Webremix Articles

Asterisk attack

Tue, 31 Aug 2010 21:56:50 GMT

There was a lot of talk about this being the next menace after email spam. I’m not actually sure what it’s called for VoIP systems, but my Asterisk setup has started to be attacked over the last few days. Lots of entries like: [Aug 27 19:20:30] NOTICE[18826] chan_sip.c: Registration from '"742"' failed for '208.109.86.187' - No matching peer found ... [Aug 31 10:13:10] NOTICE[18826] chan_sip.c: Registration from '"1002" ' failed for '41.191.224.2' - Wrong password Lots of messages get logged a second and I noticed this as suddenly CPU load on my PC jumped up quite a bit. For the moment I’ve routed these addresses via the interface lo0 so they won’t bother me any more, but I need to come up with a better solution. First I’m curious if applications like Asterisk or FreeSwitch have any built-in anti-abuse controls to recognise bad behaviour and to disable those abusers. I’m pretty sure that I’ve not read about anything for Asterisk, and I’m currently reading the FreeSWITCH book I bought but haven’t come across this mentioned yet. Seems that applications like this may need to have these controls added at some time, just as sendmail, postfix and most mail servers have had to adjust to a hostile world. The other option of course is to use a firewall or packet filter to limit the incoming traffic rate from a single IP to port 5060 or whereever the SIP connection is being accepted so that when going over the limit the ip will be blocked for some time. iptables can do this I think so I’m going to have to read about how to configure and set that up. There are other applications designed to watch logs and use them to automatically add temporary blocks. fail2ban is one of these. I’ll also have to see if I can configure it for this task. So if this has happened to you how do you protect your VoIP systems from that hostile world of the Internet?

Smoke On The Firewall For Senate Democrats?

Mon, 30 Aug 2010 16:11:00 GMT

WATCHING WASHINGTON: The party that reached 60 seats last year now fears a downward path that could go below 50. Races that they thought were sure bets in three states aren't looking so sure anymore.

Smoke On The Firewall For Senate Democrats?

Mon, 30 Aug 2010 16:11:00 GMT

WATCHING WASHINGTON: The party that reached 60 seats last year now fears a downward path that could go below 50. Races that they thought were sure bets in three states aren't looking so sure anymore.

Smoke On The Firewall For Senate Democrats?

Mon, 30 Aug 2010 16:11:00 GMT

WATCHING WASHINGTON: The party that reached 60 seats last year now fears a downward path that could go below 50. Races that they thought were sure bets in three states aren't looking so sure anymore.

25% Of Malware Spread Via USB Drives

Fri, 27 Aug 2010 22:54:15 GMT

Forget the firewall. About 25% of malware today is designed to spread via USB storage devices that connect directly to PCs.

Pajiba Love 27/08/10

Fri, 27 Aug 2010 16:00:00 GMT

Thanks to branded, are you or someone you know a hopeless nerd stuck fucking in the missionary position? Well, thanks to the Tron-a-Sutra, your sex life will never be boring again. Just remember to play safe: Use a firewall. (WonderHowTo)...

China Braces for New Computer Security Battle

Fri, 27 Aug 2010 14:28:44 GMT

China has ordered its banks and other major companies to limit use of foreign computer security technology, setting up a possible trade clash with the United States and Europe while adding to strains over high-tech secrecy as some nations threaten to curtail BlackBerry service.

Beijing's restrictions cite security concerns but are also consistent with its efforts to build up Chinese technology industries by shielding them from competition and pressing global rivals to hand over know-how.

The United States and the European Union have raised questions in the World Trade Organization about the rules. An American industry group is criticizing them as an attempt to shut competitors out of a promising market. Authorities are inspecting companies to enforce the restrictions and some have been told to replace foreign technology.

"These are legitimate security concerns, but the Chinese are going way too far," said Steven Kho, a trade lawyer for law firm Akin Gump in Washington. "You cannot say from the outset, 'All foreign products are a security risk.'"

Washington and Europe, which hope technology sales to China will help drive their economic recovery, want Beijing to scale back plans to enforce the rules on a wide range of industries including oil and gas, banking, utilities and telecommunications.

The rules, dubbed the Multi-Level Protection Scheme, or MLPS, come as Beijing tries to protect its fledgling technology companies by favoring them in procurement, promoting Chinese standards for mobile phones and prodding foreign competitors to disclose encryption technology.

The restrictions add to pressure on foreign companies that accuse Beijing of squeezing them out of key industries in violation of its free-trade pledges.

They cover products such as network firewalls and digital identity systems -- a market dominated by Western companies such as Cisco Systems Inc. and Juniper Networks Inc. and Taiwan's Trend Micro Inc.

Beijing announced plans for the curbs in 2007...

