There was an error in this gadget

Sunday, December 8, 2013

IT managers are increasingly replacing servers with SaaS

Cloud providers take on a bigger share of the servers as overall market starts declining

IT managers want to cut the number of servers they manage, or at least slow the growth, and they may be succeeding, according to new data.

IDC expects that anywhere from 25% to 30% of all the servers shipped next year will be delivered to cloud services providers.

In three years, 2017, nearly 45% of all the servers leaving manufacturers will be bought by cloud providers.

"What that means is a lot of people are buying SaaS," said Frank Gens, referring to software-as-a-service. "A lot of capacity if shifting out of the enterprise into cloud service providers."

The increased use of SaaS is a major reason for the market shift, but so is virtualization to increase server capacity. Data center consolidations are eliminating servers as well, along with the purchase of denser servers capable of handling larger loads.

For sure, IT managers are going to be managing physical servers for years to come. But, the number will be declining, based on market direction and the experience of IT managers.

Two years ago, when Mark Endry became the CIO and SVP of U.S. operations for Arcadis, a global consulting, design and engineering company, the firm was running its IT in-house.

"We really put a stop to that," said Endry. Arcadis is moving to SaaS, either to add new services or substitute existing ones. An in-house system is no longer the default, he added.

"Our standard RFP for services says it must be SaaS,' said Endry.

Arcadis has added Workday, a SaaS-based HR management system, replaced an in-house training management system with a SaaS system, and an in-house ADP HR system was replaced with a service. The company is also planning a move to Office 365, and will stop running its in-house Exchange and SharePoint servers.

As a result, in the last two years, Endry has kept the server count steady at 1,006 spread through three data centers. He estimates that without the efforts at virtualization, SaaS and other consolidations, they would have more 200 more physical servers.

Endry would like to consolidate the three data centers into one, and continue shifting to SaaS to avoid future maintenance costs, and also the need to customize and maintain software. SaaS can't yet be used for everything, particularly ERP, but "my goal would be to really minimize the footprint of servers," he said.

Similarly, Gerry McCartney, CIO of Purdue University is working to cut server use and switch more to SaaS.

The university's West Lafayette, Ind., campus had some 65 data centers two years ago, many small. Data centers at Purdue are defined as any room with additional power and specialized heavy duty cooling equipment. They have closed at least 28 of them in the last 18 months.

The Purdue consolidation is the result of several broad directions: increased virtualization, use of higher density systems, and increase use of SaaS.

McCartney wants to limit the university's server management role. "The only things that we are going to retain on campus is research and strategic support," he said. That means that most, if not all, of the administrative functions may be moved off campus.

This shift to cloud-based providers is roiling the server market, and is expected to help send server revenue down 3.5% this year, according to IDC.

Gens says that one trend among users who buy servers is increasing interest in converged or integrated systems that combine server, storage, networking and software. They account now about for about 10% of the market, and are expected to make up 20% by 2020.

Meanwhile, the big cloud providers are heading in the opposite direction, and are increasingly looking for componentized systems they can assemble, Velcro-like, in their data centers. This has given rise to contract, or original design manufacturers (ODM), mostly overseas, who make these systems for cloud systems.

Source: http://bit.ly/IO5LMz

Wednesday, September 18, 2013

FREE Hosting and Managed Services

Get 2 FREE Service Monitors before Oct 17th, 2013 with any new contracts. http://bit.ly/1eQrORl

Wednesday, August 28, 2013

Monday, July 1, 2013

Colocation Services Bandwidth Upgrades

Colocation services for serious businesses who need redundancy, security and high availability.

