Posts

IT runs on the cloud, and the cloud runs on Linux.

Image
Summary: IT is moving to the cloud. And, what powers the cloud? Linux. When even Microsoft's Azure has embraced Linux, you know things have changed. Like it or lump it, the cloud is taking over IT. We've seen the rise of the cloud over in-house IT for years now. And, what powers the cloud? Linux.  A recent survey by the Uptime Institute of 1,000 IT executives found that 50 percent of senior enterprise IT executives expect the majority of IT workloads to reside off-premise in cloud or colocation sites in the future. Of those surveyed, 23 percent expect the shift to happen next year, and 70 percent expect that shift to occur within the next four years. This comes as no surprise. Much as many of us still love our physical servers and racks, it often doesn't make financial sense to run your own data center. It's really very simple. Just compare your capital expense (CAPEX) of running your own hardware versus the operational expenses (OPEX) of using a clou...

The buyers aren't biting: Windows zero-day flaw price slashed

Image
Summary: It looks like a willing buyer for the zero-day vulnerability is yet to come forward. A zero-day vulnerability which allegedly compromises a range of Microsoft Windows systems has gone on sale as the seller continues to seek a buyer.After going on sale in May, the exploit's price has been slashed twice -- and is now on the market for the bargain price of $85,000. Earlier this month, reports emerged that an underground seller, BuggiCorp, was offering a rather rare zero-day vulnerability which apparently works against versions of Windows from Windows 2000 to the current Windows 10 operating system. The exploit, for sale on the Russian forum exploit.in , was originally offered with a price tag of $95,000, which later dropped to $90,000, to be paid in the virtual currency Bitcoin. In an update, Trustwave researchers note that the seller has once again lowered their price for the zero-day exploit to $85,000 in the quest to find a buyer."Thi...

New versions of Firefox prepare for its biggest change ever

Image
Summary: Today's launch of Firefox 47 means the E10S version, Firefox 48, has reached the beta stage. With Electrolysis, Firefox will finally be able to use two or more processes at once.... the main problem being that it breaks a lot of extensions Mozilla released Firefox 47 , with improved handling for streaming, HTML5 video and the VP9 codec. But the more interesting news is that Firefox 48 has now reached the beta release stage. Firefox 48 incorporates the long-awaited Electrolysis (E10S), which enables the user interface to be run in a separate process from the tabbed content. Electrolysis will improve Firefox's performance and security, but it breaks a lot of extensions. However, Firefox will stage the release to minimize the problem. In a blog post, Asa Dotzler wrote : "When we launch Firefox 48, approximately 1 percent of eligible Firefox users will get updated to E10S immediately. The 1 percent of release users should get us up to a popul...

Hacked TeamViewer users 'careless' in personal security

Image
Summary: The company has denied all responsibility for a recent spate of reports that user PCs have been compromised.  Faced with angry users complaining of hacked accounts, TeamViewer has placed the blame on the "careless" use of credentials rather than internal issues. Founded in 2005, TeamViewer provides software which can be used to remotely control PC systems and conducted meetings. The company caters for over 200 million users across the globe -- and some of which have recently taken to forums to complain of alleged hacking thanks to the firm's software. On Reddit, users have flooded the forum with complaints over the alleged hack, complaining that their accounts were compromised and attackers have been able to infiltrate their PCs for the purpose of stealing financial data, accessing other accounts and making purchases ranging from designer clothes to Amazon gift cards. One common thread in the story appears to be a file called "webb...

Hacker thrown in jail for reporting police system security flaws

Image
Summary:The sentence probably wasn't quite the reward he was looking for. A hacker has been awarded a suspended sentence for disclosing security vulnerabilities in a Slovenian police system. The student, 26-year-old Dejan Ornig, studied the Tetra police communication system and through his study found that the system contained security vulnerabilities due to incorrect configuration settings, among other issues. Between 2012 and 2014, Ornig, alongside colleagues, discovered that Tetra did not always encrypt communication sent through the protocol. As Tetra is used by the military, the Slovenian Intelligence and Security Service and other agencies, a lack of encryption could have serious ramifications for intelligence and the country as a whole. As noted by Security Affairs , the student then disclosed these security issues to law enforcement, but after waiting at least a year, there was no action taken to remedy the flaw...

