Cisco To Launch Smart City

Officials from networking giant Cisco Systems and Kansas City, Mo., have signed a letter of intent to build out a new network for smart city services.

Elements of the project call for designing mobile apps for citizen access, digital interactive kiosks, smart street lights and video surveillance in an area called the city’s innovation district.

The project is designed to complement the city’s build out of a two-mile downtown streetcar path, Cisco said in a statement.

Kansas City, Mo. and its neighbor, Kansas City, Kans., are already getting plenty of outside attention from tech giant Google, which picked the area for its first deployment of Google Fiber, an initiative to install fiber optic cable there and in other cities.

Google won’t say how many households are connected to Google Fiber in the area, but it has already installed 6,000 miles of fiber optic cable. Meanwhile, cable provider Time Warner has provisioned 11,000 Wi-Fi hotspots for its Internet customers to use from mobile devices in various Kansas City area locales, including the popular eight-block restaurant and bar district on the edge of downtown called the Power & Light District.

While some citizen groups have been concerned that Google Fiber isn’t reaching enough low-income families in the area with gigabit fiber, there’s a general recognition by city officials that people of all income levels use smartphones and other wireless devices fairly widely. That can only help the Cisco initiative with Kansas City for wireless services.

Kansas City, Mo. Mayor Sly James said the initiative with Cisco promises to connect city services and information with visitors and residents “like never before.”

Third-party app developers will also have an opportunity to build unique and innovative apps for public use.

Cisco will use its Smart+Connected Communities reference architectures to evaluate the initiative and will work with the city and a business consultancy called Think Big Partners to manage a “living lab” incubator for the tech startup community.

Wim Elfrink, Cisco’s executive vice president of industry solutions, credited city leaders with leading the “charge on innovation in the Midwest.”

Source

PoS Cyber Attacks Up In 2013

A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.

Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.

E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.

According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.

In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”

However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.

Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.

Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.

Source

Is IBM Going After HP?

IBM has announced a unified branding for its commerce cloud based enterprise products and services with a presentation at the Smarter Commerce Global Summit in Tampa, Florida.

Hot on the heels of HP, which unified its cloud offerings under the Helion brand last week, IBM Experienceone is designed to allow companies to improve engagement with their customers by leveraging big data through the cloud.

Deployment comes from a unified offer of consulting services, software and infrastructure from IBM subsidary Softlayer, which can be used to gather data, mine analytics and improve customer commerce via a mixture of traditional and cloud services.

IBM has already committed 1,000 new employees for its IBM Interactive Experience who will staff 10 “IBM Interactive Experience Labs” that are being set up to help customers understand the rules of engagement and hopefully increase their level of customer engagement.

IBM GM of Industry Cloud Solution Craig Hayman said, “IBM Experienceone provides a secure and simplified portfolio – including innovation from more than 1,200 partners – to help clients design and deliver more valuable customer engagements. With cloud, on premise and hybrid options, IBM Experienceone quickly scales to engage every customer in the moment while protecting their privacy.”

The IBM Experienceone brand is a coming together of many acquisitions that IBM has made in the field over recent years, including Sterling Commerce, Tealeaf, Coremetrics, Unica, Demandtec, Xtify and Silverpop. The only obvious omission from the top to tail offer is a specific CRM database, however IBM Experienceone is compatible with most of the leading solutions, including those of its arch rivals. This leads to the question, could a CRM be next on the company’s shopping list?

As well as on desktop and server equipment, Experienceone analytics will also be available through apps for iOS and Android.

Source

Will IBM Realize Growth In 2015?

International Business Machines Corp said it is projecting growth in its hardware sector next year as the company invests in research and development and abandons low-performing ventures.

The comments come less than one month after the world’s largest technology service company reported its lowest quarterly revenue in five years, weighed by sluggish global demand for its hardware, which plunged 23 percent in the first quarter of 2014.

The company added that growth in Latin America, the Middle East and Africa remain strong, and blamed falling revenue in China on government reforms affecting state-owned clients, and on the country’s hardware-heavy portfolio.

“We move on and we spread ourselves out, more industries, more clients, cloud, data, et cetera, around there,” said IBM Chief Executive Ginni Rometty at an investor briefing on Wednesday.

Chief Financial Officer Martin Schroeter said to stabilize the hardware sector IBM would continue to “refresh” hardware and further invest in research and development.

“Quite frankly, we are seeing very good growth out of software, good growth out of services, but challenges in hardware,” said Schroeter. “We will stabilize that hardware base and I am comfortable we will make that happen in 2014,” he said.

He reiterated the company’s EPS target for 2015 of at least $20. He expects a shift to higher-value business to bring in $3.25 and share repurchases to add $2 in earnings per share by 2015.

Source

HP’s Z-station Goes Nvidia

HP has added its Z Workstation family with a solution that delivers access via a virtual desktop route to workstation applications hosted in the data center.

Set to be available from next month, the HP DL380z Virtual Workstation enables organisations to provide remote access to workstation-class applications, even those calling for heavy-duty graphics, which allows them to keep data stored securely in the data centre wherever employees might be based.

