Cisco Warns Of Bug In Virtual App
Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.
The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.
It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.
Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.
The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.
“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.
“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”
Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.
The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.
Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.
Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.
The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.
Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.
Yet Another Retailer System Hacked
Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.
The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.
The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.
“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.
The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.
In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.
Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.
Can Blackberry Be Sold?
August 20, 2013 by admin
Filed under Smartphones
Comments Off on Can Blackberry Be Sold?
Struggling smartphone maker BlackBerry is reviewing several options that could include joint ventures, partnerships or an outright sale, as the company’s leading shareholder steps down from its board in a possible prelude to taking a different role.
BlackBerry, which pioneered on-your-hip email with its first smartphones and email pagers, said on Monday it had set up a committee to review its options, sparking debate over whether Canada’s one-time crown jewel is more valuable as a whole or snapped up piece by piece by competitors or private investors.
The company said Prem Watsa, whose Fairfax Financial Holdings Ltd is BlackBerry’s biggest shareholder, was leaving the board to avoid a possible conflict of interest as BlackBerry determines its next steps.
The resignation of Watsa, often described as Canada’s version of Warren Buffett, suggests Fairfax may be part of a solution.
BlackBerry, once a stock market darling, has bled market share to the likes of Apple Inc and phones using Google Inc’s Android operating system, and its new BlackBerry 10 smartphones have failed to gain traction with consumers.
Blackberry shares rose 7.5 percent to $10.80 in New York and C$10.84 in Toronto in afternoon trading. But the shares remain well below the levels seen in June, before the company reported dismal results that included poor sales of the BlackBerry 10 phones it viewed as key to a successful turnaround.
The share price peaked at about C$150 in June 2008.
A clean balance sheet makes the smartphone seller an enticing takeover candidate. Like Dell Inc, it is a tech icon in need of a turnaround. But BlackBerry’s cash flow is worse, meaning leverage would be extra risky.
The company’s assets include a well-regarded services business that powers BlackBerry’s security-focused messaging system, worth $3 billion to $4.5 billion; a collection of patents that could be worth $2 billion to $3 billion; and $3.1 billion in cash and investments, according to analysts.
But the smartphones that bear its name have little or no value, and it may cost $2 billion to shutter that unit, the analysts said.
Analysts expressed skepticism about the new committee, noting that BlackBerry announced similar steps more than a year ago when it hired JPMorgan and RBC as financial advisers. A source said both are still involved in the strategic review.
Microsoft Updates Azure
Microsoft has rolled out a major update to its Azure cloud computing service and said that it will match Amazon on price.
Last year Microsoft announced it would preview a host of changes to its Azure cloud computing service including new virtual machine configurations, a virtual private network and a new Azure software development kit. Now the firm has taken those features out of preview and made them generally available in what it is promoting as the largest single update to Windows Azure to date.
Since Microsoft announced most of the features in its “hybrid cloud” last June, the firm said the only changes from the preview release to today’s public release are higher memory capacity and higher performance compute nodes. However the firm touted its Windows Azure Virtual Network as a way for customers to view cloud based services as if those were located on their premises.
Microsoft couldn’t rely on features alone to take the fight to Amazon and its Web Services division. Amazon’s cloud service is the biggest rival to Microsoft Azure and has a reputation for cutting prices aggressively. Now Microsoft has said it will do the same in a bid “to take the price discussion off the table”.
Michael Newberry, Windows Azure lead at Microsoft UK said that companies are in a process of moving applications that presently reside on servers located in the office onto the cloud. He said, “It is important that we get them through the process, price shouldn’t be a barrier for the customer to choose the best cloud provider.
“At the end of the day it should be about different technical facilities, what is the right environment for a particular workload, a particular application scenario. And that’s why we wanted to take the price discussion off the table and say ‘look, we know prices are changing and this is a market that is developing, but lets make this about the best environment, the best architecture, the best cloud environment for your particular customer.”
Newberry said that Microsoft’s Windows Azure service will appeal to those customers who want to make use of existing applications rather than develop ones specifically for cloud deployment. He said, “With customers who have existing infrastructure, existing applications, existing datacenters, that’s not something they want to throwaway. They still want to take advantage of cloud technologies, either in terms of private cloud, or using the public cloud as a spiking mechanism – an overflow if you will – for their existing on premise environment.”
Microsoft has also started to offer support for Linux on its Azure cloud service. Newberry said customers should have no problem running open source software or Linux on its services. However the firm does see its Windows Azure cloud service being particularly enticing for those firms that already run their network infrastructure services using Microsoft’s software, such as Active Directory, SQL Server and Sharepoint.