$125 - 1U Rack Space - 1000 GB
$200 - 2U Rack Space - 2000 GB
$300 - 4U Rack Space - 5000 GB
$450 - 10U (1/4 Cab) - 1 Mb/s
$700 - 21U Unit Space (1/2 Cab) - 2 Mb/s
$1100 - 42U Unit Space - 3 Mb/s


Linux 3.10 released

This release adds support for bcache, which allows to use SSD devices to cache data from other block devices; a Btrfs format improvement that makes the tree dedicated to store extent information 30-35% smaller; support for XFS metadata checksums and self-describing metadata, timerless multitasking, SysV IPC, rwlock and mutex scalability improvements, a TCP Tail loss probe algorithm that reduces tail latency of short transactions, KVM virtualization support in the MIPS architecture, support for the ARM big.LITTLE architecture that mixes CPUs of different types, tracing snapshots, new drivers and many small improvements.

Source: http://bit.ly/v8DIx

Friday, June 21, 2013

Taking "spying" and "big brother" to a whole new level

GCHQ taps fibre-optic cables for secret access to world's communications.

British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA.

Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

Source: http://bit.ly/14nefzs

Facebook bug exposed contact info of 6M users

The social network is embarrassed by a glitch in its "Download Your Information" tool that unintentionally shared some members' phone numbers and e-mail addresses.

Facebook is alerting 6 million of its users that their e-mails or phone numbers were inadvertently shared with other members.

The social network said Friday that it has discovered and patched a bug in its "Download Your Information" tool that unintentionally exposed some members' contact details. The bug was reported earlier this month through the company's White Hat program, which rewards security researchers for reporting vulnerabilities. 

Tuesday, February 5, 2013

Kaspersky update hoses Internet access for Windows XP users

A new antivirus update from Kaspersky disables Internet connectivity, forcing the company to push out a fix and a workaround.

Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update.

Released yesterday, the update causes Windows XP computers to lose their connection to the Internet.

IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline.

Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best.

Kaspersky did eventually acknowledge the problem, announcing a fix to the buggy update and offering a resolution. Kaspersky's response was posted by one of the forum users:

We apologize for the inconvenience. It does appear that there was a hiccup with an update pushed out causing Windows XP machines to lose Internet connectivity. An update was just released that should address the issue, what I will need you to do is:
To get XP users Internet connectivity (temporarily), please disable the Web AV component of your protection policy for your managed computers. After doing so;
In Security Center (or Admin Kit):
1) Go to the Repositories section >> (Right click) Updates >> All Tasks >> Clear updates repository.
2) Go to the Repositories section >> (Right click) Updates >> Download Updates
After taking this step, please run your group update task for Managed Computers. After the update has been pushed to your workstations, please re-enable your Web AV component in your protection policy. This should resolve the issue.

Some of the commenters were in the process of following Kaspersky's steps but noted delays in updating the repository. Several also had harsh words for Kaspersky for not addressing the problem more effectively.

"I just wanted to thank the good folks at Kaspersky for insuring that my hospital has either crippled or no AntiVirus," one commenter said. "The workaround of disabling A/V is outright stupid."

Another criticized Kaspersky's failure to respond to the many complaints on the forum.
"I can't believe that Kaspersky is not responding to any of these forums," the commenter said. "That is horrible. One more reason why we will be switching to a different antivirus vendor after the contract is done."

In a statement sent to CNET, Kaspersky confirmed the problem, noted the affected products, and described the lengthy steps to fix the issue.

Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST.

The problem was limited to x86 systems with the following Kaspersky Lab products installed:
- Kaspersky Anti-Virus for Windows Workstations 6.0.4 MP4
- Kaspersky Endpoint Security 8 for Windows
- Kaspersky Endpoint Security 10 for Windows
- Kaspersky Internet Security 2012 and 2013
- Kaspersky Pure 2.0

When these errors were reported, Kaspersky Lab identified an immediate workaround and recommended that customers experiencing problems disable their Web Anti-Virus or roll back the update to a previous version of the database. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers.

Customers need to perform a database update to resolve the issue. If an affected machine updates from the Administration Kit/Security Center console, then these updates will be downloaded automatically. If a machine updates directly from our servers, then the initial workaround step of disabling the Web Anti-Virus component should be applied first. Internet connectivity will then be restored and the customer will be able to download the most recent database update. The Web Anti-Virus component should be re-enabled after downloading the database update.

Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future.

Source: http://cnet.co/XMoZnw

Federal Reserve confirms its Web site was hacked | Security & Privacy

Days after Anonymous claimed to have stolen and published private information from more than 4,000 bank executives, the Fed says its system was attacked.

The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."

Apparently the hackers accessed data associated with specific individuals, according to Reuters.
This attack comes on the heels of the hacking group Anonymous claiming on Sunday to have published login and private information from more than 4,000 U.S. bank executive accounts. The group may have gotten this data from the Federal Reserve's computers.

It's unclear if the two breaches are connected. Government officials did not say which of its Web sites were hacked. However, according to Reuters, it was most likely an internal contact database for banks to use during natural disasters.

The cyberattack on the Federal Reserve comes after a slew of continuous hacks in the U.S. The Department of Energy confirmed yesterday that its internal system was breached and employee data was stolen; and last week, hackers hit several U.S. media outlets.

The head of Homeland Security Janet Napolitano announced in January that she believes a wave of cyberattacks on U.S. infrastructure is a serious possibility. Dubbing such an event a "cyber 9/11," Napolitano warned that cyberterrorists could take down the nation's power grid, water infrastructure, transportation systems, and financial networks.

In its December report, security company McAfee said that attacks on U.S. financial institutions are only going to increase in the year to come. The firm said that this isn't only a possibility; it's a "credible threat." Anonymous has also promised to increase its activity in 2013. In a statement issued at the beginning of the year, the group said that it has no plans to fade away in the year to come.

Source: http://cnet.co/WtimJ4

Friday, January 25, 2013

Secret backdoors found in firewall, VPN gear from Barracuda Networks


The undocumented accounts may have been around for a decade

A variety of firewall, VPN, and spam filtering gear sold by Barracuda Networks contains undocumented backdoor accounts that allow people to remotely log in and access sensitive information, researchers with an Austrian security firm have warned.

The SSH, or secure shell, backdoor is hardcoded into "multiple Barracuda Networks products" and can be used to gain shell access to vulnerable appliances, according to an advisory published Thursday by SEC Consult Vulnerability Lab.

"This functionality is entirely undocumented and can only be disabled via a hidden 'expert options' dialog," the advisory states. The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username "product" with a "very weak" password to log in and gain access to the device's MySQL database. While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda.

"The public ranges include servers run by Barracuda Networks Inc. but also servers from other, unaffiliated entities—all of whom can access SSH on all affected Barracuda Networks appliances exposed to the Internet," the advisory explained.

Barracuda issued several of its own security advisories on Wednesday here. "Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses," one advisory with a risk rating of "medium" stated. "The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit."

A timestamp and version relevant for the code that enables the backdoor bears a date from 2003, suggesting it may have existed in the Barracuda appliances for a decade. Advisories from SEC Consult and Barracuda also reference a serious authentication bypass bug. In an age of sophisticated advanced persistent threats, administrations who oversee any of this gear should update as soon as possible.

Source: http://ars.to/Y13y2T

Don't upload your important passwords to GitHub


The same goes for private SSH keys and other sensitive credentials.

It's akin to warning someone not to brush her teeth with a brick or to dry her hair with a blow torch, but based on numerous links circulating on Twitter Thursday morning, it bears saying: don't post sensitive account credentials to GitHub, or any other code repository.

On Thursday morning, the microblogging site was awash with messages linking to passwords and private cryptographic keys that are publicly accessible. Searches like this, this, and this turned up dozens of accounts that appeared to be exposing credentials that should never be made public. (Just minutes before Ars published this post, the searches stopped working, most likely as a result of GitHub admins who were trying to save users from their own carelessness. Many of the same GitHub accounts could still be located using Google, however.) Assuming they're still being used to log in to valid accounts, their exposure compromises the entire security that users attempted to establish when they generated the keys in the first place.

