Oracle Updates NoSQL
Oracle has announced the availability of the latest edition of its NoSQL datatabase.
NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.
Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.
For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.
For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.
“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.
It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.
Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.
Malware Targets Job-seekers
April 10, 2014 by admin
Filed under Around The Net
Comments Off on Malware Targets Job-seekers
A new version of the Gameover computer Trojan is targeting job hunters and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.
Gameover is one of several Trojan programs that are based on the infamous Zeus banking malware, whose source code was leaked on the Internet in 2011. Like Zeus, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers.
The ability to inject content into browsing sessions in real time has traditionally been used by computer Trojans to steal online banking credentials and financial information. However, cybercriminals are increasingly using this technique to compromise other types of accounts as well.
For example, in February, researchers from security firm Adallom found a Zeus variant that stole Salesforce.com log-in credentials and scraped business data from the compromised accounts.
The latest development involves a new Gameover variant that contains a configuration file to target Monster.com accounts, one of the largest employment websites in the world, security researchers from antivirus firm F-Secure said.
“A computer infected with Gameover ZeuS will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” they said.
After the victims authenticate through the rogue Web form the malware injects a second page that asks them to select and answer three security questions out of 18. The answers to these questions expose additional personal information and potentially enable attackers to bypass the identity verification process.
Targeting Monster.com is a new development, but the Gameover malware had already been targeting CareerBuilder.com, another large employment website, for some time.
Recruiters with accounts on employment websites should be wary of irregularities on log-in pages, especially if those accounts are tied to bank accounts and spending budgets, the F-Secure researchers said. “It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentication beyond mere security questions.”
The authors of the Gameover Trojan program have been particularly active recently. In early February researchers from security firm Malcovery Security reported that a new variant of Gameover was being distributed as an encrypted .enc file in order to bypass network-level defenses. Later that month researchers from Sophos detected a Gameover variant with a kernel-level rootkit component that protected its files and processes, making it harder to remove.
Unlike most other Zeus spinoffs, Gameover is also using peer-to-peer technology for command-and-control instead of traditional hosted servers, which improves its resilience to takedown efforts by security researchers.
Microsoft Buys Parature
Microsoft Corp said that they it will acquire cloud-based software maker Parature Inc, which assists businesses in managing help desks and provide other customer support services.
Parature’s software helps businesses provide automated customer service, manage online discussion boards and forums, and conduct online surveys.
The company’s customers include Ask.com, the U.S. Environmental Protection Agency, International Business Machines Corp and Saba Software Inc.
Microsoft did not disclose the terms of the deal.
The acquisition will boost Microsoft’s Dynamics unit, which makes business software and counts Mattress Firm Holding Corp, Pandora Media Inc and Nissan Motor Co as customers.
Cloud computing, a broad term referring to the delivery of services via the Internet from remote data centers, is a favorite with businesses because it is faster to implement and has lower upfront costs than traditional software.
Oracle Corp said in December that it would buy web-based marketing software maker Responsys Inc for about $1.39 billion to bolster its cloud computing offerings.
Salesforce.com Inc, the biggest maker of online sales management tools, said in June that it would pay $2.5 billion for marketing software maker ExactTarget, which helps companies reach customers on social networks through mobile devices.
SalesForce Goes Hacking
Salesforce.com really wants to attract lots of developers to its Dreamforce conference next month in San Francisco. As in, really.
Last Friday, the cloud software vendor announced a “hackathon” would be held at the conference, with US$1 million going to the developer or team who creates the top prize-winning mobile application with Salesforce.com technology.
“It’s not going to be easy — $1 million is going to bring out the best of the best,” Salesforce.com said in Friday’s announcement. “So don’t wait until Dreamforce! You’re going to want to get started now. With Force.com, Heroku, ExactTarget Fuel, Mobile Services and more — you’ve got a killer array of platform technology to use.”
Salesforce.com will also be providing some “pretty amazing new technology” for use at the show, the announcement adds.
In order to participate, developers have to either register for a full conference pass or a special $99 hacker pass.
The hackathon reflects Salesforce.com’s long courtship of developers to its development technologies, its AppExchange marketplace and recent efforts to build out more tooling for mobile application development.
Developers taking part in the hackathon will have plenty of competition, with some 20,000 programmers expected to attend Dreamforce overall. A “Hack Central” area will be open around the clock, supporting coders who want to work until the wee hours on their application.
In order to qualify, an application can’t have been previously released. The entries will be judged on four criteria counting 25 percent each: innovation, business value, user experience and use of Salesforce.com’s platform.
The second-place finisher will receive $50,000, with $25,000 going to the third-place winner. Fourth and fifth place will get $10,000 and $5,000, respectively.
Some 120,000 people are expected to register for Dreamforce this year. While some of that total will be watching online rather than in person, Dreamforce is now operating at a scale rivaling Oracle’s OpenWorld event, which happened last month.
Dell’s Cloud Plans Falls Behind Schedule
Comments Off on Dell’s Cloud Plans Falls Behind Schedule
Dell announced an aggressive schedule last year to roll out cloud-based application services, but it appears that the schedule was a little too aggressive.
Dell said last August that it planned to launch an online analytics service in the first half of this year for small and midsized businesses, but that service isn’t due now until early next year, a Dell executive said.
“Like a lot of development projects, it can take a bit longer than you think,” Paulette Altmaier, general manager of Dell’s Cloud Business Applications group, said in an interview Thursday.
Dell also said it would launch a platform-as-a-service offering this year based on Microsoft’s Azure platform. On Friday, a Dell spokeswoman said the company no longer has a delivery date for that service.
The delays are a setback for Dell, which is trying to reduce its dependence on PCs and build more profitable businesses in services and software. But a lot of companies are moving slowly to the cloud, so the hold-up isn’t a disaster, said Peter Ffoulkes, an industry analyst with 451 Research Group.
“The move to the cloud is not a fast journey and for most people it is still largely a future. I would not expect a quarter or two to make a big difference in practical terms,” he said.
Dell has also made a string of software acquisitions in the past year that might be causing it to rethink its software-as-a-service strategy. It updated press and analysts on its software plans Thursday.
When it does arrive, the analytics service will offer “cross-app” analytics, meaning customers will be able to import data from one or more applications to a data warehouse that Dell will host for them online, and then perform analysis on that data.