Google IO: SoftBank, maker of AI Pepper robot, has news for developers

Image
Summary:The Japanese telecom is using its robot to make a big push into the U.S. market When Japanese mobile phone company SoftBank offered 1000 of its emotionally intelligent Pepper robots for the consumer market last summer, the entire run sold out in under a minute. At CES this year, SoftBank announced that IBM would be bringing Watson's artificial intelligence to Pepper, a bid to ready the robot for broad adoption in the home. Now SoftBank is planning to branch into the U.S. At Google IO today, the company announced that it's opening up a new developer portal and adding SDK Android Studio to enable the development of custom applications for Pepper, continuing to evolve it's capabilities ahead of its U.S. launch, which it's planning later this year. "We'll also be announcing the opening of SoftBank's U.S. office, headquartered in San Francisco, which will be driving the efforts surrounding the launch of Pepper in the U.S.,"...

Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

Image
Summary: We have a wait to become protected against the dangerous exploit, though. Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware. According to a security advisory released by the software giant on Tuesday , the zero-day vulnerability, CVE-2016-4117 , is being used actively to compromise victim PCs. The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system." However, a patch to fix the problem will not be ready until May 12 as part of Adobe's monthly security update. Discovered by Genwei Jiang from cybersecurity firm FireEye, the exploit is bad news for users who insist on using the ever-vulnerable Adobe Flash Player. The software, which useful for disp...

Microsoft expands bug bounty program

Image
Summary: Researchers have a fresh target to explore for vulnerabilities with rewards reaching up to $15,000.   Microsoft has expanded its bug bounty program to include the Nano Server installation option of Windows Server 2016 Technical Preview 5. The expansion of Microsoft's bug bounty program , now includes the Nano Server -- the remotely administered, headless installation option of the server operating system. As a technical preview, the installation option is focused on acting as a host for computer and/or storage clusters and as a lightweight operating system in a virtual machine (VM) or container for cloud applications. Microsoft says that vulnerabilities found within this release must be original and able to be reproduced to be eligible for the new vulnerability disclosure program. The tech giant is particularly interested in remote code execution vulnerabilities, privilege escalation and remote unauthenticated d...

Google launching in-house startup incubator called 'Area 120'

Image
Summary: Google's new incubator could help it keep talent by providing new business plans with funding, but is it enough? Google headquarters Alphabet-owned Google is working to launch an in-house startup incubator that could prevent top tech talent from leaving to budding companies in Silicon Valley, according to a report from The Information. The startup incubator will be called " Area 120 ," and will be lead by Don Harrison and Bradley Horowitz. Employee's teams will be accepted into the program based on their business plans, where they can accept outside funding for their project or create a company under Google. The move would allow employees to work on Google's "special projects" full time. The company allots employees 20 percent of their work day to new projects, which have formed the beginnings of Gmail and other hit Google services. Retention is a widely discussed issue in the tech...

Police department computers hit by virus attack

Image
Summary: Newark Police Department in New Jersey was forced to spend four days cleaning up after a virus attack. A virus infected computer systems at Newark Police Department in New Jersey last week, taking four days to clean up. The police department said there was no evidence of any sort of data breach and that the attack "did not disrupt the delivery of emergency services to our citizens". "Through the efforts of the city's and the division's IT, as well as assistance from the Essex County Prosecutor's Office, New Jersey State Police and federal authorities, we were quickly able to get the system cleaned and operational in four days," said a police spokesperson . According to one report, the virus temporarily locked down the servers, blocking access to the program used to track and analyze crime data . In accordance to police protocols, Newark reported the breach to the FBI, New Jersey state police, and the county prosecutor...