Facebook Inc. priced its shares in its initial public stock offering at $38 late Thursday, setting the stage for its historic market debut Friday. The IPO values Facebook at $104 billion, the largest-ever for a newly public company. The $18.4 billion that Facebook is expected to raise in the IPO itself would be the second-largest […]
SAP’s Afaria mobile device management tool is now available on Amazon Web Services’ cloud, offered as a way to make it easier to start using the platform, SAP said at the Sapphire conference on Monday. The availability of Afaria 7.0 server on AWS gives enterprises a fast and simple way to buy and implement an […]
The Texas Bankers Association’s 128th Annual Convention & Exposition will be held May 9-11, 2012, at the Omni Fort Worth Hotel and Fort Worth Convention Center. Attendees; we are located at Booth 323. Come by and enter for a chance to win a Scotty Cameron Putter. IT Support Services […]
In the last couple of years Barnes & Noble has made some big inroads into the e-book market, cutting into Amazon’s huge lead. As it stands, Amazon still has about 60 percent of the e-book pie, Barnes & Noble has around 25 percent, and Apple sits at around 15 percent, with smaller players like Sony […]
Microsoft plans to release a nearly final version of Windows 8 this summer that will give consumers and businesses their final chance to kick the tires on the redesigned operating system before it’s released for sale, most likely later this year. Windows group president Steven Sinofsky announced the Windows 8 Release Preview at a technology […]
April 19th and 20th | Galveston Island Convention Center at the San Luis Resort, Galveston, Texas. Percento Technologies is sponsoring and will have a booth at the 2012 Texas Credit Union League Annual Meeting and Expo. The event will offer the latest review of best practices, state-of-the-art technology solutions and a look into the future. […]
We hope you’re sitting down, because you’ll need to be to in order to hold the Excite 13 in your hands. Starting at a steep $649 and available June 10th, this is the largest Android tablet yet, featuring a billboard-like 13-inch screen. What’s the point of being 3 inches bigger than the iPad? Toshiba says […]
Apple Inc.’s new iPad was named the best tablet computer in a ranking by Consumer Reports, two weeks after the magazine said the device runs “significantly hotter” than previous models. The new iPad’s high-resolution screen provides the best detail and color accuracy of all tablets Consumer Reports has seen, the publication said today on its […]
Google reportedly plans on launching an online store to sell co-branded tablets running its Android operating system. According to the Wall Street Journal, the tablets will be manufactured by partners such as Samsung and Asus and bear the Google logo. The report cites “people familiar with the matter.” Neither Google nor Asus, one of the […]
Apple Inc’s new iPhone will have a sharper and bigger 4.6-inch “retina” display and is set to be launched around the second quarter, a South Korean media reported on Thursday. Sales of the iPhone, first introduced in 2007 with the touch screen template now adopted by its rivals, account for around half Apple’s total sales. […]
Take a look at what the crew at Willow Garage, a company that aims “to lay the groundwork for the use of personal robotics applications in everyday life” has done to make their work time more productive.
Computer maker Dell is warning, according to The Register, that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware. It could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat.
Unlike hard-drive-based computer viruses which can be disabled by antivirus software, a hardware trojan lives out of reach of such defences. It comprises some kind of alteration – by sabotage or accident – to the very heart of a computer: its microprocessors, memory chips or circuit boards.
News that Dell may have a hardware trojan problem emerged on a support forum after a user was warned by a Dell call centre that the firm’s PowerEdge R410 server motherboard contains spyware of unspecified function that a Dell engineer needed to come and remove.
Dell confirms on the same forum: “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware.”
Firmware is the semi-permanent software that controls vital internal components. It will be fascinating to find out how the malware got into Dell’s firmware, not least because firmware should have been subject to high physical and computer security procedures.
But the threat of hardware Trojans has been recognised at the highest levels. The Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the US.
Elsewhere, researchers are also investigating the threat from would-be chip-plant saboteurs, who poison the chip-making processes to introduce a “kill switch” that makes the chip fail unexpectedly.
Microsoft has released a “Fix it” tool to automate workarounds designed to mitigate a Windows zero-day vulnerability being targeted by attackers.
Microsoft is arming Windows users with a new automated tool to help thwart exploits of a zero-day that has come under attack.
The bug, which lies in the Windows shell component of the operating system, exists because Windows parses shortcuts in a way that permits malicious code to be executed when the icon of a shortcut is displayed. In an update to an advisory first issued last week, the company added information about attack vectors, noting the bug can be exploited locally through an infected USB drive or remotely via network shares and WebDAV.
To help block attacks, the company has released a “Fix it” tool to prevent shortcut icons from being displayed.
“This workaround will disable some icons from being displayed so we recommend administrators test this before deploying it wide,” blogged Christopher Budd, security response communications lead at Microsoft.