EC2 Creators Nimbula Get $15m Bankroll

Fri, 27 Aug 2010 13:15:00 GMT

Nimbula, the so-called cloud operating system start-up put in train by a couple of the boys credited with creating Amazon’s EC2 service, has gotten a $15 million B round. Accel Partners led the check-signing. Sequoia Capital also pulled out a pen. Sequoia and VMware, oddly enough, staked Nimbula to its $5.75 million first round. Accel, like Sequoia, gets a board seat. VMware’s ex-CEO Diane Greene – in another small world moment – also sits on the board but is not an investor. The money is supposed to go into developing hybrid cloud computing technologies and pushing out Nimbula’s RESTful HTTP API-based widgetry for managing on- and off-premises infrastructures. The stuff is now in beta with a few multinationals in financial services, technology and healthcare that have scads of servers. Nimbula, which came out of stealth mode in June after getting started early last year, is writing a cloud management systems styled Nimbula Director that’s supposed to deliver Amazon EC2-like services behind the firewall. It’s advertised as blending EC2-like scale, agility and efficiency with private infrastructure customization, security and control by repurposing the data center – well, at least the data center’s preferably 64-bit industry standard gear– while supporting controlled access to off-premise clouds. Nimbula Director promises to provide utility-grade cloud features like policy-based authorization, secure multi-tenancy, topology-independent distributed network security, dynamic storage provisioning, monitoring and metering. It’ll automate deployment and cloud management to scale and migrate existing applications into the cloud by supporting multi-platform environments and flexible networking and storage. Nimbula Director installs on bare metal and runs on a single or multi-cluster site made up of a networked collection of x86 computers. It works by abstracting the underlying technology into a coherent view of a completely automated on-premise compute cloud. The API is the interface. Cloud resources can also be managed via a command line interface (CLI) and web control panel built on top of the API. Beneath the virtual data center abstraction sits the physical layer of storage, network and compute hardware managed by the multilayer control software. Nimbula integrates a hypervisor, currently KVM or Xen, with node management software on each node to achieve automated deployment and configuration. It’s supposed to be able to span thousands of server nodes in a single control domain. Formal launch is expected later this year. By then it may be able to accommodate OVF, the open virtualization format, and VMware import. It converts VM image out-of-band to Nimbula or EC2 images. The Nimbula team includes co-founder and CEO Chris Pinkham, once VP of engineering at Amazon.com; co-founder and VP of products Willem van Biljon, who led the EC2 development team and in a previous life co-founded Mosaic Software; VP of sales and development Martin Buhr, an ex-Microsoftee who was business development director at Amazon Web Services; and VP of marketing Reza Malekzadeh, VMware’s long-time marketing guy and co-founder of Twingo Systems sold to Cisco. Your browser may not support display of this image.

The Aquarium: More Hudson Adoption - CloudBees Provides HAAS

Thu, 26 Aug 2010 17:52:08 GMT

The adoption of Hudson continues in many (or should I say all?) fronts. At some point it seemed to be mostly just Sun, but now it is Oracle and a whole cast of other companies and groups.

Today's addition to these movement is CloudBees a startup whose team includes a bunch of old friends, including Sacha, VivekP and BobB. As Bob and Sacha explain, CloudBees comes with two services DEV@cloud (SAAS for developers) and RUN@cloud (PAAS for production). The first piece - today's announcement - is about DEV@cloud, which is all around HaaS - Hudson As A Service. Very nice!

Welcome aboard, CloudBees - you can follow them at @CloudBees. Added And here is KK's welcome.

Hudson momentum is strong and wide. And does not show any significant negative impact from the Oracle acquisition of Sun, nor from Kohsuke's departure to his own start-up. If anything, the wider number of participants has energized the community (see Hudson-Labs) and seems to have solidified the role of Hudson as the leading CI product. Doing a quick recap...

Andrew just wrote a note reporting on the (anonymous) data collected from Hudson via the Update Center (you can opt-out, see his post). The result shows a growing number of connected installations (~23K, see image at left), plus whatever is behind firewalls.

Coincidentally, John has started a new (2010) poll on Build and CI tools, and Hudson currently shows >65% (although this is a self-selected poll, which has methodological issues, it is hard to argue with 65%).

There are many other signs of increased adoption. Some of the non-Oracle companies are MikeCI, CollabNet (here and here), Sonatype (here), and JFrog (here). Hudson is also strong at Oracle - its internal use has continued to grow both at "Sun legacy" and at "Oracle classic", and Winston Prakash very recently joined the Hudson@Oracle team and has already started contributing as part of the Development Tool Offering at Oracle.

And Kohsuke continues to be fully engaged, now with his InfraDNA hat, where he was recently joined by Kedar.

As Sacha signs off... Onward!

PS - Add comments with links to other companies I missed and I'll rev the post. Now, or whenever you move out of stealth mode...

Apple, Adobe, HP and others named in Ganas lawsuit

Thu, 26 Aug 2010 17:10:00 GMT

Apple, Adobe, Tivo, HP and Xerox are among 23 companies being sued by an Allen, Texas business, Ganas, in a new patent infringement lawsuit. Although four patents in total are said to be at stake, the key one is 7,136,913. This describes "a system for communication over the internet and through a firewall utilizing a single communications protocol," using a simple object access communications protocol, or SOAP....

