Articles about Endpoints
Don't lose control of those fast-breeding endpoints
Sysadmin blog
So you want to know about security? Well you have come to the right place. I have been here for a while and I can tell you that outside these gates it’s full of cowboys, sharks and pirates, none of whom will hesitate to take what is yours and call it their own.
The above is is a quote from a brochure I wrote in an attempt to …
Microsoft to bake Skype into IE, without plugins
Microsoft is going to try to bake Skype into Internet Explorer.
In a post issued yesterday, Redmond indicates it's going to use the Object Real-Time Communications API for WebRTC (ORTC API for WebRTC) to ensure it becomes possible to “... simply open IE and make a Skype call”.
The ORTC API is a W3C effort, as is WebRTC, so …
Forget passwords, let's use SELFIES, says Obama's cyber tsar
US cyber security tsar Michael Daniel wants passwords to die in a fire and be replaced by other mechanisms, including selfies.
In an interview with the Christian Science Monitor Daniel said the death of passwords could signal a useful purpose for the much-beleaguered selfie.
"Frankly I would really love to kill the password …
Kill queues for fast data centres: MIT boffins
MIT researchers hope to speed up networking inside the data centre with concepts that will look familiar to old networking hacks: they propose a central arbiter for network traffic that picks out a predetermined path before a packet is transmitted.
The boffins call the scheme Fastpass, and its other characteristic is that the …
Adults-only Chrome add-on grabs you by the Googlies
Google's Chrome Remote Desktop app does what it says on the can: install it in Google's browser and it becomes possible to drive the host Mac, PC or Chromebook from another similarly-equipped machine.
As of today it's also possible to drive a machine from iOS, as Google has been kind enough to release an app for the iPhone or …
Thwarted dev sets Instasheep to graze on Facebook accounts
London developer Stevie Graham has built an Instagram stealer dubbed Instasheep that can hijack accounts over public networks.
Graham (@stevegraham) published Instasheep - a play on the 2010 Facebook stealer Firesheep - after claiming Facebook refused to pay a bug bounty for his reported flaws affecting the Instagram iOS app. …
THREE MILLION Moonpig accounts exposed by flaw
Custom mugs and tat outfit Moonpig has a signficant flaw that exposes personal records and partial credit card details for some three million customers, almost 18 months after it was reported.
The failure, discovered and privately reported by developer Paul Price, meant every account and the names, birth dates, and email and …
Google brazenly strokes its mobile cloud tools just before Amazon shindig
Google has released two mobile development tools to coax app writers into storing data in the ad giant's cloud services.
The unveiling comes a day before the kickoff of cloud-rival Amazon's AWS:Reinvent, a love-in held in Las Vegas. Google's utilities give developers two ways to tie applications into cloud storage and compute …
Flaws found in Bitdefender enterprise endpoint manager
Holes have been reported in Bitdefender's Gravity end-point protection platform that allow hackers to target corporate infrastructure.
Researcher Stefan Viehbock of SEC Consult Vulnerability Lab said the flaw affecting the latest version provided an entry point for attackers to move laterally through the network.
"Attackers are …
XenServer takes half a step forward, none towards hybrid cloud
Citrix has released XenServer 6.5 and, as foreshadowed with the July 2014 preview named “Creedence”, has focussed on its own application delivery strengths and the needs of cloud operators rather than the wider enterprise computing market.
Citrix isn't spinning it that way: it reckons the new 64-bit kernel, addition of Intel's …
Got to get something started with Azure VMs? Microsoft's Planky shows you the way
Promo
Steve Plank, or "Planky" as even his mother allegedly calls him, is the Windows Azure evangelist for Microsoft UK and on 23 April he is taking to the interwebs to conduct his evangelizing online.
Join Planky in a one-hour webcast starting at 9:30 BST and let him guide you through the step-by-step process for spinning up Windows …
Cisco slurps security scanner
Cisco has continued the expansion of its security portfolio with the acquisition of malware analysis outfit ThreatGRID.