Ars won't be calling out individual accounts, although one GitHub offender appeared to reveal a password for an account on Chromium.org, the repository that stores the source code for Google's open-source browser. An eagle-eyed security researcher reported finding "an ssh password to a production server of a major, MAJOR website in China." Another tweet showed what appeared to be a sensitive GitHub authentication token used by a prominent front end developer for Bitly. In the wrong hands, a valid token could help miscreants redirect millions of people to malicious sites.

And it's not just GitHub users who appear to be loose-lipped, at least judging from links such as this one.

The practice of stashing sensitive log-in credentials in publicly accessible code repositories isn't exactly new, so it's unclear why it's only now receiving so much attention. It has touched off a major debate about whether GitHub bears any responsibility, with some arguing the fault lies solely with users and others saying GitHub has a duty to prevent misuse of its site.

Whatever view prevails, the tweets should come as a stern rebuke and a graphic demonstration that the practice is an extreme faux pas. Transgressors should reset or regenerate any compromised passwords or keys and purge the old ones right away. As in now.

Source: http://ars.to/10UNpl5

Cisco to sell Linksys to Belkin, will exit home networking market


After 10 years of owning Linksys, Cisco will get rid of home router business.

Belkin has struck a deal to buy Linksys from Cisco, bringing Cisco's 10-year dalliance with the consumer networking market closer to an end.

Cisco's Linksys division sells routers and wireless access points to consumers, which is in line with Cisco's overall focus on networking gear but diverges from the company's core focus on selling to big businesses rather than home users. Cisco has been gradually stepping out of the consumer business—for example, by killing off the Flip camera line and Umi home videoconferencing.

Cisco recently engaged Barclays to help sell off the home networking division. Belkin's purchase of Linksys is expected to close in March 2013, but the companies did not reveal the purchase price. Cisco bought Linksys in 2003 for $500 million.

Existing customers don't have to worry about whether their Linksys products will continue to be supported, Belkin said in its announcement. "Belkin intends to maintain the Linksys brand and will offer support for Linksys products as part of this transaction," Belkin said. "All valid warranties will be honored by Belkin for current and future Linksys products. After the transaction closes, Belkin will account for approximately 30 percent of the US retail home and small business networking market."

Belkin's existing business includes wireless and wired networking products as well as an assortment of device cases, mobile accessories, cables, and audio and video products.

Cisco's stewardship of Linksys annoyed some users (including me) last year when certain routers were automatically linked to a cloud-based management service that was less functional than the traditional, local router management interface. (Cisco backpedaled after an uproar.)

Belkin said it will expand Linksys's market presence, hinting that Linksys products will somehow be linked to or sold alongside Belkin's WeMo home automation platform. Besides home users, Belkin wants to use Linksys to target service providers and small businesses.

While no purchase price was announced today, Bloomberg reported last month that Linksys is "likely to fetch much less than the $500 million Cisco paid for it in 2003 because it is a mature consumer business with low margins."

Although Cisco is selling Linksys to Belkin, it will maintain some ties to the business as part of a cross-marketing deal. "Belkin and Cisco intend to develop a strategic relationship on a variety of initiatives including retail distribution, strategic marketing and products for the service provider market," Belkin's announcement said. "Having access to Cisco’s specialized software solutions across all of Belkin’s product lines will bring a more seamless user experience for customers."

Source: http://ars.to/14f9Ter

Three charged in Gozi Trojan bank raids

NASA computers among 1 million machines infected by malware used to steal from bank accounts.

United States prosecutors accused three people of creating and distributing a virulent malware which has infected more than a million computers around the world including those operated by the U.S. National Aeronautic Space Administration.

Nikita Kuzmin, 25, or Russia, Deniss Colovski, 27, of Latvia and Mihaj Ionut Paunescu, 28 of Romania, were behind a long-running scam which involved the creation and distribution of the so-called Gozi Trojan that helped cyber criminals siphon millions of dollars from bank accounts from the U.S., Europe and other countries, according to an indictment unsealed on Wednesday.

