IBM Goes BlueMix

IBM has put together a vast array of hosted cloud services, and now it has a single location to offer them for sale.

At IBM Cloud online marketplace, that went live on Monday, enterprises can find the full range of IBM’s offerings behind a single gateway.

“So many of our customers want to build new cloud-based, front-end systems, but they want to tie them into their back-end infrastructure. We’re delivering a whole set of integration components and control services to do the connection, and monitor and control what is taking place,” said Steve Mills, IBM senior vice president and group executive for software and systems.

The marketplace has more than 100 hosted IBM applications, as well as middleware components from IBM’s Bluemix platform as a service (PaaS). It also serves as a portal to IBM’s SoftLayer infrastructure as a service (IaaS) and houses a collection of services from IBM partners.

“It’s an open platform. It supports all the popular application development tools and structures. So it’s not uniquely IBM. There’s a lot of open source and partners,” Mills said. In addition to IBM’s own offerings, other services will be offered on the site by SendGrid, Zend, Redis Labs and other IBM partners.

IBM is banking heavily on the cloud. The company’s revenue has been declining lately, due in part to sagging hardware sales. The cloud is likely to be a good place to look for more money: Gartner expects 80 percent of organizations to use cloud services in some form by the end of 2014.

Although IBM got a late start in the cloud, at least compared with rivals Amazon and Microsoft, it’s aggressively repositioning itself as a one-stop cloud services company. It generated $4.4 billion in cloud-related revenue in 2013 and has made a number of additional investments in the area as well.

In January, the company announced it would invest $1.2 billion into expanding its SoftLayer cloud service, which it acquired last year for $2 billion.

It is also investing $1 billion in the effort to adapt its middleware software as cloud services, part of the Bluemix offering.

The new online marketplace ties together a number of these initiatives from IBM within a single portal. It can be accessed from desktops, laptops, tablets and smartphones, and it can customize the service offerings based on the user’s needs.

Source

Is Qualcomm In Trouble?

Qualcomm’s activities in China may lead to regulatory penalties for the chip vendor, this time from the U.S. Securities and Exchange Commission over bribery allegations.

The company is currently facing an anti-monopoly probe from Chinese authorities for allegedly overcharging clients. Qualcomm  has also said that the SEC may also consider penalizing the company, as part of an anti-corruption investigation.

The SEC’s Los Angeles Regional Office has made a preliminary decision to recommend that the SEC take action against Qualcomm for violating anti-bribery controls, the company said in its second quarter report. The accusations involve Qualcomm offering benefits to “individuals associated with Chinese state-owned companies or agencies,” the report added.

Both the SEC and the U.S. Department of Justice have been probing the company over alleged violations of the nation’s Foreign Corrupt Practices Act.

In cooperation with those official investigations, Qualcomm said it’s found instances of preferential hiring, and giving gifts and other benefits to “several individuals” with China’s state-owned companies. The gifts and benefits amounted to less than US$250,000 in value.

If the SEC takes action against Qualcomm, penalties could include giving up profits, facing injunctions, and other monetary penalties, the company said. Earlier this month, Qualcomm filed a submission with the U.S. regulator, countering any claims of wrongdoing.

Qualcomm is facing the investigations at a time when China is increasingly become a bigger part of its business. The nation is the world’s largest smartphone market, and more Chinese device manufacturers are expanding globally.

Last year, however, Chinese regulators began investigating Qualcomm due to complaints from industry groups. The company was allegedly abusing its market position and charging higher fees for its patent licensing business. In November, Chinese authorities conducted two surprise raids of Qualcomm offices in China for documents.

Chinese regulators could decide to penalize Qualcomm by confiscating financial gains made, and even imposing a fine of 1 to 10 percent on its revenues for the prior year, the company said in its quarterly report.

Source

Many Websites Still Exposed

The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.

On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.

Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.

Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.

The bug had been introduced in OpenSSL in late 2011.

Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.

The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.

The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.

While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.

Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.

Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.

Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.

Source

Can Plastic Replace Silicon?

Can plastic materials morph into computers? A research breakthrough recently published brings such a possibility closer to reality.

Researchers are looking at the possibility of making low-power, flexible and inexpensive computers out of plastic materials. Plastic is not normally a good conductive material. However, researchers said this week that they have solved a problem related to reading data.

The research, which involved converting electricity from magnetic film to optics so data could be read through plastic material, was conducted by researchers at the University of Iowa and New York University. A paper on the research was published in this week’s Nature Communications journal.

More research is needed before plastic computers become practical, acknowledged Michael Flatte, professor of physics and astronomy at the University of Iowa. Problems related to writing and processing data need to be solved before plastic computers can be commercially viable.

