via IBM Product Security Incident Response Team http://bit.ly/1gRxe0a
Saturday, May 31, 2014
IBM Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114)
via IBM Product Security Incident Response Team http://bit.ly/1gRxe0a
IBM Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
via IBM Product Security Incident Response Team http://bit.ly/1ofhtPx
IBM Security Bulletin: IBM Platform HPC (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
via IBM Product Security Incident Response Team http://bit.ly/1gRxe00
IBM Security Bulletin: IBM Platform Cluster Manager (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
via IBM Product Security Incident Response Team http://bit.ly/1gRxdcq
IBM Security Bulletin: IBM Platform Application Center (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)
via IBM Product Security Incident Response Team http://bit.ly/1ofhtz9
IBM Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator
via IBM Product Security Incident Response Team http://bit.ly/1ofhtz1
IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)
via IBM Product Security Incident Response Team http://bit.ly/1gRxb4h
IBM Security Bulletin: IBM Smart Analytics System 7700 CPU utilization (CVE-2014-0963)
via IBM Product Security Incident Response Team http://bit.ly/1gRxaNS
IBM Security Bulletin: IBM Tivoli Monitoring CPU utilization (CVE-2014-0963)
via IBM Product Security Incident Response Team http://bit.ly/1gRxaNM
IBM Security Bulletin: The IBM Smart Analytics System 7700 and 7710 are affected by a local escalation of privilege vulnerability (CVE-2014-0935)
via IBM Product Security Incident Response Team http://bit.ly/1ofhqmG
IBM Security Bulletin: The IBM Smart Analytics System 7700 and 7710 are affected by a local escalation of privilege vulnerability in IBM DB2 for Linux, Unix, and Windows (CVE-2014-0907)
via IBM Product Security Incident Response Team http://bit.ly/1gRxcFm
University researchers test cyber-defense for nation's power grid
via Network World on Security http://bit.ly/1wHYYZZ
IBM Security Bulletin: IBM Support Assistant (CVE-2014-0050)
via IBM Product Security Incident Response Team http://bit.ly/1hmg1MO
IBM Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant January 2014 CPU
via IBM Product Security Incident Response Team http://bit.ly/RPf6Ih
IBM Security Bulletin: A vulnerability in the IBM SDK Java™ Technology Edition affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-0411)
via IBM Product Security Incident Response Team http://bit.ly/1hmg1wr
IBM Security Bulletin: Executing a query with an OLAP specification on the IBM Smart Analytics System 7700 and 7710 causes the DB2 server to terminate database connections (CVE-2013-6717)
via IBM Product Security Incident Response Team http://bit.ly/1hmg0ID
How Do You Know if IT is Truly Transformational?
�Transform your organisation by leveraging the convergence of cloud with the inherent synergies between the information superhighway and the innovation confluence between crowdsourcing and viral inputs.�
We�ve all sat in meetings and presentations listening to meaningless strings of words like these being thrown around with reckless abandon. The biggest offender among these terms is the word transformation. It seems that every IT organization is undergoing a transformation of one type or another.
In the dictionary, transformation is defined as a marked change in form, nature, or appearance. By this rationale, any IT project could be considered a transformation, however I think it�s a little more nuanced than this.
For example, a number of years ago I was involved in a mail platform migration from Lotus Notes to Exchange. Within the technology department, this project was heralded as a major transformation. Was this really a transformation? The first step in deciding is ensuring that we�re all speaking the same language, i.e., we have a common definition.
To decide whether an initiative is truly transformational, there are some key attributes to consider:
- Aligned to a business transformation
The surest indicator of an IT transformation is whether it is aligned to a business transformation. When the business undergoes a transformation, for example moving into digital markets, then IT needs to follow suit. - Touches technology, process, and people
Transformation should not be limited to just technology; it needs to reach across the IT organization to include the elements of people and process. The software-defined data center (SDDC) vision is a great example of a transformation that drives efficiency and automation across the entire IT organization and fundamentally changes the way IT does business. - Usually a large program of work
Larger programs of work have more touch points across the IT organization. This is not solely an attribute of transformation, but it�s certainly an indicator. In my earlier example, if the mail migration were a component of a larger activity based working (ABW) program, then it would be a transformation! - Often has a cost reduction coupled with a productivity dividend goal
IT is continually being asked to reduce cost while delivering improved service levels. As a result, transformation almost always has cost reduction, efficiency, and productivity dividends. Otherwise, why would you bother? - Is innovative, introduces something new, or modernizes
By definition a transformation is a change — and real transformation is driven by innovation within the IT organization. Businesses survive and thrive based on driving new innovations within their markets. IT is no different and must continually innovate to remain relevant and deliver the services the business needs, all within budget.
