HP’s Helion Goes Commercial

HP has announced general availability of its Helion OpenStack cloud platform and Helion Development Platform based on Cloud Foundry.

The Helion portfolio was announced by HP earlier this year, when the firm disclosed that it was backing the OpenStack project as the foundation piece for its cloud strategy.

At the time, HP issued the HP Helion OpenStack Community edition for pilot deployments, and promised a full commercial release to follow, along with a developer platform based on the Cloud Foundry code.

HP revealed today that the commercial release of HP Helion OpenStack is now available as a fully supported product for customers looking to build their own on-premise infrastructure-as-a-service cloud, along with the HP Helion Development platform-as-a-service designed to run on top of it.

“We’ve now gone GA [general availability] on our first full commercial OpenStack product and actually started shipping it a couple of weeks ago, so we’re now open for business and we already have a number of customers that are using it for proof of concept,” HP’s CloudSystem director for EMEA, Paul Morgan said.

Like other OpenStack vendors, HP is offering more than just the bare OpenStack code. Its distribution is underpinned by a hardened version of HP Linux, and is integrated with other HP infrastructure and management tools, Morgan said.

“We’ve put in a ton of HP value add, so there’s a common look and feel across the different management layers, and we are supporting other elements of our cloud infrastructure software today, things like HP OneView, things like our Cloud Service Automation in CloudSystem,” he added.

The commercial Helion build has also been updated to include Juno, the latest version of the OpenStack framework released last week.

Likewise, the HP Helion Development Platform takes the open source Cloud Foundry platform and integrates it with HP’s OpenStack release to provide an environment for developers to build and deploy cloud-based applications and services.

HP also announced an optimised reference model for building a scalable object storage platform based on its OpenStack release.

HP Helion Content Depot is essentially a blueprint to allow organisations or service providers to put together a highly available, secure storage solution using HP ProLiant servers and HP Networking hardware, with access to storage provided via the standard OpenStack Swift application programming interfaces.

Morgan said that the most interest in this solution is likely to come from service providers looking to offer a cloud-based storage service, although enterprise customers may also deploy it internally.

“It’s completely customisable, so you might start off with half a petabyte, with the need to scale to maybe 2PB per year, and it is a certified and fully tested solution that takes all of the guesswork out of setting up this type of service,” he said.

Content Depot joins the recently announced HP Helion Continuity Services as one of the growing number of solutions that the firm aims to offer around its Helion platform, he explained. These will include point solutions aimed at solving specific customer needs.

The firm also last month started up its HP Helion OpenStack Professional Services division to help customers with consulting and deployment services to implement an OpenStack-based private cloud.

Pricing for HP Helion OpenStack comes in at $1,200 per server with 9×5 support for one year. Pricing for 24×7 support will be $2,200 per server per year.

“We see that is very competitively priced compared with what else is already out there,” Morgan said.

Source

China Using Home Servers Admidst Cyber Concerns

A Chinese firm has developed the country’s first homegrown servers, built entirely out of domestic technologies including a processor from local chip maker Loongson Technology.

China’s Dawning Information Industry, also known as Sugon, has developed a series of four servers using the Loongson 3B processor, the country’s state-run Xinhua News Agency reported Thursday.

“Servers are crucial applications in a country’s politics, economy, and information security. We must fully master all these technologies,” Dawning’s vice president Sha Chaoqun was quoted as saying.

The servers, including their operating systems, have all been developed from Chinese technology. The Loongson 3B processor inside them has eight cores made with a total of 1.1 billion transistors built using a 28-nanometer production process.

The Xinhua report quoted Li Guojie, a top computing researcher in the country, as saying the new servers would ensure that the security around China’s military, financial and energy sectors would no longer be in foreign control.

Dawning was contacted on Friday, but an employee declined to offer more specifics about the servers. “We don’t want to promote this product in the U.S. media,” she said. “It involves propriety intellectual property rights, and Chinese government organizations.”

