Language Selection

English French German Italian Portuguese Spanish

Security

Parsix GNU/Linux 8.15 and 8.10 Get Linux Kernel 4.4.30 LTS, New Security Updates

Filed under
GNU
Linux
Security

Users of the Debian-based Parsix GNU/Linux 8.15 "Nev" and Parsix GNU/Linux 8.10 "Erik" distributions are in for a treat this weekend, as a new kernel update and latest Debian Stable security updates landed in the software repositories.

Read more

Security Leftovers

Filed under
Security
  • Admins, update your databases to avoid the MySQL bug

    MySQL, MariaDB, and PerconaDB administrators need to check their database versions, as attackers can chain two critical vulnerabilities and completely take over the server hosting the database.

    The two critical vulnerabilities, which can lead to arbitrary code execution, root privilege escalation, and server compromise, affect MySQL and forks like Percona Server, Percona XtraDB Cluster, and MariaDB, according to security researcher Dawid Golunski, who provided details of the vulnerability on LegalHackers. Administrators should install the latest updates as soon as possible, or in cases where the patches cannot be applied, they should disable symbolic link support within the database server configuration by setting symbolic-links=0 in my.cnf.

  • OOPS! MySQL Falls Down…

    While programming, it’s easy to get tunnel-vision or to accept some “tiny” risk that things could go wrong at some point but write the code that way anyway. That’s what happened with MySQL and MariaDB. Creating a database should not create a vulnerability but it does, because a repair operation allows changing permissions of a file with a particular name which a bad guy could substitute with malicious code…

  • Talk Recap: Holistic Security for OpenStack Clouds

    Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona! I really enjoyed sharing some tips with the audience and it was great to meet some attendees in person afterwards.

    If you weren’t able to make it, don’t fret! This post will cover some of the main points of the talk and link to the video and slides.

  • [Older, out of paywall now] Dirty COW and clean commit messages
  • Book Review: PAM Mastery

    Linux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme. Also, authentication schemes differed between a variant of Unix systems. Porting was a nightmare. For example to use Windows Server (Active Directory) or LDAP for authentication you need to make changes to an application. Each application had its way of authenticating users. So Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM.

Security News

Filed under
Security
  • Security advisories for Friday
  • Netherlands to trial Internet voting [Ed: terrible idea, for many reasons.]

    The Dutch government will this year test the possibilities of voting via the Internet. The test will include citizens abroad: the pilot, by the Ministry of the Interior, will involve the city of The Hague, which manages the registration of citizens abroad.

    The city recently invited citizens to take part in the tests - a simulated election. Participants will be able to vote for fictitious political parties and candidates. The pilot is intended to test security measures, and to check if Internet voting reliable.

  • U.S. boosting cyber defenses, but not police presence, for election

    Federal and state authorities are beefing up cyber defenses against potential electronic attacks on voting systems ahead of U.S. elections on November 8, but taking few new steps to guard against possible civil unrest or violence.

    The threat of computer hacking and the potential for violent clashes is darkening an already rancorous presidential race between Democrat Hillary Clinton and Republican Donald Trump, amid fears that Russia or other actors could spread political misinformation online or perhaps tamper with voting.

  • 10 ways to make sure your remote workers are being safe

    With an ever-expanding mobile workforce, infosec teams are increasingly tasked with extending cybersecurity safeguards beyond the physical and virtual walls of their organizations. With endpoints not only increasing but on the move, the challenge is real. In addition to implementing the appropriate technical defenses, there is an important aspect to protecting corporate data and systems: Asking end-users to get involved.

  • Did the Mirai Botnet Really Take Liberia Offline?

    KrebsOnSecurity received many a missive over the past 24 hours from readers who wanted to know why I’d not written about widespread media reports that Mirai — a malware strain made from hacked “Internet of Things” (IoT) devices such as poorly secured routers and IP cameras — was used to knock the entire country of Liberia offline. The trouble is, as far as I can tell no such nationwide outage actually occurred.

    First, a quick recap on Mirai: This blog was taken offline in September following a record 620 Gpbs attack launched by a Mirai botnet. The source code for Mirai was leaked online at the end of September. Since then, the code has been forked several times, resulting in the emergence of several large Mirai-based botnets. In late October, many of the Internet’s top destinations went offline for the better part of a day when Mirai was used to attack Internet infrastructure firm Dyn.

