サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
やる気の出し方
www.h-online.com
Although The H has produced many widely read stories, it has not been possible to effectively monetise that traffic to produce a working business model. Because of this, after four and a half years as The H and six years online, The H is, sadly, closing its doors. We thank all our readers for their deep interest and engagement. Work is taking place to create an archive to ensure that the content o
"Linux for Workgroups": Linux 3.11's feature set now confirmed The modified boot icon of Linux 3.11-rc1. Source: Source code of Linux 3.11-rc1 Substantially improved support for the power management features of modern Radeon graphics cores is among the major new additions of the now available first release candidate of Linux 3.11. For this release, Linus Torvalds changed the code name from "Unicyc
Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond. A reader informed heise Secu
The popular WordPress caching plugins WP Super Cache and W3 Total Cache, with around six million downloads between them, have both been found to have a vulnerability that allows remote users to use them to execute arbitrary PHP on the server. Cache plugins are designed to relieve the load on WordPress sites by saving the latest versions of pages in memory and serving the saved version to users fro
VirusTotal's interface when scanning network traffic will be familiar The popular VirusTotal service, which can run more than 20 anti-virus scanners over a sample in one pass, can now also look for signs of malware infections in captured network traffic. To perform a check, users upload network packets that are captured in the common PCAP format instead of sending VirusTotal the more traditional s
Adam Gowdiak, who has made a name for himself by finding flaws in Java, has reported a new vulnerability. Security issue 61, according to Gowdiak's tally, affects current versions of Java SE 7, including the very latest release version 1.7.0_21-b11. The hole is once again present in the Reflection API and allows attackers to completely bypass the language's sandbox to access the underlying system.
by Fabian A. Scherschel For a large number of information collectors and collators on the internet the current challenge is to find a replacement for the Google Reader service. The H's Fabian Scherschel has looked at what functionality made Google Reader popular and what are the current best alternatives to the Reader experience. When Google announced it would be shutting down Google Reader, the c
The new kernel.org look Experimental RAID 5 and 6 support in the still experimental Btrfs will be one of the major new features of Linux 3.9, expected to arrive in late April. This has become apparent because Linus Torvalds has now issued the first release candidate of Linux 3.9 which, as usual, closes the Linux development cycle's "merge window", the phase during which the developers integrate th
by Thorsten Leemhuis Improved graphics drivers and a new filesystem for flash disks are two of the most important changes in Linux 3.8. Kernel developers have also made improvements to btrfs and ext4 and merged a number of new drivers. "Unicycling Gorilla" is the code name for Linux 3.8, released today by Linus Torvalds after ten weeks of development. The name is once more derived from an event in
Booting Linux using UEFI just once on various Samsung laptops is enough to permanently stop them working. Several reports have been posted on the Ubuntu bug tracker, but the problem is likely to also be present in other Linux distributions, as it appears to be caused by a kernel driver for Samsung laptops. Kernel developers are currently discussing a change which would disable the driver when boot
The Gentoo developers are working on a udev fork based on the code of a current systemd variant of udev. Initially called udev-ng and subsequently renamed eudev, their fork is designed to allow a system to be started even if the /usr/ directory hasn't been mounted yet. Systemd does not officially support this functionality and warns if it detects it – according to the developers, one of the reason
by Thorsten Leemhuis Linux 3.7 introduces a range of Btrfs performance improvements. The kernel now supports the SMB data exchange protocol that recent Windows versions use, and it offers discard functionality for software RAIDs, which is important for SSDs. Last weekend, Linus Torvalds released the fifth release candidate for Linux 3.7; he was happy to point out that only a few, mostly minor, cha
Interview: Linus Torvalds – I don't read code any more with Glyn Moody I was lucky enough to interview Linus quite early in the history of Linux – back in 1996, when he was still living in Helsinki (you can read the fruits of that meeting in this old Wired feature.) It was at an important moment for him, both personally – his first child was born at this time – and in terms of his career. He was a
Vulnerability scanning with the OWASP CSRFTester by Stefan Schurtz When a malicious web page reconfigures a router or sets up forwarding in a webmail frontend, the culprit is usually a cross-site request forgery. OWASP's CSRFTester hunts down this kind of vulnerability. A cross-site request forgery – CSRF or XSRF for short – is a technique for indirect attacks, similar to cross-site scripting (XSS
LinuxCon Europe name tag of a former AMD employee As part of a process to reduce its staff by 15 per cent, AMD has closed the Dresden, Germany-based Operating System Research Center (OSRC) and dismissed the centre's employees. First indications of this move already surfaced last week, when several OSRC developers had announced on the Linux kernel developers' mailing list that they will no longer b