Vyatta 6.1 now IPv6 certified

Thu, 26 Aug 2010 07:42:00 GMT

Open source networking software and hardware specialist Vyatta has released version 6.1 of its Linux-based router and firewall software. The networking distribution now has its IPv6 Ready Logo Phase 2 certification and new cloud-specific features...

Building a private cloud: Get ready for a bumpy ride

Wed, 25 Aug 2010 02:03:16 GMT

IT shops have begun steering away from public clouds because of the security risks; data is outside the corporate firewall and is basically out of their control Bill Claybrook ) 25 August, 2010 00:44 When cloud computing became a topic of discussion a few years ago, public clouds received the bulk of the attention, mostly due to the high-profile ...

Microscopic firewalls: Robust foils of synthetic nacre analogues act as a heat shield

Wed, 18 Aug 2010 11:18:58 GMT

(PhysOrg.com) -- Biological materials are fascinating because they are very light but have the ability to withstand extreme forces. Nacre is amazingly tough thanks to a multi-layer arrangement of platelet-shaped calcium carbonate crystals ("bricks") and proteins ("mortar") in the form of a "brick wall".

Alpine Linux 2.0.0

Wed, 18 Aug 2010 11:11:47 GMT

Alpine Linux is a community developed operating system designed for x86 routers, firewalls, VPNs, VoIP boxes, and servers.

Anti-Spam Virus Firewall Filter Solution

Sun, 15 Aug 2010 03:36:00 GMT

Check the undesired flow of information, unauthorized entry to your computer and data theft easily with anti-spam solutions that protects your data from spammers.

Our View: Delete key helps keep Internet scammers at bay

Fri, 13 Aug 2010 15:14:59 GMT

Despite spam blockers, firewalls and e-mail filters, the messages still arrive on an almost daily basis.

Alpine Linux 2.0.0_rc3

Wed, 11 Aug 2010 21:03:20 GMT

Alpine Linux is a community developed operating system designed for x86 routers, firewalls, VPNs, VoIP boxes, and servers.

Putting String Similarity into Context: Bulgaria's IDN (.бг) vs. Brazil's ccTLD (.br)

Wed, 11 Aug 2010 17:17:00 GMT

Bulgaria is a nation which is directly impacted by the current Fast Track automatic disqualification when Top-Level Domain (TLD) strings are "confusingly similar" to other TLDs, in this case an Internationalized Domain Name (IDN) country code Top-Level Domain (ccTLD). Bulgaria has already been declined twice (in late 2009, and in May of 2010) to register the *.бг Cyrillic IDN on the premise that it looks confusingly similar to Brazil's *.br ASCII TLD.

Being a native Bulgarian, I did not see how these two strings are similar—nor confusing for that matter—so a research on how ICANN determines a confusingly similar string was due. While reviewing the ICANN rules, it hit me that a very important part of the comparison was left out, namely how these strings will be used.

Before going into this, let me start with a few words on where the problem lies, i.e. why ICANN finds these strings to be confusingly similar.

Similarities and differences between Cyrillic and Latin characters – The Cyrillic letter б does not look like a b; it actually looks much more like the number 6, however every person who speaks a Cyrillic language will recognize the difference between the two letters and the number, especially when put into context (Click to Enlarge).The world population that speaks Cyrillic languages

Although a Latin-speaking user can certainly find these strings quite similar, a Cyrillic speaking person will know which one is which. The Cyrillic letter б does not look like a b (see my comparison of the Latin and Cyrillic alphabets); it actually looks much more like the number six 6, however every person who speaks a Cyrillic language will recognize the difference between the two letters and the number, especially when put into context (again, more on this later).

The difference between the subsequent top-level domain letters г and r are not as noticeable in regular fonts, but are very noticeable in hand-written and italic fonts. Still, a person who knows a Cyrillic language will know the difference. This case is even more obvious in hand-written and italic fonts:

.бг vs .br

As a result, it seems that the population that speaks Latin languages is the one finding these strings confusingly similar, which has resulted in the ICANN rules for string similarity, but without taking into consideration the population that speaks Cyrillic languages.

The population that speaks Latin languages

A major point that ICANN is missing in their current evaluation criteria for confusingly similar strings is that they do not review the TLDs, especially IDNs, in the context they will be used in. When reviewing an IDN in context, the evaluation of the string (and its alphabetical differentiation) becomes much clearer and easier. As an example, let's look at how а company's domain would look like in Latin and Cyrillic IDNs:

company.br
компания.бг (компания (BG) = company (ENG))

I doubt that someone will mistakenly take one for the other. Still, let's analyze this in more detail and review some extreme similarity cases.