With Microsoft saying it will match Amazon’s pricing, the cloud provider industry might start to see a focus on performance rather than simply competing on low prices to attract customers.
Cisco Offers Free iPad/iPhone Video App
October 6, 2011 by admin
Filed under Consumer Electronics
Comments Off on Cisco Offers Free iPad/iPhone Video App
Cisco announced improvements to its video product line Thursday to make it easier for businesses to create and share video, including a free app coming soon for iPhone and iPad devices.
The free app will make Cisco’s existing Show and Share software available for iPad and iPhone in late October through the Apple App Store, Cisco officials stated via a Webcast earlier this week.
Show and Share is Cisco’s video-sharing software, which allows users to search and watch videos as well as record and upload their own videos. That software has been available on other hardware, but until now not for the iPhone and iPad.
Also, Cisco said it is integrating its existing Show and Share with its Media Experience Engines 3500 and itsTelePresence Content Server, although it didn’t yet name the products that will provide the integration. Also, a new software release of the 3500 allows it to support Flash, H.264 and Windows Media formats.
An existing software tool called Pulse Video Analytics will soon allow searches of video content by keyword or speaker in the Cisco Show and Share product.
Google Buys Patents From IBM
September 22, 2011 by admin
Filed under Around The Net
Comments Off on Google Buys Patents From IBM
Google has purchased more than 1,000 patents from IBM, as part of its strategy to strengthen its patent portfolio to counter litigation, according to records of the United States Patent and Trademark Office.
Jim Prosser, a Google spokesman, confirmed the transfer, reported by a blog SEO by the Sea, but did not provide details such as the the purchase price Google paid for the patents.
Google also acquired another over 1,000 patents from IBM in July. It transferred recently some patents to smartphone maker HTC to help it pursue patent litigation against Apple.
Google has been interested in buying patents for some time now, which led to its failed bid in June for the patents of Nortel Networks, and its proposed acquisition of Motorola Mobility for about US$12.5 billion.
The tech world has recently seen an explosion in patent litigation, often involving low-quality software patents, which threatens to stifle innovation, Kent Walker, Google’s senior vice president and general counsel, said in a blog post in April.
“But as things stand today, one of a company’s best defenses against this kind of litigation is (ironically) to have a formidable patent portfolio, as this helps maintain your freedom to develop new products and services,” he added.
The acquisition of Motorola Mobility’s patents was a key consideration for Google to start talking to the company in early July. But Motorola told Google that it could be a problem for Motorola Mobility to continue as a stand-alone entity if it sold a large portion of its patent portfolio, according to a filing by Motorola to the U.S. Securities and Exchange Commission on Tuesday.
Microsoft Offers Windows Azure Trial
Comments Off on Microsoft Offers Windows Azure Trial
Microsoft is offering up to 750 free hours of use on its Azure service to lure developers into trying cloud computing, the company announced Tuesday.
“This extended free trial will allow developers to try out the Windows Azure platform without the need for up-front investment costs,” a Microsoft blog entry explained.
The offer arrives but a few weeks after Microsoft promoted Satya Nadella to head its $15 billion server and tools business, which includes the Azure offering. The company raved about Nadella’s experience in ramping up large-scale consumer-focused cloud services like Bing and hoped he could bring the same magic to getting Microsoft cloud services into the enterprise as well.
Participants of the free trial can choose one of two options: 750 hours of use on an Extra Small Compute Instance, or 25 hours on a Small Compute Instance. An Extra Small Compute Instance offers the equivalent of a 1GHz processor with 768MB of working memory, which normally costs $.05 an hour. The Small Compute Instance has a 1.6GHz processor, 1.75GB of working memory, and typically costs $0.12 an hour. Read More…..
Conflicker Worm Still Wreaking Havoc
Comments Off on Conflicker Worm Still Wreaking Havoc
Security firm fighting the dreadful Conflicker worm claim that they have it on the ropes. The team of computer-security researchers said they managed to neutralize the worm’s impact by blocking its ability to communicate with its developer, who is still anonymous.
Unfortunately after years of trying fighting the Conflicker, security experts estimate the worm infects between five million to fifteen million computers. The Conficker worm, showed up in 2008. The worms intent is to disable a computer’s security measures, including Windows software updates and antivirus protection, leaving machines vulnerable to more malicious software. Read more….