Welcome to Process-info.org library
Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.
Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.
It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.
Recently added processes
Recently updated processes
Top security risk processes
The Latest News
15 latest global news related to computer security
December 11, 2013 3:08:32 AM CET
Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.
December 10, 2013 2:20:00 AM CET
Backwards Compatibility Pranks Bricks Xbox One Consoles – Circulating message describes how Xbox One users can configure their consoles to enable them to play Xbox 360 games.
December 9, 2013 9:29:34 PM CET
VU#274923: Dual_EC_DRBG output using untrusted curve constants may be predictable – Output of the Dual Elliptic Curve Deterministic Random Bit Generator(DUAL_EC_DRBG)algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance.
December 9, 2013 7:00:00 PM CET
Security Advisory 2916652 released, Certificate Trust List updated – Microsoft is updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this action, customers will be automatically be protected against this issue. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.0 and newer versions help mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature. For more information, please see Microsoft Security Advisory 2916652. Thank you,Dustin Childs Group Manager, Response Communications Microsoft Trustworthy Computing
December 9, 2013 6:13:00 PM CET
French government sub-CA issues unauthorized certificates for Google domains – An intermediate certificate authority (CA) registered to the French Ministry of Finance issued rogue certificates for several Google domains without authorization.Google detected the use of the unauthorized certificates and launched an investigation Dec. 3, Adam Langley, a security engineer at Google, said Saturday in a blog post.The intermediate CA that issued the rogue certificates linked back to the Agence nationale de la sécurité des systèmes d'information (ANSSI), a French national agency that protects government systems against cyberattacks and also operates the French government's public key infrastructure and root certificate authority called IGC/A.Web browsers use a chain of certificates to determine if a secure website is authentic. Fake SSL (Secure Sockets Layer) certificates are used by hackers, but they also are sometimes used for internal surveillance purposes that do not have nefarious aims, such as the case with the French Ministry.An intermediate or subordinate CA certificate inherits the authority of the root CA that issued it and can be used to sign certificates for any domain names that would be trusted in all browsers, unless certain technical restrictions are put in place.According to Langley, Google immediately blocked the misused intermediate CA certificate -- and the certificates it issued -- in Google Chrome and alerted ANSSI and other browser vendors.The intermediate CA certificate involved in the incident had been issued to the Direction générale du Trésor, the Treasury department of the French Ministry of Finance, and its use to sign certificates for domain names that don't belong to the French administration was the result of human error, ANSSI said in a statement on its website."The mistake has had no consequences on the overall network security, either for the French administration or the general public," ANSSI said. "The aforementioned branch of the IGC/A has been revoked preventively."ANSSI found that the intermediate CA certificate had been used in a commercial device to inspect encrypted traffic on a private network with the knowledge of the network's users, Langley said.ANSSI can confirm the Google statement, spokeswoman Clémence Picart, said Monday via email. "This use is clearly against the policy of the IGC/A."The incident follows a similar case late last year when a subordinate CA certificate issued by a Turkish certificate authority called Turktrust to the Municipality of Ankara was installed in a firewall appliance and was used to inspect SSL traffic. In February 2012, Trustwave, another CA trusted by browsers, publicly admitted to issuing a sub-CA certificate to a third-party company so it could inspect SSL traffic passing through its corporate network.The inspection of SSL traffic on their own networks can help organizations prevent data leaks or discover malicious connections initiated by malware. Many gateway security appliances offer this capability, but the generally accepted method is to use self-generated CA certificates for this purpose. These certificates are not automatically trusted by browsers and need to be deployed by administrators on machines targeted for monitoring.The use of sub-CA certificates issued by trusted CAs for SSL traffic inspection is considered dangerous because if such a certificate gets stolen it can be used in man-in-the-middle (MITM) attacks to intercept traffic outside of private networks on the Internet.In 2012, Mozilla said that issuing sub-CA certificates to third parties for traffic inspection is unacceptable and asked CAs to revoke certificates