Ubuntu 13.10 Betas, Rust 0.8 and Android drive-bys? – Snippets


  • Ubuntu 13.10’s only beta: The “Final Beta” for 13.10’s awfully codenamed “Saucy Salamander” has been announced so those wanting to give it a try before the 17 October final release, this is your chance. There’s an Ubuntu for phones image in among the images for the first time too. The release notes have details on how to upgrade and install. With only a 9 month supported lifespan from its release, you may want to consider waiting for next April’s 14.04LTS release.
  • Rust 0.8: Mozilla’s Rust language moves another step forward with September’s 0.8 release. Lots of details in the release notes; they’ve switched to Iterator based for loops, there’s a new (faster, more i18ny)way to format strings, changes in the FFI so there can be first-class foreign function pointers and importantly, the rewritten runtime and new experimental IO system.
  • Android drive-bys?: Interesting vulnerability in Android described by MWR Infosecurity where embedded ads in apps use WebView and how it would be possible to intercept the code going to these ad windows as its doen in the clear. And because WebView offers JavaScript functionality and because there is is JavaScript bridge, it is possible to execute arbitrary Java code. MWR worries about ad networks and Ad SDKs exposing a vector for infection and shows how they got all the way down to running system commands on the phone. There are a lot of dependencies, and it’ll take a Wifi man-in-the-middle attack to easily inject attack code – the Kismet wireless blog has a look at that problem.