Brazil's IDN vs. Bulgaria's IDN

The main reasons that differentiate Brazil's IDN from the Bulgarian IDN are:

A URL consists of a top-level domain and a second-level domain. Since .бг and .br are just top-level domains, they are meaningless without a second-level domain. When comparing full URLs, the difference between the two is exceptionally obvious.
Example: company.br and компания.бг
Brazil uses three tier domains (host+gTLD+ccTLD), whereas Bulgaria uses two-tier domains (host+ccTLD), which makes the visual gap between the two even larger. As a result, a Brazilian user looking at a Bulgarian URL will know right away that this is not a Brazilian domain, even if the host uses the same letters.
Example 1: Vivo is one of Brazil's mobile network operators. Their site is vivo.com.br which in Bulgarian would be виво.бг. There is no resemblance between the two.
Example 2: An imaginary company called American Electric has registered ae.com as its main domain. Its Bulgarian domain would be ае.бг, which does not resemble its Brazilian counterpart ae.com.br, even though the host is exactly the same. Even if Bulgaria starts using three-tier domain names (host+gTLD+ ccTLD), this URL will look like ае.ком.бг, which is also decidedly not the same as the Brazilian domain.

The Extreme Case of string similarity

IMPORTANT NOTE: The analysis below is excessive, and this is on purpose, because it could happen. It raises the importance of having regulations in the case that such situations arise in the future. This analysis presumes that Brazil uses two-tier domain names (host+ccTLD), and that there is a company with a domain string that is exactly the same in Cyrillic and Latin languages.

If a non-native English speaker (such as a Frenchman or a Spaniard) sees ae.бг, but knows the context where the URL is used/mentioned, s/he will most probably know that this is a Cyrillic/Bulgarian domain. No action here.
If a non-native English speaker (such as a Frenchman or a Spaniard) or a native English speaker sees ae.бг without knowing the context where the domain is used/mentioned, s/he may think that it is in Latin.

In such cases, regulation (which is ICANN's strength) should be in place to control the use of these strings and to ensure that a single registrant owns visually similar domains. In addition, browser vendors need to update their error message in case ae.бг is entered in Latin letters in the browser, and there is no such domain. The error message should reflect that the domain may be in Cyrillic. Here is an example for a possible error message:

Server not found
Firefox can't find the server at www.ae.bg.

Check the address for typing errors such as ww.example.com instead of www.example.com

Check the address for being in Cyrillic such as ае.бг instead of ae.br

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

ICANN Staff's reasoning on *.бг

ICANN staff's reasoning for declining Bulgaria is that "internet is a world resource and uniqueness is most important." However, its decision will have an impact on at least 7 million Bulgarians, not to mention their relatives and the Bulgarian-speaking population around the world. In addition, with the IDN ccTLD Fast Track Process ICANN wants to open the Internet to languages based on scripts other than Latin in order to make it more accessible, but at the same time impose limitations on its openness, thus effectively contradicting itself.

The good news is that ICANN is open for feedback (I have already submitted these comments to the ICANN), so hopefully these findings will make it into the ccTLD application and Fast Track review later this year. I will nevertheless appreciate your thoughts on this, so please leave a comment.

The history of the Cyrillic alphabet

To finish off, I would like to give you a little background on the Cyrillic alphabet.

The Cyrillic script is an alphabet developed in the 9th century by two brothers, Cyril and Methodius, who were later on venerated in the Eastern Orthodox Church as saints. The Cyrillic alphabet was first adopted by Bulgaria, my home country, and because of that Cyrillic is believed to be a Bulgarian alphabet, although this is debatable. The Cyrillic script is used in the Slavic nations of Belarus, Bosnia, Bulgaria, Russia, Serbia, Macedonia, Montenegro, and Ukraine, and in the non-Slavic nations of Moldova, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, Tuva, and Mongolia. With the accession of Bulgaria to the European Union on 1 January 2007, Cyrillic became the third official alphabet of the European Union, following the Latin and Greek alphabets. It is also one of the few alphabets that has its own holiday (May 24th), which is celebrated internationally.

Written by Vassil Petev, Unit Manager

Patch Fixes SMB Attack That Could Come from Within

Wed, 11 Aug 2010 15:20:34 GMT

In a record-setting August release, Microsoft issued 14 security bulletins to address 34 vulnerabilities, 14 of them rated as critical. The flaws span Windows and Office, Internet Explorer, Silverlight and SQL.

Joshua Talbot, security intelligence manager for Symantec Security Response, is shining a light on the SMB pool overflow vulnerability. As he sees it, this should be a real concern for enterprises.

"Not only does it give an attacker system-level access to a compromised SMB server, but the vulnerability occurs before authentication is required from computers contacting the server," Talbot said. "This means any system allowing remote access and not protected by a firewall is at risk."

Beyond Best Practices

Although best practices dictate file- or print-sharing services, such as SMB servers, should not be open to the Internet, Talbot said such services are often unprotected from neighboring systems on local networks. That paves the way for cybercriminals to use a multi-staged attack.

"Such an attack would likely start by compromising an employee's machine via a drive-by download or a socially engineered e-mail, and would end by using that compromised computer to attack neighboring machines on the same local network that has the SMB service running," Talbot said.

This affects more than just file servers using the SMB service. Talbot said workstations that have enabled file and print sharing are also at risk. "Laptops with this configuration that connect to untrusted networks, such as public Wi-Fi, or that allow ad hoc connections could be attacked by neighboring computers," he warned. "The user could then unwittingly carry their infected system back to the enterprise, opening the door to an organization's entire network."