Using my previous mail exchange migration example, the outcome was not transformational as it was purely technology-focused with the business impact being a change in mail platform; evolutionary perhaps — certainly not revolutionary.
Now that we understand and have defined what constitutes a transformation, I�ll talk about how to transform your IT organization using VMware�s end-user computing vision in my next post.
In the interim, if you think of other elements that are required for a transformation or have any feedback, please drop me a line.
——
Daryl Bishop is a business solutions architect with VMware Accelerate Advisory Services and is based in Melbourne, Australia.
via VMware Blogs http://bit.ly/1mCJ1NB
IM Trojan Woos Victims with Bible Verses and Good Manners
via Infosecurity - Latest News http://bit.ly/1puFzJQ
Enterprise mobility news recap: May 26 – 30
via VMware Blogs http://bit.ly/1pGDbNg
Enterprise mobility news recap: May 26 – 30
Friday, May 30, 2014
Guidance for Major Incident Management Decisions
If you�re an IT director or CIO of a corporation that has large, business-critical environments, you�re very aware that if those environments are unavailable for any length of time, your company will be losing a lot of money every minute of that downtime (millions of dollars, even).
Most of my IT clients manage multiple environments, many of which fall into the business-critical category. One proactive step is to define �key� or �critical� environments, which can be assigned to a specific individual accountable for the restoration of service for that environment.
The Information Technology Infrastructure Library (ITIL) defines a typical incident management process as one that is designed to restore services as quickly as possible, and a �major incident� management process is designed to focus specifically on business-critical service restoration. When there are incidents causing major business impact that are beyond typical major incident management functions, it�s important to pinpoint accountability (special attention, even beyond their regular major incident process) for those business-critical environments where your company would experience a significant loss of capital or critical functionality.
The First Responder Role
Under multiple business-critical environment scenarios, each major environment is assigned a first responder who assumes the major incident lead role for accountability and leadership. The first responder has accountabilities that are typically over and above the normal incident management processes for which an incident manager and/or major incident manager may be responsible. The first responder�s accountabilities are to:
- Restore service for those incidents that fall into the agreed-upon top priority assignment (P0/P1, or S0/S1, depending upon whether priority or severity is the chosen terminology), as well as all technical support team escalations and communications to management regarding incident status and follow-up, once resolved.
- Create documentation to guide the service restoration process (often referred to as a playbook or other unique name recognized for each major environment), which specifies contacts for technical teams, major incident management procedures for that specific environment, identification of the critical infrastructure components that make up the environment, or other environment-specific details that would be needed for prompt service restoration and understanding of the environment.
- Develop the post-incident review process and communications, including the follow-up problem management process (in coordination with any existing problem management team) to ensure its successful completion and documentation.
I also recommend that this primary process management role of accountability be assigned to someone familiar with all of the components and processes of the specific environment they are responsible for, so the management process can run as smoothly as possible for business-critical incidents.
Reducing the Business-Impact of Major Incidents
With a first responder in place, the procedure for resolving major incidents is more prescribed. With each major incident, your company learns what is causing incidents—and most importantly, has a documented process in place for resolution. Ultimately, the incidents are resolved faster and more efficiently, and your company avoids costly loss of critical functionality or capital due to downtime and is able to avoid similar incidents in the future
The business increasingly looks to IT to drive innovation. By keeping business-critical environments available, you can deliver on business goals that contribute to the bottom line.
—–
Brian Florence is a transformation consultant with VMware Accelerate Advisory Services and is based in Michigan.
via VMware Blogs http://bit.ly/1tYWfZE
Reporting on Site Recovery Manager Failover via PowerCLI
So we’ve automated some Site Recovery Manager failovers with PowerCLI. Say we run a weekly test for a given recovery plan. But now we want to know how it worked. Maybe generate a table report, maybe email it out, whatever.
Take a look at the following:
I’m assuming you’ve already done the Connect-VIServer and $SrmConnection to the appropriate systems. What next? Well as before the $SrmAPI mapping again gives us an entry point to the actual SRM API itself.
$PlanMoref = $SrmApi.Recovery.Listplans()[1].moref
This is in essence retrieving the managed object reference ID for the recovery plan returned by “Listplans”. You will need to know which recovery plan you want to report on, but that is easily determined by running the Listplans method without any reference, i.e. simply running:
$SrmApi.Recovery.Listplans
Once you know that you know which plan you want to run the report on and you know whether to pass a [0] or a [1] or whatever to the $PlanMoref variable you are creating.
