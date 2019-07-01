Language Selection

Submitted by Roy Schestowitz on Tuesday 2nd of July 2019 08:26:36 PM
LibO
OOo

In 2017, contributors to the Open Document Format (ODF) specification at OASIS (Organization for the Advancement of Structured Information Standards) noted that while the Technical Committee continues to generate changes, the integration of these changes – a substantial task, which is key for the future of the ODF standard – is only being conducted on a volunteer basis.

To support current adoptions of the ODF standard format by governments and enterprises and potential adoptions in the future, it would have been important to release the new ODF 1.3 version in a timely manner, to avoid that delays could affect the position of ODF in the marketplace.

Open Document Format 1.0 was published as an ISO/IEC international standard ISO/IEC 26300 – Open Document Format for Office Applications in 2006. Open Document Format 1.2 was published as ISO/IEC standard in 2015.

In early 2018, the Board of Directors of The Document Foundation addressed the need of evolving the standard by establishing the independent COSM – Community of ODF Specification Maintainers – project at Public Software CIC (a UK Community Interest Company) to hold funds and to retain editors to work at the Technical Committee.

Endeavour OS – Ready To Be Released

XFCE is a great environment to explore Linux so they are shipping distro with the offline installer that installs XFCE environment. In case, you are already familiar with a different desktop environment, they are also planning an online installer that will provide 10 desktop environments — Base, i3-wm, Openbox, Mate, Xfce, KDE, Cinnamon, Gnome, Deepin, and Budgie. The team will release the online installer after 15th July. No date for online installer has been given. For the community forum, the team is planning to use Discourse. The forum will also be made public on 15th July. So far this is everything we know about this distribution. Their website does not mention much about its future and specific things they will be focusing on. I installed the beta version in Virtualbox. You can check the screenshots above. The distro is very fast as it uses XFCE and it ships with a great set of applications for daily use including Firefox web browser, Pidgin internet messenger, Parole media player, Qt Designer, and many other daily use system utilities. Read more

MintBox 3 Linux Mint-Powered Mini PC Announced as the Most Powerful MintBox Ever

Yes, we're talking about MintBox 3, the third generation of the tiny and powerful MintBox computer powered by the ever popular Linux Mint operating system. MintBox 3 comes in two variants and promises to be the most powerful MintBox computer ever built in collaboration with Compulab. "We’re working with Compulab on the most powerful MintBox ever," said Clement Lefebvre, leader of the Linux Mint project. "MintBox 3 will be based on the Airtop 3. I’ve been using an Airtop 1 as my main computer for a while now and it’s a beautiful machine." Read more

Linux Mint 20 and Future Releases Will Drop Support for 32-bit Installations

As you might know, Canonical announced last month that they plan to drop support for 32-bit systems all together, not only for new installations, but they ended up realizing that some major projects like Wine and Steam still need 32-bit libraries, so starting with Ubuntu 19.10 (Eoan Ermine) they'll only build select 32-bit packages. Many users were asking if Ubuntu-based distributions will be affected by this major change, which shouldn't be a surprize to anyone in 2019, so it looks like Linux Mint, one of the most popular Ubuntu-based operating systems out there will follow on Ubuntu's steps to drop support for 32-bit systems in future releases, starting with Linux Mint 20. Read more

Security Leftovers

  • Ransomware Hits Georgia Courts As Municipal Attacks Spread [iophk: "Windows TCO"]

    "There’s definitely an increase or uptick in the amount of ransomware campaigns that we’re seeing out there, but it’s not specific to municipalities or state or federal organizations, it’s just pretty much across the board in every industry vertical," says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. "We’re working seven consecutive ransomware attacks right now—a couple of manufacturing, a couple of credit unions, and one local type of government incident."

  • Singapore Government Announces Third Bug Bounty Program

    The latest bug bounty program, similar to the previous two, will be hosted by HackerOne. The project is conducted in collaboration with the Cyber Security Agency of Singapore (CSA) and the Government Technology Agency of Singapore (GovTech).

    HackerOne will invite approximately 200 international hackers and 100 local hackers to take part in the challenge, which offers payouts between $250 and $10,000 per vulnerability report. The program will run from July to August and results will be announced in September.

  • US officials are talking about banning end-to-end encryption again

    A source believed to have been in attendance said, "The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation," adding that the importance of the matter was reflected by the attendance of a group of Number 2s (from different stakeholder agencies, it's not a scatological reference).

    The problem for end users doesn't end with the NSA getting a better foothold on your WhatsApp chats because whilst it'll be easier for law enforcement and security agencies to see if you're up to no good, relaxing encryption also opens up a much wider foothold for [attackers] and cybercriminals to abuse the services too. And that's not to mention that if friendly intelligence can access your data, then foreign spies and snoopers can as well - it's all or nothing.

  • Exploit Using Microsoft Excel Power Query for Remote DDE Execution Discovered

    The Mimecast Threat Center team reached out to the Microsoft Security Response Center (MRSC) with our information and a working proof of concept. MRSC opened a case but Microsoft decided not to fix this behavior, and their response included a workaround by either using a Group Policy to block external data connections or use the Office Trust center to achieve the same. MRSC accepted our request to publish this research per the CVD policy.

  • How [Attackers] Turn Microsoft Excel's Own Features Against It [iophk: fails to mention improved options like LibreOffice and Calligra]

    On Thursday, researchers from threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks. Power Query allows users to combine data from various sources with a spreadsheet—like a database, second spreadsheet, document, or website. This mechanism for linking out to another component, though, can also be abused to link to a malicious webpage that contains malware. In this way, attackers can distribute tainted Excel spreadsheets that wreak havoc, from granting attackers system privileges to installing backdoors.

    "Attackers don’t need to invest in a very sophisticated attack—they can just open up Microsoft Excel and use its own tools," says Meni Farjon, Mimecast's chief scientist. "And you have basically 100 percent reliability. The exploit will work in all the versions of Excel as well as new versions, and will probably work across all operating systems, programming languages, and sub-versions, because it's based on a legitimate feature. That makes it very viable for attackers."

  • Cyber warfare is here

    Cybereason said they weren’t going to name the affected providers, but said many were sizable, and that it didn’t find evidence that North American providers had been infiltrated.

    The company also didn’t notify the targeted individuals.

    Cybereason thinks a [attack] this sophisticated is very likely the work of a nation-state.

