Sign up for our Technology Newsletter 
Is IBM Going After HP?
IBM has announced a unified branding for its commerce cloud based enterprise products and services with a presentation at the Smarter Commerce Global Summit in Tampa, Florida.
Hot on the heels of HP, which unified its cloud offerings under the Helion brand last week, IBM Experienceone is designed to allow companies to improve engagement with their customers by leveraging big data through the cloud.
Deployment comes from a unified offer of consulting services, software and infrastructure from IBM subsidary Softlayer, which can be used to gather data, mine analytics and improve customer commerce via a mixture of traditional and cloud services.
IBM has already committed 1,000 new employees for its IBM Interactive Experience who will staff 10 “IBM Interactive Experience Labs” that are being set up to help customers understand the rules of engagement and hopefully increase their level of customer engagement.
IBM GM of Industry Cloud Solution Craig Hayman said, “IBM Experienceone provides a secure and simplified portfolio – including innovation from more than 1,200 partners – to help clients design and deliver more valuable customer engagements. With cloud, on premise and hybrid options, IBM Experienceone quickly scales to engage every customer in the moment while protecting their privacy.”
The IBM Experienceone brand is a coming together of many acquisitions that IBM has made in the field over recent years, including Sterling Commerce, Tealeaf, Coremetrics, Unica, Demandtec, Xtify and Silverpop. The only obvious omission from the top to tail offer is a specific CRM database, however IBM Experienceone is compatible with most of the leading solutions, including those of its arch rivals. This leads to the question, could a CRM be next on the company’s shopping list?
As well as on desktop and server equipment, Experienceone analytics will also be available through apps for iOS and Android.
IBM Goes BlueMix
IBM has put together a vast array of hosted cloud services, and now it has a single location to offer them for sale.
At IBM Cloud online marketplace, that went live on Monday, enterprises can find the full range of IBM’s offerings behind a single gateway.
“So many of our customers want to build new cloud-based, front-end systems, but they want to tie them into their back-end infrastructure. We’re delivering a whole set of integration components and control services to do the connection, and monitor and control what is taking place,” said Steve Mills, IBM senior vice president and group executive for software and systems.
The marketplace has more than 100 hosted IBM applications, as well as middleware components from IBM’s Bluemix platform as a service (PaaS). It also serves as a portal to IBM’s SoftLayer infrastructure as a service (IaaS) and houses a collection of services from IBM partners.
“It’s an open platform. It supports all the popular application development tools and structures. So it’s not uniquely IBM. There’s a lot of open source and partners,” Mills said. In addition to IBM’s own offerings, other services will be offered on the site by SendGrid, Zend, Redis Labs and other IBM partners.
IBM is banking heavily on the cloud. The company’s revenue has been declining lately, due in part to sagging hardware sales. The cloud is likely to be a good place to look for more money: Gartner expects 80 percent of organizations to use cloud services in some form by the end of 2014.
Although IBM got a late start in the cloud, at least compared with rivals Amazon and Microsoft, it’s aggressively repositioning itself as a one-stop cloud services company. It generated $4.4 billion in cloud-related revenue in 2013 and has made a number of additional investments in the area as well.
In January, the company announced it would invest $1.2 billion into expanding its SoftLayer cloud service, which it acquired last year for $2 billion.
It is also investing $1 billion in the effort to adapt its middleware software as cloud services, part of the Bluemix offering.
The new online marketplace ties together a number of these initiatives from IBM within a single portal. It can be accessed from desktops, laptops, tablets and smartphones, and it can customize the service offerings based on the user’s needs.
Will Chrome’s API Work?
March 25, 2014 by admin
Filed under Around The Net
Comments Off on Will Chrome’s API Work?
Google has targeted web browser settings hijacking in its latest update to Chrome for Windows.
On the Chromium blog, Google engineering director Erik Kay announced an extension settings API designed to ensure that users have notice and control over any settings changes made to their web browsers.
As a result, the only way extensions will be able to make changes to browser settings such as the default search engine and start page will be through this API.
Bargain hungry consumers are often unaware that freeware programs often bundle add-on programs for which developers receive payment but can create irritating, rather than malicious, changes to user settings.
Although there is usually consent sought at installation, quite often it is ignored or not understood, and the people who miss the warnings are generally the same ones who find it hard to change the settings back.
Kay said that the API is available in the Chromium developer channel, with a rollout to the stable channel set for May.
