Microsoft patches Windows zero-day found in Hacking Team’s leaked docs

Microsoft today issued one of its sporadic emergency, or "out-of-band," security updates to patch a vulnerability in Windows -- including the yet-to-be-released Windows 10 -- that was uncovered by researchers sifting through the massive cache of emails leaked after a breach of Italian surveillance vendor Hacking Team. The Milan-based vendor sells surveillance software to governments and corporations, and markets zero-day vulnerabilities that its clients can use to silently infect targets with the firm's software. Researchers have found several zero-days -- flaws that were not fixed before they went public -- in the gigabytes of pilfered documents and messages, including three in Adobe's Flash Player, since July 5.To read this article in full or to leave a comment, please click here

IBM’s Q2 sales slide 13 percent on sale of low-end server unit

IBM has reported another quarter of declining revenue and profit, though sales of its new mainframe gave it a lift.Revenue for its second quarter was $20.8 billion, down from $24 billion a year earlier, IBM announced Monday.The big drop is partly from IBM selling its x86 server business to Lenovo, as well as the impact of the strong U.S. dollar. Without those factors, revenue would have declined one percent, IBM said.Net income was $3.45 billion, down 16.6 percent.Revenue from IBM’s giant Global Technology Services segment were down 10 percent to $8.1 billion. Factoring out the currency effect and the sale of the x86 server business, revenues were up one percent, IBM said.To read this article in full or to leave a comment, please click here

Google slams proposed export controls on security tools

A proposed set of software export controls, including controls on selling hacking software outside the U.S., are “dangerously broad and vague,” Google said Monday.Google, commenting on rules proposed by the U.S. Department of Commerce (DOC), said the proposed export controls would hurt the security research community.A DOC Bureau of Industry and Security (BIS) proposal, published in May would require companies planning to export intrusion software, Internet surveillance systems and related technologies to obtain a license before doing so. Exports to Canada would be exempt from the licensing requirement.To read this article in full or to leave a comment, please click here

Google slams proposed export controls on security tools

A proposed set of software export controls, including controls on selling hacking software outside the U.S., are "dangerously broad and vague," Google said Monday.Google, commenting on rules proposed by the U.S. Department of Commerce (DOC), said the proposed export controls would hurt the security research community.A DOC Bureau of Industry and Security (BIS) proposal, published in May would require companies planning to export intrusion software, Internet surveillance systems and related technologies to obtain a license before doing so. Exports to Canada would be exempt from the licensing requirement.To read this article in full or to leave a comment, please click here

Report: Microsoft paying $320 million for cloud security provider Adallom

Microsoft is said to be paying $320 million to acquire Adallom, a cloud security provider whose services might help Microsoft in its new push toward becoming a “cloud-first” company.Adallom provides back-end security tools that gather usage data and detect suspicious activity. Its services are used by Netflix, SAP and Hewlett-Packard, according to the company’s website. The acquisition was reported Monday by the Calcalist financial newspaper.A spokesman for Adallom declined to comment, and Microsoft did not immediately respond to a request for comment.Adallom could help boost the defenses of Microsoft products including Office 365 and Yammer. Adallom’s tools can give businesses more granular control over who has access to Office 365, or identify anomalies in usage patterns for the cloud suite, according to Adallom’s website. An acquisition would bring those tools under Microsoft’s umbrella.To read this article in full or to leave a comment, please click here

Spy’s suicide adds to Hacking Team scandal in South Korea

A South Korean intelligence officer who used a controversial surveillance system from Italy’s Hacking Team was found dead over the weekend in an apparent suicide as controversy swirls in the country over use of the software.The officer, identified by local media only as Lim, was a 20-year cyber-security veteran of the country’s National Intelligence Service (NIS) and ran the department that used the software, according to reports.He was found dead on Saturday in a car south east of Seoul. Burnt coal was found in the car and an autopsy conducted a day after his death on Saturday found he died of asphyxiation, according to reports. Burning charcoal in a confined space is a relatively common method of committing suicide in South Korea and Japan.To read this article in full or to leave a comment, please click here