Movies to Malware

SMB servers aside, August is another movies-to-malware month for Microsoft, according to Andrew Storms, director of security operations at nCircle. Four of the 14 bulletins this month fix bugs in media applications....

New federal antipiracy regulations await returning students

Wed, 11 Aug 2010 00:53:22 GMT

Baylor University doesn't want its students using peer-to-peer networks. A BlueCoat PacketShaper locks down bandwidth to students, and all inbound ports are blocked by the campus firewall to keep "computers from acting as servers or super nodes in peer to peer networks." Illinois State uses a packet shaping device called the Packeteer; it singles ...

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 10 Aug 2010 20:00:50 GMT

JNPR ) today confirmed its Intrusion Detection and Prevention (IDP) security systems and Integrated Security Gateway (ISG) firewall/virtual private network (VPN) systems with IDP offer protection for ...

CVE-2010-2821 (firewall_services_module, firewall_services_module_software)

Mon, 09 Aug 2010 00:00:00 GMT

Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694.

CVE-2010-2820 (firewall_services_module, firewall_services_module_software)

Mon, 09 Aug 2010 00:00:00 GMT

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61662.

CVE-2010-2819 (firewall_services_module, firewall_services_module_software)

Mon, 09 Aug 2010 00:00:00 GMT

CVE-2010-2818 (firewall_services_module, firewall_services_module_software)

Mon, 09 Aug 2010 00:00:00 GMT

Microsoft LNK File Patch Has Problems [Duh!]

Sun, 08 Aug 2010 02:33:03 GMT

The very next day I went back, removed the Sophos fix once again, disabled both the Avira antivirus I was running, and the HIPS+ features of my Comodo Firewall, and then re-applied the KB2286198 patch.

Workplace Gibes Propel Google Ageism Case Forward

Fri, 06 Aug 2010 20:07:46 GMT

A former employee's age-discrimination lawsuit against Google can proceed now that the California Supreme Court has cleared the way for "stray remarks" made by his colleagues to be included as evidence. The suit was originally filed in Santa Clara County in 2004 by Brian Reid, who served as director of operations and engineering at Google and is known for creaing the first Internet firewall.

Alpine Linux 2.0.0_rc2

Fri, 06 Aug 2010 00:53:00 GMT

Alpine Linux is a community developed operating system designed for x86 routers, firewalls, VPNs, VoIP boxes, and servers.

Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

Wed, 04 Aug 2010 23:10:43 GMT

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

error

Tue, 03 Aug 2010 07:19:25 GMT

The first steps in getting started with iptables. Building a firewall is something that easily can be done using a Linux machine.

error

Tue, 03 Aug 2010 06:35:11 GMT

The first steps in getting started with iptables. Building a firewall is something that easily can be done using a Linux machine.

Blog - A Simple, But Effective, Way to Beat Internet Censorship

Sun, 01 Aug 2010 04:00:00 GMT

A new tool could help get blocked news past government firewalls.

A new tool will join the censorship circumvention arsenal this September.

FileZilla FTP Client and FTP Server

Fri, 30 Jul 2010 01:15:28 GMT

FileZilla is a popular open source file transfer client program that provides an easy to use graphical user interface, restores interrupted file transfers, and supports SFTP (SSH File Transfer Protocol). Administration of multiple FTP sources and support for firewalls are provided as well. It is available for all major platforms and supports multiple languages.

...

Read Full Post

Microsoft wants to park a cloud container in your driveway

Thu, 29 Jul 2010 18:21:00 GMT

By Joe Wilcox, Betanews

Cloud computing dominated the morning's Microsoft Financial Analyst Meeting 2010 presentations. COO Kevin Turner and Chief Research Strategy Officer Craig Mundie spent more time talking cloud computing than any other topic. For Mundie, it was a bold departure from previous years, where he spoke broadly and almost exclusively about forthcoming technologies -- typically years from release, if ever. Last year, he asserted that the successor to the PC would be "a room."

Some reasons for Microsoft's cloud focus should be obvious:

1. Azure is available, as of six months ago.

2. Cloud computing is all the rage right now.

3. Microsoft recently released new hosted applications.

4. Competitors are rallying behind the cloud to runaround the Office-Windows-Windows Server applications stack.

5. Hosted apps let businesses offer employees anytime, anywhere, on-anything data access, while better protecting corporate information.

But there is another reason that might be less obvious: New sales. For core products Office and Windows, and increasingly SharePoint and Windows Server, Microsoft is reselling to the same customers. With these established products, the company doesn't have anything really new to offer. C`mon what's all that different between Office 2007 and 2010? Windows 7 is an easier upgrade because most businesses run 9-year-old Windows XP. But Microsoft is still selling to the same customers.

Azure and hosted Microsoft applications are new, fresh products with that familiar look and feel of the old stuff. Microsoft also can solve real-world problems: Helping businesses to meet mobile demands with lower privacy and security risks. It only takes one stolen or lost laptop containing millions of customer records to spoil a corporation's year. Cloud computing provides a means of giving employees greater mobility while holding data behind the firewall.