The Chromium stable channel has been updated to version 33.0.1750.149. The main change is an update to the embedded Flash Player for Windows, which is now version 12.0.0.77.
There are seven new security fixes, most of which were user submitted via the open source Fast Memory Detector Address Sanitizer.
Although the user community and Chrome team continue to proactively protect the Chromium project, third party extensions can still cause problems, with several already having been removed from the Chrome Store this year.
App Stores For Supercomputers Enroute
Comments Off on App Stores For Supercomputers Enroute
A major problem facing supercomputing is that the firms that could benefit most from the technology, aren’t using it. It is a dilemma.
Supercomputer-based visualization and simulation tools could allow a company to create, test and prototype products in virtual environments. Couple this virtualization capability with a 3-D printer, and a company would revolutionize its manufacturing.
But licensing fees for the software needed to simulate wind tunnels, ovens, welds and other processes are expensive, and the tools require large multicore systems and skilled engineers to use them.
One possible solution: taking an HPC process and converting it into an app.
This is how it might work: A manufacturer designing a part to reduce drag on an 18-wheel truck could upload a CAD file, plug in some parameters, hit start and let it use 128 cores of the Ohio Supercomputer Center’s (OSC) 8,500 core system. The cost would likely be anywhere from $200 to $500 for a 6,000 CPU hour run, or about 48 hours, to simulate the process and package the results up in a report.
Testing that 18-wheeler in a physical wind tunnel could cost as much $100,000.
Alan Chalker, the director of the OSC’s AweSim program, uses that example to explain what his organization is trying to do. The new group has some $6.5 million from government and private groups, including consumer products giant Procter & Gamble, to find ways to bring HPC to manufacturers via an app store.
The app store is slated to open at the end of the first quarter of next year, with one app and several tools that have been ported for the Web. The plan is to eventually spin-off AweSim into a private firm, and populate the app store with thousands of apps.
Tom Lange, director of modeling and simulation in P&G’s corporate R&D group, said he hopes that AweSim’s tools will be used for the company’s supply chain.
The software industry model is based on selling licenses, which for an HPC application can cost $50,000 a year, said Lange. That price is well out of the reach of small manufacturers interested in fixing just one problem. “What they really want is an app,” he said.
Lange said P&G has worked with supply chain partners on HPC issues, but it can be difficult because of the complexities of the relationship.
“The small supplier doesn’t want to be beholden to P&G,” said Lange. “They have an independent business and they want to be independent and they should be.”
That’s one of the reasons he likes AweSim.
AweSim will use some open source HPC tools in its apps, and are also working on agreements with major HPC software vendors to make parts of their tools available through an app.
Chalker said software vendors are interested in working with AweSim because it’s a way to get to a market that’s inaccessible today. The vendors could get some licensing fees for an app and a potential customer for larger, more expensive apps in the future.
AweSim is an outgrowth of the Blue Collar Computing initiative that started at OSC in the mid-2000s with goals similar to AweSim’s. But that program required that users purchase a lot of costly consulting work. The app store’s approach is to minimize cost, and the need for consulting help, as much as possible.
Chalker has a half dozen apps already built, including one used in the truck example. The OSC is building a software development kit to make it possible for others to build them as well. One goal is to eventually enable other supercomputing centers to provide compute capacity for the apps.
AweSim will charge users a fixed rate for CPUs, covering just the costs, and will provide consulting expertise where it is needed. Consulting fees may raise the bill for users, but Chalker said it usually wouldn’t be more than a few thousand dollars, a lot less than hiring a full-time computer scientist.
The AweSim team expects that many app users, a mechanical engineer for instance, will know enough to work with an app without the help of a computational fluid dynamics expert.
Lange says that manufacturers understand that producing domestically rather than overseas requires making products better, being innovative and not wasting resources. “You have to be committed to innovate what you make, and you have to commit to innovating how you make it,” said Lange, who sees HPC as a path to get there.
Chinese Hackers Go After Dissidents
August 26, 2013 by admin
Filed under Around The Net
Comments Off on Chinese Hackers Go After Dissidents
The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.
FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.
The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.
Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.
Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.
The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.
“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”
FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.
Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.
Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.
In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.
Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.
Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.
Adobe Reader Security Issue Found
McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.
“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”
The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).
McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.
This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).
McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.
The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.
“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.
“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”
McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.
“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.
