Showing posts sorted by date for query VMware. Sort by relevance Show all posts
Showing posts sorted by date for query VMware. Sort by relevance Show all posts

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text

Posted by Avik Sarkar On 11/30/2013 03:30:00 am

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text (Uunencrypted)

Cupid Media one of the leading niche online dating network that have more than 35 large online dating website, faced a massive intrusion that effects more than 42 million of its registered users. From an exclusive report of Kerbs On Security we came to know that the breach was taken earlier in this year. Where the hackers managed to gain access into the crucial servers belongings to Cupid Media network. According to the managing director of Cupid Media, Mr Andrew Bolton - "In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts.” After a preliminary investigation it has been found that the purloined database of Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from AdobeMore than 42 million peoples' unencrypted names, dates of birth, email addresses and passwords have been found from the pinched database. I am very much wearied to see that a high value site like Cupid is unconcerned about the basic security counter measure. Even their confidential tables remained unencrypted which allows the hacker to gain the personal information in plain text. Like the Cupid Media security team, the registered users also found very much inadvertent and unaware of basic security measures. I am saying this because of the leaked passwords, almost two million picked "123456", and over 1.2 million chose "111111". "iloveyou" and "lovely" both beat out "password", and while 40,000 chose "qwerty", 20,000 chose the bottom row of the keyboard instead - yielding the password "zxcvbnm"
Jason Hart of famous data protection firm Safenet said "The true impact of the breach is likely to be huge. Yet, if this data had been encrypted in the first place then all hackers would have found is scrambled information, rendering the theft pointless."
This security breach of Cupid Media reminds us  the decent history of breach where we have seen a slew of attacks against the following sites: Drupal.org  Scribd, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter,  New York Times, Apple and so on. While covering this story on behalf of VOGH, I am warning our readers across the globe to use strong alphanumeric passwords to avoid such disaster. Also the webmasters and security administrator are highly recommended to use salted encryption in their database to prevent fortuitousness cyber attack


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised

Posted by Avik Sarkar On 6/03/2013 09:07:00 pm

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised 

Drupal, one of the most famous and widely used open-source content management framework have fallen victim to cyber criminals. The Drupal Security Team and Infrastructure Team has discovered unauthorized access to account information on the official Drupal website and another site called groups.drupal.org. This security breach has exposed user names, country, and email addresses along with hashed passwords of more than 967,000 registered users on the Drupal.org. But still a matter of relief is that the breach failed to infiltrate the credit card details which was stored on the same server. According to security release unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. Drupal team have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. They are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, the security team has already shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability. The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, it is also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords. 

As a precautionary measure of the said security breach, Drupal Security Team has reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps. 
  1. Go to https://drupal.org/user/password 
  2. Enter your username or email address. 
  3. Check your email and follow the link to enter a new password. It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.
Counter Measures that Drupal has Taken to avoid such mishap is something followed- as attacks on high-profile sites (regardless of the software they are running) are common, Drupal strive to continuously improve the security of all Drupal.org sites. To that end, Drupal have taken the following steps to secure the Drupal.org infrastructure:
  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • Drupal is scanning and have not found any additional malicious or dangerous files and making scanning a routine job in their process
  • There are many subsites on Drupal.org including older sites for specific events. Drupal created static archives of those sites.

This security breach of Drupal which affected more than 967,000 users is giving us a remind of the decent history of breach where we have seen a slew of attacks against the following sites: ScribdGuild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWareAdobe Twitter  New York TimesApple and so on. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Scribd' World's Largest Document Sharing Website Admits Security Breach