After clicking on "Visit Google Drive on the web", users are automatically logged into their Google account without having to enter a password The Windows and Mac OS X desktop clients for Google's Drive file storage and synchronisation service open a backdoor to users' Google accounts which could allow the curious to access a Drive user's email, contacts and calendar entries. The sync tool include
A Mozilla project, Sweet.js, is setting out to sweeten JavaScript development by giving users hygienic macros to work with. Hygienic macros are macros that will not expand into anything that will interfere with the other code in a program, for example, by not capturing variables. This makes them unlike the macros found in C-based languages which are just text-wise expanded. Hygienic macros are typ
At the DerbyCon 2.0 conference, security experts Laszlo Toth and Ferenc Spala presented a range of attacks, some of which were previously unknown, on Oracle databases and SQL servers; they even released suitable tools to exploit them at the same time. In "Hacking the Oracle Client", Laszlo Toth demonstrated that, although Oracle saves the user name and password for a database connection in encrypt
Researchers have discovered that, where data sent over an encrypted HTTPS connection has undergone prior compression, the door is opened to attackers who, by modifying the data traffic in a targeted manner, are then able to crack the encryption. Compression is supported by almost half of all web servers, including the servers at many prominent organisations such as Google and Twitter. Browser make
The new Java 0Day examined Update - Oracle has now released fixes for this vulnerability. A first analysis of the Java 0Day exploit code, which is already publicly available, suggests that the exploit is rather hard to notice: at first glance, the dangerous code looks just like any other Java program with no trace of any exotic bytecode. According to Michael Schierl, who has discovered several Jav
The development branch of the GNU Compiler Collection (GCC) now includes the major modifications that provide a C++ re-implementation of the C code that was originally accumulated when the collection was first created. Before this re-implementation, the code used in stage 1 of GCC build process was implemented in the C programming language. The code used in stages 2 and 3 of the GCC build process
Developer Joey Hess, a member of the Debian Installer Team, has made a change to the tasksel Debian component that is used during the installation of Debian; the modification causes the software to install Xfce instead of GNOME as the distribution's standard desktop. Shortly afterwards, another modification defined Lightdm as the default log-in manager, replacing GNOME's GDM. Unless the developers
The new version of Burp Proxy is designed to improve the analysis of encrypted SSL connections on Android phones. Developers and security researchers like to use Burp Proxy to examine the web traffic on PCs, and lately also on smartphones. For example, The H's associates at heise Security recently used Burp to analyse the activities of various smartphone apps for c't magazine. To analyse web traff
The Uplay copy protection system from the game publisher Ubisoft comes with a browser plugin that tears a huge security hole in the computer. It is possible for attackers to use a few lines of JavaScript to persuade the plugin to launch arbitrary processes – the potential victim only needs to open a specially crafted web page. The problem was discovered by Google security expert Tavis Ormandy, who
After some months of development work, Dale Harvey has announced that the PouchDB "pocket-sized database" is now alpha software and has a web site. PouchDB is based on the work of Apache CouchDB and gives a developer access, through a simple API, to store and retrieve JSON objects and documents. Because the API is similar to that of CouchDB, PouchDB can synchronise with CouchDB instances or other
A tough nut to crack - the text version of reCAPTCHA requires users to enter words from scanned books Hackers developed a script which was able to crack Google's reCAPTCHA system with a success rate of better than 99 per cent. They presented the results of their research at the LayerOne security conference in Los Angeles last weekend; however, their demonstration was somewhat frustrated as, just a
PostgreSQL 9.2 beta improves scalability, adds JSON The beta release of version 9.2 of the open source PostgreSQL database has been announced by the PostgreSQL Global Development Group, promising major improvements in performance that enable better horizontal and vertical scalability. One new optimisation – index-only scanning – allows searches to avoid reading the underlying tables and instead se
Roland McGrath has announced that the GNU C Library (glibc) Steering Committee is dissolving. The direction of the project will now be governed more informally by a team led by the current maintainers. McGrath, who is the initial founder of the project, will be leading the development of the project together with Joseph Myers and Carlos O'Donell. Ulrich Drepper, who, according to the glibc web sit
Wine 1.4 sports a redesigned audio stack, improved graphics rendering The Wine team has announced version 1.4 of its Windows application compatibility layer for Linux and Mac OS X systems. Wine 1.4 is the first major stable update since the release of Wine 1.2 almost two years ago. Highlights of the new version include a reworked audio stack and a new Device Independent Bitmaps (DIB) graphics engi
次のページ
このページを最初にブックマークしてみませんか?
『The H: Open Source, Security and Development』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く