Mundie used "data authority" to describe Microsoft's approach. "The other thing that we look to the cloud for increasingly is to be the data authority," he told financial analysts. "And I think that will be true whether as a person or an institution you want to have one place where you believe you can put an authoritative copy of information or have it propagate around to all the appropriate applications or devices in your life or work environment."

From the "something new to sell" perspective, Mundie and Turner did more than tell financial analysts about emerging opportunities around the cloud. The executives made sales pitches to potential customers. After all, many of the financial companies represented in the FAM audience should be looking at adopting the kind of cloud services Microsoft offers -- sooner, rather than later. Surely Microsoft would also benefit from financial analysts satisfied with its cloud services. Wall Street's elite make more than recommendations about stock investments. They are IT influencers, even subtly. Satisfied customers are good evangelists.

Successful marketing is also about controlling the vernacular, something Microsoft attempted to do with "software plus services." Today Mundie put firmer spin on "client plus cloud as a computing platform"; the term "client plus cloud" isn't new for Microsoft, but both executives gave it a firm kick. Mundie explained:

Let me talk about role we think the cloud plays. Many people talked about it runs your applications or it's a piece of your infrastructure. But we think of it more broadly...The cloud is a place where we get to do the orchestration across all these myriad devices in your life, across a whole array of applications. The world that many of us have grown...as the mobile environment or personal computing or laptop computing environment were emerging were that each of them was a bit too much of an island. It was a very manual process to maintain the relationship and data and communication that you would ideally want among these devices. And as the number and type of devices grows essentially without bound, it would be a nightmare if this was left as an exercise to the user. So the cloud becomes a place where we can orchestrate the operation of these collection of devices and that will be a very, very important part of what makes this useful and interesting.

But "client plus cloud" isn't descriptive enough. Unless I misunderstood the executives, Microsoft is going into the big-iron hardware business. So "client plus cloud" has broader meaning. Mundie told FAM attendees they can explore a "prototype of a container" with 600 servers "sitting in the parking lot right outside." He explained what such a porta-server farm could do for them: "It's completely self-contained. You don't need chilled water. In fact, you just hook it up to your garden hose. You put in electricity and your fiber optic connection and you can be online...You'll be able to buy these things and just have them delivered in your parking lot and put it anywhere you want. This is the ability to combine the super scale capabilities that [Turner] alluded to and the knowledge and understanding that comes from that with the ability to do creative engineering."

Now that's a sales pitch.

70% of Microsoft cloud 'wins' are new customers

Thu, 29 Jul 2010 16:57:00 GMT

By Joe Wilcox, Betanews

Microsoft COO Kevin Turner made the bold statement this morning during the company's annual FInancial Analyst Meeting. "One of the most exciting things about our cloud strategy is that 70 percent of the wins in the cloud that we had in Q4, ladies and gentlemen, were new Microsoft customers," Tuner told financial analysts. "Yeah, new Microsoft customers. They were IBM Lotus Notes customers, Novell e-mail customers. They were all this other stuff, in addition to the Microsoft customers, that we're actually able to grow our portion of the pie this next year in a very dramatic way, because we can explode worker productivity."

"New" and "customers" are two words not often conjoined at Microsoft. The company's enterprise products are so well established, new sales are usually to existing customers. That Microsoft is adding any new customers from its cloud services is significant. The number Turner stated is staggering, assuming his definition of "new" means a customer who isn't using Microsoft products somewhere else, which is a tough claim for this reporter to believe.

Turner identified cloud computing as one of several "big focus" areas for enterprises. "The first one is around rebooting, retransitioning, replatforming ourselves, if you will, around leading with a cloud with our customers," he said. If you want to go to the cloud, we'll help you do that. We've changed that. I don't believe that was a good move strategically, and it's one I'm personally course correcting on as a direction."

The statement is surprising. In January, I raised concerns that Microsoft's Azure cloud strategy had changed shape -- that the deliverable looks more like a cross between Amazon cloud services and hosted Microsoft applications than the operating system in the sky vision previously outlined by Ray Ozzie, chief software architect. That Turner, who represents the Office and Windows hawks, is presenting the cloud strategy is troubling. What about Ozzie? The cloud had been his baby and the way for Microsoft's reinvention.

Still there's some sense to Microsoft's approach. Turner used "Access Anywhere" to describe what I've long called "anytime, anywhere, on-anything" computing. Turner's term is more concise but similar concept. Businesses can take control of their information by providing access through hosted services. Employees can benefit from mobile computing without taking precious data outside the firewall on laptops, smartphones and other mobile devices.

"We now have over 10,000 paying customers on our cloud infrastructure platform and that number is continuing to grow every day," Turner said. (By the way, I could not get Microsoft's video plug-in to work in any non-Internet Explorer 8 browser; I've pulled the quotes from the live transcript, which uses a Java plug-in.)

