Sign up for our Technology Newsletter 
Oracle Issues Massive Security Update
Oracle has issued its critical patch update advisory for July, plugging a total of 89 security holes across its product portfolio.
The fixes focus mainly on remotely exploitable vulnerabilities in four widely used products, with 27 fixes issued for the Oracle Database, Fusion Middleware, the Oracle and Sun Systems Product Suite and the MySQL database.
Out of the 89 security fixes included with this update, the firm said six are for Oracle Database, with one of the vulnerabilities being remotely exploitable without authentication.
Oracle revealed that the highest CVSS Base Score for these database vulnerabilities is 9.0, a score related to vulnerability CVE-2013-3751, which affects the XML Parser on Oracle Database 11.2.0.2 and 11.2.0.3.
A further 21 patched vulnerabilities listed in Oracle’s Critical Patch Update are for Oracle Fusion Middleware; 16 of these vulnerabilities are remotely exploitable without authentication, with the highest CVSS Base Score being 7.5.
As for the Oracle and Sun Systems Products Suite, these products received a total of 16 security fixes, eight of which were also remotely exploitable without authentication, with a maximum CVSS Base Score of 7.8.
“As usual, Oracle recommends that customers apply this Critical Patch Update as soon as possible,” Oracle’s director of Oracle Software Security Assurance Eric Maurice wrote in a blog post.
Craig Young, a security researcher at Tripwire commented on the Oracle patch, saying the “drumbeat of critical patches” is more than alarming because the vulnerabilities are frequently reported by third parties who presumably do not have access to full source code.
“It’s also noteworthy that […] every Oracle CPU release this year has plugged dozens of vulnerabilities,” he added. “By my count, Oracle has already acknowledged and fixed 343 security issues in 2013. In case there was any doubt, this should be a big red flag to end users that Oracle’s security practices are simply not working.”
WiLan Loses In Court
July 25, 2013 by admin
Filed under Around The Net
Comments Off on WiLan Loses In Court
Wi-Lan has suffered defeat in its patents trial against Alcatel Lucent, Ericsson, HTC and Sony, as a Texas court decided that the firms did not infringe its patents.
Wi-Lan filed a lawsuit against Alcatel Lucent, Ericsson, HTC and Sony in 2010 claiming the firms infringed patents that relate to data transmission over wireless networks. However a Texas court ruled that the four firms did not infringe Wi-Lan’s patents and found one patent Wi-Lan asserted against HTC and two it asserted against Alcatel Lucent invalid.
Wi-Lan had asserted that Alcatel Lucent and Ericsson infringed three patents, none of which claims were upheld by the court. The firm also asserted that HTC and Sony infringed another patent, and there the court not only judged against infringement but invalidated the patent.
Alcatel Lucent and HTC both said that Wi-Lan was trying to stretch its patents to cover technology in their devices.
Sally Julien, a spokeswoman for HTC said, “HTC believes that Wi-Lan has exaggerated the scope of its patent in order to extract unwarranted licensing royalties from entities who have been focused on bringing innovation forward in their own products.”
Kurt Steinert, an Alcatel Lucent spokesman said, “We think this validates our belief that Wi-Lan was stretching the boundaries of its patents, and the jury confirmed that belief.”
Wi-Lan has managed to get several companies to license its technology including Dell and Panasonic, and in May it initiated legal proceedings against Blackberry over a patent relating to Long Term Evolution network technology. However in this case the firm did not prevail against two large telecom equipment companies and two big smartphone makers.
Microsoft Drops The Surface
Microsoft has dropped the prices on its Surface RT tablets by as much as 30%, with the entry-level 32GB model selling for $349.
The 64GB Surface RT was also discounted by $150, and now sells for $449, or 25% off its former price.
When Microsoft launched the tablet, it sold the 32GB device for $499 and the 64GB configuration for $599.
Microsoft started selling the Surface RT at the lower prices Sunday, as did some of its U.S. retail partners, including Best Buy and Staples. On its website, Staples noted that the discounted prices are valid until July 20, and only while supplies last.
Microsoft’s website, however, listed no caveats, hinting that the lower prices might be permanent or at least will be honored for longer than one week.
The prices are another attempt by Microsoft to clear its existing inventory in preparation for a second-generation line of Windows RT devices. Previously, Microsoft had launched multiple deals to rid itself of the poor-selling tablet, most recently in June when it slashed prices by 60% in a bid to get universities and K-12 schools to buy the device.
Earlier, it kicked off a buy-a-Surface-RT-get-a-free-cover deal that ran until June 30. And at several conferences, including June’s TechEd North America and this month’s Microsoft Partner Conference, the company sold attendees a 64GB Surface RT for $100, 83% off list price.