Posted by Avik Sarkar On 4/11/2013 01:42:00 am

'Scribd' World's Largest Document Sharing Website Admits Security Breach 

Scribd- San Francisco-based document sharing site have fallen victim of cyber attack. Such kind of massacre is no doubt very much shameful for one of the world largest document sharing website which have more than 100 million of registered user. Like other largest companies, Scribd acknowledged the attack. In their official security announcement the company said that the operations team of Scribd have discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. But the matter of relief is that only the 1% of its registered users have been affected during the hack. Immediately after this intrusion get spotted Scribd security team have emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password.  So, if you are a Scribd user and you did not receive such email from Scribd, then you are most likely unaffected.  If you still wish to check, you can use this web tool to determine if your account was among those affected. From the official announcement of Scribd, we came to know that the inertial investigation have already take place, which indicates that no content, payment and sales-related data, or other information were accessed or compromised. It has been  believed that the information accessed by the hackers was limited to general user information, which includes usernames, emails, and encrypted passwords.  Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of the users were therefore unaffected by this; however, the analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, it has been highly recommended for those affected users to reset their password and to change their password on any other services they might have used it on. 
At conclusion of the note, Scribd team did serious apology to its users while saying -"we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us." 
While talking about big cyber attacks against large companies we would like to remind you in the last year we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWare, Adobe Twitter  New York Times, Apple and so on. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Kali Linux' The Most Advanced & Stable Penetration Testing Distribution

Posted by Avik Sarkar On 3/15/2013 12:49:00 am

From The Makers of BackTrack We Got 'Kali Linux' The Most AdvancedStable Penetration Testing Distribution 

Fans of world famous penetration testing distribution 'BackTrack' can now taste another flavor as the developer at BackTrack and Offensive Security has introduced a new Linux distribution targets enterprise security, offering a suite of helpful tools for rigorous testing calling it "Kali Linux." In the official release note Offensive-Security claimed that Kali Linux is the most advanced, robust, and stable penetration testing distribution to date. From that note we also came to know that this new distribution is a product of seven years long knowledge and experience which make Kali Linux the “next generation” penetration testing distribution. Now lets look at the main features of Kali Linux at a glance: 

Kali Linux Features:-

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.
  • More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.
  • Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.
  • Open source Git tree: We are huge proponents of open source software and ourdevelopment tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.
  • FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.
  • Vast wireless device support: We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.
  • Custom kernel patched for injection: As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.
  • Secure development environment: The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.
  • GPG signed packages and repos: All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.
  • Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.
  • Completely customizable: We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users tocustomize Kali Linux to their liking, all the way down to the kernel.
  • ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the distribution. Kali is currently available for the following ARM devices:
Kali is specifically tailored to penetration testing and therefore, all documentation on this site assumes prior knowledge of the Linux operating system. For more information, I would like to request you to visit the official website of Kali Linux. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Red Hat Enterprise Linux 6.4 Beta Released & Available For Download

Posted by Avik Sarkar On 12/08/2012 05:56:00 pm

Red Hat Enterprise Linux 6.4 Beta Released & Available For Download 

Red Hat the global leader in open source solutions released another update of its enterprise Linux (RHEL Version 6). Since Red Hat Enterprise Linux has been released, we have got several updates, including three beta release and three final release (RHEL 6.1RHEL 6.2RHEL 6.3). Now the American software company added another beta, that is RHEL 6.4 and made it available for its customers. The beta release includes a broad set of updates to the existing feature set and provides rich new functionality in the areas of identity management, file system, virtualization, and storage as well as productivity tools. In their release note the RHEL Team said that -through collaboration with partners, customers and the open source community, we are committed to delivering technology that is tested and stable – including in the beta phase of development. Red Hat Enterprise Linux 6.4 demonstrates this commitment and has been designed for optimized performance, stability and flexibility to cater to today’s diverse workloads running in physical, virtual and cloud environments.

Key New Features & Enhancement :-
  • Identity Management
System Security Services Daemon (SSSD) enhancements improve the interoperability experience with [Microsoft Active Directory] by providing centralized identity access control for Linux/Unix clients in a heterogeneous environment.

  • File system
pNFS (Parallel NFS) client (file layout only) remains in technology preview, however now delivers performance improvements with the addition of Direct I/O for faster data access. This drives particular performance benefits for I/O intensive use cases including database workloads.

