Sign up for our Technology Newsletter 
Oracle Changing Berkeley
Oracle has changed the license of its embedded database library, Berkeley DB. The software is widely used as a key-value store within other applications and historically used an OSI-approved strong copyleft license which was similar to the GPL.
Under that license, distributing software that embedded Berkeley DB involved also providing “information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software.”
Now future versions of Berkeley DB use the GNU Affero General Public License (AGPL). This says “your modified version must prominently offer all users interacting with it remotely through a computer network … an opportunity to receive the Corresponding Source of your version.”
This will cause some problems for Web developers using Berkeley DB for local storage. Compliance has not really been an issue because they never “redistributed” the source of their Web apps.Now they will have to make sure their whole Web app is compliant with the AGPL and make full corresponding source to their Web application available.
They also need to ensure the full app has compatible licensing. Practically that means that the whole source code has to be licensed under the GPLv3 or the AGPL.
Collaborating Viruses Showing Up
Two computer viruses are collaborating to defeat clean-up operations. Microsoft researcher Hyun Choi has found that the pair of viruses foil removal by regularly downloading updated versions of their malware partner.
It is the first time that such a defense plan has been noticed before. Choi said that the Vobfus and Beebone viruses, were regularly found together. Vobfus was the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet. After this the two start to work together to regularly download new versions of each other. If Vobfus was detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.
Vobfus become a persistent problem since 2009 when it first appeared.
Citrix Updates Xen Server
Citrix has released its open source Xen Server 6.2 to go up against VMware’s closed source free Vsphere hypervisor.
Citrix for years has maintained a free, open source version of its Xen hypervisor but it has been losing ground to KVM and in particular VMware’s free Vsphere hypervisor. Now the firm has released Xen Server 6.2 and a community website that the firm hopes will help increase support for its open source hypervisor.
According to Citrix, Xen Server 6.2 supports Cloud Stack, Open Stack and Citrix’s own Cloud Platform. The firm touted support for the latest guest operating systems including Microsoft’s Windows 8 and Windows Server 2012.
Sameer Dholakia, group VP and GM of Citrix’s Cloud Platforms Group said, “The cloud era has brought a lot of exciting opportunities for data center infrastructure, but the reality is that one size doesn’t fit all when it comes to virtualization.
“By empowering our users and partners with a committed open source strategy and community for XenServer – which already powers some of the largest clouds in the world – we are moving the needle in innovation to help customers of all sizes, and at all stages of their cloud strategies, to maximize the benefits they gain from vitualization and the cloud.”
Citrix said its Xen Server 6.2 supports its Xen Desktop software, including Intellicache and Dynamic Memory Control. The firm said it has added Desktop Director alerts so that administrators can be notified of low resources to try to prevent virtual machines from becoming unusuable.
Citrix will be hoping that as firms get used to the free version of Xen Server they will shell out for the full versions that cost up to $3,250. However, Citrix’s continued support of its free, open source Xen Serven means that VMware will have to continue offering a free version of Vsphere if it doesn’t want to leave a gap in the market.
Are CCTV Cameras Hackable?
June 28, 2013 by admin
Filed under Around The Net
Comments Off on Are CCTV Cameras Hackable?
When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.
Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
HP Aims To Boot ‘Useless’ Data
Hewlett-Packard wants to help organizations rid themselves of useless data, all the information that is no longer necessary, yet still occupies expensive space on storage servers.
The company’s Autonomy unit has released a new module, called Autonomy Legacy Data Cleanup, that can delete data automatically based on the material’s age and other factors, according to Joe Garber, who is the Autonomy vice president of information governance.
Hewlett-Packard announced the new software, along with a number of other updates and new services, at its HP Discover conference, being held this week in Las Vegas.
For this year’s conference, HP will focus on “products, strategies and solutions that allow our customers to take command of their data that has value, and monetize that information,” said Saar Gillai, HP’s senior vice president and general manager for the converged cloud.
The company is pitching Autonomy Legacy Data Cleanup for eliminating no-longer-relevant data in old SharePoint sites and in e-mail repositories. The software requires the new version of Autonomy’s policy engine, ControlPoint 4.0.
HP Autonomy Legacy Data Cleanup evaluates whether to delete a file based on several factors, Garber said. One factor is the age of the material. If an organization has an information governance policy of only keeping data for seven years, for example, the software will delete any data older than seven years. It will root out and delete duplicate data. Some data is not worth saving, such as system files. Those can be deleted as well. It can also consider how much the data is being accessed by employees: Less consulted data is more suitable for deletion.
Administrators can set other controls as well. If used in conjunction with the indexing and categorization capabilities in Autonomy’s Idol data analysis platform, the new software can eliminate clusters of data on a specific topic. “You apply policies to broad swaths of data based on some conceptual analysis you are able to do on the back end,” Garber said.
Will Icahn Boot Michael Dell?
Carl Icahn reportedly is drawing up a shortlist of potential Dell CEO replacements for Michael Dell should his bid for the company be successful.
Icahn and Southeastern Asset Management have made a bid to rival that of Michael Dell and Silver Lake Partners in the high stakes fight over Dell and its board. Now it is being reported that Icahn has already started drawing up a list of candidates that he and Southeastern Asset Management will propose as replacements for Michael Dell as CEO of Dell.
Icahn has previously warned that should his offer for Dell be accepted by the shareholders he would look to not only oust Michael Dell as CEO but replace the firm’s board of directors. Reuters reports that Icahn is casting his net far and wide, including consideration of former HP CEO and current Oracle co-president Mark Hurd.
