VMWare showed last month that it was readying for a battle with Microsoft by ousting its founder and CEO Diane Greene, and replacing her with ex-Microsoft Vice President of Platform Strategy and Developer Group Paul Maritz. The news sent the shares tumbling by 28% and the company gave no public reason for the move although it seems likely that they wanted an ex-Microsoft VP in charge in order to better fight a potentially bloody fight with Microsoft over the virtualisation market.
Shortly after the move, VMWare announced that their new virtualisation product ESXi would be available for free. VMWare ESXi is the thin hyper-visor based virtualisation product which, unlike ESX or Microsoft’s current Hyper-V product, doesn’t require to be installed on top of an operating system. The move was clearly to up competition with Microsoft (who is effectively giving Hyper-V away Server 2008) and increase VMWare’s installed base, while still earning revenue from support and enterprise management products.
Continue reading ‘VMWare fights back, and stumbles’
Filed under Virtualisation. |
July should have been a great month for Apple, it was the month that was to see the much talked about (and hyped) 3G iPhone, MobileMe service and iPhone App store. Instead the company has been plagued with problems.
First there was the iPhone day (July 11th) launch which didn’t go as well as they had hoped. In both the US and the UK there were stock shortages, problems activating phones, systems crashing while credit checking purchasers and even the UK mobile phone provider’s O2 activation website only supporting Internet Explorer and not Safari! Users upgrading their original iPhones to the v2 software didn’t fare much better with failed downloads leaving iPhones unusable.
Continue reading ‘A difficult month for Apple’
Filed under Apple and Security. |
There’s been a lot of talk about the DNS vulnerability (CVE-2008-1447) discovered by Dan Kaminsky. The exploit, as detailed by the Common Vulnerabilities and Exposures Database, allows remote attackers to spoof DNS traffic enabling the poisoning of DNS caches in order to send systems to malicious websites. This greatly increases the risk of phishing attacks or drive-by malware installation and essentially means that there would be no way to know if you’ve been directed to the authenticate site or a malicious copy. This vulnerability was caused by the insufficient randomness of DNS transaction IDs and source ports in DNS for both BIND based implementations as well as Windows systems.
Dan Kaminsky worked with major vendors such as Cisco, Sun and Microsoft in order to release co-ordinated patches which coincided with Microsoft’s regular patch Tuesday on 8th July. Kaminsky and the vendors kept the specifics under wraps to allow systems to be patched before the vulnerability could be exploited. He promised to release the details at the Black Hat ‘08 conference in Vegas on 2nd August.
Continue reading ‘DNS attack in the wild’
Filed under Apple, Linux, Microsoft, News, Security and Web. |
Tippingpoint, a company providing Intrusion Prevention Systems, has published a post on their site detailing how they successfully infiltrated the Kraken botnet and took control of over 25,000 unique bots. The Kraken botnet is arguably the world’s largest botnet with estimates ranging up to 400,000 bots under its control.
Security researchers at TippingPoint infiltrated the botnet after reverse engineering a sample of the malware and successfully took control of 25,000 unique bots within 7 days. This raised the question of was it ethical to disable the malware on these systems now that they had control of them? This is an interesting question as running code on the remote system to disable the malware can be seen as doing good, however as the code is unauthorised and they are controlling a system without the owners’ consent they are in the same legal situation as the malware writers. In the end they decided to leave alone.
From the WindowsIT Pro Security Update.
Filed under Malware and Security. |