As its name suggests, the HP DL380z is based on the same hardware as HP’s ProLiant DL380p server, a 2U rack-mount two-socket system based on Intel’s Xeon E5-2600 processors, which allows it to slot right into existing data centre infrastructure.

Where the HP DL380z differs is that it can be configured with up to two Nvidia Grid K2 graphics cards supporting the graphics firm’s Grid GPU virtualisation technology. This enables up to eight users to be hosted on each system, each with access to a virtual machine with GPU acceleration capabilities.

Jeff Groudan, worldwide director for HP Thin Client and Virtual Workstations, said, “For employees who work from A to B and everywhere in between, the HP DL380z allows them to access data that is securely stored in the data centre. Furthermore, the powerful HP DL380z is an always-on workhorse that can be used by businesses when not in use for virtual workstation sessions.

Remote access is delivered either by operating Citrix’s XenServer with its HDX 3D Pro technology, which the HP DL380z is certified for, or by utilising HP’s own Remote Graphics Software (RGS). The latest HP RGS release 7 adds the ability to have true workstation productivity from a tablet while bringing intuitive touch controls to non-touch applications, according to HP.

Either way, customers can provide engineers or other professional users with access to workstation-class applications from a variety of devices, including thin clients, laptops or tablets.

Pricing for the HP DL380z has yet to be confirmed.

Source

HP & Foxcomm Head To The Cloud

HP and Foxcomm have announced a joint venture to create a line of cloud optimized servers for service providers.

The venture involving a non-equity, strategic commercial alliance will see the pair offering a range of products. Particulars and specifications are yet to be announced but the companies are aiming to target low total cost of ownership (TCO), scale and service.

This announcement is separate to the existing HP Proliant server portfolio, which includes the software defined server codenamed Moonshot.

HP CEO Meg Whitman said, “With the relentless demands for compute capabilities, customers and partners are rapidly moving to a New Style of IT that requires focused, scalable and high-volume system designs. [The partnership] will enable us to deliver a game-changing offering in infrastructure economics.”

News of the alliance will raise eyebrows at Apple, which reportedly returned an eight million unit shipment of iPhones to Foxconn last year, describing them as “dysfunctional” and “non-compliant”.

HP has had its own troubles recently, after settling two lawsuits this month, one to the former shareholders of Palm over its handling of WebOS, and another that revealed that HP executives were guilty of corruption in negotiations for lucrative contracts. Total payouts across the two settlements totaled $165m.

The HP joint venture with Foxconn will take effect from 1 May, when we hope to find out more details about what it will entail.

Source

IBM Goes BlueMix

IBM has put together a vast array of hosted cloud services, and now it has a single location to offer them for sale.

At IBM Cloud online marketplace, that went live on Monday, enterprises can find the full range of IBM’s offerings behind a single gateway.

“So many of our customers want to build new cloud-based, front-end systems, but they want to tie them into their back-end infrastructure. We’re delivering a whole set of integration components and control services to do the connection, and monitor and control what is taking place,” said Steve Mills, IBM senior vice president and group executive for software and systems.

The marketplace has more than 100 hosted IBM applications, as well as middleware components from IBM’s Bluemix platform as a service (PaaS). It also serves as a portal to IBM’s SoftLayer infrastructure as a service (IaaS) and houses a collection of services from IBM partners.

“It’s an open platform. It supports all the popular application development tools and structures. So it’s not uniquely IBM. There’s a lot of open source and partners,” Mills said. In addition to IBM’s own offerings, other services will be offered on the site by SendGrid, Zend, Redis Labs and other IBM partners.

IBM is banking heavily on the cloud. The company’s revenue has been declining lately, due in part to sagging hardware sales. The cloud is likely to be a good place to look for more money: Gartner expects 80 percent of organizations to use cloud services in some form by the end of 2014.

Although IBM got a late start in the cloud, at least compared with rivals Amazon and Microsoft, it’s aggressively repositioning itself as a one-stop cloud services company. It generated $4.4 billion in cloud-related revenue in 2013 and has made a number of additional investments in the area as well.

In January, the company announced it would invest $1.2 billion into expanding its SoftLayer cloud service, which it acquired last year for $2 billion.

It is also investing $1 billion in the effort to adapt its middleware software as cloud services, part of the Bluemix offering.

The new online marketplace ties together a number of these initiatives from IBM within a single portal. It can be accessed from desktops, laptops, tablets and smartphones, and it can customize the service offerings based on the user’s needs.

Source

Many Websites Still Exposed

The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.

On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.

Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.

Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.

The bug had been introduced in OpenSSL in late 2011.

Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.

The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.

The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.

While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.

Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.

Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.

Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.

Source

Heartbleed Hits Oracle

Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.

However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.

Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.

Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.

Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.

Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.

Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.

Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.

The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.

A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.

Source

Lavaboom Offers To Encrypt

A new webmail service named Lavaboom promises to provide easy-to-use email encryption without ever learning its users’ private encryption keys or message contents.

Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.

Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.

Lavaboom calls this feature “zero-knowledge privacy” and implemented it in a way that allows emails to be encrypted and decrypted locally using JavaScript code inside users’ browsers instead of its own servers.

The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.

Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.

Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.

Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.

Source

« Previous Page — Next Page »