Alleged mastermind Kuzmin, was arrested in the U.S. back in November 2010 and pled guilty to a number of computer hacking and fraud charges in 2011. Calovski is alleged to have helped in programing Gozi. He was arrested in Latvia in November 2012. Paunescu, is alleged to have provided the hosting service that enabled Kuzmin and other cyber criminals to distribute Gozi and other malware. He was arrested in Romania in December 2012.

U.S. prosecutors are seeking the extradition of Paunescu and Calovski.

Source: http://bit.ly/V9ZfzK

Tuesday, January 15, 2013

You know flash is king when disk giant Seagate grows its SSD line


Plus: Might elbow its way into PCIe server flash card market.

Seagate is going to expand its solid state drive (SSD) line this year using co-developed Samsung controller technology and introducing its first multi-level cell drive.

Seagate and Samsung have a flash chip supply and controller partnership. Stifel Nicolaus analyst Aaron Rakers has talked to Seagate execs and gleaned that:

Seagate ... will have a refreshed line-up of SATA and SAS solid state drives, based on the co-development work with Samsung on controller technology, in 2013. Additionally, our conversations suggested that the company also plans to launch its first MLC-based PCIe SSDs in 2013.

Seagate currently ships its fast single level cell (SLC) Pulsar XT and Pulsar.2 MLC SSDs. Its recent flash activity includes investing in controller company DensBits, whose technology makes slow, shorter-life TLC (3-bits per cell) flash work for longer.

Just over a year ago, Seagate bought Samsung's disk drive business as part of its reaction to Western Digital buying Hitachi GST and leap-frogging Seagate into the disk drive market revenue leadership. Both Seagate and Western Digital appear to realise that the performance data access market is moving away from fast spinning hard drives into a high-end pure-flash market and a mid-range/low-end hybrid solid state hard drive (SSHD) market. Flash is where the strongest growth prospects are - for both Seagate and WD. Of course, just last year, Seagate was singing a different tune.

A move into the PCIe flash card for servers space from Seagate would be logical. We note Samsung has invested in PCIe server flash card market leader Fusion-io, which will make its relationship with Seagate interesting. The PCIe flash card product space is pretty crowded and the entry of Seagate would not be welcomed by other suppliers.

Source: http://www.theregister.co.uk/2013/01/14/seagate_samsung_pcie/

How to build a perfect private cloud with Windows Server 2012


Microsoft's handy kit.

So you want to build a Microsoft-based private cloud. While using the latest software is not always the best move (never use version 1.0 of anything) Microsoft's 2012 stack of products is mature, stable and capable of meeting all your cloudy needs.

Let's take a look at what's required for a private cloud in Microsoft's world.

It's all about the apps
In a Microsoft world, what you want to virtualise determines how you design the infrastructure that underpins it. If you need real-time, continuous high availability or fault tolerance, you need to determine if this exists at an application level, or if you will have to try to provide it at an infrastructure level.

Application-level fault tolerance – such as SQL replication, which can now include replication to Microsoft's Azure cloud – is usually preferred. It typically means far greater flexibility in your configuration options, including full hybrid-cloud and WAN deployments.

Microsoft's massive investment in making true software as a service delivery possible – IIS8, SQL server, Hyper-V 3.0 and System Center Virtual Machine Manager being one great combination – make services an easily deployable, environmentally aware option.

Think about storage
Before we even consider lighting up virtual machines, we need to think about where they will live. Knowing what degree of high availability or fault tolerance we need allows us to make educated decisions about the storage that will underpin them.

For a truly fault-tolerant infrastructure, Server 2012 ships with Cluster Shared Volumes (CSV). While thin provisioning of virtual machines on CSVs is supported, deduplication is not.

If you are using Server 2012 as the storage underpinning your private cloud this can be a critical consideration, especially in virtual desktop infrastructure scenarios.