Once that is done we want to pull out the managed object reference to the *history* of the recovery plan execution. So we execute the GetHistory method against the $PlanMoref variable we have created, and assign it to the new variable $HistoryMoref .
$HistoryMoref = $SrmApi.Recovery.GetHistory($PlanMoref)
This then attaches us to the history of the particular recovery plan we want, and gives us a nice variable name to use for the next step:
$HistoryMoRef.GetRecoveryResult(1)
This, now, is the heart of the matter. It is retrieving the data from the latest run of the recovery plan we attached to earlier. The “1″ listed here indicates the most recent execution of the recovery plan. If we indicated “2″ it would not retrieve the second most recent, but the last *two* executions, and so forth. So to retrieve the details of the last run of our recovery plan, we need to know: a) The plan as listed by ListPlans , b) the Moref of the plan as listed by Listplans()[planid].moref , c) to attach to the history using the plan’s GetHistory($PlanMoref) , and that we d) access the output by running GetRecoveryResult against all the prior input.
Make sense? Fundamentally it can be reduced to the 4 or fewer lines, as per my example at the top. What you do *with* that output is up to you! If you check out the sample scripts for generating reports against the SRM API, or really reference any PowerCLI materials you’ll doubtless come up with some great ideas for generating tables, reports, emails, whatever is appropriate.
One last thing though – we’ve generated a test run automatically, and now run a report against the result. What’s next? Run a cleanup, as per my previous blog about automating execution.
via VMware Blogs http://bit.ly/1o9RokJ
Reporting on Site Recovery Manager Failover via PowerCLI
So we’ve automated some Site Recovery Manager failovers with PowerCLI. Say we run a weekly test for a given recovery plan. But now we want to know how it worked. Maybe generate a table report, maybe email it out, whatever.
Take a look at the following:
I’m assuming you’ve already done the Connect-VIServer and $SrmConnection to the appropriate systems. What next? Well as before the $SrmAPI mapping again gives us an entry point to the actual SRM API itself.
$PlanMoref = $SrmApi.Recovery.Listplans()[1].moref
This is in essence retrieving the managed object reference ID for the recovery plan returned by “Listplans”. You will need to know which recovery plan you want to report on, but that is easily determined by running the Listplans method without any reference, i.e. simply running:
$SrmApi.Recovery.Listplans
Once you know that you know which plan you want to run the report on and you know whether to pass a [0] or a [1] or whatever to the $PlanMoref variable you are creating.
Once that is done we want to pull out the managed object reference to the *history* of the recovery plan execution. So we execute the GetHistory method against the $PlanMoref variable we have created, and assign it to the new variable $HistoryMoref .
$HistoryMoref = $SrmApi.Recovery.GetHistory($PlanMoref)
This then attaches us to the history of the particular recovery plan we want, and gives us a nice variable name to use for the next step:
$HistoryMoRef.GetRecoveryResult(1)
This, now, is the heart of the matter. It is retrieving the data from the latest run of the recovery plan we attached to earlier. The “1″ listed here indicates the most recent execution of the recovery plan. If we indicated “2″ it would not retrieve the second most recent, but the last *two* executions, and so forth. So to retrieve the details of the last run of our recovery plan, we need to know: a) The plan as listed by ListPlans , b) the Moref of the plan as listed by Listplans()[planid].moref , c) to attach to the history using the plan’s GetHistory($PlanMoref) , and that we d) access the output by running GetRecoveryResult against all the prior input.
Make sense? Fundamentally it can be reduced to the 4 or fewer lines, as per my example at the top. What you do *with* that output is up to you! If you check out the sample scripts for generating reports against the SRM API, or really reference any PowerCLI materials you’ll doubtless come up with some great ideas for generating tables, reports, emails, whatever is appropriate.
