New Plasma Mobile, New Security Issues
Sebastian Kügler introduced a new mobile platform for FOSS users dubbed Plasma Mobile, featuring a KDE Plasma interface. Speaking of mobile phones, Engadget.com's Jamie Rigg said the Ubuntu Phone is "still not consumner-ready." Dr.Web identified a new Linux trojan designed to open backdoors to execute DDoS attacks and QEMU was found to be vulnerable to another device takeover. Elsewhere, Mark Diston reviews Kali Linux on a second-hand laptop and Jesse Smith test drives Debian GNU/Hurd.
The big news that has all the headlines wagging today was the announcement Saturday by KDE's Sebastian Kügler introducing Plasma Mobile. It's described as, "a Free (as in freedom and beer), user-friendly, privacy-enabling, customizable platform for mobile devices." He said Plasma Mobile offers freedom, user-friendliness, privacy, and customization. A prototype is available if you have an LG Nexus 5, with other device support coming. "It can make and receive phone calls. It provides a workspace to manage the system, and a task switcher to control and navigate apps on the device." The project hopes to provide an OEM someday for manufacturers.
Jonathan Riddell said the hacking was frustrating at first, but Martin Gräßlin was able to get the system going with Wayland and KWin. Gräßlin said Plasma Mobile is the first product to use Wayland by default and the only reason Wayland is mature enough to be included as a technical preview in upcoming Plasma 5.4. They're confident Android apps will run on it at some point as well.
Doctor Web, a Russian anti-virus company, last week posted of a new Linux trojan designed to open backdoors and execute DDoS attacks. Dklkt.1 appears to come from China and was actually designed to be cross-platform. Once deployed Dklkt.1 tries to run as a daemon and if that fails, it stops running. But if it succeeds, it then contacts home and waits for commands to launch DDoS attacks. Doctor Web recommends using their anti-virus to check if you're infected, but surely an alternative will emerge in coming days.
QEMU's security team identified another vulnerability effecting emulated devices, this time the IDE CD-ROM drive. A public advisory was posted today from the Xen Security Team saying, "A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands." Red Hat, Debian, and Amazon Web Services, among others, put out advisories as well with information and updated packages.
In other news: