Sign up for our Technology Newsletter 
Juniper Networks Goes OpenStack
Juniper and Mirantis are getting close, with news that they are to form a cloud OpenStack alliance.
The two companies have signed an engineering partnership that the companies believe will lead to a reliable, scalable software-defined networking solution.
Mirantis OpenStack will now inter-operate with Juniper Contrail Networking, as well as OpenContrail, an open source software-defined networking system.
The two companies have published a reference architecture for deploying and managing Juniper Contrail Networking with Mirantis OpenStack to simplify deployment and reduce the need for third-party involvement.
Based on OpenStack Juno, Mirantis OpenStack 6.0 will be enhanced by a Fuel plugin in the second quarter that will make it even easier to deploy large-scale clouds in house.
However, Mirantis has emphasized that the arrival of Juniper to the fold is not a snub to the recently constructed integration with VMware.
Nick Chase of Mirantis explained, “…with this Juniper integration, Mirantis will support BOTH VMware vCenter Server and VMware NSX AND Juniper Networks Contrail Networking. That means that even if they’ve got VMware in their environment, they can choose to use NSX or Contrail for their networking components.
“Of course, all of that begs the question, when should you use Juniper, and when should you use VMware? Like all great engineering questions, the answer is ‘it depends’. How you choose is going to be heavily influenced by your individual situation, and what you’re trying to achieve.”
Juniper outlined its goals for the tie-up as:
– Reduce cost by enabling service providers and IT administrators to easily embrace SDN and OpenStack technologies in their environments
– Remove the complexity of integrating networking technologies in OpenStack virtual data centres and clouds
– Increase the effectiveness of their operations with fully integrated management for the OpenStack and SDN environments through Fuel and Juniper Networks® Contrail SDN Controller
The company is keen to emphasize that this is not meant to be a middle finger at VMware, but rather a demonstration of the freedom of choice offered by open source software. However, it serves as another demonstration of how even the FOSS market is growing increasingly proprietary and competitive.
HP’s Helion Goes Commercial
HP has announced general availability of its Helion OpenStack cloud platform and Helion Development Platform based on Cloud Foundry.
The Helion portfolio was announced by HP earlier this year, when the firm disclosed that it was backing the OpenStack project as the foundation piece for its cloud strategy.
At the time, HP issued the HP Helion OpenStack Community edition for pilot deployments, and promised a full commercial release to follow, along with a developer platform based on the Cloud Foundry code.
HP revealed today that the commercial release of HP Helion OpenStack is now available as a fully supported product for customers looking to build their own on-premise infrastructure-as-a-service cloud, along with the HP Helion Development platform-as-a-service designed to run on top of it.
“We’ve now gone GA [general availability] on our first full commercial OpenStack product and actually started shipping it a couple of weeks ago, so we’re now open for business and we already have a number of customers that are using it for proof of concept,” HP’s CloudSystem director for EMEA, Paul Morgan said.
Like other OpenStack vendors, HP is offering more than just the bare OpenStack code. Its distribution is underpinned by a hardened version of HP Linux, and is integrated with other HP infrastructure and management tools, Morgan said.
“We’ve put in a ton of HP value add, so there’s a common look and feel across the different management layers, and we are supporting other elements of our cloud infrastructure software today, things like HP OneView, things like our Cloud Service Automation in CloudSystem,” he added.
The commercial Helion build has also been updated to include Juno, the latest version of the OpenStack framework released last week.
Likewise, the HP Helion Development Platform takes the open source Cloud Foundry platform and integrates it with HP’s OpenStack release to provide an environment for developers to build and deploy cloud-based applications and services.
HP also announced an optimised reference model for building a scalable object storage platform based on its OpenStack release.
HP Helion Content Depot is essentially a blueprint to allow organisations or service providers to put together a highly available, secure storage solution using HP ProLiant servers and HP Networking hardware, with access to storage provided via the standard OpenStack Swift application programming interfaces.
Morgan said that the most interest in this solution is likely to come from service providers looking to offer a cloud-based storage service, although enterprise customers may also deploy it internally.
“It’s completely customisable, so you might start off with half a petabyte, with the need to scale to maybe 2PB per year, and it is a certified and fully tested solution that takes all of the guesswork out of setting up this type of service,” he said.
Content Depot joins the recently announced HP Helion Continuity Services as one of the growing number of solutions that the firm aims to offer around its Helion platform, he explained. These will include point solutions aimed at solving specific customer needs.