News of the servers has just been among the ongoing developments in China for the country to build up its own homegrown technology. Work is being done on local mobile operating systems, supercomputing, and in chip making, with much of it government-backed. Earlier this year, China outlined a plan to make the country into a major player in the semiconductor space.

But it also comes at a time when cybersecurity has become a major concern for the Chinese government, following revelations about the U.S. government’s own secret surveillance programs. “Without cybersecurity there is no national security,” declared China’s Xi Jinping in March, as he announced plans to turn the country into an “Internet power.”

Two months later, China threatened to block companiesfrom selling IT products to the country if they failed to pass a new vetting system meant to comb out secret spying programs.

Dawning, which was founded using local government-supported research, is perhaps best known for developing some of China’s supercomputers. But it also sells server products built with Intel chips. In this year’s first quarter, it had an 8.7 percent share of China’s server market, putting it in 7th place, according to research firm IDC.

Source

Will Google’s Algorithm Stop Piracy?

Nosey Google has updated its search engine algorithms in an attempt to restrict piracy web sites appearing high in its search rankings.

The update will mean piracy sites are less likely to appear when people search for music, films and other copyrighted content.

The decision to roll out the search changes was announced in a refreshed version of a How Google Fights Piracy report, which was originally published in September 2013.

However, this year’s updated report features a couple of developments, including changes to ad formats and an improved DMCA demotion search signal.

The move is likely to be a result of criticism received from the entertainment industry, which has argued that illegal sites should be “demoted” in search results because they enable people to find sites to download media illegally.

The biggest change in the Google search update will be new ad formats in search results on queries related to music and movies that help people find legitimate sources of media.

For example, for the relatively small number of queries for movies that include terms like ‘download’, ‘free’, or ‘watch’, Google has instead begun listing legal services such as Spotify and Netflix in a box at the top of the search results.

“We’re also testing other ways of pointing people to legitimate sources of music and movies, including in the right-hand panel on the results page,” Google added.

“These results show in the US only, but we plan to continue investing in this area and to expand it internationally.”

An improved DMCA demotion signal in Google search is also being rolled out as part of the refresh, which down-ranks sites for which Google has received a large number of valid DMCA notices.

“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites. This update will roll out globally starting next week,” Google said, adding that it will also be removing more terms from autocomplete, based on DMCA removal notices.

The new measures might be welcomed by the entertainment industry, but are likely to encourage more people to use legal alternatives such as Spotify and Netflix, rather than buying more physical media.

Source

MasterCard Testing New Fingerprint Reader

MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.

The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.

The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.

The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.

The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.

Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.

Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.

MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.

Source

Criminals Remotely Erasing Smartphone Data

Smartphones taken as evidence by police in the UK are being wiped remotely by crooks in order to remove potentially incriminating data, an investigation has uncovered.

Dorset police told the BBC that six devices were wiped within the space of a year while they were being kept in police custody, and Cambridgeshire, Derbyshire, Nottingham and Durham police also confirmed similar incidents.

The technology being used was originally designed to allow device owners to remove sensitive data from phones or tablets if they are lost or stolen.

“We have cases where phones get seized, and they are not necessarily taken from an arrested person, but we don’t know the details of these cases as there is not a reason to keep records of this,” a spokeswoman for Dorset police told the BBC.

A spokeswoman for Derbyshire police also confirmed one incident of a device being remotely wiped while in police custody.

“We can’t share many details about it, but the case concerned romance fraud, and a phone involved with the investigation was remotely wiped,” she said. “It did not impact upon the investigation, and we went on to secure a conviction.”

Software that enables this remote wiping has been available from a variety of security firms for some time now.

For example, BitDefender announced a product a while back intended to track  lost or stolen Android devices. Not only did it allow users to connect remotely and ‘wipe’ data from a web profile via the internet, but to activate commands with text messages.