Microsoft is aware that this is a compromise some systems administrators will not like, so offloaded data transfer (ODX) support has been baked into the operating system. If you decide you need a third-party filer to bridge the feature gap, ODX can save huge amounts of both network bandwidth and CPU time by instructing filers to carry out various operations internally.

iSCSI, Fibre Channel support and Multipath I/O (MPIO) are all also part of the operating system; indeed you can now add virtual Fibre Channel adaptors to virtual machines.

Not only does this increase the flexibility of Server 2012 as the host hypervisor running your cloud, the availability of – and support for – these features in guest environments allows for additional redundancy configurations from within the virtual machines.

For those using thin provisioning – which I suspect is most of us – the disk defragmenter is Unmap aware, making it directly compatible with thin-provisioned VHDX files.

This is important because fragmentation of virtual disks is the only downside to thin provisioning; with a little attention, Server 2012 can be set up to minimise the issue. The full thin provisioning benefits now also apply to both virtual IDE and virtual SCSI-attached disks.

For workloads that are not so mission critical, there's Hyper-V Replica. This takes a snapshot of a virtual machine and replicates it to another host.

It then shuffles change blocks along, ensuring that the backup copy of your virtual machine takes five to 15 minutes to catch up with the prime instance, even if you are replicating over the WAN. Replica also supports versioning.

Server 2012 is increasingly virtualisation aware, with services roles such as Active Directory Domain Controller being capable of detecting if they have been rolled back to a previous version via Replica or are clones of a previous domain controller template.

This dramatically increases the utility of technologies such as Replica while decreasing the need for truly fault-tolerant virtual machines to occupy precious CSV space.

Those virtual machines for which Replica is a good fit are also likely to be a good fit for storing on systems without CSVs. This allows you to take full advantage of both thin provisioning and deduplication, while still maintaining important core functionality such as virtual machine migration via Hyper-V 3.0's shared-nothing migration.

That's right: unless you have a burning need for zero-downtime fault tolerance, you can do without shared storage to make Microsoft's 2012 stack do infrastructure-as-a-service-like cloudy things.

Server 2012 can also store virtual machines on SMB 3.0 shares, further reducing cost and complexity for various deployments. Reliability is not an issue here: SMB 3.0 has gained a number of features, including MPIO for resiliency and remote direct memory access for speed.

Underpinning the whole shebang is Storage Spaces, Microsoft's second go at storage virtualisation. While it sheds some of the features of its beloved Home Server predecessor Drive Extender, Storage Spaces is far more reliable and entirely enterprise ready. It allows you to abstract how the storage is connected to the host from how it is delivered to applications and services such as Hyper-V.

Knit your own solution
Once you have your availability and storage requirements sorted, the last piece of the puzzle is System Center 2012 SP1. This plugs into the various features of Server 2012 to do such things as push the hypervisor onto bare metal, join the newly installed system to the domain and get all the initial settings configured for use with the rest of the cloud.

Cluster-Aware Updates combine with System Center's various features to ensure that outages of the host – be they scheduled for updates or unscheduled because of a power failure – are handled smoothly and with minimal disruption to running virtual machines.

System Center orchestrates not only the flow of virtual machines across your infrastructure, but is aware of the contents of those virtual machines, enabling you to break your virtual machines down into tiers according to the features and services they need.

There's more – much more – to explore in Microsoft's 2012 stack. It all depends on your requirements. If you are comfortable living in a powershell-only environment, you can build a private cloud with Microsoft's free Hyper-V Server. To use the oft-abused car analogy, consider this the systems administration equivalent of building your own fleet of cars from parts.

If you want basic virtualisation management tools, Server 2012's Remote Server Administration Tools can provide able service. This is like maintaining a fleet of cars that came handily pre-assembled from the factory.

If the previous two options are the equivalent of maintaining a fleet of cars, System Center 2012 is like automating the management and monitoring of every train in the country. It is the difference between hypervisor-plus-management and a true private (or even hybrid) cloud.

Source: http://www.theregister.co.uk/2013/01/14/building_a_private_cloud/

Lenovo said to release Intel and ARM Android convertibles


Hmm... which will prove more popular?