One last thing though – we’ve generated a test run automatically, and now run a report against the result. What’s next? Run a cleanup, as per my previous blog about automating execution.
via VMware Blogs http://bit.ly/1o9RokJ
IBM Security Bulletin: Denial of Service with WebSphere Application Server affecting IBM Tivoli Access Manager for e-business. (CVE-2014-0964)
via IBM Product Security Incident Response Team http://bit.ly/1oEhLmy
IBM Security Bulletin: Security exposures in IBM Social Media Analytics and IBM Social Media Analytics on Cloud (CVE-2014-0116 and CVE-2014-0114)
via IBM Product Security Incident Response Team http://bit.ly/1oT33G5
IBM Security Bulletin: Denial of Service with WebSphere Application Server affecting IBM Tivoli Security Policy Manager. (CVE-2014-0964)
via IBM Product Security Incident Response Team http://bit.ly/1oT31xW
Vuln: Moodle CVE-2014-0215 Remote Information Disclosure Vulnerability
from SecurityFocus Vulnerabilities http://bit.ly/1kqTd8U
via IFTTT
IBM Security Bulletin: Denial of Service with WebSphere Application Server affecting IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2014-0964)
via IBM Product Security Incident Response Team http://bit.ly/RMn8Sf
IBM Security Bulletin: TADDM - Java Quarterly CPU - January 2014
via IBM Product Security Incident Response Team http://bit.ly/RMn9ph
IBM Security Bulletin: TADDM - Java Quarterly CPU - October 2013
via IBM Product Security Incident Response Team http://bit.ly/RMn98Q
Vuln: Dojo Versions Prior to 1.4.2 Multiple Cross Site Scripting Vulnerabilities
from SecurityFocus Vulnerabilities http://bit.ly/1mAlGfw
via IFTTT
Bugtraq: Google Compute Engine - Lateral Compromise
from SecurityFocus Vulnerabilities http://bit.ly/1mzWMfU
via IFTTT
Bugtraq: Google Compute Engine Multiple DOS Vulnerabilities
from SecurityFocus Vulnerabilities http://bit.ly/U17Hrj
via IFTTT
Epic Drift with a 200-Ton Mining Truck?! #EMCDrift
|
via EMC Feeds http://bit.ly/1tuKo3p
EMC VNXe3200 + Data Domain DD2200 + Data Protection Suite = one great solution!...
EMC VNXe3200 + Data Domain DD2200 + Data Protection Suite = one great solution! Find it now, at the EMC Store. http://emc.im/1k7rLl9 |
via EMC Feeds http://bit.ly/1kRyRdw
Online, mobile, social, global. Download the EMC Support eBook for a better serv...
Online, mobile, social, global. Download the EMC Support eBook for a better service experience! http://emc.im/1tu13nR |
via EMC Feeds http://bit.ly/1tuKpo2
Epic Drift with a 200-Ton Mining Truck?! #EMCDrift
|
via EMC Feeds http://bit.ly/1tuKo3p
EMC VNXe3200 + Data Domain DD2200 + Data Protection Suite = one great solution!...
EMC VNXe3200 + Data Domain DD2200 + Data Protection Suite = one great solution! Find it now, at the EMC Store. http://emc.im/1k7rLl9 |
via EMC Feeds http://bit.ly/1kRyRdw
Online, mobile, social, global. Download the EMC Support eBook for a better serv...
Online, mobile, social, global. Download the EMC Support eBook for a better service experience! http://emc.im/1tu13nR |
via EMC Feeds http://bit.ly/1tuKpo2
Adobe, Huawei, and HP Join the Fight to Secure Open-source Software
via Infosecurity - Latest News http://bit.ly/1o7mKIP
Monsanto Sprouts Data Breach Affecting Thousands
via Infosecurity - Latest News http://bit.ly/SYJjFX
Bankeiya Malware Targets Users in Japan with or Without Vulnerabilities
Online banking customers in Japan are being targeted by an information stealing malware family that is distributed using exploits as well through files downloaded from a compromised website.
via Symantec Connect - Security - Blog Entries http://bit.ly/1o6K5dG
Brazilian government hit by cyber attack
via Latest Topic for ZDNet in Security http://zd.net/1jAPLIO
Significant Percentage of Ex-employees Can Still Access Privileged Information
via Infosecurity - Latest News http://bit.ly/1izGpxn
Vuln: Moodle CVE-2014-0213 Cross Site Request Forgery Vulnerability
from SecurityFocus Vulnerabilities http://bit.ly/1prFYg0
via IFTTT
Discover what sustainability means to EMC, and how it is changing the way we run...
Discover what sustainability means to EMC, and how it is changing the way we run our business: http://emc.im/TWR4gn |
via EMC Feeds http://bit.ly/1oRr5kF
Discover what sustainability means to EMC, and how it is changing the way we run...
