/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsVMware Expands Cloud Infra Strategy, Introduces New Products to Drive IT as a Service
Building on the VMware vSphere foundation, VMware's new cloud infrastructure products and services introduce a hybrid cloud model that bridges private and public clouds. By extending the resource pooling capabilities of VMware vSphere, VMware vCloud Director enables IT to create virtual data centers (VDCs), logical pools of compute, network and storage resources with defined management policies, SLAs and pricing. VMware vShield Edge, VMware vShield App, and VMware vShield Endpoint virtualize security and edge services, including firewall, VPN and load balancing, freeing them from the constraints of physical infrastructure and providing a single, adaptive and programmable security infrastructure.
While public cloud services have created an alternative for delivering compute capacity in a self-service, pay-per-use model, security concerns, uncertain SLAs, lack of compliance and fears of lock-in have limited enterprise adoption. VMware vCloud Datacenter Services provide a way for enterprises to extend their datacenters to external clouds,while preserving security, compliance and quality of service. VMware vCloud Datacenter Services offer VMware-certified compatibility and portability, auditable security controls, SAS-70-Type-II or ISO-27001 certifications, and virtual application security including stateful firewall and layer two network isolation.
Scammers Target Apple's New Ping Service
IT security and control firm Sophos is calling upon users of the new Ping musical social network, created by Apple and built into the new version of iTunes, to be on their guard against scammers and spammers who have deluged the system with fraudulent messages.
Ping, which was only launched this week, is a cross-between Facebook and Twitter, giving over 160 million iTunes users the ability to build networks of friends and musicians, and read comments by other fans. However, Sophos resea-rchers have found that Ping is being over-run by scams and spam messages, some of which try and direct users into believing they will receive a free iPhone if they complete online surveys.
"We're used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of filtering on Ping is making it a brand new playground for the bad guys to operate in," said Graham Cluley, Senior Technology Consultant for Sophos. "It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone. It's safe to assume that Ping does incorporate some rudimentary filtering to prevent offensive messages from being posted, so hopefully Apple's security team can extend this to also block scam messages and malicious links. In the meantime, though, Ping users should be wary of believing what they read on the new service." Sophos published research earlier this year demonstrating that there had been a 70% increase in the number of users reporting spam and malware being spread via social networks, a trend which continues to grow.
VMware Introduces Cloud Application Platform to Drive IT as a Service
At VMworld 2010, VMware introduced its cloud application platform strategy and solutions, enabling developers to build and run modern applications that intelligently share information with underlying infrastructure to maximize application performance, quality of service and infrastructure utilization.
VMware vFabric cloud application platform combines the Spring Java development framework with platform services including lightweight application server, global data management, cloud-ready messaging, dynamic load balancing and application performance management.
Applications built on VMware vFabric provide performance and portability across heterogeneous cloud environments.An open solution, VMware vFabric will initially target the 2.5 million users that develop Spring Java applications.
Developers will be able to build new applications in a familiar and productive way while enabling the choice of where to run them, whether on premise or in public clouds such as VMforce or Google. SMS Buy 131004 to 56677
Quest Announces Support for Microsoft Hyper-V, Added Application Visibility with vFoglight
Quest Software announced that its vFogligh solution for virtualization monitoring and capacity planning, will support Microsoft Hyper-V and provide increased automation of virtual infrastructures with vFoglight 6.5, currently planned for release in Q4 2010. vFoglight now also supports Microsoft Active Directory and Microsoft Exchange. Quest will demonstrate all these capabilities in booth 1113 at VMworld, held at the Moscone Center, San Francisco, Aug. 30 through Sept 2.
As infrastructure become increasingly complex, and critical applications are run on virtual and cloud infrastructure, IT teams are increasingly challenged to manage and control their environment. vFoglight answers a critical need for a single tool to manage the virtual layer and provide visibility up the stack into the infrastructure and applications running in that environment. With these enhancements, Quest customers can better deliver on virtualization's promise of reducing costs and increasing efficiency while simplifying management.
Quest is working to set a new standard for analyzing and monitoring performance and capacity across physical, virtual and cloud infrastructures while easing administration through automation.
SMS Buy 131002 to 56677
Ramco launches OnDemand
ERP 2.0
Ramco Systems announced the launch of Ramco OnDemand ERP 2.0 (RODE 2.0). Built on the Ramco VirtualWorks platform, it can handle thousands of business transactions and complex functionalities such as MRP, across different industries simultaneously on a single instance of software. RODE 2.0 has ERP functionalities covering Process & Discrete Production, Cost Planning & Control, Human Capital Management, Supply Chain Management, Customer Relationship Management, Financial Management, Maintenance Management, Service Management, Asset Management, and MIS Reports.