  • Virtualization
Red Hat Enterprise Linux 6 now includes the Microsoft Hyper-V Linux drivers, which were recently accepted by the upstream Linux community, improving the overall performance of Red Hat Enterprise Linux 6 as a guest on Microsoft Hyper-V.
Installation support for VMware and Microsoft Hyper-V para-virtualization drivers. This new feature enhances the user deployment experience of Red Hat Enterprise Linux as a guest in either of these virtualization environments.
In this release, KVM virtualization virtio-scsi support, a new industry storage architecture, provides industry leading storage stack scalability.

  • Management
The use of swap functionality over NFS enables more efficient read/write tradeoffs between local system memory and remote disks. This capability increases performance in very large, disk-less server farms seen in ISP and Web hosting environments.
Enhancement in c-groups delivers the ability to migrate multi-threaded applications without errors.
Optimized perf tool for the latest Intel processors

  • Storage
New system log features identify mapping from block device name to physical device identifier – allowing an administrator to easily locate specific devices as needed.

  • Productivity Tools
Microsoft interoperability improvements with Microsoft Exchange and calendar support in Evolution. Productivity functions, such as calendar support with alarm notification and meeting scheduling is improved.
Customers such as animation studios and graphic design houses now have support for the newer Wacom tablets.


Through this next beta release of Red Hat Enterprise Linux 6, Red Hat team is proud to deliver the highest quality open source enterprise platform. To download the beta release of Red Hat Enterprise Linux 6.4 click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 
"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"
"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 
While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH


-Source (Dark Reading, The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

Posted by Avik Sarkar On 11/07/2012 04:12:00 am

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

VMware, the global leader in virtualization and cloud infrastructure again faced cyber attack. Earlier in this year a hacker named "Hardcore Charlie" had stolen files from its ESX server hypervisor source code has been posted online. In that attack the hacker managed to steal more than 300MB source code of  VMWare products. Here also after 6 months another hacker named Stun (57UN) claiming to be affiliated with hacker collective Anonymous managed to hack the source code of VMware's ESX kernel. Immediately after the breach the hacker tweeted a link to a torrent site hosting the stolen VMkernel source code. In their official blog post VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code was indeed stolen. But VMware also confirmed that leaked is source code that dates back to 1998-2004 which was previously leaked Hardcore Charlie. VMware also said that it is investigating what actions to take next. The torrent file posted by 57UN is leading to download you the source code of VMware ESX, that is sized almost 2MB
In a security note VMware said- "our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate. Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate..." VMware also encouraged its customers to view the May 3, 2012 security patch information as a resource.

While talking about source code leak, we want to remind you that couple of months ago this hacker (57UN) stolen the source code of Skype. Also earlier in 2012 another hacker group named  The Lords of Dharmaraja has managed to steal the source code of Norton Symantec





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMware Announces The Availability of VMware Workstation™ 9 (Download Free Trial)

Posted by Avik Sarkar On 9/04/2012 03:34:00 pm

VMware Announces The Availability of VMware Workstation™ 9 (Download Free Trial)

The global leader in virtualization and cloud infrastructure, VMware globally announced the general availability of its Workstation Version 9, the latest version of its award-winning personal virtualization software. VMware Workstation 9 delivers best-in-class Windows 8 support and innovative new features that transform the way technical professionals work with virtual machines whether they reside on the PC or on enterprise private clouds.  “For over a decade we have consistently delivered innovative new technologies with each Workstation release and Workstation 9 continues this tradition,” said Vittorio Viarengo, vice president, End-User Computing, VMware. “Workstation 9 brings the power of VMware virtualization to any IT professional desk and enables them to leverage the latest evolution of operating systems, processors and other technologies to be more productive and effective.”

