Android Bug Threatens Millions of Users

Security researchers at Zimperium zLabs have uncovered a flaw that might affect up to 950 million Android smartphones. The Stagefright bug allows an attacker to inject malicious code into an Android device using a video text message. The message recipient does not have to play the video for the attack to succeed.

A carefully crafted video file will trigger a bug in the Stagefright library, which plays a role in creating a preview version of the video. The attack uses memory corruption to get control of the Android device without the user's knowledge. The attacker can then inject additional malware, export user information, or even hijack the phone's camera and microphone to spy on the user.

The problem affects almost all versions of Android, from version 2.2 through the current version 5.1. If you are running Android 4.1 "Jellybean" or later, the sandbox system provides some isolation that limits, but does not prevent, the attack. Phones older than Android 2.2 are wide open.

Google has already patched the problem. Android users are advised to upgrade as soon as possible.

Lenovo and Canonical Announce Laptop Deal

Canonical announced that it has lined up a contract with Lenovo to preload Ubuntu on Thinkpad L450 laptops in India. The announcement marks the first joint launch for Ubuntu and Lenovo in India, a country where Ubuntu already has a strong foothold. The laptops will be available for purchase at selected commercial resellers throughout the region.

According to Canonical's regional Director Prakash Advani, "This marks a true stepping stone in our relationship with Lenovo and an extension of our offerings in the Indian marketplace, which is one of our key markets for PCs globally." The deal underscores the global nature of Canonical's quest to challenge Microsoft and Apple for a share of the PC operating system marketplace. India, which is known as a high-tech center, is a natural fit for Linux expansion.

Although the announcement will not affect other regions, it reflects a growing interest in Lenovo for tailoring its systems to run on Linux, which could make a difference for later arrangements in other markets.

US Government Hands over Its Last Piece of Internet Control

The IANA Stewardship Transition Coordination Group (ICP) has issued a request for public input on a proposal for the IANA stewardship transition process. The IANA (Internet Assigned Numbers Authority) is a powerful organization that coordinates and oversees names and numbers on the Internet, such as DNS domain names, IP addresses, and port numbers. The US government, which built the original Internet, has given up much of the control over the Internet committee process; however, the US Department of Commerce National Telecommunications and Information Administration (NTIA) still maintains oversight of the IANA.

The NTIA announced a plan last year to pass control of the IANA to the international Internet community, and the ICP was launched to coordinate the transition process.

The IANA Stewardship Transition Proposal is a 199-page draft document that spells out the steps for transitioning control to the "Global Multistakeholder Community." See the IANA website for information on submitting public comments.

Some commentators have expressed misgivings about the proposed transition, including Internet watchers who wonder whether ICANN is agile and efficient enough to handle the task. Countries that have strained relations with the US, such as Russia and Iran, have often objected to US control of Internet services. Some in the US Congress are wary of surrendering power to the international community, but many in Congress also object to the US continuing to bankroll international endeavors that could also be funded through international cooperation.

As this issue went to press, the Department of Commerce will maintain its control over IANA for one more year; the handoff is now scheduled for October 1, 2016.