The company has also added information about a new workaround to the advisory on the issue, Budd noted. As an alternative fix, users can also block .LNK and .PIF files from downloading from the Internet, he wrote.
The “Fix it” tool requires a restart to work. Applying the fix will remove the graphical representation of icons on the Task and Start menu bars and replace them with white icons without the graphical representation of the icon, according to the company.
The vulnerability affects all versions of the operating system, including Windows XP Service Pack 2, which Microsoft recently stopped supporting.
The vulnerability was first uncovered by security firm VirusBlokAda, and has been linked to malware being used in targeted attacks.
“As always, we’ll update the security advisory and this blog with new information as it becomes available,” Budd wrote.
Google on Tuesday launched a major update to its Google image search technology and image search results page, kicking to the curb the old, clunky results.
The new Google image search results page have received several comparisons to Microsoft Bing, due to some similar functionality. But Google has made the technology its own.
Here are five new features to look for in Google’s new image search format.
1. More results per page. The days of clicking through pages upon pages of images of all sizes to find just what you were looking for are over. The new Google image search delivers 1,000 images per page and let users scroll through them without having to click through endless pages of results.
2. You can hover over an image and preview it. Google image search results can now be previewed in a slightly larger size simply by hovering the mouse icon over an image on the results page. That means less clicking and a faster route to the image you’re seeking. That feature is automatic.
3. Images are delivered in context. Clicking on an image and seeing just the photo or graphic on a plain white background is a thing of the past. Clicking on an image in the new Google image search takes a user to a landing page that displays the image in context along with the website where the images are hosted. Users can still see an image in full size by clicking on the right-hand side.
4. Fewer words and links. By boosting the density of its Google image search results page, Google has eliminated the links and descriptions that once appeared under each image result. The Google image search results page is no longer cluttered with text. That information is still available when a user previews the image, but not having it presented along with the search results streamlines the page making it easier to scan the images themselves.
5. Users can still filter images. When image results are presented, users can still filter them by size, color and type using a series of links in the left-hand column, giving users the same control they had previously, but with the new Google image search format.
Businesses with IT assets in hurricane zones should know that a major weather disaster can trash not just the equipment, but also the valuable data saved in it. A solid disaster recovery plan, such as a disk-based backup approach with extra servers located outside of hurricane zones, can save money, time, trouble and even boost the safety of employees.
The word “hurricane” means “evil wind spirit” — and the 2010 hurricane season is predicted to be the most active of the past five years. In fact, in just the first two weeks of the season there were nine named storms in the Atlantic basin.
So if the technical disaster recovery plan that you have in place involves holding your breath, crossing your fingers or some other interesting but ineffectual ritual to ward off the evil wind spirits, your business is at serious risk.
A Server Under Clearer Skies
A less shamanistic and more practical approach to data protection this hurricane season is to implement a disk-based backup and recovery technology. Disk-based backup and recovery simply means having an extra server located out of the hurricane zone that will automatically take over for your production server if the production server stops responding.This take over is called “failover,” and it can happen in seconds — in fact, users probably won’t even know anything happened. These days backup and recovery software is so advanced and simple that you don’t even have to pre-load the extra server with any software. Good backup and recovery software will “push install” everything for you at failover — including the operating system, applications and all the data.
But good and fast is never cheap, right? In this case — wrong. When you consider that the average company loses US$40,000 per hour of downtime, an extra server and backup software pay for themselves in the time it will take you to shut the windows when it starts to rain.
But let’s say you’re not the average company. Let’s say you’re smaller, even much smaller, than average. You probably don’t have an IT staff and you don’t have a lot of extra cash for hardware and software that you may or may not use. Well, good software is simple software designed to be used by non-technical staff, and it’s out there. Even if you don’t use your new backup system in a hurricane, chances are you will use it; most outages are caused by viruses or simple human error (and the Small Business Administration asserts that every business will suffer through one sooner or later).
Time, Money and Safety
Regardless of the size of your business, disaster recovery technology is a must this hurricane season — and here are five reasons why:
Job Security: Forty percent of companies who suffer a disaster never recover. There is absolutely no reason to risk jobs, revenue or the time and hard work your employees have invested in your company. Backup and recovery technology keeps users online — no matter where they are or what’s happening outside.
Time Is Money: More directly, downtime is lost money. At an average loss of $40,000 for every hour that users can’t get to data and applications that run the business, how many hours of downtime can you afford?
Legal Paperwork: Depending on your industry, data protection might be required by law. If you’re regulated by any government organization, it’s likely you’ll need to provide complete IT records on demand. Regulatory organizations consider data protection your responsibility; hurricanes are not an acceptable excuse for data loss and you will have to pay hefty fines.