Key  features in VMware Workstation 9 include:-
  • Windows 8 Support– Easy install simplifies the task of creating virtual machines for Windows 8 that can run simultaneously with a variety of legacy operating systems. Unity mode intelligently works with Windows 8 applications, and multi-touch support ensures a true Windows 8 experience. 
  • More Powerful Virtual Machines – Faster startup performance, USB 3.0 support for Windows 8 virtual machines, Intel™ Ivy Bridge compatibility, more powerful virtualization extensions, virtual performance counters, support for OpenGL 2.1 on Linux and improved 3D graphics performance make running highly demanding applications simple and efficient.
  • Increased Mobility – A new Web interface allows access to virtual machines running in Workstation or on VMware vSphere® from tablets, smart phones, laptops or desktop PCs.  This high performance, Web-based interface delivers a native desktop experience and does not require flash or browser-based plug-ins.
  • Restricted Virtual Machines – IT administrators and instructors can create virtual machines and configure them to prevent employees or students from dragging and dropping files between virtual and physical desktops, attaching devices, or tampering with the virtual machine settings.  Once restrictions are configured, the virtual machines can be encrypted and distributed to run on Mac, Windows, or Linux PCs with VMware Fusion® 5 Professional, Workstation 9, or VMware Player™ 5.
  • Better 3D Graphics- With faster 3D graphics and support for DirectX 9.0c Shader Model 3 and OpenGL 2.1 3D graphics in a Windows and now Linux virtual machine, VMware Workstation easily handles demanding 3D applications like AutoCAD, Solidworks, and many current games.

To know detailed information about VMware Workstation 9 click Here. To Download a free trial Click Here.


-Source (VMware)








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BackTrack 5 R3 Released & Available To Download

Posted by Avik Sarkar On 8/14/2012 02:44:00 am

BackTrack 5 R3 Released & Available To Download!!

In our last post about BackTrack we mention the release date of long awaited BT 5 Release 3. So finally the countdown is over. The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released world wide. First BT5 R3 preview was released  in BlackHat 2012 Las Vegas for the enjoyment of conference attendees. The main aim of that pre-release was to figure out their last bug reports and tool suggestions from the BH / Defcon crowds. This final release mainly focuses on bug-fixes as well as the addition of over 60 new tool. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.
As usual KDE and GNOME, 32/64 bit ISOs, have been released a single VMware Image (Gnome, 32 bit). 
We would also like to give to reminder that the first release candidate (R1) of BackTrack 5 was released in August last year. Later in March this year we got the second release candidate (R2) of BT 5. 
For those requiring other VM flavors of BackTrack If you want to build your own VMWare image then instructions can be found in the BackTrack Wiki. Direct ISO downloads will be available once all our HTTP mirrors have synched. But still you can download BackTrack 5 R3 via torrent from the below links. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed

Posted by Avik Sarkar On 7/21/2012 03:09:00 am

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed 

After VMWare & Norton's Symantec now another big fish -Skype get caught among the list of those whose source code has been allegedly stolen. An Anonymous affiliated hacker named "57UN" also known as 'Stun' claims to have stolen the source code which he made public. From this leak several fact come in front, according to the hacker the Federal Authorities uses skype for surveillance, in his twitter the hacker said - "Oh and the FBI uses #Skype as a surveillance tool?! #Lulz?! Privacy my ass! Wake up people!..." He added "#Skype & privacy?! Yeah! Did you know that #Microsoft works with each and every government, for instance in #Tunisia!..." 

In his release on Pastebay Stun said- 
"AFTER MICROSOFT ACQUIRING SKYPE FOR 8.5 BILLION DOLLARS AND PROCEEDING TO ADD BACK DOORS FOR GOVERNMENT TO THE PROGRAM, THE SOFTWARE HAS BEEN HACKED AND IT'S SOURCE CODE RELEASED

Skype1.4_binaries
http://thepiratebay.se/torrent/6442887

SkypeKit_sdk+runtimes_370_412.zip
skypekit binaries for Windows and x86_Linux + SDK
http://thepiratebay.se/torrent/7190651/

skype55_59_deobfuscated_binaries (Windows)
http://thepiratebay.se/torrent/7238404/

http://twitter.com/57UN

#Anonymous #Antisec #PoliceState #SecurityState #OpenSource ..."