"Our second big focus for businesses clearly is around the Windows 7 and Office 2010 refresh," Turner told FAM attendees. Microsoft sells nearly 8 copies of Windows 7 a second. "For the first time in a long time, we grew share versus Apple in the United States in laptops per IVC this past year. Thanks to Windows 7. In fact, we were up 2.7 points against Apple in the United States in laptops." That Turner must even mention Apple says something about how he views the Mac maker competitively. Apple's market capitalization exceeds Microsoft and only a few hundred million in revenue separated the companies during second calendar quarter.

Turner identified several competitors that Microsoft is targeting: Google, IBM, Oracle and VMware. He ended his presentation by returning to the cloud. "Our client software that connects to the cloud and the better our cloud software is the more value that will drive to our on premises client software, and we're going to continue to push on that in a very profound way," he said.

What that really means: For enterprises, Microsoft is attempting to extend its Office, Windows, Windows Server application stack to cloud services. If businesses buy into Microsoft's cloud, they get the integrated benefits. It's not an open stack.

Turner talked about the future, which is exactly the right approach. As I asserted yesterday, today is about tomorrow -- Microsoft conveying what it will accomplish in the near future rather than what financially happened in the past.

Acme Packet launches "Powered by" program

Thu, 22 Jul 2010 16:36:09 GMT

Remember when 'Intel Inside' was the easy way to know if a computer was going to be fast enough for your needs? Well what if your network element had a stamp to let you know that you were going to get the right session border control (SBC) elements with whatever device you were picking up?

Acme Packet has come up with a variation on this idea to get their Net-Net SBC into the hands of customers everywhere: make it easy to embed the Net-Net OS-E SBC into network elements at the enterprise border and let IP communication solution providers stamp a "Powered by AcmePacket" label on the side.

The new initiative truly expands the territory of Acme Packet's SBC solutions, putting them in the hands of SMBs and small contact centers. In addition, the program enables IP communications infrastructure providers to embed SBC software in a wide range of hardware platforms such as IP PBXs, unified communications (UC) servers, multiservice business gateways, firewalls and routers, allowing for an SBC solution that occupies a smaller footprint on the customer premise.

For more details:
- read the release

Cloud Expo Sponsor Compuware Named a “Value Leader” by EMA

Thu, 22 Jul 2010 00:30:00 GMT

Compuware Corporation on Wednesday announced that Enterprise Management Associates (EMA) has named Compuware a “Value Leader” and recognized as the industry’s best Business Service Management (BSM) solution in the “EMA BSM Service Impact Radar Report.” The report evaluated 14 BSM vendors on vendor strength (architecture, integration functionality), cost efficiency (ease of administration, deployment, customer support, cost advantage) and product strength. A complimentary copy of the report can be viewed at: http://bit.ly/c1hTMK . Value leaders are among the BSM Service Impact elite who have achieved the highest product scores around cost, deployability, architecture and functionality. They also have relatively quick time-to-value with strong contributive BSM Service Impact benefits. According to the report: “Compuware’s strengths in overall Service Impact monitoring are industry leading—in part because of its native strengths in flow-based views of complex applications/infrastructures, its leadership in User Experience Management and its recent acquisition of Gomez for superior support of mobile environments and transaction performance from outside the firewall.”

Who will trust open source security from the government

Wed, 21 Jul 2010 12:47:54 GMT

The Open Information Security Foundation, headed by Mark Jonkman of Emerging Threats and Victor Julien of the Vuurmuur firewall project, are offering an intrusion detection and prevention engine with multi-threading automatic protocol detection for a wide variety of protocols.

Microsoft releases beta of latest free anti-malware service Security Essentials

Tue, 20 Jul 2010 19:33:33 GMT

on Microsoft Connect today , includes a number of new features: a new protection engine and network inspection system, integration with Windows Firewall, and integration with Internet Explorer for web...

Microsoft releases beta of latest free anti-malware service Security Essentials

Tue, 20 Jul 2010 17:00:42 GMT

By Tim Conneally, Betanews

Today, Microsoft has released the next version of Microsoft Security Essentials in beta. The free anti-malware service was first debuted in 2009 after Microsoft discontinued Windows Live OneCare.

The beta, available on Microsoft Connect today, includes a number of new features: a new protection engine and network inspection system, integration with Windows Firewall, and integration with Internet Explorer for web-based malware protection.

This is a limited beta, available in English in the US and Israel, and is available to genuine Windows users on a first-come first-serve basis until it reaches the maximum number of participants. To download the beta, visit Microsoft Connect, and fill out the beta registration info.

Copyright Betanews, Inc. 2010

Microsoft Security Essentials - Microsoft - Windows Live OneCare - Malware - Internet Explorer

Science and Meditation

Tue, 20 Jul 2010 16:33:36 GMT

The June issue of the scholarly journal Psychlogical Science has an article titled "Intensive Meditation Training Improves Perceptual Discrimination and Sustained Attention" by Katherine A. MacLean and 12 other people. The article itself is behind a subscription firewall, but the gist of it is that researchers decided Buddhist meditation increases attention span.