Lenovo will reportedly release Android-based convertibles in the first half of this year, and they'll be powered by your choice of either Intel or ARM processors.

Convertibles – clamshell laptops that can be converted to tablets – were one of the most talked about items at last week's CES 2013. Intel, for its part, sees them as the future of mobile computing.

But the devices that Intel was most effusive about during its CES 2013 press event were running Microsoft's Windows 8. According to a Monday report by DigiTimes citing those ever-helpful "industry sources", Lenovo – the world's second-largest PC maker – will add convertibles running Android to its stable of mobile PCs.

Or tablets – whichever incarnation of the convertible form factor you choose to emphasize.

According to DigiTimes' sources, Lenovo had planned to release Android-based convertibles in the third quarter of last year, but delayed the roll-out due to the market noise caused by the iPad 4 and iPad mini, Windows 8 and Windows RT tablets, "as well as a proliferation of low-priced Android tablets."

Intel has been talking about Android-on-Intel for quite some time, and soon-to-be-ex-CEO Paul Otellini said way back in October 2010 that Chipzilla would "win" in the tablet market.

Hasn't happened – and it's still to early to add "yet" to that observation.

If and when Lenovo releases Android convertibles based on both ARM and Intel chips – which will join its Core i5/i7 IdeaPad Yoga 11S convertible that was announced at CES and is scheduled to ship this June – we'll keep an eye on how the market responds to that choice.

Source: http://bit.ly/11v7VYx

DefenseCode turns up Linksys zero-day


World awaits patch.

With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.

The company has not released full details of the root access vulnerability yet, but has posted a demonstration video (below) to YouTube: http://www.youtube.com/watch?feature=player_embedded&v=cv-MbL7KFKE

In the video, DefenseCode researchers open the router’s shell (without authentication) and list the contents of files and directories.

According to Help-Net Security, it took DefenseCode just 12 days to develop the exploit. The company says it contacted Cisco, Linksys's owner, “months ago”.

The vulnerability affects all versions of Linksys firmware up to and including the current version, 4.30.14. DefenseCode intends to release a full description of the vulnerability within two weeks.

It’s an unwelcome development for Cisco, which in December began casting around for potential buyers for the consumer kit brand. ®

Update: Cisco has made the following statement to The Register: "Linksys takes the security of our products and customers’ home networks very seriously. Although we can confirm contact with DefenseCode, we have no new vulnerability information to share with customers – for our WRT54GL or other home routers. We will continue to review new information that comes to light and will provide customer updates as appropriate."

Source: http://bit.ly/VbYs3H

'Red October' malware spies on governments worldwide


It might have taken five years to discover, but a government-snooping spying campaign dubbed Red October has been exposed by Kaspersky Lab.

Kaspersky Lab has discovered yet another worldwide spying campaign that targets governmental bodies, political groups and research institutions.

On par with the memorable Flame malware, Kaspersky and a number of Cyber Emergency Response Teams (CERTs) discovered the malware -- known as Rocra or Red October -- which mostly targets institutions based in Eastern Europe, former USSR members and countries in Central Asia.

Kaspersky says that Red October has been gathering data and intelligence from "mobile devices, computer systems and network equipment" and is currently still active. Data is gathered and sent to multiple command-and-control servers which the security firm says rivals the complex nature of Flame.

The malware is sent via a spear-phishing email which, according to the firm, targets carefully-selected victims with an organization. Containing at least three different exploits in Microsoft Excel and Word, the infected files, once downloaded, drops a trojan on to the machine which then scans the local network to detect if any other devices are vulnerable to the same security flaw.