Personal Safety: It might just keep your people safe. In a hurricane, getting people to a safe place should be the focus. If you know the data on your servers is safe and your technical equity is safe, there won’t be any risky last-minute scrambles to save the server.
Peace of Mind: Downtime is expensive, risky and frustrating. When employees can’t get to the data and applications they need to do their work, everybody is frustrated. When customers can’t get to service, information or shopping sites, they lose confidence. Backup and recovery technology doesn’t just protect your data; it protects your time and reputation
Advanced Micro Devices reported better-than-expected second-quarter results as demand for notebooks helped the chipmaker beat estimates.
On Thursday, AMD reported a net loss of $43 million, or 6 cents a share, on revenue of $1.65 billion, up from $1.18 billion a year ago. Non-GAAP earnings were $83 million, or 11 cents a share. Wall Street was expecting AMD to report earnings of 6 cents a share on revenue of $1.54 billion.
Like Intel, AMD’s much larger rival, the company said that it was benefiting from increased demand for PCs. Both Intel and research firms such as Gartner and IDC have indicated that a strong upgrade cycle is under way.
IBM on Tuesday delivered strong second-quarter earnings, but revenue took a hit due to a strong dollar. Software and services ledthe way.
IBM reported second-quarter earnings of $3.4 billion, or $2.61 a share, on revenue of $23.7 billion. Wall Street was expecting earnings of $2.58 a share on revenue of $24.17 billion. IBM said a strong dollar was a $500 million hit to revenue. Most analysts didn’t account for currency fluctuations. A strong dollar relative to international currencies dings sales when international revenue is tallied in the U.S.
CEO Sam Palmisano said that the company expects 2010 earnings of at least $11.25 a share, in line with current expectations.
Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.
More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.
Cesar Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008 and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project.
The flaw would eventually be exploited in active attacks, leading to a mad scramble at Redmond to come up with a fix and a subsequent disclosure flap that exposed Microsoft as the irresponsible party.
This year, Cerrudo plans a new talk titled “Token Kidnapping’s Revenge” where he will discuss how attackers can even bypass certain Windows services protections.
One-year-old (unpatched) Windows ‘token kidnapping’ under attack
In an interview with Threatpost, Cerrudo said the presentation will discuss about a half-dozen vulnerabilities in all Windows versions from XP to Windows 7 that can be exploited to elevate privileges by any user with impersonation rights.
The explanation:
Most Windows services accounts have impersonation rights. Because impersonation rights are needed these are not critical, high risk vulnerabilities, regularWindows users can’t exploit them. Some applications are more susceptible to exploitation of these vulnerabilities than others, for instance, if you can upload ASP web pages with exploit code to a MS Internet Information Server (IIS) 6, 7 or 7.5 running in default configuration you will be able to fully compromise the Windows server.
For example, if you are an SQL Server administrator (which is not a Windows administrator) you can exploit these vulnerabilities from SQL Server and fully compromise the Windows server.
Responsible disclosure, the Microsoft way
Cerrudo said the vulnerabilities can be exploited to bypass new Windows services protection to help in post-exploitation scenarios too where an attacker is able to run code after exploiting a vulnerability in a Windows service but he is not able to compromise the whole system due to these protections.
One of the issues Cerrudo plans to present at Black Hat even allows him to bypass one of the Microsoft’s fixes for previous Token Kidnapping vulnerabilities on Windows 2003.
Where on earth are these Microsoft patches?
“Microsoft is aware of these issues (and other local privilege elevation issue that can be exploited by any user but I won’t be talking about it before the fix) and they will be releasing fixes and advisories in August,” Cerrudo explained.
The researcher also plans to release two exploits (called Chimichurri and Churraskito) for IIS and SQL Server. These exploits could work on other services too with some minor modifications, he said.
“The presentation is not only about the vulnerabilities and the exploits. I will be showing step by step how I found the vulnerabilities, with what tools and techniques, so participants can learn and walk away knowing how to find these kind of vulnerabilities by themselves,” Cerrudo added.
Microsoft hasn’t announced any intention to release a service pack 3 for Windows Vista, but there’s reason to believe they will anyway.
There are little hints, like this hotfix for Windows Vista which lists its release target as “sp3.” But I’m more impressed by this askvg.com post which (citing user “Smartie77″ without a link) lists a long line of updates to be provided in the just pre-released SP1 for Windows 7 and Windows Server 2008 which, individually, have also been released for Vista.
The implication of Smartie77′s list is that it would be easy and logical for Microsoft to provide SP3 for Vista. Alternatively they could provide an SRP (Security Rollup Package). SRPs are bundles of other updates and therefore not unlike most Service Packs, but they don’t provide a new baseline of support and don’t extend or complicate the support lifecycle for the product.
Microsoft’s problems with 