issued for this purpose. In February 2013, the software developer updated its CA Certificate Policy to improve the accountability for the intermediate CA certificates.The policy change requires CAs to implement technical constraints for sub-CA certificates issued after May 15, 2013, or to publicly disclose such certificates and subject them to the same audits as their root CA certificates. The technical constraints the policy refers to include the name constraints extension that can be used to restrict a sub-CA certificate's usage to a particular domain name.CAs received a grace period until May 15, 2014, to update their sub-CA certificates issued before May 15, 2013."The intermediate CA was not yet constrained, but there is a plan to implement such limitations," Picart said. "We are currently under the process to review all the intermediate CA issued by IGC/A in order to make sure this incident cannot happen again."It's not clear whether the misused intermediate CA certificate was issued before or after May 15, 2013, and ANSSI did not share this information. The date could indicate whether the agency violated Mozilla's new policy or not."I think that's what everyone is now waiting to see," Ivan Ristic, director of application security research at security firm Qualys, which runs the SSL Labs and SSL Pulse projects, said via email. Assuming the certificate was only used internally, no one externally could have seen it, he said.Mozilla did not immediate respond to a request for comment.Ristic believes that preventing sub-CA certificate abuse going forward will require a combination of technical and policy-based measures."First, we need to get Public Key Pinning widely supported and have the violations reported," he said. "That, in combination, with clear rules that the use of public CAs is not allowed for MITM, will hopefully do it."Public key pinning is a browser feature that caches information about legitimate SSL certificates used on visited websites, so that if traffic interception is attempted in the future using rogue certificates, the browser would be able to detect and block those attempts. A version of this feature is already implemented for some high-profile websites in Google Chrome, but is being considered as an Internet standard.Policy-based restrictions need to be backed by enforcement, Ristic said. They won't work unless browser and operating system developers are prepared to temporarily or permanently revoke their trust in root CA certificates for violations, he said.
December 9, 2013 5:48:00 PM CET
Dutch minister to question US Embassy about rooftop antennas – The Dutch Minister of the Interior and Kingdom Relations will question the U.S. Embassy over the purpose of its rooftop antennas, the minister wrote in a letter to the House of Representatives Monday.Minister Ronald Plasterk will question the embassy after concerns were raised that the antennas can be used to intercept data from mobile phones used in the nearby Ministry of the Interior in The Hague and the Binnenhof, where the houses of parliament are located.The issue was raised by the Dutch radio show "Met het Oog op Morgen" ("With an Eye on Tomorrow") and led to formal questions in the House on Nov. 18.While it is technically possible to intercept phone traffic from a nearby building, that does not mean that is actually happening, wrote Plasterk in response to those questions. It is common for embassies to use antennas for their own communication, he added.Foreign powers are not allowed to conduct intelligence operations on Dutch soil unless they have the necessary approval, said Plasterk. Operations conducted without that permission are "unacceptable," he said. But there is no reason to currently assume that the U.S. does not comply with the agreements, he added.Nevertheless, Plasterk said he would ask the embassy for clarification, adding that he would brief the House about the outcome.The Ministry of the Interior could not immediately respond to a request for comment. The U.S. Embassy could not be reached for comment.The Dutch action follows a report from the Italian magazine L'Espresso last Friday that claimed that the U.S. National Security Agency has been spying on Italian communications from installations on the roof of the U.S. Embassy in Rome and the consulate in Milan.In late October, a report in Germany's Der Spiegel claimed that not only did U.S. intelligence agencies listen in on Chancellor Angela Merkel's mobile phone conversations, but they also used the U.S. Embassy in Berlin as a listening station. A special unit of the CIA and NSA can monitor a large part of mobile phone conversations in the government quarters from the roof of the embassy, Der Spiegel reported.Both the Italian and the German spying reports were based on documents provided to reporters by former NSA contractor Edward Snowden.Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com
December 9, 2013 4:27:34 PM CET
VU#268662: NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability – NagiosQL 3.2 Service Pack 2 and possibly earlier versions contain a reflected cross-site scripting vulnerability(CWE-79).
