EFF sues NSA to disclose use of zero-day security flaws
The Electronic Frontier Foundation has filed a Freedom of Information Act (FOIA) lawsuit against the National Security Agency and the Office of the Director of National Intelligence to reveal the process behind disclosing zero-day software security vulnerabilities to the public.
The FOIA lawsuit seeks to make transparent the process by which intelligence agencies choose whether or not to disclose zero-days, according to a statement from the digital privacy rights group. The EFF states that governments may even purchase the vulnerabilities in order to gain access to target computers. The NSA reportedly exploited the Heartbleed vulnerability in OpenSSL for more than two years before it was discovered.
A zero-day vulnerability is a previously unknown security vulnerability uncovered by researchers but not yet patched by developers. — Rob Marvin
IEEE launches Anti-Malware Support Service to improve security
The IEEE Standards Association wants to help computer security organizations respond to malware quicker. The company announced a new service, the Anti-Malware Support Service (AMSS), which aims to increase the availability of and access to better and stronger cybersecurity tools and resources. AMSS includes the Clean File Metadata Exchange for real-time information on clean files using metadata, and the Taggant System to make tracing the origin of obfuscate programs easier.
In addition to the AMSS, the company also announced an Industry Connections program for security venders to address common issues, and to collaborate on new standards and technologies. — Christina Mulligan
Google releases Android L source code for developers
Google has released a developer preview of Android L, posting a repository of Android L source code for Nexus devices on the Android Open Source Project (AOSP) Web page.
The live source-code previews Android L on Nexus 4, 5, 7 and 10 devices. The developer preview is not the complete Android L source code though, for many non GPL-licensed projects are not yet included in the master branch, and full custom builds are not yet possible.
Google debuted Android L during the keynote of the Google I/O developer conference last week. — Rob Marvin
Microsoft announces security and increased transparency commitments
Microsoft has vowed to increase the protection of its customers’ data; today it announced its first Transparency Center in Redmond. The center is meant to provide governments who use Microsoft software the ability to review source code to assure it hasn’t been compromised. Other Transparency Centers are expected to be created in the near future.
Microsoft also announced security improvements for Outlook.com, which is now protected by Transport Layer Security for both outbound and inbound e-mail, and PFS encryption support for OneDrive. — Christina Mulligan
VMware opens first-ever public beta for virtualization platform
In a drastic change in policy, software maker VMware has opened up the upcoming version of one of its products, the vSphere virtualization platform, to a public beta.
VMware announced the beta in a blog post, explaining that community support will help facilitate new features and capabilities in the forthcoming vSphere version 5.5. Any developer can join, but once someone is signed up, the beta is private and information gleaned from early vSphere access, product information, forum discussions and service requests must remain private.
vSphere beta developers will provide direct input on functionality, configurability, usability and performance to influence future products and documentation. VMWare’s beta program is available here. — Rob Marvin
Researchers create muscle-powered bio-bots
The University of Illinois is developing biological robots that are powered by a strip of skeletal muscle cells and controlled with electrical pulses. The “bio-bots” include a 3D printed hydrogel backbone to give the bots structure and flexibility so they can bend like joints. The researchers hope these “bio-bots” will evolve into the next generation of biological machines and systems for environmental and medical applications.
“Biology is tremendously powerful, and if we can somehow learn to harness its advantages for useful applications, it could bring about a lot of great things,” said Rashid Bashir, head of bioengineering at the university. — Christina Mulligan