The acquisition target was founded in 2012, one of the then-burgeoning number of companies that pushed malware analysis, threat intelligence, and security analytics into the cloud (supplemented by an on-premise …
Big Switch pitches third fabric iteration in six months
Big Switch Networks is sticking to its start-up sprint, announcing the third iteration of its virtual networking environment since it initial release in July 2014.
The challenge for the company will one day be the same as it is for every once-was-a-startup company: it's far easier to build the momentum that grabs the market …
Microsoft promises open plan mobile Office. Who sits by the Windows?
Microsoft has revealed more information on its plans for Office on mobile devices: iOS, Android and Windows phones and tablets.
Microsoft Office is going cross-platform “rather aggressively”, says Technical Product Manager Kaberi Chowdhury.
Office for Android tablets is currently in preview and set to be released in early 2015 …
SPLITTERS! Symantec cleft in twain
The reports have been confirmed: Symantec CEO Michael Brown will split the unwieldy business into separate security and information management concerns, thus undoing the 2004 Veritas acquisition.
Brown has moved quickly after his confirmation in the role to lift the cleaver.
The San Andreas-style fault running through the heart …
THE GERMANS ARE CLOUDING: New AWS cloud region spotted
Amazon looks set to open a data center in Germany, allowing European developers to access Bezos & Co's rentable computer tech with lower latencies.
Evidence first gathered by a manager at a Berlin-based startup and subsequently verified by El Reg indicates that Amazon's next cloud computing data center may be in Frankfurt, …
Iranian CLEAVER hacks through airport security, Cisco boxen
An alleged Iranian hacking group whose existence is denied by the state is turning up the heat on its two-year global campaign to pop critical infrastructure systems, Cylance researchers say.
The group was tied to Iran by the local infrastructure it was alleged to use in the attacks and appeared to have formed as a response to …
Why hackers won't be able to hijack your next flight - the facts
Defcon 22
Two seasoned pilots, one of whom is a published hacking expert, have been puncturing some of the myths about aircraft hacking at Defcon 22.
Dr. Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor) and "Captain Polly," professor of aviation at the University …
Google App Engine update eases cloudy mobile app development
Google has updated its platform-as-a-service to ease mobile app development in the cloud.
The "Cloud Endpoints" feature was pushed out in its preview form by Google on Thursday, along with support for the Java 7 runtime on its App Engine platform-as-a-service.
"Cloud Endpoints gets rid of all the plumbing code associated with …
Broadcom looks to 25/50/100 G to drive new chip
Broadcom is lining up its next assault on the cloud-scale Ethernet market, announcing the next iteration of its high-performance switch silicon due to appear in products in 2015.
Now sampling with customers, the StrataXGS Tomahawk has a couple of different aims in mind: delivering very high performance and high density switching …
DEATH TO TCP/IP cry Cisco, Intel, US gov and boffins galore
The US National Science Foundation, Cisco, Verisign, Panasonic and boffins from around the world have thrown their weight behind a new “Named Data Networking Consortium” that aims to develop “a practically deployable set of protocols replacing TCP/IP that increases network trustworthiness and security, addresses the growing …
Weaponised Flash flaw can pinch just about anything from anywhere
Get cracking with the latest Flash upgrade, because the vulnerability it patches is a peach, allowing a cross-site request forgery (CSRF) attack for stealing user credentials.
According to the Switzerland-based Google engineer that turned up the vulnerability, Michele Spagnuolo, sites that are/were vulnerable to the attack …
Aaah-CHOOO! Brit boffins say WiFi can 'sneeze' malware
While the "head cold" metaphor is a bit laboured, the issue is genuine: a group of researchers from the University of Liverpool have found that WiFi access points are highly efficient at passing around virus infections.
Likening the spread of computer viruses over WiFi as akin to the spread of human viruses in the air, the …
Kaspersky's Security for Virtualization pushed to XenServer and HyperV
Kaspersky is extending its Security for Virtualuzation Light Agent security tool to the Citrix XenServer and Microsoft HyperV platforms.
The company said that the Light Agent tool will launch on April 22 with XenServer and HyperV support as well as new options for VMware's vSphere hypervisor.
The company will continue to …
Infosec bods try Big Data in search for better anti-virus mousetrap
Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection.
The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The …
'Software amplifier' boosts quantum signals
Even in quantum communications, adjusting the parameters of Shannon's Theorem can help improve reach and range. A group of Australian National University (ANU) researchers has found a way to extend the reach of quantum communications by improving the signal-to-noise ratio of quantum systems.
Their work, published in Nature …
Bogus Firefox add-on FORCES WITLESS USERS to join vuln-hunting party
Cybercrooks have brewed up a botnet that uses a bogus Firefox add-on to scan the web for hackable websites.
The so-called Advanced Power botnet runs SQL injection attacks on websites visited from infected machines. The malware, disguised as a legitimate add-on for Mozilla Firefox, found its way onto 12,500 systems, reports …
Cisco: Hey, IT depts. You're all malware hosts
Everybody – at least every multinational that Cisco checked out for its 2014 Annual Security Report – is hosting malware of some kind, and there aren't enough security professionals to go around.
Along with its Managed Threat Defense service launched this week, Cisco also launched the latest publication (here with registration) …
Trustwave gobbles up Application Security, gorges itself on tech
Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies.
Financial terms of the deal, announced on Monday, were undisclosed.
Privately-held Application Security develops security software for relational databases …
Rotten hackers feast on mouldy Java flaws
Most enterprise networks are riddled with vulnerable Java installations, according to a new study whose release coincides with the discovery of another 0-day Java flaw.
Less than one per cent of organisations are running the latest version of Java, according to a study by security software firm Bit9. The most frequently …
Tinfoil hats proven useless by eleven-year mobe radiation study
A long-term longitudinal study in the UK has concluded that mobile phones are safe, with the publication of a report finding “no evidence of biological or adverse health effects” from using mobiles.
The second MTHR (Mobile Telecommunications and Health Report) study is a follow-up to a prior report published in 2007. The report …
Ex-Microsoft man takes up arms for Red Hat's open-cloud crusade
“We want to be the undisputed leader in enterprise cloud,” Red Hat’s chief executive Jim Whitehurst said recently.
It’s a big target to set yourself. There’s plenty of competition from incumbents such as Microsoft (now changing its game), and new entrants such as Amazon (breaking down the doors).
One thing both have to help …
As Azzurri closes in on CEO successor, sales director splits
South coast integrator Azzurri Communications is going to be a sales director and board member lighter after Craig Wellman handed in his notice to split by the early summer.
The business, which last month pushed out the first in a series of cloudy services, is still on the hunt for a CEO to replace outgoing chief Vim Vithaldas …
The real reason why Dell wants to go private: To fondle big Boomis
Dell has added an API management tool to its Boomi platform, which connects up clouds and in-house applications.
The new component - which monitors and controls software interfaces used to hook together various services within an enterprise - is included in an upgrade that also adds new integration and process management …
They've taken my storage hostage ... now what?
Sysadmin blog
There's an encrypting ransomware Trojan making the rounds called Cryptolocker.
I will save the details on my battle with this beastie for later*, but suffice it to say that if this encrypts your stuff you are done. There is no getting your data back unless you have backups or pay the ransom.
Let's set aside the ultra-well …
Two years in the making: Sneak peek at VMware's future VVOL tech
VMware says its virtual volume storage technology – which has spent two years in development – is set to erupt onto the storage array landscape next year, causing profound changes for array controllers.
Virtual volumes or VVOLs provide storage for VMware virtual machines (VMs) that currently need LUN (Logical Unit Number) or …
Programming Office 365: Hands On with Microsoft's new APIs
Analysis
Microsoft has announced new APIs and mobile software development kits for Office 365, its cloud platform for email, document storage, and collaboration.
Office 365 uses Azure Active Directory (AD) for authentication, and the company is pushing the idea of using this not only for Office 365, but also as a corporate cloud identity …
IBM opens 'JumpGate' code to help devs navigate among clouds
IBM has developed a tool to tackle fragmentation in the cloud management ecosystem, and hopes its approach will encourage more providers to support OpenStack-based applications without having to run OpenStack.