Today’s sale prices were nearly Microsoft’s cost, which according to estimates of the tablet’s component prices, runs the company at least $284 for the 32GB Surface RT.
Microsoft has not abandoned Windows RT, the pared-down operating system that powers the Surface RT, but virtually every third-party OEM has either pointedly ignored the OS or publicly announced that they would not support it with devices of their own. Instead, the OEMs have flocked to Windows 8 Pro, even though some analysts question the value of touch devices on a platform whose biggest selling point is legacy software that doesn’t support touch.
Microsoft has not revealed sales figures for the Surface line — which also includes the Surface Pro, powered by Windows 8 Pro — but estimates by research firms like IDC have been lackluster.
Oracle Changing Berkeley
Oracle has changed the license of its embedded database library, Berkeley DB. The software is widely used as a key-value store within other applications and historically used an OSI-approved strong copyleft license which was similar to the GPL.
Under that license, distributing software that embedded Berkeley DB involved also providing “information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software.”
Now future versions of Berkeley DB use the GNU Affero General Public License (AGPL). This says “your modified version must prominently offer all users interacting with it remotely through a computer network … an opportunity to receive the Corresponding Source of your version.”
This will cause some problems for Web developers using Berkeley DB for local storage. Compliance has not really been an issue because they never “redistributed” the source of their Web apps.Now they will have to make sure their whole Web app is compliant with the AGPL and make full corresponding source to their Web application available.
They also need to ensure the full app has compatible licensing. Practically that means that the whole source code has to be licensed under the GPLv3 or the AGPL.
HP Aims To Boot ‘Useless’ Data
Hewlett-Packard wants to help organizations rid themselves of useless data, all the information that is no longer necessary, yet still occupies expensive space on storage servers.
The company’s Autonomy unit has released a new module, called Autonomy Legacy Data Cleanup, that can delete data automatically based on the material’s age and other factors, according to Joe Garber, who is the Autonomy vice president of information governance.
Hewlett-Packard announced the new software, along with a number of other updates and new services, at its HP Discover conference, being held this week in Las Vegas.
For this year’s conference, HP will focus on “products, strategies and solutions that allow our customers to take command of their data that has value, and monetize that information,” said Saar Gillai, HP’s senior vice president and general manager for the converged cloud.
The company is pitching Autonomy Legacy Data Cleanup for eliminating no-longer-relevant data in old SharePoint sites and in e-mail repositories. The software requires the new version of Autonomy’s policy engine, ControlPoint 4.0.
HP Autonomy Legacy Data Cleanup evaluates whether to delete a file based on several factors, Garber said. One factor is the age of the material. If an organization has an information governance policy of only keeping data for seven years, for example, the software will delete any data older than seven years. It will root out and delete duplicate data. Some data is not worth saving, such as system files. Those can be deleted as well. It can also consider how much the data is being accessed by employees: Less consulted data is more suitable for deletion.
Administrators can set other controls as well. If used in conjunction with the indexing and categorization capabilities in Autonomy’s Idol data analysis platform, the new software can eliminate clusters of data on a specific topic. “You apply policies to broad swaths of data based on some conceptual analysis you are able to do on the back end,” Garber said.
IBM Buys SoftLayer
IBM has signed an agreement to purchase SoftLayer Technologies, as it looks to accelerate the build-out of its public cloud infrastructure. The company is also forming a services division to back up the push.
The financial details of the deal were not announced, but SoftLayer is the world’s largest privately held cloud computing infrastructure provider, according to IBM.
IBM already has an offering that includes private, public and hybrid cloud platforms. The acquisition of SoftLayer will give it a more complete in-house offering, as enterprises look to keep some applications in the data center, while others are moved to public clouds.
SoftLayer has about 21,000 customers and an infrastructure that includes 13 data centers in the U.S., Asia and Europe, according to IBM. SoftLayer allows enterprises to buy compute power on either dedicated or shared servers.
Following the close of the acquisition of SoftLayer, which is expected in the third quarter, a new division will combine its services with IBM’s SmartCloud. IBM expects to reach $7 billion annually in cloud revenue by the end of 2015, it said.
Success is far from certain: The public cloud market is becoming increasingly competitive as dedicated cloud providers, telecom operators and IT vendors such as Microsoft and Hewlett-Packard all want a piece. The growing competition should be a good thing for customers if it drives down prices. For example, Microsoft has already committed to matching Amazon Web Services prices for commodity services such as computing, storage and bandwidth.
Not all hardware vendors feel it’s necessary to have their own public cloud. Last month, Dell changed strategy and said it would work with partners including Joyent, instead of having its own cloud.