Discover what sustainability means to EMC, and how it is changing the way we run our business: http://emc.im/TWR4gn |
via EMC Feeds http://bit.ly/1oRr5kF
Vuln: Cumin CVE-2013-6445 Password Hash Algorithm Security Weakness
from SecurityFocus Vulnerabilities http://bit.ly/1hFB4EG
via IFTTT
Is AWS Slowing Down Due to Lack of Demand Rather Than Lack of Ideas?
I was surfing the web (as usual) a few days ago and an AWS presentation I spotted on SlideShare got my attention.
Before I even begin, remember I (currently) work for VMware. I always try, on this blog, to be as open as possible and talk freely about what I really think.
However feel free to turn on your bias filter if you don’t trust me.
Back to the main topic, there isn’t much new in that slide deck and it basically summarizes the successful AWS story.
However, what intrigued me (big time) was slide #23:
It’s June 2014, half way through the year, and AWS only introduced one new service (which, by the way, was announced in 2013 as you can depict from the… 2013 column).
Surely AWS isn’t going to lose their “king of public cloud” crown any time soon but, nevertheless, these dynamics are interesting (particularly in the context of things like…. Amazon’s cloud reign may soon come to an end, says Gartner).
So what’s going on here then? There are a few data points (or I should say personal points of view as these are largely my own interpretations) that would be interesting to mention before we jump to the ultimate conclusion speculation.
1) In 2012 I wrote a blog post whose title is AWS: a Space Shuttle to Go Shopping? where I alluded to the fact that the majority of AWS customers seem to be very basic in terms of use cases and deployment models (the Netflix anti-pattern so to speak). In particular what stood out from that research is that EC2, EBS, S3 and RDS accounts for the majority of what customers spend with AWS. That is to say that Amazon could have stopped the development of their web services offering in 2010 (when they announced RDS, all the others have been announced previously), and still make pretty much the same amount of money. Well, ok sort of but try to picture “money logos” on the slide above and see where they stick.
2) Last year I wrote a (controversial) blog post whose title is Cloud and the Three IT Geographies (Silicon Valley, US and Rest of the World) where I alluded to the fact that there is a huge lag in the industry between the leaders and the followers. For one Netflix, there are hundreds of organizations still doing baby steps to evolve their IT. Similarly to the point in the paragraph above, the conclusion I am getting to is that the more exotic things you add to your services portfolio the bigger this lag becomes and the fewer (visionaries) can take advantage of it. All this while the others (followers and majority) are still trying to figure out the basics of cloud.
3) While there are a lot of people that are going all-in with public clouds and are using all available “add-on” services to gain gigantic productivity gains, there is a growing movement that advocates about using the “least common denominator” of features across diverse public cloud providers to avoid lock-in. For the records I sympathize with the former category as I think lock-in is inevitable (as I wrote in 2012 in a blog post called The ABC of Lock-In). However one cannot neglect that there are a lot of people that are thinking along the lines of “I don’t want to be locked-in”. I have met with many customers, or public cloud prospects, that clearly told me they don’t want (for example) a “message and queue service“. They want an instance (as a service) with Linux on top of which they want to load (and fully control) their “message and queue software” of choice. This will allow them to move from AWS to Azure to GCE to Rackspace to vCHS to whatever…. with minimal disruption to their operations. I am not debating whether this is the right approach. I am saying this is an approach that seems to be getting momentum (obviously pushed also by vendors that provide “cloud agnostic” tooling). Assuming 50% of the people are willing to go “all in” and the other 50% want to take a more cautious “least common denominator approach” to public cloud consumption, this essentially cuts in half the TAM for the services in the rightmost part of the slide above.
If the above makes some sort of sense, the conclusion speculation I am getting to is that AWS is slowing down due to lack of demand rather than lack of ideas.
Does it make sense to keep pushing the bar when you know that 1) you make the bulk of your money with 4 basic services, 2) the majority of the organizations are lagging behind light-years when it comes to consume simple public cloud services, go figure advanced and rich public cloud services and 3) the more advanced and rich services you make available the more lock-in concerns you raise (and ultimately the less people you are going to appeal)?
The rule in this business (or any business for that matter) is that if you invest x amount of $ in developing a new product or service you should at least make an amount of associated revenue that off-set the investment (and, incidentally, should also provide profits if possible).
What if this theory is the reason behind slide #23?
What if Amazon is rather spending their money to revisit the existing core services to make them appeal Enterprises (in addition of startups and developers which seem to be the current target)?
What if Amazon is working on making AWS a better place for pets rather than just for cattle? Perhaps they sniffed where the money are? An obvious tweak they could introduce is to make “availability” a property of the infrastructure and not of the application. Clearly against every “true cloud patterns” they have been advocating so far, but still the only way to attract, in the short term, 4 Trillion $ per year (literally) that are going into “traditional IT” today.