Pen Test Partners’ digital forensics expert, Ken Munro, said it is common practice to immediately put devices that are seized as evidence into a radio-frequency shielded bag to prevent any signals getting through and stop remote wipes.

“If we can’t get to the scene within an hour, we tell the client to pop it in a microwave oven,” he said. “The microwave is reasonably effective as a shield against mobile or tablet signals – just don’t turn it on.”

Source

Hackers Infiltrate Jimmy Johns

Sandwich restaurant chain Jimmy John’s said there was a potential data breach involving customers’ credit and debit card information at 216 of its stores and franchised locations on July 30.

An intruder stole log-in credentials from the company’s vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.

The chain is the latest victim in a series of security breaches among retailers such as Target Corp, Michaels Stores Inc and Neiman Marcus.

Home Depot Inc  said last week some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than the breach at Target Corp.

More than 12 of the affected Jimmy John’s stores are in Chicago area, according to a list disclosed by the company.

The breach has been contained and customers can use their cards at its stores, the privately held company said.

Jimmy John’s said it has hired forensic experts to assist with its investigation.

“Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online,” Jimmy John’s said.

The Champaign, Illinois-based company said stolen information may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date.

Source

Bitcoin Use Growing

Bitcoin is gaing greater acceptance at U.S. online merchants including Overstock.com and Expedia, as customers use a digital currency that just a few years ago was virtually unknown but is now showing some staying power.

Though sales paid for in bitcoin so far at vendors interviewed for this article have been a fraction of one percent, they expect that as acceptance grows, the online currency will one day be as ubiquitous as the internet.

“Bitcoin isn’t going anywhere; it’s here to stay,” said Michael Gulmann, vice president of global products at Expedia Inc. in Seattle, the largest online travel agent. “We want to be there from the beginning.” Expedia started accepting bitcoin payments for hotel bookings on July 11.

Until recently a niche alternative currency touted by a fervent group of followers, bitcoin has evolved into a software-based payment online system. Bitcoins are stored in a wallet with a unique identification number and companies like Coinbase and Blockchain can hold the currency for the user.

When buying an item from a merchant’s website, a customer simply clicks on the bitcoin option and a pop-in window appears where he can type in his wallet ID number.

Still, broad-based adoption of bitcoin is at least five years away because most consumers still prefer to use credit cards, analysts said.

“Bitcoin is a new way of making payments, but it’s not solving a problem that’s broken,” said George Peabody, payments consultant at Glenbrook Partners in Menlo Park, California. “Retail payments aren’t broken.”

There are also worries about bitcoin’s volatility: its price in U.S. dollars changes every day.

That risk is borne by the consumer and the bitcoin payment processor, such as Coinbase or Bitpay, not the retailer. The vendor doesn’t hold the bitcoin and is paid in U.S. dollars. As soon as a customer pays in bitcoin, the digital currency goes to the payment processor and the processor immediately pays the merchant, for a fee of less than 1 percent.

“We don’t have to deal with the actual holding of the bitcoin: it’s the payment processor that takes the currency risk for us,” said Bernie Han, chief operating officer at Dish Network Corp, in Englewood, Colorado. “That’s what makes it appealing for us and I guess for other merchants as well.”

Source

UPS Breached

Credit and debit card information belonging to customers made purchases at 51 UPS Store Inc. locations in 24 states this year may have been illegally accessed as the result of an intrusion into the company’s networks.

In a statement on Wednesday, UPS said it was recently notified by law enforcement officials about a “broad-based malware intrusion” of its systems.

A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.

The intrusion may have exposed data on transactions conducted at the stores between Jan. 20 and Aug. 11, 2014. “For most locations, the period of exposure to this malware began after March 26, 2014,” UPS said in a statement.

In addition to payment card information, the hackers also appear to have gained access to customer names, as well as postal and email addresses.

Each of the affected locations is individually owned and runs private networks that are not connected to other stores, UPS added. The company provided alist of affected locations.