December 9, 2013 3:35:00 PM CET
A clear-eyed guide to Android's actual security risks – If you're an Android user -- or want to be -- you've likely heard about all the security risks of Google's mobile operating system. But how real are these threats, and how much damage can they do? Despite the fears, are Android devices actually a safe bet for an enterprise mobility strategy?These are key questions for any organization thinking about a broad Android rollout or even simple acceptance of Android devices in a BYOD context. The answers may not be what you expect.[ Mobile security: iOS vs. Android vs. Samsung SAFE vs. BlackBerry vs. Windows Phone. | The truth about Samsung's Knox for Android security. | Bob Violino and Robert Scheier show how businesses today are successfully taking advantage of mobile tech, in InfoWorld's Mobile Enablement Digital Spotlight PDF special report. ]Depending on whom you talk to, you might hear horror stories about Android security that "prove" the need for multiple solutions to address. Or you might be advised that buying a single tool will obliterate all your Android fears.The truth is somewhere in between, and before making a serious commitment to Android as a mobile platform, it's important to determine where Android's relevant security issues are and how you can assess their actual risk and remediation.Android's two fundamental risksThe Android ecosystem has two main security risks, according to mobile security experts:The Google Play StoreThe fragmentation of devices and OS versionsThe Google Play Store's risks. Android is a truly open OS, and that makes it risky, says Andrew Borg, research director for enterprise mobility and collaboration at research firm Aberdeen. "Unlike Microsoft Windows Phone or Apple iOS, there is no walled garden, and this leads to potential security vulnerabilities when not managed coherently," Borg says.Google Play (formerly called the Android Market), the digital distribution platform for applications for Android devices, is itself a source of potential security risks. "With Google Play, there is a higher percentage of apps that contain malware, or social engineering to connect to malware, than any other app store by an order of magnitude," Borg says. "It's not a well-policed environment, and these factors continue to create friction or resistance toward greater adoption of Android in the enterprise."When users download apps from Google Play, they often don't pay attention to the extent of permissions an app can have on their device, says Chandra Sekar, senior director of the Mobile Platforms Group at Citrix Systems, a provider of cloud-based mobility and collaboration products. "They usually just accept the permission during installation," he says. "And more often than not, apps ask for more permissions than they really need."The security vulnerabilities affecting Android devices can cause actual performance issues and data loss -- not just minor inconveniences.Borg tells of a demonstration he saw at a conference that gave him the "willies." The demonstrator, a white hat hacker, took an out-of-the-box Android device and downloaded a game called Very Angry Birds, basically a clone of the popular Angry Birds game, from an app store. "The device had the latest McAfee and Symantec security for Android, but the game contained malware that neither solution flagged," Borg says.Everything looked fine, and once the game opened nothing changed on the device. "Then the demonstrator took out a laptop and was able to bring up a control stream where he could see all the smartphones that had downloaded the game and could inspect them and see all the emails they had downloaded."He then put the Android device to sleep and took a picture from the device remotely using the laptop. "Normally, you hear a shutter sound, but this [malware] had turned off the audio," Borg says. "It took pictures and video, and all along it looked like the device was asleep."For Borg, such examples justify IT's strong aversion to Android, despite its huge popularity among users. "This is a clarion call that security cannot be taken for granted. I don't think these [Android security] issues are overblown."The risks of Android's fragmentation. The Android platform also suffers the issue of fragmentation -- there are multiple versions of Android in the market, even on current devices. Manufacturers often make their own changes to Android, so they could be behind Google's current reference release. In addition, carriers and manufacturers may not update their devices' Android version when Google does, or they take months or even years to do so.As a result, many people within the same organization might be using outdated versions that could be riddled with security vulnerabilities. "People focus on malware risks of Android, but arguably the greater risk is that fragmentation creates different user experiences," says Ojas Rege, vice president of strategy at MobileIron, a provider of enterprise mobility management products. "This variety of user experiences makes it hard to educate your employees about how to take security measures, because the experience on each device is different."Research shows that a majority of Android device users worldwide have devices with noncurrent versions of the OS, says Bob Egan, chief analyst at consulting firm Sepharim Group. "Some of the phones and OSes have very public weaknesses on security," he says.If users have older versions of Android, that could mean vulnerabilities are left unpatched and new features of the OS won't reach them. "Maybe you can address the security holes for the HTC One, for example, but that might not apply to an older Samsung device," Borg says. The fragmentation issue multiplies the attack surface; thus, there's no single security solution that will fit all of Android's variations, he says.Some Android risks are overstated -- and others are underestimatedExperts note that some Android risks are overstated, while others don't get enough attention.Although Citrix's Sekar says fragmentation doesn't receive enough focus in security assessments, he considers Android malware fears overblown. "Traditional antivirus software vendors often hype up the threat of Android malware," he says. While these threats exist in isolated scenarios where users access apps from untrusted, private stores, the