Tag Archives: enterprise

Manipulating Microsoft WSUS to Own Enterprises

Posted on by

Paul Stone and Alex Chapman of Context Information Security in the U.K. took a long look at the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL. While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could with some work tamper with the unencrypted communication and inject a malicious homegrown update.

Source: Manipulating Microsoft WSUS to Own Enterprises | Threatpost | The first stop for security news

Blackphone 2 caters to the enterprise, the security-minded and the paranoid

Posted on by

Silent Circle is all about security, but security is about more than just a phone that features encryption. There is an entire ecosystem in place starting with the secure PrivatOS 1.1. The latest upgrade to the operating system introduces a feature called Spaces which allows for OS-level virtualization and the ability to keep work and personal apps and data completely separate from each other. These features are also due to rollout to first generation Blackphones through an upcoming update.

via Blackphone 2 caters to the enterprise, the security-minded and the paranoid.

Google Glass Is Being Trialled At European Airport

Posted on by

In the enterprise sector the promise of wearables is increased efficiency by speeding up the dissemination/capture of information to staff out in the field, or who are in the midst of work or customer engagement. So Glass just becomes another tool for a particular type of worker.

Given Glass’ visibility, it is perhaps especially suited for workers in a position of authority, who may already be marked out by their uniform (fluorescent jackets in the case of Schiphol’s authority officers), becoming another ‘badge of office’.

via Google Glass Is Being Trialled At European Airport | TechCrunch.

Apple, IBM partnership yields first results: 10 mobile apps

Posted on by

The plan calls for IBM will resell Apple devices with its software pre-installed. IBM activation, management and security software are also involved in the deal. The partnership aims to give Apple the credibility it still has not quite achieved in IT departments and bring IBM into a popular mobile ecosystem.

via Apple, IBM partnership yields first results: 10 mobile apps | ITworld.

Slack now letting employers tap workers’ private chats

Posted on by

The data collection does not happen automatically. There is a several-step process for team owners to request access, which includes sending a signed letter on company letterhead to Slack stating that the company’s policies allow that kind of access. Each request is reviewed by Slack for approval, the company says.

Once granted, workers on the team are notified of the data access, which includes all messages from that point forward. The feature is not retroactive.

via Slack now letting employers tap workers’ private chats | ITworld.

From: Slack: Be less busy.

Slack is a platform for team communication: everything in one place, instantly searchable, available wherever you go.

Apple and IBM Team Up to Push iOS in the Enterprise

Posted on by

Apple and IBM will collaborate on building a new class of applications specifically tailored for certain industries, including retail, health care, banking, travel and transportation. The first of those applications will be available in the fall and will be released into next year.

via Apple and IBM Team Up to Push iOS in the Enterprise | Re/code.

Dan Farmer Presents Research on IPMI Vulnerabilities

Posted on by

IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.

via Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news.

BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes.  This isn’t the first article to point out vulnerabilities in IPMI.  It has been noted that IPMI should run on its own intranet and not the public internet.  Providing another layer of security to this interface may mitigate any problems.  IPMI can’t be any less secure than SNMP.

Don’t celebrate OpenStack’s success just yet

Posted on by

Media, content creation, and life sciences struck Stitt as good examples for where OpenStack enjoys stronger greenfield adoption. Those areas revolve around the generation of entirely new data, rather than the manipulation of existing data; everything newly created can simply be deployed fresh into OpenStack.

It’s hard to ignore the overall enthusiasm around OpenStack — the near-doubling of attendance to 4,500 at this year’s summit is a sign of how interest is mushrooming. And the overarching presence of Red Hat shows how it’s working to make itself as synonymous with OpenStack as it did with Linux — but the existence of other vendors all vying for attention also raises a cautionary note that, open source notwithstanding, the OpenStack market runs the risk of becoming as fragmented and contentious as Linux itself.

via Don’t celebrate OpenStack’s success just yet | Openstack – InfoWorld.

Dropbox’s Next Chapter: Corporate Customers, IPO, Condi Rice, and Eddie Vedder

Posted on by

Many corporations altogether forbid the use of Dropbox (including Bloomberg LP, parent of Bloomberg Businessweek). Security software maker Symantec (SYMC) posts online instructions on how clients can block Dropbox, while Citrix (CTXS), which provides a competing product, found Dropbox to be one of the most blacklisted applications by companies in a 2012 report. Even businesses that use Dropbox often do so with caution. “It’s extremely convenient to share marketing materials,” says Markus Ament, chief product officer of Taulia, a five-year old cloud-computing startup. “We try to avoid using Dropbox for sensitive data. Right now, we’re not taking any chances.”

via Dropbox’s Next Chapter: Corporate Customers, IPO, Condi Rice, and Eddie Vedder – Businessweek.

How to prevent hidden cost of open source software

Posted on by

Following list contains criteria we use to evaluate whether we use an open source or not

  1. Is product sponsored by a company? It is a critical criterion if a product plays a critical role in your application and you do not have an alternative choice for it.
  2. Is open source license suitable for your product? It is illegal for you to deliver a commercial and closed source product include an open source library has a license is GPL
  3. Does open source product has good quality?
  4. Is open source product still be supported by adding new features, bug fix?

via How to prevent hidden cost of open source software – VietNam Software Outsourcing Service Company.

Grammar a bit bad but advice seems well grounded.  All the above answers should be Yes.