However, experts state that the source code published by the hacker is actually the one leaked some time ago by a researcher who reverse engineered the Windows binaries. According to security researcher Janne Ahlberg “I managed to get a copy of the file ‘skype55_59_deobfuscated’ from May. It is not Skype source code, but a reverse engineered version of the Windows binaries. The tool used in reverse engineering seems to be IDA disassembler/debugger” 
So far 3 torrent files being released which include a reversed engineered copy of the skype protocol, the source development kit(sdk) and needed runtime and de-obfuscated, unpacked Skype 5.5 and 5.9 binaries for Windows. 


-Source (Softpedia





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Red Hat Enterprise Linux (RHEL) 6.3 Released & Globally Available

Posted by Avik Sarkar On 6/24/2012 05:41:00 pm

Red Hat Enterprise Linux (RHEL) 6.3 Released & Globally Available

Only six months after the release of RHEL 6.2. Red Hat officially announced the global availability of the next minor release of Red Hat Enterprise Linux operating system platform, Red Hat Enterprise Linux 6.3. Couple of months ago we got the Beta of RHEL 6.3 and with this final release Red Hat has tweaked the enterprise grade Linux distribution to add new capabilities in storage, virtualization, security, developer tools, file systems, scalability and performance.

Highlighted Features :-
  • Developer Tools: In addition to OpenJDK6 support in Red Hat Enterprise Linux 6, the newly introduced OpenJDK7 allows customers running Red Hat Enterprise Linux 6.3 to develop and test with the latest version of open source Java. The Red Hat Developer Day is scheduled for June 26th at the 2012 Red Hat Summit & JBoss World. More about this and other capabilities will be presented, including the Red Hat Enterprise Linux toolset (updated GCC), performance optimization, thread programming and NUMA. For more information about developer day, please visit here.
  • Virtualization: Red Hat Enterprise Linux 6.3 helps smooth migration to a virtualized environment. This is achieved with the help of new Virt-P2V tools that can easily convert a Red Hat Enterprise Linux or Microsoft Windows system running on physical hardware to run as KVM guests. This release implements a more robust mechanism to protect data associated with defunct virtual machines. The method by which virtual disk images are securely wiped has been enhanced to allow greater security and stronger compliance with Payment Card Industry Data Security Standards (PCI-DSS).
  • Security: Users can now use two-factor authentication for securely accessing their Red Hat Enterprise Linux environment. This type of authentication mechanism is more secure than simple password based authentication. Two-factor authentication is being adopted into enterprise environments and is often referenced in industry standards. Red Hat Enterprise Linux 6.3 also includes advanced encryption capabilities so data blocks can be encrypted in parallel by taking advantage of underlying multi-processor capabilities. This is supported by the introduction of AES-CTR (Advanced Encryption Standard Counter Mode) cipher for OpenSSH. AES-CTR is well suited for high-speed networking environments.
  • Scalability: Red Hat Enterprise Linux 6.3 continues to test the outer bounds of scalability for an operating system platform by increasing the maximum number of virtual CPUs (vCPUs) per guest to 160 from 64. This is significantly higher than the 32 vCPU per guest limit for VMware ESX 5.0. The maximum supported memory configuration for KVM guests has also been increased from 512GB to 2TB.
  • File Systems: File system improvements include O_DIRECT support in FUSE (File system in user space). When enabled, all FUSE reads and writes go directly to storage, bypassing the server cache. This capability can lead to more consistent response times and predictable access to data by multiple accessors for certain use-cases, including database writes and deduplication. GFS2 (shared storage file system) can now read and write data to the disks faster than in previous releases for certain use-cases. In addition, file system check utilities for GFS2 can now be used to check the integrity of the older GFS1 file system.
  • Storage: The Logical Volume Manager (LVM) now provides support for RAID levels 4, 5, and 6 to simplify overall storage administration by consolidating all management functions, such as creating and re-sizing volumes, deploying RAID, and taking snapshots into a single interface. It is now possible to deploy Red Hat Enterprise Linux 6 as a FCoE based storage target server providing the high level of reliability and performance available with native Fibre Channel but at a significantly lower cost. This feature complements the FCoE Initiator support that was delivered in Red Hat Enterprise Linux 6.0.
  • Subscription Management: With Red Hat Enterprise Linux 6.3, by default customers can use Red Hat Subscription Management (SAM), an enhanced subscription management capability using X.509 certificates that allows customers to effectively manage subscriptions locally and report on subscription distribution and utilization. This helps facilitate compliance, upgrades, and long-term planning. Customers register their systems using Red Hat Subscription Manager to the Red Hat award-winning customer portal or an instance of Red Hat Enterprise Linux SAM. Customers who used RHN Classic subscription management with prior releases of Red Hat Enterprise Linux, can continue to use it or migrate to Red Hat Subscription Management.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMware Patches Denial of Service & Memory Corruption Vulnerability