The "JumpGate" technology was announced by SoftLayer engineer Nathan Beittenmiller in a blog post on Thursday, and sees …
How long is too long to wait for a security fix?
Sysadmin blog
Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system this month. This squashes critical security bugs in version 4.2 of DSM – bugs that were fixed in version 5.0 in June, so consider this a back port.
Version 4.2 is old but still in use in various models, such as the DS109. The update got …
VDI a 'delightful' experience... Really?
GPU Technology Conference
The VDI talk was the kind of GTC session I love. It’s where a real-world expert talks about how a difficult task is actually accomplished. Not the theory, not how it should work on paper, but what it takes to actually move a project from Point “A” to Point “We’re done with this”.
Ken Fingerlos from Lewan Technology delivered in …
Firewall-floggers in FLAMING MESS: Where'd our mystery margin go?
Opinion
If you work in the fields of technology distribution, services and resale, you'll surely hear about cloud, mobile, social and virtual more than anything else. However, it is the changing patterns in security spending that are perhaps most dramatically re-shaping our businesses.
Gone are the good old days of pushing traditional …
Puff on a hybrid – next thing you know, you're hooked on a public cloud
Blocks and Files
I had a flash of inspiration today. Hybrid public-private cloud systems are becoming a gateway drug to pure public clouds. Why is this an arguable view? Let’s look to the ideas discussed within The Big Switch, written by Nicholas Carr.
In his seminal book, Carr argues that a public IT utility provider will provide CPU cycles and …
Are you in charge of a lot of biz computers? Got Java on them?
Java security vulnerabilities - exploited to hack Apple and Facebook this month - are rife across business computers worldwide, according to new research.
The overwhelming majority (94 per cent) of PCs and other endpoints running Java software and surveyed by Websense are vulnerable to at least one Java runtime exploit, …
CloudBees straddles firewall with VPN connection
Cloud startup CloudBees has launched a technology that lets customers of the developer-oriented cloud connect their sensitive on-premises resources to the company's cloud via VPN.
By building hosted OpenVPN into its infrastructure, the Java cloud has been able to launch the service which it says can assuage security concerns and …
Promisec Endpoint Manager: So we gotta cope with BYOD... Help!
Review
The explosion of internet-connected gadgets, sensors and other devices that underpins the "internet of things" concept makes my head hurt.
When combined with the completely new security model presented by IPv6, BYOD and cloud computing, automation of endpoint management is rapidly becoming non-optional.
I've started taking a …
MS brandishes 'Katana' HTTP/2.0 server
Microsoft has gone public with a prototype HTTP/2.0 server.
The server is designed to implement the version 4 HTTP/2.0 implementable draft published by the IETF earlier in July. The idea, according to IETF HTTPBIS chair Mark Nottingham, is that progressive implementations of HTTP/2.0 will feed back into the standard.
“We're …
A Tapestry of network complexity
Forget drawing network maps or sending your network management software on an epic tour of auto-discovery: a group getting ready to launch an open-source “network complexity scoring” tool says it's all about the endpoint.
Infoblox, part of the Flowforwarding.org SDN (software defined networking) community, is prepping the ground …
Reports: NSA has compromised most internet encryption
The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports.
In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their job …
Beached whale Symantec watches revenues recede 7%
Symantec’s latest results show that you can wring more profit out of declining revenues by slashing costs but its not enough to bring you back to growth.
Revenues in its fourth fiscal quarter of 2014 ended 28 March were $1.63bn, seven per cent down year-on-year, but net profit jumped 14 per cent to $217m.
The full year numbers …
How mobile device management is taking on the BYOD challenge
Every IT manager worth his or her salt would really like to get hold of users’ physical devices to lock down security and manage privileges, protocols and permissions in the perpetual quest for control. This is not always possible.
The situation has given rise to industry terminology such as mobile device management (MDM) and …