Next-generation endpoint protection not as easy as it sounds

Rather than looking for signatures of known malware as traditional anti-virus software does, next-generation endpoint protection platforms analyze processes, changes and connections in order to spot activity that indicates foul play and while that approach is better at catching zero-day exploits, issues remain.For instance, intelligence about what devices are doing can be gathered with or without client software. So businesses are faced with the choice of either going without a client and gathering less detailed threat information or collecting a wealth of detail but facing the deployment, management and updating issues that comes with installing agents.To read this article in full or to leave a comment, please click here

Microsoft issues critical out-of-band patch for flaw affecting all Windows versions

Happy Monday, IT folks. Ready to patch and then restart your machines? I hope so as Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected. It's being exploited in the wild and Microsoft admitted some of its customers could be attacked. It's not every day Microsoft releases an out-of-band patch, so when it does so instead of deploying the fix on Patch Tuesday, then it means patch now.This morning Microsoft Premier Support customers received notification that Microsoft would release an out-of-band patch for a critical remote code execution (RCE) vulnerability that affects all versions of Windows. There was no more information, other than that a reboot would be required after the patch was installed. Everyone else was notified when Microsoft made the out-of-band patch announcement at 10 am PST.To read this article in full or to leave a comment, please click here

Security suites: Choosing the best one for you

The old days of straightforward antivirus software packages are gone -- victim of a changing threat scene in which the dangers are more complex than ever and come from multiple sources. No longer are viruses and Trojans the only risks. Today you can also be victimized by phishing attacks, spyware, privacy invasions, social media scams and the possibility of losing your mobile device. To complicate matters even further, most of us commonly use multiple devices, frequently with different operating systems. I'm a perfect case of that: My computing arsenal includes a Windows desktop PC, a MacBook Air, two Windows-based Surface tablets, two iPads, an iPhone and a Google Nexus 7 Android tablet.To read this article in full or to leave a comment, please click here

Review: McAfee LiveSafe offers top Windows, Android protection

McAfee LiveSafe is the best product in McAfee's sizable security portfolio. Its suite offers protection for an unlimited number of Windows PCs, Macs and Android and iOS devices, along with a Web dashboard. There's 1TB of cloud-based storage as well. The whole thing is available for $60 per year.Windows McAfee gives you a solid complement of protection tools for your PC that includes virus and spyware protection, Web and email protection, and parental controls. Also included is a suite of not overly impressive tune-up tools. The interface is straightforward, with big icons representing each of its modules. I found the design to be clear and simple, letting me easily drill down to customize any feature. Modules include Virus and Spyware Protection, Web and Email Protection, Data Protection, PC and Home Network Tools, and Parental Controls. There are also icons that you can click to update the software or see the status of your subscription.To read this article in full or to leave a comment, please click here

Link Aggregation on HP Moonshot – A Neat Trick

The Broadcom switching OS running on HP's Moonshot 45G and 180G switches can do a neat trick1 that I haven't seen on other platforms.

Background: LACP-Individual
The trick revolves around interfaces that are sometimes aggregated, and sometimes run as individuals. Lots of platforms don't support this behavior. On those platforms, if an interface is configured to attempt aggregation but doesn't receive LACP PDUs, the interface won't forward traffic at all. Less broken platforms make this behavior configurable or have some goofy in-between mode which allows one member of the aggregation to forward traffic.

If the Moonshot were saddled with one of these broken2 switching OSes, we'd be in a real pickle: Moonshot cartridges (my m300s, anyway) require PXE in order to become operational, and PXE runs in the option ROM of an individual network interface. Even if that interface could form an one-member aggregation, it wouldn't be able to coordinate its operation with the other interface, and neither of their LACP speaker IDs would match the one chosen by the operating system that eventually gets loaded.

I suppose we could change the switch configuration: Add and remove individual interfaces from aggregations depending on the mode required by the Continue reading
1 3,386 3,387 3,388 3,389 3,390 3,836