threat to enterprises from malware is overstated, he says.Another Android risk that's overstated is tapjacking -- when an invisible application on top of an app manipulates key gestures to make purchases without the user's knowledge, says Scott Kelley, Android product manager at AirWatch, a provider of mobile device management (MDM) products.But one risk that's often overlooked, Kelley says, is users' willingness to tap the Accept button for whatever permissions an app requests. "This is compounded by developers' often overzealous permission requests, due to a lack of understanding of which permissions an app needs," he says. "Apps should request the least number of permissions possible to function appropriately, and users should be in the habit of not automatically granting permissions to apps whose functions wouldn't seem to need them."How to build a secure Android environmentIf your organization is preparing a significant rollout of Android devices or a BYOD program that includes devices running the OS, it needs to develop a strategy to keep the company protected from the known security risks and vulnerabilities. Here are the key components of that strategy.Develop a trust model. Part of this involves identifying what the real risks of data loss are, says MobileIron's Rege. Based on those risks, you determine what level of enterprise content should be made available on the devices."We call this developing a trust model that establishes which users are trusted with which data or apps under what circumstances," Rege says. "Every major organization has gone through data classification to establish this underpinning for its security policies." But he notes, "This will take longer for Android because the Android fragmentation makes the process more complicated."Designate an Android expert in IT. A key best practice is to designate an individual in the organization to be the Android expert, Rege says. "More and more of the overall IT team should gain Android familiarity, but our customers have found that they need one point-person who is chartered to keep up with the rapid pace of the Android ecosystem," he says. Otherwise, IT's Android knowledge base quickly becomes obsolete.Use an app reputation service. Another good practice is to use a third-party app reputation service that evaluates apps and assigns them a risk score. "Then you can use these risk scores to set policies" in an MDM tool, Rege says. For example, you could set a policy that if an employee installs an app with a high risk score, his or her email is blocked and that user can't access corporate resources until the app is removed."With mobile, you have to assume the environment changes all the time as apps are installed and operating systems versions change," Rege says.Layer your security. As with other IT security strategies, layering security makes sense for the Android environment. If you look at the mobile security stack in layers (starting from the bottom up) as network/carrier layer, hardware layer, operating system layer, and application layer, the chances of exploits increase as you climb the ladder, says Tyler Shields, a senior analyst for mobile and application security at Forrester Research. "Enterprises also have less control the lower we go in the stack," Shields says.To try to mitigate the risk at each layer, Shields recommends a combination of mobile security technologies each specifically aimed at a different security layer. "The baseline security requirement is to have [an MDM] system managing every device in your environment," he says. "This will help with the remote-wipe capabilities, tracking lost devices, and general management and baseline security requirements."Deploy MDM. Companies that have rolled out Android broadly agree with the MDM recommendation. "Android devices should not be deployed in any enterprise without robust MDM," says Abhi Beniwal, senior vice president of global IT at Daymon Worldwide's Interactions subsidiary, a provider of in-store product demonstrations for retailers and manufacturers. With an MDM platform in place, enterprise IT has the visibility it needs into mobile devices and can proactively manage security vulnerabilities and threats, Beniwal says.Interactions has deployed Android-based tablets and mobile apps in more than 1,000 stores in North America. Most of its workforce is field-based, and mobile technology allows users to share real-time information, Beniwal says.The company implemented an MDM platform from AirWatch before deploying any Android device in the company, and it hasn't experienced any security-related problems with the devices, Beniwal says. "At the same time, we take it very seriously and are always monitoring and proactively managing any potential security threat to our devices," he adds.Also relying heavily on MDM is the Center for Young Professionals in Banking (CYP), a training center in Zurich that has rolled out 1,400 Android tablets that students use to access CYP's learning management system. CYP uses MobileIron's platform for enterprise mobility management. The platform ensures that only approved apps are installed on devices, and it reports any breaches.Among CYP's concerns about Android security and management are data loss prevention, malware, OS version control, and data on lost devices. The MobileIron platform addresses each of these and other concerns, says Thomas Fahrni, deputy general manager of CYP, as do most serious MDM systems.Create a compliance policy. Aberdeen strongly recommends that companies create a compliance policy for BYOD units, so that not every smartphone or tablet is acceptable for use within the work environment."Organizations should test the vulnerability of the most popular platforms and versions and verify that they can be managed securely" before granting those devices access to the corporate network, Aberdeen's Borg says. "This is a BYOD policy with constraints. An unbridled BYOD policy is very problematic" because it invites access to the network by devices that might not be secure.This effort shouldn't be too much of a hindrance for many organizations, Borg says, because many of the latest versions of Samsung Android smartphones are likely to be compliant with a company's security requirements. "If you stay in the Samsung universe, there are viable, robust security solutions [that] work with the MDM tools," he says.Stop supporting old Android versions. Enterprises should set a specific stop date for older OS support, to ensure that users have up-to-date versions of Android, Sepharim Group's Egan says. He also recommends that companies not use Android for much more than email, "and then only on 'safe' devices."New security efforts will make Android more secureWithin the Android ecosystem, efforts are being made to improve Android security.For example, Samsung offers Knox, a containerization technology for higher-end Samsung Android devices that's designed to create a virtual partition on the devices that would insulate corporate-managed apps and data from attack. "Samsung Knox is the first real security solution coming out for Android," Egan says. However, Knox is no cure-all, given several limitations: It currently works with just a handful of Samsung devices and only a small number of MDM tools, and it requires a monthly per-user fee in addition to the normal MDM fees.Still, the container approach looks promising for delivering the kind of security enterprises will need with Android devices. "Containering or sandboxing can protect data files or applications [within the container], so that container can be used for corporate communications and file storage," Borg says. "A phone could have no other security [provisions], but as long as there is a secured container then the overall security of the device is less important."Another potentially effective approach is the use of "multiple persona," where there can be distinct identities that go all way to the kernel of the OS, Borg says, so you can have multiple instances of the OS running concurrently on the same device. "You can have one persona for work and one for personal use; it's like a firewall within the device," he says. "From IT's perspective that's probably the ideal solution."But this type of solution hasn't seen wide adoption. There's a lot of resistance on the part of users, Borg says, because it gets in the way of using the device. BlackBerry 10 OS supports this capability when used with BlackBerry's Enterprise Service 10 server, and a few multiple-persona options for Android devices are available from companies such as Divide and General Dynamics, though they work only a subset of current devices.Don't let security fears thwart Android adoptionAlthough security concerns about Android are justified, companies need to avoid taking an extremely restrictive approach and damaging the user experience, says MobileIron's Rege. "The risk that is underrated is that creating on overly restrictive environment will drive employees to unsafe behaviors," he says.When enterprise employees have a bad experience on their device, such as due to security-justified restrictions, they look elsewhere for enterprise productivity tools -- and this can drive them to take risky actions such as using unauthorized file-sharing apps, Rege says."If you approach Android with a mindset of fear, you will create an experience users hate and one that ultimately undermines your security policies," Rege says. "However, if you approach Android with a productivity mindset, you will create a great user experience while keeping data secure."The strategies and tools are there today to let at least current and recent Android devices be productive additions to your technology portfolio, joining your iOS and BlackBerry devices.
December 9, 2013 2:39:00 PM CET
Q&A: Symantec's Klasie Holtzhausen on the new Oz channel strategy – As part of its worldwide reorganisation under CEO, Steve Bennett, it will be focusing on the Channel. Symantec's senior director Pacific channel sales, Klasie Holtzhausen sat down with ARN to discuss the company's new channel strategy in Australia, and the company's plans heading into 2014.Symantec has moved to a 'channel first' strategy globally, why?Read more stories about the IT ChannelKH: Steve Bennett, our CEO, did a world tour to gather feedback from customers and partners. Based on that feedback he realised that Symantec needs to change.We weren't optimising our investments, weren't necessarily achieving the growth we wanted to achieve as an organisation. We just weren't as effective as we needed to be. Our partners told us that they really needed more consistency and more predictability when it comes to planning for their profits when engaging with Symantec as part of their go to market strategy.That is a transformation across our entire organisation, to create an organisation that is really passionate about the channel and really understands the value that the channel brings to the table.We've announced to the market globally that we will deliver 5 per cent organic growth, and an operating margin of 30 per cent between the financial years of 2015 and 2017.So how will this affect Australian operations?It is about how we engage with partners locally to form more strategic partnerships to enable them to be more successful at enabling Symantec's solutions to the market.It also gives us an opportunity to sit down with them in a collaborative way and combine our objectives. To decide what their objectives are, what ours are and get some alignment and build a go to market strategy together. To ensure we are enabling them to be successful, by leveraging common assets.Symantec will now be dropping its product solutions count from 150 to just 10. Why is that?We realised that we were a product company that really needed to evolve into a solutions based company.We had some 150 products, and we needed to refine that down to 10 solution offerings, to make it easier for our partner and customers to get that value. Because we are doing some of that integration for them already. So that's a big, big change for us.So that will take quite some involvement as that integration happens over the next two years.So how will that change Symantec's day-to-day operations in Australia?We've basically built a commercial team that will exclusively work with the Channel and do all their business with the channel.I've also brought in some additional channel resources, so part of our new strategy is to focus very deeply on those partners that have made the investment in Symantec, those that demonstrate the skills and capabilities of Symantec, and that are driving growth for our business.So as part of this