Net Neutrality Vote Coming Next Month

The U.S. Federal Communications Commission will finally vote on new net neutrality rules in their February meeting.

FCC Chairman Tom Wheeler will bring a proposal to a vote during the commission’s Feb. 26 meeting, FCC spokeswoman Kim Hart said Friday, following a report in the Washington Post.

It’s unclear, however, what form those rules will take. Hart declined to comment further on the net neutrality order Wheeler plans to circulate in February.

Many telecom policy experts had expected the FCC to take action on net neutrality early this year after a year-long fight over the issue.

Nearly a year ago, a U.S. appeals court threw out a large portion of net neutrality rules the FCC approved in late 2010. The court ruled that the FCC’s rules came too close to common carrier regulations when the commission didn’t take the step of reclassifying broadband providers as regulated utilities. The court, however, pointed to a couple if sections of the Telecommunications Act that the FCC could use to pass net neutrality regulations.

After launching a net neutrality proceeding in early 2014, the FCC has received nearly 4 million public comments about proposed regulations. Wheeler originally proposed that the FCC adopt rules that would allow broadband providers to engage in “commercially reasonable” traffic management, and in limited cases, charge Web content providers and services for prioritized traffic.

But many people filing comments, and groups like Free Press and Public Knowledge, called on the FCC to pass stronger rules prohibiting traffic prioritization deals. Many advocates of strong net neutrality rules want the FCC to reclassify broadband as a regulated public utility, while exempting them from some common carrier rules, like price regulation.

Recent news reports have suggested Wheeler is leaning toward so-called hybrid net neutrality rules that would classify a part of broadband service as a regulated public utility.

Source

Are We Moving Too Fast Into Cloud Computing?

Businesses need to take a hybrid approach when it comes to the cloud, Dell has said.

The firm’s cloud strategy leader, Gordon Davey, told V3.co.uk in an interview that cloud computing is “overhyped” and moving an entire IT infrastructure into the cloud would be an unrealistic goal.

Davey also believes that cloud vendors have enticed companies to make major shifts to the cloud without considering a model that works for their business.

“I think it’s definitely a case of cloud as a buzzword is overhyped. The idea of cloud for the sake of cloud doesn’t really stand out,” he said.

“The problem comes from customers that have seen the buzzword and want to get the benefits and are just jumping on the bandwagon because it is an industry hype thing, rather than actually evaluating the benefits that a true cloud can bring, and applying that to their business requirements.”

Davey outlined the need to take a more considered approach, adopting an IT strategy that mixes on-premise infrastructure with cloud components to harness the technology without escalating IT costs and complexity.

“The future is going to be hybrid. It’s horses for courses – putting the right workload on the right platform,” he said.

“It’s that balanced approach that I think we’re going to see much more often, rather than trying to put everything into the cloud and potentially failing.”

Davey’s position is unsurprising given Dell’s approach of acting as a ‘middleman’ between cloud service providers and end users, providing hardware, software, services and consultancy to enable businesses to use cloud computing in a way that works for them.

“We see our role as enabling the cloud industry, being that underlying technology,” he said, going on to detail Dell’s five pillar approach to acting as a cloud middleman rather than developing its own end-to-end cloud offering.

The strategy involves consulting on a customer’s cloud needs, helping provide cloud infrastructure, brokering deals between vendors and users, providing security, and managing how multiple cloud services are deployed in a single business.

Davey claimed that Dell’s strategy will help companies take a more tailored approach to cloud adoption, adding: “A properly deployed cloud for the correct workloads in hugely beneficial.”

Dell is not alone in promoting a hybrid approach to cloud adoption. Microsoft is adding hybrid cloud capability to the next version of Windows Server.

Source

Intel Shows New IoT Platform

Intel showed off a new platform which it claims makes it easier for companies to create Internet-connected smart products using its chips, security and software.

Intel’s platform is like Lego and based on the chipmaker’s components and software for companies to create smart, connected devices. The only difference is that you can’t enact your own Doctor Who scene from it.

Doug Davis, head of Intel’s Internet of Things business, said at a launch event in San Francisco it will make it a doddle to connect to data centres in order analyse data collected from devices’ sensors.

Intel’s chips should compute capability in end-point devices that scale from its highest performance Xeon processor to the Quark family of products.

Intel’s Internet of Things Group had $530 million in revenue in the September quarter. That accounted for just 4 percent of Intel’s total revenue in the quarter, but it grew 14 percent over the previous year, which was faster than the company’s PC business.

Dell, SAP, Tata Consultancy, Accenture and other companies are working with the new reference model, Davis said.

Source

Symantec Uncovers Advanced Spying Malware

An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.

The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.

Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.

The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.

Source

Office 365 Goes Video Streaming

Microsoft unveiled Office 365 Video, a YouTube-like streaming service where enterprises and large organizations can post in-house video content for communication and training.

“Office 365 Video provides organizations with a secure, company-wide destination for posting, sharing and discovering video content,” said Mark Kashman, a senior product manager with the Office 365 team, in a blog posting.

Kashman touted Video as a tool for internal communications, citing the examples of new-employee orientation, management messaging and worker training. Employees will also be able to contribute to a “Community” section, though most companies will probably frown on cat antic clips.

