The difference that Qubes makes, is that this attacked browser might be just your for-personal-use-only browser which is isolated from your for-work-use-only-browser, and for-banking-use-only-browser..
via The Invisible Things Lab’s blog: Introducing Qubes 1.0!.
“Everybody has a hypervisor today and everybody gives it away for free,” Maritz continued. “What it’s all about are the automation layers on top of it,” and extending the benefits of virtualization from servers to the entire network.
How is VMware achieving that? The company today explained it wants to make “virtual data center” a phrase just as commonly uttered as virtual machines. Instead of merely virtualizing CPU capacity, a virtual data center brings CPU, storage, network services, security, load balancing, and other characteristics together into a single profile that can be easily reproduced and provisioned.
via As Microsoft gains, VMware insists that it maintains the upper hand | Ars Technica.
As enterprises move towards virtualizing more of their servers and data center infrastructure, protective technologies—plentiful and commonplace in the physical world—become few and far between. When your Windows Server or SQL database is running in a virtual machine (VM), you still need to protect it from viruses and other attacks while providing the same level of access controls you have for physical servers. Let’s look at the different approaches to protecting your VMs, as well as the major issues involved with deploying these technologies.
via Choosing the Right Security Tools to Protect VMs.
Anyone seriously invested in virtualization is going to need more than one protection product. So before you dive into this marketplace, you should carefully consider the types of protective features you really need at present, and where you want to end up in the next 12 months. You should look at covering five different functional areas:
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Details from Red Hat
RHSA-2012:0720-1 & RHSA-2012:0721-1: It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)
Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. [more]
via Home.
Architecture page here.
Qubes lets the user define many security domains implemented as lightweight Virtual Machines (VMs), or “AppVMs”. E.g. user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs, of course.
Hadoop is a framework for reliably running applications on large hardware clusters. Many large enterprises (such as Facebook and IBM) have come to rely on it as a vital part of their respective data-crunching infrastructures. Research firm IDC recently predicted that worldwide revenues from Hadoop and MapReduce, another framework for processing problems across huge datasets, could hit $812.8 million in 2016, a significant uptick from $77 million in revenues last year.
via VMware’s Serengeti Brings Hadoop to Virtual, Cloud Environments.
VMware has positioned Serengeti as a “one click” deployment toolkit that, when used in conjunction with its vSphere platform, can deploy an enterprise-level Hadoop cluster in a matter of minutes. The company claims that vSphere’s virtualization capabilities will boost the “availability and manageability” of Hadoop clusters.
Serengeti is an open source project initiated by VMware to enable the rapid deployment of an Apache Hadoop cluster HDFS, MapReduce, Pig, Hive, .. on a virtual platform.
Serengeti 0.5 currently supports vSphere, with the ability to support other platforms. The project is at an early stage, and is endorsed by all major Hadoop distributions including Cloudera, Greenplum, Hortonworks and MapR.
via Project Serengeti.
StarWind is an iSCSI SAN software that turns any industry-standard server into a highly reliable and highly available enterprise-class SAN or centralized iSCSI storage.
via iSCSI SAN Software and Storage Virtualization Solutions.
This time, it’s internal emails detailing the creation of “persona management” software to simplify the process of pretending to be several people at once online, in order simulate widespread support for a point of view — astroturfing automation software. The software appears to have been developed in response to a federal government solicitation seeking automated tools for astroturfing message boards in foreign countries.
via HBGary’s high-volume astroturfing technology and the Feds who requested it – Boing Boing.
This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use…
The Virtual Network Editor (vmnetcfg.exe) is not extracted during the installation and it is really needed if you want to mess around with the virtual network settings on the host OS.
It is a problem if you have different network adapters installed, like eg Bluetooth, WiFi, Hamachi etc
Extract cab files
You can extract all files from the installation by using the option /e and a destination folder is supplied
C:\Download\vmware>VMware-player-3.1.3-324285.exe /e .\extract
Change to the subfolder and find the file network.cab, open it in eg Izarch and extract vmnetcfg.exe to the vmware player installation folder. You can also create a shortcut in your list of program files if needed
Currently rated 4.6 by 8 people
via Look sharp | VMware Player – Virtual Network Editor.
This worked. I didn’t have to install izarch either — 7-zip extracted the .cab files just fine. I can’t believe vmware didn’t just install the network editor for the player. What’s up with that?