initiative we've really looked at our products, and the complexity of the products and where the opportunities are for our partners to put certain solutions to certain parts of the market.We have just brought another sales manager into the channel team, Chad Cleevely. He has a very strong IP around addressing the broader channel market. He's already brought a couple of new ideas to the table. About how we work and help the channel.Will Symantec be looking to cull or add partners to the programme?It's not really about culling partners or introducing new partners. It's about how we become more efficient, more effective and more strategic with our existing partners. But I'm not saying we won't bring on new partners in the future.You're also looking at reducing the company's routes to market?It has to sometimes be confusing for partners to figure out where they fit into the Symantec fold. What we've tried to do is simplify that, by reducing the different routes to market from about 40 plus to around eight.And not necessarily will all of those eight be relevant to Australia. For example, the traditional OEM stuff generally occurs in countries where the manufacturing happens, so Asia and US. But some of the traditional models, like solution providers, access resellers, MSPs and systems integrators are key to us as routes to market in Australia. So how will your partners benefit from these changes?As part of the new Channel strategy, we will actually have a new partner programme, but we're not disclosing any more information until the new year. We're still trying to work out the ins and outs of that. The focus of that is really looking at rewarding partners for bringing us new business, rewarding partners for helping us grow our business, rewarding partners that are demonstrating the skills and capabilities around our solution set, and fourth point is to reward customers for successful customer engagements.We've put a big emphasis on enablement now. We are running our own internal sales boot camp, it's important for our partners to get the same robust training that we are giving our own people. The second point with these sales boot camps is that they are customised to suit those with the right skills to suit our partners.We've also launched a bunch of tech nights through distribution. We've got an extensive partner set, some of our distributions there's a demand for us to share more with our partners about how we can be more successful, what products are coming down the line -- so the tech guys are very much geared towards that. We've run two this week and we've already had a great response to that.So how has the market responded to these changes?They're very excited to hear that a big part of our growth strategy is based on the channel. They're also excited to hear about how we're changing the organisation internally to be more passionate about the channel and driving more proactive and strategic investment and engagement. For us it's not just about driving short term success, it's more about building a successful sustainable business for the future.It's a very exciting time for us and it's a very exciting time for the channel. We are very serious about growing our business through the channel.Allan Swann is a Senior Editor at IDG Communications Australia. Follow Allan on Twitter at @allanswann.
December 9, 2013 2:36:00 PM CET
IaaS benefits eroding Cloud concerns: Frost and Sullivan – The Australian infrastructure-as-a-service (IaaS) market is growing as organisations become more confident in the reliability and security of Cloud delivery models, according to Frost and Sullivan.Companies are realising the benefits of outsourcing IT infrastructure such as storage, servers and networking components to specialist vendors which provide access to these resources over the Cloud on an 'as-needed' basis.In its latest Australian IaaS 2013 report, the research firm claims the main drivers stimulating IaaS adoption include: the reduction of IT capex; the greater agility and scalability IaaS offers in changing infrastructure requirements; higher levels of awareness of the benefits of IaaS; an increasing need for mobility among corporate employees, requiring access to corporate resources from any Internet-enabled location; and public Cloud infrastructure improvements such as the NBN.Concerns surrounding sovereignty and the security of data held in the Cloud, the reliability and security of access to infrastructure delivered over the Cloud, and general management conservatism over migrating business functions to the Cloud are now eroding."Although the IaaS market is considerably smaller and much more nascent in comparison to the software-as-a-service market, Frost and Sullivan forecasts that IaaS expenditure will grow at a compound annual growth rate of almost 43 per cent to reach $380m by 2017, as an increasing number of clients switch to the IaaS provisioning model, and many more vendors enter the local market," Frost Australia and new Zealand (A/NZ) ICT practice senior research manager, Phil Harpur, said.To put this into perspective, Frost estimates that Australian IaaS vendors earned revenues of just under $65 million in 2012.Breaking down the marketFrost Asia-Pacific (APAC) ICT practice datacentre and Cloud computing industry analyst, Mayank Kapoor, said Australian IaaS vendors can be categorised into four main groups.Pure play IaaS Cloud providers -- including the likes of Amazon Web Services, Google, and Rackspace -- typically offer public IaaS services as core services, although an increasing number are offering private, virtual private, and hybrid offerings as well.Carrier Cloud players, on the other hand, are essentially telecommunications providers offering Cloud-based solutions by leveraging strong network capabilities.Kapoor classifies the third group as traditional managed service providers (MSPs), which provide Cloud-based services and usually private Cloud offerings, although an increasing number offer hybrid and public deployments. Services range from Cloud brokering and best-of-breed solutions to actual hosting and deployment. Frost claims this is a rapidly growing segment, and includes Brennan IT, Fujitsu, Harbour MSP, HP, and IBM.The final group of resellers and channel partners resell or white-label some of the first three categories providers' offerings.