According to Reuters’ sources Cisco director Michael Capellas, IBM services head Michael Daniels and Oracle’s Hurd are all in the frame, although none of the individuals would confirm having been approached by Icahn.
Michael Dell’s initial plan to buy back the company he founded has met with strong opposition by existing shareholders, some of whom think they are getting shortchanged. According to Michael Dell, the firm’s reorganisation into an enterprise IT vendor will be easier if the company goes private and doesn’t face investor and market scrutiny.
So far Dell’s board is backing Michael Dell’s and Silver Lake Partners’ buyout offer, suggesting that Icahn’s offer is short of cash. However some of Dell’s investors might like the drastic action that Icahn is promising, along with the fact that his offer allows existing shareholders to maintain a diluted stake in the company.
Should Icahn manage to get his takeover offer accepted by Dell’s shareholders, it will set up a sensational return to the PC industry for Hurd and give Dell renewed momentum to compete with HP.
IBM Buys SoftLayer
IBM has signed an agreement to purchase SoftLayer Technologies, as it looks to accelerate the build-out of its public cloud infrastructure. The company is also forming a services division to back up the push.
The financial details of the deal were not announced, but SoftLayer is the world’s largest privately held cloud computing infrastructure provider, according to IBM.
IBM already has an offering that includes private, public and hybrid cloud platforms. The acquisition of SoftLayer will give it a more complete in-house offering, as enterprises look to keep some applications in the data center, while others are moved to public clouds.
SoftLayer has about 21,000 customers and an infrastructure that includes 13 data centers in the U.S., Asia and Europe, according to IBM. SoftLayer allows enterprises to buy compute power on either dedicated or shared servers.
Following the close of the acquisition of SoftLayer, which is expected in the third quarter, a new division will combine its services with IBM’s SmartCloud. IBM expects to reach $7 billion annually in cloud revenue by the end of 2015, it said.
Success is far from certain: The public cloud market is becoming increasingly competitive as dedicated cloud providers, telecom operators and IT vendors such as Microsoft and Hewlett-Packard all want a piece. The growing competition should be a good thing for customers if it drives down prices. For example, Microsoft has already committed to matching Amazon Web Services prices for commodity services such as computing, storage and bandwidth.
Not all hardware vendors feel it’s necessary to have their own public cloud. Last month, Dell changed strategy and said it would work with partners including Joyent, instead of having its own cloud.
McAffee See Sure In Spam
The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.
The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.
Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.
The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.
On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.
The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.
The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.
The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.
Google Updates It’s SSL Certificate
Google has announced plans to upgrade its Secure Sockets Layer (SSL) certificates to 2048-bit keys by the end of 2013 to strengthen its SSL implementation.
Announcing the news on a blog post today, Google’s director of information security engineering Stephen McHenry said it will begin switching to the new 2048-bit certificates on 1 August to ensure adequate time for a careful rollout before the end of the year.
“We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” McHenry said.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications. This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.”
McHenry advised that for a smooth upgrade, client software that makes SSL connections to Google, for example, HTTPS must: “perform normal validation of the certificate chain; include a properly extensive set of root certificates contained […]; and support Subject Alternative Names (SANs)”.
He also recommended that clients support the Server Name Indication (SNI) extension because they might need to make an extra API call to set the hostname on an SSL connection.
He pointed out some of the problems that the change might trigger, and pointed to a FAQ addressing certificate changes, as well as instructions for developers on how to adapt to certificate changes.
F-secure’s security researcher Sean Sullivan advised, “By updating its SSL standards, Google will make it easier to spot forged certificates.
“Certificate authorities have been abused and/or hacked in the past. I imagine it will be more difficult to forge one of these upgraded certs. Therefore, users can have more confidence.”
Is This A Mobile First World?
June 3, 2013 by admin
Filed under Smartphones
Comments Off on Is This A Mobile First World?
Judging from the number of people engrossed in activities with their smartphones on the sidewalk, in their cars and in public places, mobile seems to have stolen our attention away from the wired Internet and traditional TV.
However, there is a ways to go before mobile platforms become the primary place where consumers turn for entertainment and getting things done, players at CTIA Wireless trade show said.
Nokia Siemens Networks announced new capabilities in its network software to make video streams run more smoothly over mobile networks. Among other things, the enhancements can reduce video stalling by 90 percent, according to the company. But even Sandro Tavares, head of marketing for NSN’s Mobile Core business, sees “mobile-first” viewing habits as part of the future.
“Now that the networks are providing a better capacity, a better experience with mobile broadband, mobile-first will come,” Tavares said. “Because the experiences they have with the devices are so good, these devices … start to be their preferred screen, their first screen.
“This is a trend, and this is something that will not change,” Tavares said. But he thinks it’s too early to build networks assuming consumers will turn to tablets and phones as their primary sources of entertainment. “Do you have to be prepared for mobile-first now? Probably not. You have to be able to keep the pace.”
For AT&T, mobile-first is a top priority for its own internal apps, ensuring employees can do their jobs wherever they are, said Kris Rinne, the carrier’s senior vice president of network technologies. But to make it possible over the network, a range of new technologies and relationships may have to come together, she said.
For example, giving the best possible performance for streaming video and other uses of mobile may require steering traffic to the right network if both cellular and Wi-Fi are available. AT&T is developing an “intelligent network selection” capability to do this, Rinne said. When AT&T starts to deliver voice over LTE, it will stay on the cellular network — at least in the early days — because the carrier has more control over quality of service on that system, she said.
Other issues raised by mobile-first include security of packets going over the air and rights for content that subscribers are consuming primarily on mobile devices instead of through TV and other traditional channels, Rinne said.