3G And 4G Modems Pose Security Threats
Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented Thursday at the Black Hat Europe 2013 security conference in Amsterdam.
Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators’ logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said.
Tarakanov said that they weren’t able to test baseband attacks against the Qualcomm chips found inside the modems because it’s illegal in Russia to operate your own GSM base station if you’re not an intelligence agency or a telecom operator. “We’ll probably have to move to another country for a few months to do it,” he said.
There’s still a lot to investigate in terms of the hardware’s security. For example, the SoC (system on a chip) used in many modems has Bluetooth capability that is disabled from the firmware, but it might be possible to enable it, the researcher said.
For now, the researchers tested the software preloaded on the modems and found multiple ways to attack it or to use it in attacks.
For one, it’s easy to make an image of the USB modem’s file system, modify it and write it on the modem again. There’s a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.
Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it’s used on.
The researchers also found a possible mass attack vector. Once installed on a computer, the modem application — at least the one from Huawei — checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.
An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.
Research in this area is just at the beginning and there’s more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they’re a security threat.
IBM Moves Into Oracle And HP Turf
Big Blue wants to take on competitors such as Oracle and Hewlett Packard by offering a cheap and cheerful Power Systems server and storage product range.
Rod Adkins, a Senior Vice President in IBM’s Systems & Technology Group said the company was was rolling out new servers based on its Power architecture with the Power Express 710 starting at $5,947. He said that the 710 is competitively priced to commodity hardware from Oracle and HP.
Adkins added that IBM is expanding its Power and Storage Systems business into SMB and growth markets. The product launches on Tuesday. IBM said it will start delivering by February 20.
Good Technology Updates Security
July 25, 2012 by admin
Filed under Uncategorized
Comments Off on Good Technology Updates Security
Good Technology today announced two updates to its mobile security software products across IOS, Android and Windows Phone devices.
Powering mobile security for major enterprises such as Barclays, Sainsbury’s and LOCOG, Good Technology claims the releases are the first of a kind for the industry and address security threats linked to the bring your own device (BYOD) procedures being used in most big companies.
The first update announced by the firm is the addition of what it calls “Appkinetics” to its Good Dynamics line, which aims to solve the problem of secure private corporate data leakage.
“Good’s patented AppKinetics technology builds on the company’s proven ‘containerization’ security model to enable business apps from Good, its Good Dynamics partner independent software vendors (ISV), and internal enterprise developers,” the firm said in a statement.
“This is to securely exchange information within and between applications and create seamless multi-app workflows without compromising security or employees’ privacy and personal experience.”
The firm’s second update is the addition of eight new partnered apps to its Good Dynamics ecosystem covering the areas of business intelligence, collaboration, document editing, document printing, file storage/content management, remote desktop management and mobile application development platforms (MADPs).
This update allows developers to integrate the Good Dynamics technology into apps so that companies can create secure end-to-end workflows of protected, mobile applications to drive business processes.
Good Technology’s EMEA GM Andy Jacques explained, “If you download the standard consumer document editing application you can copy and paste from that from that app into another app.”
He continued, “If you were to open a piece of corporate mission critical data you can copy and paste that and put it onto Hotmail for example.”
Is B.Y.O.D Proving To Be A Headache?
May 29, 2012 by admin
Filed under Around The Net
Comments Off on Is B.Y.O.D Proving To Be A Headache?
IT managers trying to cope with the growing bring-your-own-device (BYOD) trend can expect to see an explosion in the number of smartphones and tablets used by employees in the next few years.
As a result, IT shops won’t be able to provide the security necessary to protect company data, says Gartner analyst Ken Dulaney.
“The number of devices coming in the next few years will outstrip IT’s ability to keep the enterprise secure,” he said, adding that IT workers are “going crazy” and “get into fights” over whether users should have upgrades.
To help IT cope, software vendors should create what Dulaney called “beneficial viruses” that could be embedded in corporate data carried on mobile devices. These software tools would require users to have licenses in order to access files, just as digital rights management technology does with music and video files.
Beneficial viruses would also “be smart enough” to delete the sensitive data if a device is lost or stolen, or if data winds up on an unauthorized device, Dulaney said, adding, “It’s time for the SAPs and Oracles to begin thinking about doing that, and it’s a lot harder than we think.”
Today, IT shops use mobile device management software to monitor which mobile users are authorized to access applications and whether they can access the data outside the corporate cloud.