Security News

Filed under
Security
  • Thursday's security updates
  • Why I don’t Use 2048 or 4096 RSA Key Sizes

    I have used non-standard RSA key size for maybe 15 years. For example, my old OpenPGP key created in 2002. With non-standard key sizes, I mean a RSA key size that is not 2048 or 4096. I do this when I generate OpenPGP/SSH keys (using GnuPG with a smartcard like this) and PKIX certificates (using GnuTLS or OpenSSL, e.g. for XMPP or for HTTPS). People sometimes ask me why. I haven’t seen anyone talk about this, or provide a writeup, that is consistent with my views. So I wanted to write about my motivation, so that it is easy for me to refer to, and hopefully to inspire others to think similarily. Or to provoke discussion and disagreement — that’s fine, and hopefully I will learn something.

  • Black Hat Europe: IoT devices can hack phones

    The Internet of things (IoT) has already been used to launch the biggest DDoS attacks ever, but now it represents a potential path for attackers to compromise cell phones.

    Flaws in Belkin WeMo devices - electrical switches, cameras, light bulbs, coffee makers, air purifiers, etc. – enabled Invincea Labs researchers to not only hack into the devices, but to use that access to attack an Android phone running the app that controls the WeMo devices.

    “This is the first instance we’ve seen of IoT hacking something else,” says researcher Scott Tenaglia, who pledges to look for other vulnerable devices that might be abused to carry out similar attacks.

  • Why Light Bulbs May Be the Next Hacker Target

    The so-called Internet of Things, its proponents argue, offers many benefits: energy efficiency, technology so convenient it can anticipate what you want, even reduced congestion on the roads.

    Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.

    Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats and many of the components of the much-ballyhooed “smart home” of the future.

    The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs, according to researchers at the Weizmann Institute of Science near Tel Aviv and Dalhousie University in Halifax, Canada.

  • Microsoft extends EMET end of life date

    Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account.

    EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • ​Linux developers under denial of service attack

    According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, "Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious."

    The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it's being mugged by one of the oldest attacks in the DoS book: a SYN flood.

  • Computer Virus Cripples UK Hospital System [iophk: “dodges naming OS affected…does a lot of victim blaming”]

    Citing a computer virus outbreak, a hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities. The incident came as U.K. leaders detailed a national cyber security strategy that promises billions in cybersecurity spending, new special police units to pursue organized online gangs, and the possibility of retaliation for major attacks.

    In a “major incident” alert posted to its Web site, the National Health Service’s Lincolnshire and Goole trust said it made the decision to cancel surgeries and divert trauma patients after a virus infected its electronic systems on Sunday, October 30.

  • Breaking: NHS Trust crippled by cyberattack [iophk: "again, dodges naming the OS causing the malware"]

    Patients who had a scheduled operation on Tuesday November 1 have been told to presume it has been cancelled, unless they are contacted. A select number of services will continue; inpatients will continue to be looked after and patients who would be at “significant clinical risk should their treatment be delayed”, will also be treated. The trust is apparently reviewing the situation on an hourly basis.

    Few details have been released about the nature of the attack but the shutdown has affected Goole and District Hospital, Scunthorpe General Hospital and Diana, Princess of Wales Hospital.
    Ed Macnair, CEO of CensorNet told SCMagazineUK.com that the “NHS is one of the most advanced in the world in terms of digitisation, which clearly has its benefits, but also increases the impact of a cyber attack. The NHS holds hugely personal information about patients and the consequences of that getting into the wrong hands could be devastating.”

    Independent Security Evaluators (ISE) carried out a study into the cyber-resilience of the US healthcare industry last year, finding that security teams in the healthcare sector overemphasised protection of data and didn't focus on more advanced threats.

  • How Hackers Could Steal Your Cellphone Pictures From Your IoT Crock-Pot

    If you have an internet-connected home appliance, such as a crock-pot, a lightbulb, or a coffee maker, you can control it from the comfort of your smartphone. But a bug in the Android app that controls some of those devices made by a popular manufacturer also allowed hackers to steal all your cellphone photos and even track your movements.

    Security researchers found that the Android app for internet-connected gizmos made by Belkin had a critical bug that let anyone who was on the same network hack the app and get access to the user’s cellphone. This gave them a chance to download all photos and track the user’s position, according to new research by Scott Tenaglia and Joe Tanen, from Invincea Labs.

  • Reproducible Builds: week 79 in Stretch cycle

    Reproducible Debian Hackathon - A small hackathon organized in Boston, USA on December 3rd and 4th. If you are interested in attending, contact Valerie Young - spectranaut in the #debian-reproducible IRC channel on irc.oftc.net.

  • Linux/Moose: Still breathing

    Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can also infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator. In practice, these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate “follows”, “views” and “likes”.