The firm also last month started up its HP Helion OpenStack Professional Services division to help customers with consulting and deployment services to implement an OpenStack-based private cloud.
Pricing for HP Helion OpenStack comes in at $1,200 per server with 9×5 support for one year. Pricing for 24×7 support will be $2,200 per server per year.
“We see that is very competitively priced compared with what else is already out there,” Morgan said.
More Ransomware Plaguing Android
Android users have been warned again that they too can become victims of ransomware.
A Cryptolocker-style Android virus dubbed Simplocker has been detected by security firm Eset, which confirmed that it scrambles files on the SD cards of infected devices before issuing a demand for payment.
The message is in Russian and the demand for payment is in Ukrainian hryvnias, equating to somewhere between £15 and £20.
Naturally, the warning also accuses the victim of looking at rather unsavoury images on their phone. However, while the source of the malware is said to be an app called “Sex xionix”, it isn’t available at the Google Play Store, which generally means that anyone who sideloads it is asking for trouble.
Eset believes that this is actually more of a “proof of concept” than an all-out attack, and far less dangerous than Cryptolocker, but fully functional.
Robert Lipovsky of Eset said, “The malware is fully capable of encrypting the user’s files, which may be lost if the encryption key is not retrieved. While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them.”
Eset recommends the usual – use a malware app. It recommends its own, obviously, and advises punters to keep files backed up. Following such advice, said Lipovsky, ensures that ransomware is “nothing more than a nuisance”.
This is not the first Android cryptolocker style virus. Last month a similar virus was found, which Kaspersky said was “unsurprising, considering Android’s market share”.
Oracle Updates NoSQL
Oracle has announced the availability of the latest edition of its NoSQL datatabase.
NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.
Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.
For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.
For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.
“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.
It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.
Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.
Cryptolocker Infects 250K Systems
DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.
“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.
The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.
“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.
Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.
“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.
Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.
“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”
Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.
“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.
Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.
Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.
ATM Malware Found In Mexico
A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.
In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.
The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.
Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.
Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.
“They clearly know how this machine worked,” he said.
The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.
In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.
The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.
Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.
Will Google’s Project Shield Work?
Google has opened Project Shield, its service for small websites that don’t have the forces to repel denial of service attacks that might come their way.
Google introduced the service on Google+, saying that it is aimed at websites that might otherwise be at risk of online disruption.
“Project Shield, [is] an initiative that enables people to use Google’s technology to better protect websites that might otherwise have been taken offline by “distributed denial of service” (DDoS) attacks. We’re currently inviting webmasters serving independent news, human rights, and elections-related content to apply to join our next round of trusted testers,” it said.
“Over the last year, Project Shield has been successfully used by a number of trusted testers, including Balatarin, a Persian-language social and political blog, and Aymta , a website providing early-warning of scud missiles to people in Syria. Project Shield was also used to protect the election monitoring service in Kenya, which was the first time their site stayed up throughout an election cycle.”
Interested websites should visit the Google Project Shield page and request an invitation to the experience. They should not try to do the same at Nvidia’s website, as they will probably just come away with a handheld games console. This will not offer much assistance against DDoS attacks.
According to a video shared by Google last night, Project Shield works by combining the firm’s DDoS mitigation technologies and Page Speed Service (PSS).
Are Russian Hackers Exploiting Android?
Comments Off on Are Russian Hackers Exploiting Android?
Russian mobile malware factories are working with thousands of affiliates to exploit Android users, a security company has claimed.
According to Lookout Mobile Security the system is so efficient that almost a third of all mobile malware is made by just 10 organisations operating out of Russia. These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers the report said.
Thousands of affiliate marketers are also profiting from the scheme and helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps. Affiliates can make up to $12,000 a month and are heavy users of Twitter.
The report’s release at the DEF CON 21 conference in Las Vegas indicated that Lookout Mobile Security are working with the spooks to bring the crooks down. The malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky, but their advertising was pretty brazen.
Adobe Reader Security Issue Found
McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.
“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”
The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).
McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.
This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).
McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.
The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.
“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.
“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”
McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.
“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.
Kaspersky Finds New Malware
Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.
Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame’s creators.
“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.
“The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.
“It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild.”
The discovery of the three programs indicates that Flame’s Command and Control platform was being developed in 2006, four years earlier than first thought.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers,” said Kaspersky’s chief security expert, Alexander Gostev.
Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.
“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”
Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.
“They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” he added.