Unfortunately slide #24 of the aforementioned AWS presentation doesn’t give us a clear picture if this is happening or not in the existing set of services. To much of my surprise, most of the “call outs” of new features introduced in 2014 are related to the availability of the existing features in new AWS regions.
As someone that have been working, for the last 6 months, to expand the global footprint of the cloud service operated by my employer I am not trying to diminish the value of a true global service (to the contrary, I think this is one of the biggest strength AWS has among others) but still these do not seem to be a lot of “new features” strictly speaking:
Or perhaps Amazon is going to announce 9 new major services in the next 6 months to keep the pace and all this blog post (with its associated speculations) will be history.
If this bizarre theory of mine is true it will be interesting to see how this is going to shape going forward if the leader “needs” to stop introducing new differentiating services while the pack of followers keeps coming closer and closer.
All this while this cloud thing is still a nascent trend and not an established deployment model.
We can only wait and see. The only thing for sure is that we live in interesting times.
Massimo.
via VMware Blogs http://bit.ly/1mQ5FUi
Is AWS Slowing Down Due to Lack of Demand Rather Than Lack of Ideas?
I was surfing the web (as usual) a few days ago and an AWS presentation I spotted on SlideShare got my attention.
Before I even begin, remember I (currently) work for VMware. I always try, on this blog, to be as open as possible and talk freely about what . . . → Read More: Is AWS Slowing Down Due to Lack of Demand Rather Than Lack of Ideas?
via VMware Blogs http://bit.ly/1mQ5FUi
Vuln: Moodle CVE-2014-0218 Cross Site Scripting Vulnerability
from SecurityFocus Vulnerabilities http://bit.ly/1nKh9tK
via IFTTT
Vuln: Moodle MoodleMobile Token Expiry Security Bypass Weakness
from SecurityFocus Vulnerabilities http://bit.ly/1o5H1i4
via IFTTT
Vuln: Moodle CVE-2014-0216 Unauthorized Access Vulnerability
from SecurityFocus Vulnerabilities http://bit.ly/1o5GYmf
via IFTTT
Vuln: Moodle courses Remote Information Disclosure Vulnerability
from SecurityFocus Vulnerabilities http://bit.ly/1nKh3Ch
via IFTTT
Walking in a Winter Wonderland
via Cisco Blog » Security http://bit.ly/1kc8Gy9
Customer Data Goes Walkabout Again as Shoe Shop Office Admits Breach
via Infosecurity - Latest News http://bit.ly/1k7w6WU
Iranian Hackers Pose as Hacks to Crack Accounts
via Infosecurity - Latest News http://bit.ly/1lX9Tq8
New attack methods can 'brick' systems, defeat Secure Boot, researchers say
via Network World on Security http://bit.ly/1gHFJLd
Hackers put security tool that finds payment card data into their arsenal
via Network World on Security http://bit.ly/1o5ghOB
Google starts accepting 'right to be forgotten' requests in Europe
via Network World on Security http://bit.ly/1o5geSW
Massive Flash exploit campaign directed at Japan seeks financial data
via Network World on Security http://bit.ly/1o5geCs
Sacrebleu! French Spooks Snoop on US Execs’ Docs
via Infosecurity - Latest News http://bit.ly/1wy5CBH
New VMware Security Advisory VMSA-2014-0005 and updated advisory
New
VMSA-2014-0005
Updated
VMSA-2014-0002.3
The new advisory details a privilege escalation issue in VMware Tools on Windows 8.1. In order to remediate this issue, VMware Guest Tools must be updated in any pre-existing Windows 8.1 Guest Operating System.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.
via VMware Blogs http://bit.ly/1hF4BOG
New VMware Security Advisory VMSA-2014-0005 and updated advisory
New
VMSA-2014-0005
Updated
VMSA-2014-0002.3
The new advisory details a privilege escalation issue in VMware Tools on Windows 8.1. In order to remediate this issue, VMware Guest Tools must be updated in any pre-existing Windows 8.1 Guest Operating System.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.
via VMware Blogs http://bit.ly/1hF4BOG
Thursday, May 29, 2014
Australia sees rise in cyber attacks, competitors to blame: CERT
via Latest Topic for ZDNet in Security http://zd.net/1o30wYD
Social media central to Iranian espionage campaign: Report
via Latest Topic for ZDNet in Security http://zd.net/1o2Kqhx
Corporations put their cash where their open source security is
via Latest Topic for ZDNet in Security http://zd.net/1mNb1Qa
You’re “It” – Hybrid Cloud and an IT Image Make-Over
We believe by embracing the hybrid cloud, we can change that relationship, to make IT the �it� crowd, the people who really make things happen. That�s because a hybrid cloud strategy gives IT all the freedom of the public cloud with the manageability and security you expect from your existing data center or private cloud. It can make you seem like a miracle worker.