  • Cyber security governance in public, private sectors falls short

    Cybercrime is the second most-reported economic crime in Australia and costs the economy an estimated $17 billion annually, but despite this there are widespread “frailities” in the governance of cyber security among executives in both the public sector and private enterprise, according to a newly published report.

    The survey of Australia's security preparedness by the Macquarie Telecom Group and the National Security College found that there is considerable variation in cyber-risk governance arrangements and an absence of cyber-risk knowledge at the executive/board level.

More Security News

Filed under
Security
  • Microsoft says Russia-linked hackers exploiting Windows flaw [Ed: So it says the back doors it gave the NSA are used by many others]

    Microsoft Corp (MSFT.O) said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks was behind recent cyber attacks that exploited a newly discovered Windows security flaw.

    The software maker said in an advisory on its website there had been a small number of attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear," or APT 28. Microsoft did not identify any victims.

    Microsoft's disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election.

  • Lack of cybersecurity standards leaves election process vulnerable [Ed: Windows in voting machines is a real issue [1, 2]]

    Hackers continue to exploit vulnerabilities in the U.S. political technology, highlighting the need for cybersecurity standards and guidelines to help protect voter information.

  • Windows zero-day exploited by same group behind DNC hack

    On Oct. 31, Google's Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks.

    Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign. And while a patch is on the way for the vulnerability, he encouraged customers to upgrade to Windows 10 for protection from further advanced threats.

  • How DNS Works: A Primer

    DNS has been in the news a great deal as of late. First, there was the controversy over the United States government essentially handing over control of the Internet's root domain naming system. Then DNS made headlines when cybercriminals performed three separate distributed denial of service (DDoS) attacks on a major DNS service provider by leveraging a botnet army of millions of compromised IoT devices. Yet with all the hoopla surrounding DNS, it surprises me how many IT pros don't fully understand DNS and how it actually works.

    DNS stands for Domain Name System. Its purpose is to resolve and translate human-readable website names to IPv4 or IPv6 addresses. Technically speaking, it's not a necessary part of the networking processes. Rather, DNS simply makes it easier for human beings to know and remember what server they are trying to reach. For example, it's much easier to remember that if you want to perform an internet web search, you type in www.google.com as opposed to the IPv4 address of 216.58.217.4.

IPFire 2.19 Linux Firewall Distribution Switches to Unbound as DNS Proxy

Filed under
GNU
Linux
Security

On the first day of November 2016, Michael Tremer from the IPFire project, an open source, professional, secure and hardened Linux-based firewall distribution, proudly announced the release of IPFire 2.19 Core Update 106.

IPFire 2.19 Core Update 106 is the latest stable release of the Linux firewall OS, and it looks like it implements a new DNS proxy, namely Unbound, which replaces the Dnsmasq DNS forwarder and DHCP server used in previous releases. The decision was made because of the recent DNSSEC implementation by default in the distribution, which proves to offer better DNSSEC reliability, enhanced features, such as import of static leases, and improved performance.

Read more

Security News

Filed under
Security
  • Security updates for Tuesday
  • Let's Automate Let's Encrypt

    HTTPS is a small island of security in this insecure world, and in this day and age, there is absolutely no reason not to have it on every Web site you host. Up until last year, there was just a single last excuse: purchasing certificates was kind of pricey. That probably was not a big deal for enterprises; however, if you routinely host a dozen Web sites, each with multiple subdomains, and have to pay for each certificate out of your own dear pocket—well, that quickly could become a burden.

    Now you have no more excuses. Enter Let's Encrypt a free Certificate Authority that officially left Beta status in April 2016.

    Aside from being totally free, there is another special thing about Let's Encrypt certificates: they don't last long. Currently all certificates issued by Let's Encrypt are valid for only 90 days, and you should expect that someday this term will become even shorter. Although this short lifespan definitely creates a much higher level of security, many people consider it as an inconvenience, and I've seen people going back from using Let's Encrypt to buying certificates from commercial certificate authorities for this very reason.

  • Aporeto Announces Trireme, an Open-Source Security Project for Kubernetes and Docker
  • Trireme Open-Source Security Project Debuts for Kubernetes, Docker

    Network isolation isn't the only way to secure application containers anymore, so Aporeto unveils a new security model for containers running in Docker or as part of Kubernetes cluster.
    Dimitri Stiliadis co-founded software-defined networking (SDN) vendor Nuage Networks in 2011 in a bid to help organizations improve agility and security via network isolation. In the container world, however, network isolation alone isn't always enough to provide security, which is why Stiliadis founded Aporeto in August 2015. On Nov. 1, Aporeto announced its open-source Trireme project, providing a new security model for containers running in Docker or as part of a Kubernetes cluster.