...

Read Full Post

Firewalls for bad websites

Tue, 20 Jul 2010 12:00:00 GMT

Meet the Bissessars: Prime Minister Kamla Persad-Bissessar and her husband Dr Gregory Bissessar greet supporters at a People's Partnership local gover...

China happy with Google's latest tweaks, saga appears at an end

Tue, 20 Jul 2010 07:30:00 GMT

The China versus Google spat seems to be drawing to a conciliatory end today, as a senior state official has announced China is "satisfied" with Google's latest round of changes . This was somewhat predictable given that the country just recently renewed El Goog's license to host sites within its borders, but it's always reassuring to get confirmation from an official source. The American search giant had tried to strike a precarious balance, by having its local .cn domain adhere to Chinese laws and dictum while also providing a link out to its uncensored Hong Kong hub, and that seems to have done the trick. Ultimately, even the .hk search results will be subject to China's firewall -- which will render the most sensitive info inaccessible -- but at least Google can walk away from this dispute claiming that it's providing uncensored search in some form, even if its output can't always be put to good use.

China happy with Google's latest tweaks, saga appears at an end originally appeared on Engadget on Tue, 20 Jul 2010 03:30:00 EDT. Please see our terms for use of feeds.

Permalink | Reuters | Email this | Comments

Laptops will have firewalls to protect kids

Tue, 20 Jul 2010 02:16:35 GMT

Prime Minister Kamla Persad-Bissessar has assured citizens that firewalls will be placed on every laptop given to SEA students to prevent them from accessing negative Web sites. Speaking at a politica...

Increasing holes in the Great Firewall of China

Fri, 16 Jul 2010 18:48:52 GMT

There are now 420 million Internet users in China, up 36 million in the past six months alone.

The Aquarium: Friday Tips #5: SailFin CAFE, Drupal 6 on GlassFish 3, Websockets with GlassFish, ...

Fri, 16 Jul 2010 18:00:00 GMT

Here are some tips that have been recently published on Java EE 6 & GlassFish:

• SailFin CAFE - GreetingService Demo
• Initial support for GlassFish 3.1 in NetBeans
• CAFE : Sending large file(s) from remote client browser to a Conference using MSRP APIs
• Initial support for GlassFish 3.1
• EJB 3.1 + Hessian = (Almost) Perfect Binary Remoting
• Drupal 6 on GlassFish 3 with Quercus using NetBeans 6.9 in less than 5 minutes
• Websocket/Comet survival guide to Proxy, Firewall and Network Outage
• Using btrace with Glassfish v3
• Apache, (SSL), mod_proxy and Glassfish 3
• An Eclipse / GlassFish / Java EE 6 Cookbook
• RESTful service with JAX-RS (and JPA 2 for the access to the data)
• Configure GlassFish v3.0.1 for Comet Support
• Glassfish over a Zone over OpenSolaris
• JavaEE 6: EJB Webservices in war

Let us know if you have seen or published a detailed tip like shown above and we'll be happy to share them.

Security vs. Social Media: How to Keep Your Customers on the Winning Side

Thu, 15 Jul 2010 14:53:00 GMT

Without a doubt, social networking and other Web applications have experienced an exponential upwards spike in recent years, and subsequently users are becoming more proficient about masking their use in the workplace. As employees engage in tricks that include using company laptops for recreational home use to deploying proxy servers to mask their use within the organization's firewall, IT administrators are steadily losing visibility and control.

Planet Eclipse: Alex Blewitt: Eclipse CVS checkout behind a firewall and proxy

Wed, 14 Jul 2010 14:08:57 GMT

I discovered today that it is now possible to do anonymous checkouts of Eclipse projects behind a firewall. There has been (for a long time) a CVS server running on proxy.eclipse.org on port 80 (for anonymous access) and port 443 (for committer access). However, the anonymous access only works if you have only a firewall (i.e. which lets any traffic through on port 80).

Most large organisations however don't employ only a firewall - they also have an HTTP proxy sitting in the middle. The problem is that the HTTP proxy only knows how to speak HTTP, and gets confused when network clients start declaring their affections.

HTTPS isn't so encumbered, however; what happens is that the client sends a HTTP Connect message, and thereafter all the bits are opaque to the proxy. But also, most HTTPS proxies will only permit CONNECT calls through to port 443; which is why the committee proxy works.

Fortunately, those nice people at Eclipse have set up a second box, pebbles.eclipse.org, which runs an anonymous CVS client on port 443. This means if you use "pebbles.eclipse.org" as the host, /cvsroot/eclipse (etc) as the CVSRoot, pserver as the method, anonymous as the user, and change the port to 443, and Bam! Bam! You can checkout code from behind the firewall.

I don't know how long it's been in place - I know I've wanted it for a while - but thanks to the Eclipse Webmasters I can now checkout from CVS. At least I'll get some use out of it before everyone migrates to Git ...

Juniper Networks Protects Customers From New Microsoft Vulnerabilities Disclosed Today

Tue, 13 Jul 2010 20:40:01 GMT