McAffee See Sure In Spam
The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.
The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.
Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.
The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.
On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.
The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.
The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.
The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.
WD And Sandisk Join Forces
Western Digital and Sandisk have teamed up to create Western Digital’s first hybrid storage device that uses Sandisk’s iSSD and Western Digital’s Caviar Black hard drive.
Western Digital, which has dabbled in solid state disks (SSDs) for the enterprise market, has stayed away from hybrid drives that use relatively small SSDs to act as cache for hard drives. Now the firm has teamed with Sandisk to create its WD Black Solid State Hybrid drives with 500GB capacity.
Western Digital is pitching its hybrid drives at laptop makers, offering units with 5mm, 7mm and 9.5mm heights. The firm said Sandisk’s iSSD uses 19nm NAND flash and claimed it is the world’s “smallest and most advanced semiconductor manufacturing process”, a claim that Intel might question.
Kevin Conley, SVP and GM of client storage solutions at Sandisk said, “By combining SanDisk’s unparalleled flash memory expertise and technology with the hard drive know-how of Western Digital, WD Black SSHDs [solid state hard drives] offer outstanding hard drive-like capacity, and the slim form factor and the level of performance that you will only get with flash memory solutions.”
Seagate was first to introduce hybrid drives with its Momentus XT range, which offers an impressive performance boost over mechanical hard drives for certain workloads. The problem for Western Digital and Seagate is that hybrid drives are merely a stop-gap rather than a long term strategy, with SSD prices falling rapidly due to competition in the SSD industry as opposed to the hard drive industry, where Seagate, Western Digital and Toshiba have a comfortable ride.
Will Oracle Retire MySQL?
The founder of MySQL Michael Widenius “Monty” claims that Oracle is killing off his MySQL database and he is recommending that people move to his new project MariaDB. In an interview with Muktware Widenius said his MariaDB, which is also open source, its on track to replacing MySQL at WikiMedia and other major organizations and companies.
He said MySQL was widely popular long before MySQL was bought by Sun because it was free and had good support. There was a rule that anyone should get MySQL up and running in 15 minutes. Widenius was concerned about MySQL’s sale to Oracle and has been watching as the popularity of MySQL has been declining. He said that Oracle was making a number of mistakes. Firstly new ‘enterprise’ extensions in MySQL were closed source, the bugs database is not public, and the MySQL public repositories are not anymore actively updated.
Widenius said that security problems were not communicated nor addressed quickly and instead of fixing bugs, Oracle is removing features. It is not all bad. Some of the new code is surprisingly good by Oracle, but unfortunately the quality varies and a notable part needs to be rewritten before we can include it in things like MariaDB. Widenius said that it’s impossible for the community to work with the MySQL developers at Oracle as it doesn’t accept patches, does not have a public roadmap and there was no way to discuss with MySQL developers how to implement things or how the current code works.
Basically Oracle has made the project less open and the beast has tanked, while at the same time more open versions of the code, such as MariaDB are rising in popularity.
Qualcomm Sticks With Windows RT
Tim McDonough, Vice President, Marketing at Qualcomm, was Qualcomm´s commitment to Windows RT. Ever since Microsoft announced Windows RT, ARM supporters had high hopes and Windows RT has yet to live up to some.
Tim confirmed Qualcomm´s commitment to Windows RT and future releases, saying “we are here for the long run”. He describes the partnership as the beginning of a long journey and of course Qualcomm is going to continue rolling out chips that will run great with Windows RT.
Qualcomm mentioned that Samsung ATIV and Dell XPS 10, both of which use Qualcomm’s S4 dual-core APQ8060A chips, run really nice. Tim told us that he is a real fan of both devices and that he is currently using one of them.
We also learned that Snapdragon 600, the one used in the HTC One and some versions of Samsung’s Galaxy S4, is 40 per cent faster than the S4 Pro, adding that Adreno 320 graphics core is significantly faster than the Adreno 225 used in the S4 APQ8060A chip. Another number we got is that the Adreno 330 is up to four times faster than the 225, which is a huge leap forward. Let’s not forget that Snapdragon 800, which is up to 75 per cent faster than Snapdragon S4 Pro, is also coming in mid-year, second half of 2013. The 800 will be Qualcomm’s first chip with Adreno 330 graphics.
One can easily conclude that there should be some Snapdragon 600 and 800 Windows RT convertible tablets at some point in the future. To stay on the safe side, Qualcomm just confirmed that new and exciting things are coming in the next months and quarter and they are Windows based.
We have to notice that most people in the tablet world get really excited talking about convertible tablets in all shapes and sizes, as the physical keyboard is definitely an accessory you want to have.