The breach is the third significant one to be disclosed in the past week. Last Thursday, grocery store chain Supervalu announced it had suffered a malicious intrusion that exposed account data belonging to customers who had shopped at about 180 of the company’s stores in about a dozen states. The breach also affected customers from several other major grocery store chains for which Supervalu provides IT services.

Source

Is Windows ‘Threshold’ Enroute?

Microsoft will unveil a preview of “Threshold,” the current code name for Windows 8′s successor, as soon as next month, according to an online report on Monday.

ZDNet’s Mary Jo Foley, citing unnamed sources, said that Microsoft will deliver a “technical preview” of Threshold late in September or early in October. Previously, Foley had reported that Microsoft would offer a preview of some kind this fall.

Threshold may be officially named “Windows 9″ by Microsoft — the company has said nothing about either the code name or labeled the next iteration of its desktop and tablet OS — although there are arguments for dumping a numerical title because of the possible association with Windows 8, which has widely been pegged as a failure.

“Technical Preview” is a moniker that Microsoft has used in the past for its Office suite. For both Office 2013 and Office 2010, Microsoft used the term to describe an invitation-only sneak peek. Both application suites were later released as public betas prior to their official launch.

Windows, however, has used a different nomenclature. For 2012′s Windows 8, Microsoft called the early looks ”Developer Preview,””Consumer Preview” and “Release Preview,” all open to everyone. The first was analogous to an alpha, the second to a beta, and the third to a done-but-not-approved release candidate.

Windows 7, however, had used the more traditional “Beta” to describe the first public preview in early 2009. The previous fall, when Microsoft unveiled Windows 7, the firm had seeded an invite-only “pre-alpha” version, also dubbed a Developer Preview, of the OS to programmers and some influential bloggers.

Within hours, the Windows 7 Developer Preview leaked to file-sharing websites. Microsoft may have changed its practices for Windows 8, letting anyone download the first preview, because of the inevitably of leaks.

In an update to her blog of earlier today, Foley added that the “Technical Preview” nameplate notwithstanding, Microsoft would allow anyone to download Threshold/Windows 9 when it becomes available in the next few weeks.

If Microsoft does ship a preview soon and sets its sights on a second-quarter 2015 final release, it will have significantly accelerated the tempo from past practice. With Windows 7 and Windows 8, Microsoft offered its first previews 12 and 13 months, respectively, and the public beta 8 or 9 months, before launching the operating system.

Eight or nine months from September would be May or June 2015; that, however, assumes that the Technical Preview is of beta quality. The name itself hints at something less.

Microsoft appears eager to put Windows 8 behind it. It has stopped beating the drum about the OS and recently announced that it would not issue any additional major updates. Instead, the firm said last week, it will include improvements or new features in small packets using the same Windows Update mechanism that regularly serves security patches.

Source

Apple Changes Policy In China

Apple Inc has started the processing of keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.

The storage of user data in China represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centers in China due to censorship and privacy concerns.

Apple said the move was part of an effort to improve the speed and reliability of its iCloud service, which lets users store pictures, e-mail and other data. Positioning data centers as close to customers as possible means faster service.

The data will be kept on servers provided by China Telecom Corp Ltd, the country’s third-largest wireless carrier, Apple said in a statement.

“Apple takes user security and privacy very seriously,” it said. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”

A source with knowledge of the situation said the encryption keys for Apple’s data on China Telecom servers would be stored offshore and not made available to China Telecom.

Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed scepticism that Apple would be able to withhold user data in the event of a government request.

“If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” said Jeremy Goldkorn, director of Danwei.com, a research firm focused on Chinese media, internet and consumers.

“On the other hand if they don’t store Chinese user data on a Chinese server they’re basically risking a crackdown from the authorities.”

Goldkorn added that data stored in the United States is subject to similar U.S. regulations where the government can use court orders to demand private data.

A spokesman for China Telecom declined to comment.

Source

« Previous Page — Next Page »