The service rolls out over the next few days to companies that have registered for Office 365′s First Release early distribution program, then through early 2015 to others.

Video will be available only to subscribers of Office 365′s plans for enterprises — E1 through E4 — and universities (A2 through A4). It will not be offered to consumer subscribers or firms with small business-oriented plans like Business Essentials, Business and Business Premium.

Kashman also said Office 365 plans for government agencies will get Video at some point, but he did not proffer a timeline.

The other requirement is SharePoint Online, an off-premises component of the enterprise and academic plans, but missing from the increasingly popular Office 365 ProPlus, the rent-not-buy plan used by organizations that have decided to retain their back-end services, like SharePoint and Exchange, on premises.

Although Office 365 Video has elements of consumer streaming services like Google’s YouTube, it’s strictly an in-house affair: It will be available only to employees, and then only those whom IT administrators have assigned access rights.

Source

Self-Healing Software On The Way

Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.

Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.

It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.

A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.

Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.

Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.

The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.

If malware gets into such systems, A3 software could detect and repair the attack within minutes.

The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.

A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.

Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”

The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.

Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”

Source

Silk Road 2.0 Shutdown

U.S. governmnent authorities said they have shut down the successor website to Silk Road, an underground online drug marketplace, and charged its alleged operator with conspiracy to commit drug trafficking, computer hacking, money laundering and other crimes.

Blake Benthall, 26, was arrested last Wednesday in San Francisco and was expected to make an initial court appearance in federal court there later on Thursday.

The charges against Benthall carry a maximum sentence of life in prison.

A lawyer for Benthall could not immediately be identified.

Silk Road 2.0 was launched late last year, weeks after authorities had shuttered the original Silk Road website in October and arrested its alleged owner, Ross Ulbricht, who went by the online alias, Dread Pirate Roberts.

“Let’s be clear – this Silk Road, in whatever form, is the road to prison,” Manhattan U.S. Attorney Preet Bharara, whose office is prosecuting both cases, said in a statement.

Benthall, known as “Defcon” online, became the operator of Silk Road 2.0 in December, one month after an unnamed co-conspirator launched the site, according to prosecutors.

Silk Road 2.0 provided an online bazaar where users across the world could buy and sell drugs, computer hacking tools and other illicit items, using the digital currency Bitcoin as payment, authorities said.

As of September, the site was generating at least $8 million a month in sales, they said.

The government’s investigation included an undercover agent who was able to infiltrate the administrative staff of the website and interact directly with Benthall, prosecutors said.

Ulbricht, 30, has pleaded not guilty and is scheduled for trial in New York in January.

Source

Adobe Eases Privacy Concerns

Tests on the latest version of Adobe System’s e-reader software reveals the company is now collecting less data following a privacy-related row last month, according to the Electronic Frontier Foundation.

Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), wrote Cooper Quintin, a staff technologist with the EFF. DRM places restrictions on how content can be used with the intent of thwarting piracy.

Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text.

Since that data was not encrypted, critics including the EFF contended it posed major privacy risks for users. For example, plain text content could be intercepted by an interloper from a user who is on the same public Wi-Fi network.

Adobe said on Oct. 23 it fixed the issues in 4.0.1, saying it would not collect data on e-books without DRM and encrypt data that is transmitted back to the company.

Quintin wrote the EFF’s latest test showed the “only time we saw data going back to an Adobe server was when an e-book with DRM was opened for the first time. This data is most likely being sent back for DRM verification purposes, and it is being sent over HTTPS.”

If an e-book has DRM, Adobe may record how long a person reads it or the percentage of the content that is read, which is used for “metered” pricing models.

Other technical metrics are also collected, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device, according to Adobe.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

IBM And Tencent Team Up

Tencent Holdings Ltd announced that it would be teaming up with International Business Machines Corp (IBM) on a new cloud software business for corporate customers, a marked departure for one of the dominant forces in China’s consumer Internet industry.

Best known for its popular WeChat messaging app and its online games rather than business software, Tencent said its cloud unit would now target small and medium enterprises in the healthcare and “smart city” industries.

Many technology firms are jockeying for a slice of China’s enterprise software market, which promises to grow sharply in coming years as businesses modernize their IT operations and move data onto the cloud.

Tencent’s alliance with IBM, which has deep experience providing computing and consulting services to corporate clients, provides the Shenzhen company a competitive answer to its Chinese rival Alibaba Group Holding Ltd’s nascent cloud efforts.

An e-commerce giant, Alibaba has been slowly building its cloud unit, which recorded just $38 million in revenue in the three months ended June 30.

Tencent said it would tap IBM for its “industry expertise and enterprise reach” but did not disclose financial terms of the deal.

For IBM, the Tencent deal is just the latest in a recent spate of new software partnerships in China, where its hardware sales have been sliding.

IBM announced a deal earlier this year to install its cutting-edge DB2 database software on Chinese rival Inspur International Ltd’s machines. Big Blue also agreed to license its database and big data technology to Chinese software vendor Yonyou Software Co Ltd.

Source

« Previous Page — Next Page »