The fact is there�s a lot of value in a well-run enterprise data center. Despite the fact it can take a degree in archeology to manage these existing environments, �keeping the lights on� is an essential function the enterprise data center does well. It�s tremendously reliable, provides predictable performance and often can be a better choice for compliance and overall business strategy than putting corporate data in the hands of someone else.
Yet there�s a good reason for the growth of cloud computing. Seizing new business opportunities and responding to unexpected challenges is often better achieved by leveraging extreme flexibility of the public cloud. It�s why the public cloud is expected to hold 70-80 percent of cloud workloads this year, according to Gartner.
As a result, we believe we�re in the midst of a broader shift in the role of IT. We�re shifting from �keeping the lights on� – installing and managing servers, storage and networks – to using a hybrid model to enable IT to become a broker of cloud services, with responsibility for governance across public and private spheres, on-premise and off. The technology now exists to bridge these two worlds seamlessly.
Quite frankly, we believe 2014 will be the year most IT organizations get serious about hybrid cloud as an agility driver for the business. Today, most IT leaders recognize how transformative cloud computing can be, but haven�t defined a cloud strategy that�s right for them.We can help.
Watch http://bit.ly/SVMUEK over the next month for insights and research on the move to hybrid cloud.
via VMware Blogs http://bit.ly/1o20b8g
June 4th Special vmLIVE: Unleashing New Levels of Innovation for the Mobile-Cloud Era
via VMware Blogs http://bit.ly/SVMUoj
June 4th Special vmLIVE: Unleashing New Levels of Innovation for the Mobile-Cloud Era
Proudly displaying one of our new sales or technical badges for vSphere with Operations Management is the quickest and easiest way to show your expertise to customers. You can earn yours in 2 hours or less by completing an online course and passing the test.
via VMware Blogs http://bit.ly/SVMUoj
The State of Silicon Valley: Sustained Innovation and Growth
Morgan OLeary
via VMware Blogs http://bit.ly/1trRbLb
The State of Silicon Valley: Sustained Innovation and Growth
Skills = Advantage. Get the Skills! VMware vSphere Fast Track [V5.5]
This week’s question comes from the VCP5- Data Center Virtualizationpractice exam.
A) Physical host
B) Resource Pool
C) VM
D) vApp
Click through to thecommentsfor the answer and learn morehere.
Follow@VMwareEducationon Instagram to see more #TechTrivia every Friday andvisual updates from the VMware Education and Certification community.
via VMware Blogs http://bit.ly/1rlvGju
Skills = Advantage. Get the Skills! VMware vSphere Fast Track [V5.5]
Andrew Blasiman proudly displays his VCP5-DCV certificate.
Learn by doing. Hands-on labs develop practical, usable skills to help on the job immediately.
The second thing he did was �put my VCP5-DCV certification on my LinkedIn profile!� The recognition he received from his peers was instantaneous and rewarding after all the hard work. �We have a weekly IT Staff Meeting and my boss let the staff know. They were really supportive and excited for me.�
The third thing? Well let�s just say that Andrew enjoyed an adult beverage. �I definitely cracked open a beer.�
Bravo Andrew! Advanced data center optimization is not for the faint-at-heart and as a Systems Engineer with Mediware Information Systems, there are few opportunities for Andrew to test new �in-depth configurations and load-balancing� without the risks of working in an active data center environment.
Enter VMware�s vSphere Fast Track 5.5 course — an intensive, extended-hours and hands-on lab training course. Focusing on installing, configuring, managing and mastering VMware vSphere® 5.5 (including VMware ESXi™ 5.5 and VMware vCenter™ 5.5), this course combines the content of our most popular VMware vSphere: Install, Configure, Manage course with advanced hands-on labs. Students learn the scalability and performance monitoring skills they need to configure highly available and scalable vSphere environments.