Security Leftovers

Filed under
Security
  • DDoS defenses emerging from Homeland Security

    Government, academic, and private-sector officials are collaborating on new ways to prevent and mitigate distributed denial-of-service (DDoS) attacks, based on research years in the making but kicked into high gear by the massive takedown this month of domain name system provider Dyn.

  • US DMCA rules updated to give security experts legal backing to research

    The US government has updated and published a new list of exemptions to the Digital Millennium Copyright Act, a move perhaps long-overdue which will protect cybersecurity professionals from prosecution when reverse-engineering products for research purposes.

    On October 28, the US Copyright Office and the Librarian of Congress published the updated rules on the federal register.

    The DMCA regulations now include exceptions relating to security research and vehicle repair relevant to today's cybersecurity field. For the next two years, researchers can circumvent digital access controls, reverse engineer, access, copy, and manipulate digital content which is protected by copyright without fear of prosecution -- within reason.

  • Stop being the monkey's paw

    This story got me thinking about security, how we ask questions and how we answer questions. What if we think about this in the context of application security specifically for this example. If someone was to ask the security the question “does this code have a buffer overflow in it?” The person I asked for help is going to look for buffer overflows and they may or may not notice that it has a SQL injection problem. Or maybe it has an integer overflow or some other problem. The point is that's not what they were looking for so we didn't ask the right question. You can even bring this little farther and occasionally someone might ask the question “is my system secure” the answer is definitively no. You don't even have to look at it to answer that question and so they don't even know what to ask in reality. They are asking the monkey paw to bring them their money, it's going to do it, but they're not going to like the consequences.

  • Tyfone looks to open-source to solve IoT security issues

    It came as no surprise to Tyfone CEO Siva Narendra when tens of millions of Internet connected devices were able to bring down the Web during a coordinated distributed denial of service attack on Oct. 21.

    Narendra's Portland-based company Tyfone has been working on digital security platforms to safeguard identity and transactions of people and things for years.

    Narendra says mobile devices in conjunction with the cloud have brought new levels of productivity to our lives. Internet of Things devices (the common name given to these connected items) are poised to bring even greater levels of productivity and cost-savings to businesses, and safety and convenience to our everyday lives.

  • Google just disclosed a major Windows bug — and Microsoft isn’t happy

    Today, Google’s Threat Analysis group disclosed a critical vulnerability in Windows in a public post on the company’s security blog. The bug itself is very specific — allowing attackers to escape from security sandboxes through a flaw in the win32k system — but it’s serious enough to be categorized as critical, and according to Google, it’s being actively exploited. As a result, Google went public just 10 days after reporting the bug to Microsoft, before a patch could be coded and deployed. The result is that, while Google has already deployed a fix to protect Chrome users, Windows itself is still vulnerable — and now, everybody knows it.

    Google’s disclosure provides only a general description of the bug, giving users enough information to recognize a possible attack without making it too easy for criminals to replicate. Exploiting the bug also depends on a separate exploit in Adobe Flash, for which the company has also released a patch. Still, simply knowing that the bug exists will likely spur a lot of criminals to look for viable ways to exploit it against computers that have yet to update Flash.

  • AtomBombing: A Code Injection that Bypasses Current Security Solutions

    Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection. We named this technique AtomBombing based on the name of the underlying mechanism that this technique exploits.

    AtomBombing affects all Windows version. In particular, we tested this against Windows 10.

  • Disclosing vulnerabilities to protect users

    On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.

    After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

    The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call

  • The next president will face a cybercrisis within 100 days, predicts report

    The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report.

    The crisis could come as a result of hostile actions from another country or internal conflict over privacy and security legislation, said Forrester analyst Amy DeMartine, lead author of the firm's top cybersecurity risks for 2017 report, due to be made public Tuesday.

    History grades a president's first 100 days as the mark of how their four-year term will unfold, so those early days are particularly precarious, said DeMartine. The new commander in chief will face pressure from foreign entities looking to embarrass them early on, just as U.S. government agencies jockey for position within the new administration, she said.

  • Hackforums Shutters Booter Service Bazaar

    Perhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter” and “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last week that it has permanently banned the sale and advertising of these services.

