and forensics. Drew Fahey has announced the availability of version 1.9: "Version 1.9 has been officially released. This is not a large update due to work going on for version 2.0 but .

Source: Linux Today

Legal Technology Blog: "However, a couple things have happened recently that have led me to believe that, even if not in 2007, then by the end of the decade, Linux will have its year "

Source: Linux Today

A Day in the Life of an Information Security Investigator: "So I'm having a conversation on the phone with Scrap this morning and he relayed this little story from his adventures as a professor of information security studies at a local school " (Humor)

Source: Linux Today

DesktopLinux: "The so-called $100 laptops the OLPC is building and distributing 'won't be powerful enough to make much of a difference in their lives,' Dell said "

Source: Linux Today

Mozilla Links: "All European countries saw an increase in Firefox participation with Hungary showing the most dramatic increase from 27.2%, in the latest March 2007 survey, to 39.7% ."

Source: Linux Today

CNET News: "I have to say I'm disappointed. CentricCRM released a significant chunk of code under an OSI-approved open-source license, yet still doesn't seem to appreciate that open source means something to the community, and to the industry "

Source: Linux Today

Linux In Novell's East Region: "Talk about a controversial topic, file managers can get people fighting and arguing almost as much as discussing why VIM is so much better than EMACS "

Source: Linux Today

M-net: "M-net has closely followed open source software's recent journey from the wilderness to well, to the edge of the mainstream at least "

Source: Linux Today

KernelTrap: "Included in Andrew Morton's potential 2.6.23 merge list were a series of patches to make the x86-64 architecture tickless "

Source: Slashdot: Linux

dgcrawford writes "A growing, 100-person company I work for is looking to integrate a Human Resources Management System into their Linux computer base. Does anyone have experience with any products that fit this need? Does it interface well with payroll, applicant tracking, maybe even finance and stock or other non-monetary compensation? I realize most of you would look at this from an IT point of view, but how did the system work across fields? And how important/useful did you find this interoperability?"Read more of this story at Slashdot.

Source: ONLamp.com

URI Use and Abuse written by my good friends Billy Rios, Nathan McFeters, and Raghav Dube (affectionately known as “baby Dube”) exposes how web browsers and applications fail to sanitize URIs leading to remotely exploitable conditions.
Billy started the ball rolling (after deriving inspiration from Thor’s Safari URI handling disclosure) when he discovered a remotely exploitable vulnerability in the firefoxurl handler. An example of his this can be exploited in IE is available from Billy’s disclosure: Click on this from IE to spawn cmd.exe (remote execution). Note: cmd.exe will spawn regardless of any IE or Firefox dialogs.
Next up, Trillian: Click here if you have Trillian installed (a file named pwnd.bat will be written to your Windows startup folder to spawn calc.exe when the system is restarted).
These are just two examples of the kinds of security vulnerabilities caused due to lack of sanitization performed by URI handlers. See the references below for more details:

Thor’s post on Safari (windows) 0-day caused by improper URI handling
Billy Rios’ firefoxurl URI handling disclosure
Billy, Nate, and Raghav’s Trillian disclosure
Paper by Billy, Nate, and Raghav explaining URI handling vulnerabilities

These findings are extremely high impact, and therefore of Critical risk to any individual or organization. In order to fix these issues, all browsers and applications that expose and handle URIs must be audited and patched. Furthermore, millions of users who have these applications installed must upgrade to the patched versions so they are no longer vulnerable. This is going to take a while to happen, and I therefore suspect that people are going to be vulnerable to these high impact findings for the next few months, if not years.