It is the labs that offer practical, usable skills that can be used on the job – immediately. �I was extremely impressed with the lab environment. It worked perfectly the entire time and enabled us to learn at a fast pace because it was designed well,� says Andrew. �These configurations can be set up a million ways. The class got into the nitty, gritty details we need. The vSphere Fast Track Training helped me re-optimize existing data centers. It made me more comfortable working with VMware.�
Connecting to the lab environment via simple Remote Desktop Protocol.
Hands-on-lab environment: Web Client connected to vCenter
Senior Linux Administrator, Noel Benjamin, was even more emphatic about the labs and the class. �The hands on experience were tooooooo good. Awesome experience!!!!! Thanks!!!�
Noel Benjamin–Senior Linux Administrator
Limited time? Live online means training from anywhere.
Noel needed a remote learning option to advance his training. He had been supporting his company�s virtual machine environments for the past 2.5 years but couldn�t invest in the advanced training until this remote learning option became available. �It was the VMware Community in India that let me know I could take the class �Live Online�… because of my location, I could not go in-person. It was easy to attend from home. The time savings was key for me.�
Online learning is only as good as the instructors and the course materials – students appreciate both. �What I liked most about the course was the knowledge of the tutor, the content that was provided. We were able to work with other students online, which was like working in a classroom.�
Mats Gedin is a Senior Integration Engineer from Ericsson AB in Germany. He echoes, �This is exactly the course everyone should take prior to working with VMware stuff. Very good instructions and instructors.�
VMware Fast-Track = Career Advantage. Let us make you better.
Superior skills mean a superior advantage in any profession. Once completed, VMware�s vSphere 5.5 Fast Track course serves as a prerequisite for the VMware® Certified Professional 5 – Data Center Virtualization (VCP5-DCV) exam.
�Don�t wait to take the test. VMware gives you a voucher [on VMware delivered courses] for a year, but schedule the test and take it in two weeks so you don�t forget what you�ve learned,� advises Blasiman. �The VMware certification really is a big deal for employers. For some positions it is simply a requirement. You won�t even get the call if you don�t have the training and proved you can pass the test.�
In short, VMware�s vSphere 5.5 Fast Track course is designed with your time and your skills in mind. With flexible onsite, online and classroom locations worldwide, students interact directly with other students in practical, hands-on labs. There�s no better way to advance your skills and your career.
Take the class.
Take the exam.
Crack the code.
And if you�re Andrew Blasiman, crack open a beer.
via VMware Blogs http://bit.ly/1rlvGju
VMware Value Velocity – Empowering Distributors + Partners
VMware understands that distributors are extensions of our own Partner Business Management team. They help support our partner community by executing integrated go-to-market programs that increase transactions and drive pipeline and revenue. Because of this, VMware launched Value Velocity with 30+ global distributors targeting over 800 partners. The program works to first match the right partners with the right solutions and provides a step-by-step process for partners to follow to increase their VMware business.
Distributors then offer targeted partners a package of enablement, demand generation and sales acceleration activities and tools to drive transactions across the VMware portfolio within a specific timeframe.
Value Velocity helps us work in lockstep with our distributors so they can effectively nurture channel partners, and ensure that partners extract maximum value from their VMware business. Get more details about Value Velocity via the short video below or contact your VMware distributor.
If you�re a distributor or would like to simply learn more about this program, reach out to our Director of Channel Marketing directly via twitter @ChrisBWaldo. Let VMware Value Velocity empower you.
- The VMware Partner Network Team
via VMware Blogs http://bit.ly/SiB07h
The future of government mobility: A video interview with Paul Brubaker
Lanier Norville
via VMware Blogs http://bit.ly/SiAZAh
The future of government mobility: A video interview with Paul Brubaker
Malware Breaks All Records in Q1 2014
via Infosecurity - Latest News http://bit.ly/1kOS5QZ
Snowden Email to NSA Disputes Claim That He Expressed Concerns About Surveillance
via WIRED » Threat Level http://wrd.cm/1poC6MV
The CIO Summit at EMC World 2014 offered great insight into what is changing IT...
The CIO Summit at EMC World 2014 offered great insight into what is changing IT today. EMC CIO Vic Bhagat, who hosted the forum, shares his takeaways and view of the current landscape. http://emc.im/RFq57c |
via EMC Feeds http://bit.ly/1mw8V5w
The CIO Summit at EMC World 2014 offered great insight into what is changing IT...
The CIO Summit at EMC World 2014 offered great insight into what is changing IT today. EMC CIO Vic Bhagat, who hosted the forum, shares his takeaways and view of the current landscape. http://emc.im/RFq57c |
via EMC Feeds http://bit.ly/1mw8V5w