    On Friday, Oct. 28, Jesse LaBrocca — the administrator of the popular English-language hacking forum Hackforums[dot]net — said he was shutting down the “server stress testing” (SST) section of the forum. The move comes amid heightened public scrutiny of the SST industry, which has been linked to several unusually powerful recent attacks and is responsible for the vast majority of denial-of-service (DOS) attacks on the Internet today.

Security News

Filed under
Security
  • Security advisories for Monday
  • Tug of war between SELinux and Chrome Sandbox, who's right?

    Over the years, people have wanted to use SELinux to confine the web browser. The most common vulnerabilty for a desktop user is attacks caused by bugs in the browser. A user goes to a questionable web site, and the web site has code that triggers a bug in the browser that takes over your machine. Even if the browser has no blogs, you have to worry about helper plugins like flash-plugin, having vulnerabilities.

  • Trick or Treat! Google issues warning of critical Windows vulnerability in wild

    Recently, Google’s Threat Analysis Group discovered a set of zero-day vulnerabilities in Adobe Flash and the Microsoft Windows kernel that were already being actively used by malware attacks against the Chrome browser. Google alerted both Adobe and Microsoft of the discovery on October 21, and Adobe issued a critical fix to patch its vulnerability last Friday. But Microsoft has yet to patch a critical bug in the Windows kernel that allows these attacks to work—which prompted Google to publicly announce the vulnerabilities today.

    “After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” wrote Neel Mehta and Billy Leonard of Google’s Threat Analysis Group.”This vulnerability is particularly serious because we know it is being actively exploited.”

    The bug being exploited could allow an attacker to escape from Windows’ security sandbox. The sandbox, which normally allows only user-level applications to execute, lets programs execute without needing administrator access while isolating what it can access on the local system through a set of policies.

    But by using a specific type of call to a legacy support Windows system library generally used for the graphics subsystem—win32k.sys—malicious code can escalate its privileges and execute outside of the sandbox, allowing it to execute code with full access to the Windows environment. Win32k.sys has been a problem before: Microsoft issued a warning back in June about a similar privilege escalation problem that had not yet been exploited, and another arrived in August.

Syndicate content

More in Tux Machines

Red Hat Linux Upgrade Pushes New Security, Automation Tools

Red Hat on Tuesday announced the availability of Red Hat Enterprise Linux 7.4 beta. RHEL 7.4 includes new security and compliance features and streamlined automation, along with tools for improved systems administration. This latest upgrade comes nearly three years into the series 7 lifecycle. It continues to provide enterprises with a rich and stable foundation for both existing applications and a new generation of workloads and solutions. Read more

The History of Ubuntu Linux, Canonical's Open Source OS

In October 2004 the first Ubuntu release, Ubuntu 4.10, debuted. Codenamed Warty Warthog because it was rough around the edges, Ubuntu 4.10 inaugurated a tradition of releasing new version of Ubuntu each April and October that Canonical has maintained up to the present -- with the exception of Ubuntu 6.06, which came out a couple of months late in 2006. Ubuntu 4.04 launched six months after Mark Shuttleworth first met with Debian developers to discuss the creation of a new, Debian-based Linux distribution that would emphasize ease-of-use, regular release cycles, accessibility and internationalization. Read more

Tizen News: New Software, Smart TVs, Gear S3

Android Leftovers

  • Pimp your smartphone with the latest Android O Pixel launcher
    If your device is running Android 6.0.1 Marshmallow or above, you can now pimp it out with the latest Google O Pixel launcher. One of the contributors on the XDA Developers forum has recently posted the APK file, which you can install on your smartphone. Before you download the file, make sure your device can install apps that aren’t listed on the Play Store. To do so, open up the Settings menu, tap on Security, and enable the “Unknown sources” option. Once that’s done, all you have to do is download the file and then tap on it in the notification shade to install the launcher on your device.
  • Google is killing off Android's emoji blobs
    The best emojis on the market are no more: Google’s weird blobs are being retired in favour of more conventional circular yellow faces.
  • Google I/O: What about Android on Chrome OS?
    The hottest tech-show ticket these days is Google I/O. In the just-finished 2017 conference, Google announced lots of great stuff, including a lightweight version of Android, Android Go; a first look at the next version of Android, Android O; and a major upgrade to Google Home. One thing that was noticeably missing, however: big news about Android apps on Chrome OS.
  • RaspAnd Marshmallow 6.0.1 Android OS Now Available for Raspberry Pi 3 and 2 SBCs
    After informing us about the availability of a new build of his RaspAnd Nougat operating system for Raspberry Pi 3 and 2 SBCs based on Android 7.1.2, Arne Exton released an updated RaspAnd Marshmallow 6 version.