By dropping modules that can complete a number of "tasks," usually as .dll libraries, an infected machine obeys commands sent by the command center and then immediately discards the evidence. Separated in to "persistent" and "one-time" tasks, the malware is able to spy and steal in a number of ways, including:

Waiting for a Microsoft Office or PDF document and executing a malicious payload embedded in that document;


  • Creating one-way covert channels of communication,
  • Recording keystrokes, making screenshots,
  • Retrieve e-mail messages and attachments;
  • Collect general software and hardware environment information,
  • Extracting browsing history from Chrome, Firefox, Internet Explorer, Opera, and saving passwords,
  • Extracting Windows account hashes;
  • Extract Outlook account information,
  • Performing network scans, dump configuration data from Cisco devices if available.


Some .exe tasks remain on the system while waiting for the correct environment, for example, waiting for a phone to connect. Microsoft's Windows Phone, the iPhone and Nokia models are all said to be vulnerable.

Designed to steal encrypted files and even those that have been deleted from a victim's computer, the malware -- named as a hat-tip to the novel "The Hunt for Red October" -- has several key features which suggests it may be state-sponsored, although there is no official word on this yet.

Among the features, there is a "resurrection module" within the malware which keeps the infection hidden, disguised as a plugin for a program such as Microsoft Office, which can then reincarnate the infection after removal.

In addition, Red October does not simply focus on standard machines, but is also able to infect and steal data from mobile devices, hijacking information from external storage drives, accessing FTP servers and thieving information from email databases.

In order to control the network of infection, Kaspersky says that over 60 domain names and several different servers, hosted in various countries, are employed. In order to keep the main command center secret, the C&C infrastructure works as a huge network of proxies.

Kaspersky believes that the cyberattackers have been active for a minimum of five years, based on domain name registration dates and PE timestamps, and the firm "strongly believes" that the origins of the malware are Russian.

This high-profile network may suggest that state sponsorship could be involved. As Kaspersky Labs notes:

The information stolen by the attackers is obviously of the highest level and includes geopolitical data which can be used by nation states. Such information could be traded in the underground and sold to the highest bidder, which can be of course, anywhere.

Any information harvested, including stolen credentials or confidential data, is stored for later use. For example, if an attacker needs to guess a password in another location, it is possible that harvested data could provide clues -- creating an espionage network full of intelligence that hackers can refer to in need. After at least five years of activity, the Russian security firm believes that at least 5 terabytes of confidential information could have been stolen.

"During the past five years, the attackers collected information from hundreds of high profile victims although it's unknown how the information was used. It is possible that the information was sold on the black market, or used directly," Kaspersky said.

The majority of infections are based in Russia, although Kazakhstan, Azerbaijan, the U.S. and Italy have all reported cases. The exploits appear to have Chinese origins, whereas the malware modules may have a Russian background.

Red October was first brought to Kaspersky's attention in October 2012 after a tip of of an anonymous source. A full report on the spying campaign is due to be published this week.

Source: http://cnet.co/W47ONl

Homeland Security still advises disabling Java, even after update


DHS says an unpatched vulnerability may still put Web browsers using the plugin at risk of remote attack.

Despite an emergency software update issued yesterday by Oracle, the U.S. Department of Homeland Security is still advising computer users to disable Java on their Web browsers, fearing that an unpatched vulnerability remains.

Oracle released a software update on Sunday to address a critical vulnerability in Oracle's Java 7 after the DHS' Computer Emergency Readiness Team issued an advisory last week recommending users disable the cross-platform plugin on systems where it was installed. The flaw could allow a remote, unauthenticated attacker to execute arbitrary code when a vulnerable computer visits a Web site that hosts malicious code designed to take advantage of the hole.


Oracle said in an advisory yesterday that it "strongly" recommended users update their Java software to repair the vulnerability. But the DHS is still worried that further, unknown flaws may exist in Java.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," DHS said in an updated alert published on the CERT Web site. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."

Security company Immunity reported that Oracle's update addressed only one vulnerability and that another still existed.

"The patch did stop the exploit, fixing one of its components," Immunity said in a blog post today. "But an attacker with enough knowledge of the Java code base and the help of another zero day bug to replace the one fixed can easily continue compromising users."

Source: http://cnet.co/13x03Fd