Plastic computers, however, could conceivably be used in smartphones, sensors, wearable products, small electronics or solar cells, Flatte said.

The computers would have basic processing, data gathering and transmission capabilities but won’t replace silicon used in the fastest computers today. However, the plastic material could be cheaper to produce as it wouldn’t require silicon fab plants, and possibly could supplement faster silicon components in mobile devices or sensors.

“The initial types of inexpensive computers envisioned are things like RFID, but with much more computing power and information storage, or distributed sensors,” Flatte said. One such implementation might be a large agricultural field with independent temperature sensors made from these devices, distributed at hundreds of places around the field, he said.

The research breakthrough this week is an important step in giving plastic computers the sensor-like ability to store data, locally process the information and report data back to a central computer.

Mobile phones, which demand more computing power than sensors, will require more advances because communication requires microwave emissions usually produced by higher-speed transistors than have been made with plastic.

It’s difficult for plastic to compete in the electronics area because silicon is such an effective technology, Flatte acknowledged. But there are applications where the flexibility of plastic could be advantageous, he said, raising the possibility of plastic computers being information processors in refrigerators or other common home electronics.

“This won’t be faster or smaller, but it will be cheaper and lower power, we hope,” Flatte said.

Source

Lavaboom Offers To Encrypt

A new webmail service named Lavaboom promises to provide easy-to-use email encryption without ever learning its users’ private encryption keys or message contents.

Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.

Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.

Lavaboom calls this feature “zero-knowledge privacy” and implemented it in a way that allows emails to be encrypted and decrypted locally using JavaScript code inside users’ browsers instead of its own servers.

The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.

Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.

Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.

Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.

Source

Microsoft Updates Office Online

Microsoft is updating its Web-based Office Online suite, closing the features gap with the main Office 365 and Office 2013 suites installed on users’ devices.

“We know you want features that allow you to move as seamlessly as possible between Office Online and the desktop,” wrote Kaberi Chowdhury, an Office Online technical product manager, in a blog post Monday.

Improvements to Excel Online include the ability to insert new comments, edit and delete existing comments, and properly open and edit spreadsheets that contain Visual Basic for Applications (VBA) code.

Meanwhile, Word Online has a new “pane” where users can see all comments in a document, and reply to them or mark them as completed. It also has a refined lists feature that is better able to recognize whether users are continuing a list or starting one. In addition, footnotes and end notes can now be added more conveniently inline.

PowerPoint Online has a revamped text editor that offers a layout view that more closely resembles the look of finished slides, according to Microsoft. It also has improved performance and video functionality, including the ability to play back embedded YouTube videos.

For users of OneNote Online, Microsoft is now adding the ability to print out the notes they’ve created with the application.

Microsoft is also making Word Online, PowerPoint Online and OneNote Online available via Google’s Chrome Web Store so that Chrome browser users can add them to their Chrome App launcher. Excel Online will be added later.

The improvements in Office Online will be rolled out to users this week, starting Monday.

Office Online, which used to be called Office Web Apps, competes directly against Google Docs and other browser-based office productivity suites. It’s meant to offer users a free, lightweight, Web-based version of these four applications if they don’t have the desktop editions on the device they’re using at that moment.

Source

BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

Javascript Security Flaws Discovered

Polish researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users’ sensitive data or to execute malicious code.

Security Explorations said it would normally withhold public airings until after any vulnerability has been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.

Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.

Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com.

Source

Juniper Boots Employees

Juniper Networks plans to reduce its global workforce by six percent and focus on its high-growth businesses. Juniper said most of the cuts would impact middle management positions and that it expected to incur cash charges of about $35 million in the first quarter, related to severance and other expenses. The company had 9,483 full-time employees as of December 31.

Juniper also said it would stop development of the application delivery controller technology, which helps remove excess load from servers, resulting in a non-cash intangible asset impairment charge of about $85 million. The company said it plans to consolidate its facilities, flog off of about 300,000 square feet of leased facilities.

Juniper added that it expected to record other non-cash asset write-downs of about $10 million in the first quarter and that it expects to carry out more restructuring in the second quarter.

Hedge fund Elliott recently claimed that Juniper shares were “undervalued” and could be worth $35-$40 if Juniper focused on revamping its core business of making routers and switches for mobile carriers such as Verizon and AT&T. Shares of Juniper are currently worth at $26.35.

Source

Oracle Updates NoSQL

Oracle has announced the availability of the latest edition of its NoSQL datatabase.

NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.

Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.

For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.

For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.

“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.

It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.

Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.

Source

« Previous Page — Next Page »