ATEN Unveils 2x4 DVI-HDMI
Matrix KVMP Switch
ATEN International has launched CM0264, the industry's first 2x4 DVI-HDMI Matrix switch. The CM0264 allows users to switch seamlessly between two HDMI- and two DVI-enabled PCs and share USB peripherals and high-definition audio from a dual-display console. The CubiQ CM0264 2x4 DVI-HDMI Matrix KVMP Switch's Dual Display Console supports one DVI display and one HDMI display. Users can switch between four high-definition video sources on both displays, while the Picture-in-picture (PIP) 3n1 view mode allows users to simultaneously control one computer on one display and view the three other video sources on the other display.
SMS Buy 131001 to 56677
The Threat Webscape
A tactic to infect users, dubbed "DLL hijacking", grabbed headlines. Basically, when you fire up an app in Windows (e.g. Microsoft PowerPoint), more often than not big apps search a series of locations for "helper" libraries to assist with the job.
Knowing that the app will search for other libraries to execute, a bad guy can place a malicious binary in the location the app is searching in an attempt to trick the app into thinking that the malicious file is the correct library. This vulnerability has been added to Metasploit.
Another key exploit to shape up is JailbreakMe Web site for Apple's iOS. You simply open a browser from your iOS device (iPad, iPhone, etc.) and visit the Web site. With just one click (or "swipe" on the "touch" interface) and the Web site jailbreaks your device (using an exploit). The broader food for thought here is that whereas this Web site prompts for your permission to execute an exploit on your device to do things the owners consent to, the fact that this is technically possible (our research) in the first place opens the door to malicious Web sites that don't have to prompt you for permission to do malicious things on your device that you don't consent to.
In other news, watch out for malicious fake YouTube pages and malicious links that show up in Bing search results, both of which can lead to rogue or fake anti-virus software.
This month saw a huge increase in the number of abused and fake accounts being used for spam propagation such as in the case of the fake Friendster.com accounts that seem to have happened over the course of a few days.
Security trends
60GB of accounting data for social networking sites, bank accounts, credit card numbers, and intercepted emails were stolen by a mini ZeuS botnet dubbed Mumba. Thirty three percent of the infected users are based in the U.S, followed by 17 percent in Germany, and 7 percent in Spain. The first SMS Trojan for Android OS has been detected as Trojan-SMS.
AndroidOS.FakePlayer.a spread in Russia. For now, the Trojan only causes losses for Russian users, and as far as we can tell, it's currently not being spread via the Android Marketplace.
A kind of interesting PHP injection has been found by researchers. The script uses the User-Agent field as the deobfuscation key and the injected PHP script contains multiple eval() calls of which every one uses a different deobfuscation key.
Read song lyrics, but carefully
Every now and then we look for song lyrics on the Internet. Using the newest Google Instant technology we immediately find what we need. At least, we think so. Websense Security Labs ThreatSeeker Network has detected that the popular site Songlyrics.com (with approximately 200,000 daily page views and 2,000,000 unique visitors) is compromised and injected with obfuscated malicious code.
Once a user accesses the main page of the song lyrics site, injected code redirects to an exploit site loaded with the Crimepack exploit kit. Attempted exploits result in a malicious binary (VT 39.5%) file that's run on the victim's computer. Once infected, the machine becomes another zombie-bot in the wild. It is interesting to note that the malicious code injected on Songlyrics.com uses a similar obfuscation algorithm as Crimepack - a prepackaged commercial software used by attackers to deliver malicious Web-based code. Crimepack has become one of the best selling exploit packs on the market due to its huge number of pre-compiled exploits offering a great base for the "drive-by-download & execute" business.
Adobe Unveils Photoshop
Elements 9
Photoshop Elements 9 and Premiere Elements 9 feature tools that users need to make the most of their photos and videos. Adapted from Photoshop CS5's celebrated Content Aware Fill feature, the content intelligence in the Spot Healing Brush analyzes what's in the image and quickly de-clutters or repairs photos (like removing tourists from a crowded scene) with a swipe of a brush, magically filling in the background. Several new Guided Edit options walk users step-by-step through the process of achieving cool editing effects such as Out of Bounds, making an element of a photo appear to leap off the page in 3D, creating pop art masterpieces, or retouching made easy via the perfect portraits feature. With Premiere Elements 9, users can create movies in minutes with the help of intelligent tools that automatically fix audio problems, trim away bad footage, stabilize shaky shots and correct bad color and lighting problems.
SMS Buy 131030 to 56677