IBM Partners With BOX

IBM and BOX have signed a global agreement to combine their strengths into a cloud powerhouse.

The star-crossed ones said in a joint statement: “The integration of IBM and Box technologies, combined with our global cloud capabilities and the ability to enrich content with analytics, will help unlock actionable insights for use across the enterprise.”

Box will bring its collaboration and productivity tools to the party, while IBM brings social, analytic, infrastructure and security services.

The move is described as a strategic alliance and will see the two companies jointly market products under a co-banner.

IBM will enable the use of Box APIs in enterprise apps and web services to make a whole new playground for developers.

The deal will see Box integrate IBM’s content management, including content capture, extraction, analytics, case management and governance. Also aboard will be Watson Analytics to study in depth the content being stored in Box.

Box will also be integrated into IBM Verse and IBM Connections to allow full integration for email and social.

IBM’s security and consulting services will be part of the deal, and the companies will work together to create mobile apps for industries under the IBM MobileFirst programme.

Finally, the APIs for Box will be enabled in Bluemix meaning that anyone working on rich apps in the cloud can make Box a part of their creation.

Box seems to be the Nick Clegg to IBM’s ham-faced posh-boy robot in this relationship, but is in fact bringing more than you’d think to the party with innovations delivered by its acquisition of 3D modelling company Verold.

What’s more, the results of these collaborations should allow another major player to join Microsoft and Google in the wars over productivity platforms.

It was announced today that Red Hat and Samsung are forming their own coalition to bring enterprise mobile out of the hands of the likes of IBM and Apple which already have a cool thing going on with MobileFirst.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source