Posted by Avik Sarkar On 6/22/2012 04:57:00 pm

VMware Patches Denial of Service & Memory Corruption Vulnerability in Desktop, Server Virtualization Products

Critical arbitrary code execution vulnerability in Desktop, Server Virtualization Products of VMware has been patched. Giant in Visualization software vendor VMware has released security patches for its Workstation, Player, Fusion, ESXi and ESX products in order to address two vulnerabilities that could allow attackers to compromise the host system or even crash a virtual machine completely.
Attackers could exploit this validation error by loading specially crafted checkpoint files to trigger a memory corruption and potentially execute arbitrary code on the host system. VMware advised customers to upgrade to the newly released Workstation 8.0.4, Player 4.0.4 and Fusion 4.1.3 or to install the patches available for their respective versions of ESXi and ESX.
According to VMware security advisory the more serious vulnerability is identified as CVE-2012-3288 and stems from an improper validation of input data when loading virtual machine checkpoint files.
The second vulnerability addressed by the new security updates could allow attackers to crash a virtual machine by sending malformed traffic from a remote virtual device. Remote virtual devices are devices like CD-ROMs that are made available to a virtual machine, but are physically attached to a remote computer. Traffic coming from remote virtual devices is incorrectly handled, VMware said.



-Source (VMware & PCWorld)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMWare Source Code Was Stolen at The Time of CEIEC Breach

Posted by Avik Sarkar On 4/29/2012 05:05:00 pm

VMWare Source Code Was Stolen at The Time of CEIEC Breach 

In the official blog VMWare, the visualization software company has revealed that a hacker associated with hacktivist calling himself "Hardcore Charlie" has stolen at least one and possibly many more source files for its software - and has begun posting them on line. VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers, Said by VMWare official. Earlier we covered that Hardcore Charlie claimed to breach China NationalElectronics Import-Export Corporation (CEIEC), based in Beijing, he got inside CEIEC and posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed. Hacker Charlie' claims to have found program files for virtualisation software on CEIEC. In a conversation with Kaspersky Lab, the hacker claimed to have 300MB of VMWare source code. 
The hacker also claimed to have cracked cryptographic hashes on the credentials of hundreds of thousands of sina.com email accounts with the help of another hacker, who goes by the name of @Yamatough and who is thought to have been involved in the distribution of documents suggesting that the Indian government had put in monitoring systems for Nokia, RIM and Apple smartphones. The companies all denied the claim, and the documents were later shown to be faked.
VMWare insisted that the code dated back to 2003-04, though it did not say whether that section of the code had been changed since then. "We will continue to provide updates to the VMware community if and when additional information is available," said Iain Mulholland, director of VMware's security response centre in a statement. VMWare didn't indicate whether its own systems had been breached, and seemed to widen the number of potential targets to include commercial partners.  
Like VMWare, a hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus, Symantec. There also hacker leaked the source code and hacktivist Anonymous take the responsibility of the entire phenomena





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search