18104844
submission
solardiz writes:
Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source.
6932204
submission
CWmike writes:
Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. None affect Windows 7, the company's newest operating system. Of today's 15 bugs, three were tagged "critical" by Microsoft, while the remaining 12 were labeled as "important," the next-lowest rating in the company's four-step severity scoring system. Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows with the exception of Windows 7 and its server sibling, Windows Server 2008 R2. "The Windows kernel vulnerability is going to take the cake," said Andrew Storms, director of security operations at nCircle Network Security. "The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario." Richie Lai, the director of vulnerability research at security company Qualys, agreed. "Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver."
6929856
submission
Sam writes:
Ars Technica reports: Microsoft has pulled the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open-source code in a way that violated the GNU's General Public License (GPL). Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool (WUDT) from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. "We apologize to our customers for any inconvenience." The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.