December 9, 2013 12:56:33 PM CET
Google Releases Google Chrome 31.0.1650.63 – Original release date: December 09, 2013 Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition.US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.
December 9, 2013 7:44:00 AM CET
Neverquest Trojan Warning – Reports warn of a trojan called "Neverquest" that can activate itself on hundreds of banking and financial websites.
December 9, 2013 7:15:00 AM CET
US tech companies ask governments to reform surveillance practices – Eight top tech companies in the U.S. have asked governments around the world to reform surveillance laws and practices, and asked the U.S. to take the lead.AOL, Apple, Facebook, Google, LinkedIn, Twitter, Yahoo and Microsoft said Monday that they understand that governments need to take action to protect their citizens' safety and security, but "strongly believe that current laws and practices need to be reformed."Internet companies have been at the focus of disclosures through newspapers from June by former U.S. National Security Agency contractor, Edward Snowden, which suggested that the agency had real-time access to content on the servers of some Internet companies and was also tapping into the communications links between the data centers of Yahoo and Google.The companies deny complicity in the NSA's dragnet surveillance, and some have asked permission from the U.S. Foreign Intelligence Surveillance Court to disclose aggregate information on security requests for user data under the Foreign Intelligence Surveillance Act.The latest move appears to be one of a number by the Internet companies to highlight that they are on the side of the user, and to bring pressure on governments, particularly of the U.S. Facebook, AOL, Apple, Google, Microsoft and Yahoo wrote in October to the chairman and members of a U.S. Committee on the Judiciary, demanding that the surveillance practices of the U.S. should be reformed to enhance privacy protections and provide "appropriate oversight and accountability mechanisms."In an open letter to U.S. President Barack Obama and members of Congress on a newly launched website called Reform Government Surveillance, the companies said that "this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide.""The balance in many countries has tipped too far in favor of the state and away from the rights of the individual -- rights that are enshrined in our Constitution," the companies added.Microsoft promised business and government customers worldwide last week that it is committed to informing them of legal orders related to their data, and will fight in court any 'gag order' that prevents it from sharing such information with customers. The company said it plans to encrypt customers' information moving between its data centers by the end of 2014. Google and Yahoo have also announced plans to strengthen the encryption of their services."There needs to be a balance between safety and the personal freedoms of people, especially law-abiding citizens and institutions," wrote Brad Smith, Microsoft's general counsel and executive vice president of legal and corporate affairs in a blog post about the industry call for surveillance reform."The ultimate guarantee of these freedoms rests with the courts -- as well as the court of public opinion," Smith said. "Hence surveillance must be subject to judicial review in accord with clear legal rules."The companies have outlined through the website five reform principles including limiting government surveillance to specific, known users for lawful purposes, and greater oversight and accountability over intelligence agencies.John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is firstname.lastname@example.org
December 9, 2013 6:01:00 AM CET
Scammers Exploit Death of Actor Paul Walker – Circulating Facebook messages claim that users can follow a link to view footage of the car accident in which Fast and Furious actor Paul Walker was killed.
December 9, 2013 4:43:17 AM CET
2014 Predictions: Blurring Boundaries – The past year has been an interesting one in the world of cyber security. Mobile malware has become a large-scale threat, government surveillance has users asking “does privacy still exist?”, cybercrime continues to steal money from individuals and businesses, and new targets for hackers like AIS and SCADA have been identified. 2013 was many things, […]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2014 Predictions: Blurring Boundaries