Steve Ballmer to retire as Microsoft CEO

Microsoft has just announced that CEO Steve Ballmer will retire within the next 12 months. He will step down from his post as soon as the process of choosing his successor has been completed. Ballmer has written an open email to the Microsoft team explaining the decision and the strategy for "moving forward." He had this to say in the official Microsoft press release:

We have embarked on a new strategy with a new organization and we have an amazing Senior Leadership Team. My original thoughts on timing would have had my retirement happen in the middle of our company's transformation to a devices and services company. We need a CEO who will be here longer term for this new direction.

More:
http://www.theverge.com/2013/8/23/4650596/steve-ballmer-retiring-as-microsoft-ceo

Um, is this really news? - Microsoft Warns of Permanent Zero-Day Exploits for Windows XP

When Microsoft announced that it would discontinue support for Windows XP starting on April 8, 2014, many companies began the long process of transitioning to modern operating systems like Windows 7 or Windows 8. But there are others that won't – and the software giant is raising the spectre of a zero-day onslaught as a result.

More:
http://www.infosecurity-us.com/view/34069/microsoft-warns-of-permanent-zeroday-exploits-for-windows-xp-/

VeriSign Embraces Open-Source FreeBSD for Diversity

"It's important for us to maintain the reliability of all the services, so we don't rely uniquely on any particular implementation in the operating system space," Kaliski said. "Having both FreeBSD and Linux makes it possible to have that diversity."

More:
http://mobile.eweek.com/enterprise-apps/verisign-embraces-open-source-freebsd-for-diversity

New... Apple iPhone patent violated by Samsung, US trade court rules

Samsung violated two of Apple's iPhone patents and must end US import of some of its products, the top US trade court ruled Friday as the smartphone giants clashed once more in court.

In a mixed ruling the International Trade Commission (ITC) found that Samsung had unfairly used Apple technology in some of its devices. It issued cease and desist orders banning further imports of some Samsung products. But the ITC dismissed four other claims made by Apple.

The verdict came as Apple asked an appeal court to force Samsung to stop using iPhone features that a jury had declared to be in violation its patents.

In the latest salvoes in the long running battle between the world's top two smartphone manufacturers, Apple is seeking to overturn a court order that allows Samsung to continue to sell products that use the disputed patents.

More:
http://www.theguardian.com/technology/2013/aug/09/apple-samsung-iphone-patents-itc

WOW! Tesla Model S Achieves Best Safety Rating of Any Car Ever Tested

Sets New NHTSA Vehicle Safety Score Record

Palo Alto, CA — Independent testing by the National Highway Traffic Safety Administration (NHTSA) has awarded the Tesla Model S a 5-star safety rating, not just overall, but in every subcategory without exception. Approximately one percent of all cars tested by the federal government achieve 5 stars across the board. NHTSA does not publish a star rating above 5, however safety levels better than 5 stars are captured in the overall Vehicle Safety Score (VSS) provided to manufacturers, where the Model S achieved a new combined record of 5.4 stars.

Of all vehicles tested, including every major make and model approved for sale in the United States, the Model S set a new record for the lowest likelihood of injury to occupants. While the Model S is a sedan, it also exceeded the safety score of all SUVs and minivans. This score takes into account the probability of injury from front, side, rear and rollover accidents.

More:
http://www.teslamotors.com/about/press/releases/tesla-model-s-achieves-best-safety-rating-any-car-ever-tested

Is this the start of the BlackBerry Death Spiral?

Buyout could make BlackBerry viable in federal market

Once the reigning smartphone of choice for federal employees and corporate business leaders, a now struggling BlackBerry said it's looking into other options after its new smartphone models failed to spark renewed confidence from even its most loyal customers.

The company announced that it's hiring a special committee to consider possibilities for BlackBerry's future, which couldinclude a complete sale of the company or partnerships with private investors.

The possibilities for federal agencies like the Defense Department, which recentlygave the go- ahead to the new BlackBerry Q10 and Z10 models, are unclear.

More:
http://www.federalnewsradio.com/?nid=31&sid=3423986

BSD Conference and vBSDcon 2013 – Verisign

Please join us October 25-27, 2013 at the Hyatt in Dulles, Virginia for the first biennial vBSDcon event. This exciting weekend will bring together members of the BSD community for a series of roundtable discussions, educational sessions, best practice conversations, and exclusive networking opportunities. See below for details on this industry weekend not to be missed:

HIGH LEVEL AGENDA

• Friday, October 25: Evening Reception
• Saturday, October 26: General Session, Birds of a Feather Sessions
• Sunday, October 27: General Session, Breakout Sessions

More:
http://www.verisigninc.com/en_US/news-events/global-events/vbsdcon/index.xhtml

Hackers break into Energy's computer networks, put employees at risk

More than 14,000 current and former Energy Department employees are at risk of identity theft. For a second time this year, DoE confirmed hackers broke into its unclassified computer network, which disclosed employees' personally identifiable information (PII).

"Individual notifications to affected current employees will begin no later than this Friday, Aug. 16, and will be completed by Aug. 30," stated an internal Energy Department email sent to employees earlier this week, which was obtained by Federal News Radio. "While a significant number of employees whose information may have been affected may no longer be employed by the department, it will be necessary to obtain current contact information in order to notify these personnel. The individual notification process for former employees will begin this week."

DoE told employees it is working with federal law enforcement agencies to find out more about the hacking incident, which happened at the end of July.

"No classified data was targeted or compromised," the email stated. "Once the full nature and extent of this incident is known, the department will implement a full remediation plan."

More:

http://www.federalnewsradio.com/?nid=31&sid=3423866

Red Hat Software Collections 1.0 Beta Now Available

This might help some of our issues...

The success of today's enterprise is dependent upon developers' ability to remain agile, flexible and ready to incorporate new technologies, even as they take on additional responsibilities as new roles like DevOps emerge and evolve. With Red Hat Software Collections, developers can build and deploy applications on Red Hat Enterprise Linux with the confidence that their efforts will be backed by long-term support. In addition, Red Hat plans a frequent release cadence for Red Hat Software Collections, providing developers with updated runtime components on which they can create new features and capabilities.

Red Hat Software Collections 1.0 Beta includes access to the latest stable versions of the following dynamic languages:

• Ruby 1.9.3 with Rails 3.2.8, which delivers substantial performance improvements for web-based applications. This results in faster load times, improved unicode support and threading, and a large collection of ruby gems.
• Python version 2.7, which includes new unit test features, faster I/O, and tools and back-ported features from Python 3 to make future migration easier.
• Python version 3.3, which offers significant improvements in language consistency, Unicode performance, imports, and distribution of packages.
• PHP version 5.4, which includes new language syntax, improved performance and reduced memory consumption, and a built-in web server in CLI mode to simplify development workflows and testing.
• Perl version 5.16.3, which includes improved unicode support, performance enhancements, new debugging options, enhanced security, and a number of new and updated modules.
• Technology Preview of node.js version 0.10, which delivers an easy to use module for handling streams, better error handling with domains, and performance improvements for web application development.

Red Hat Software Collections 1.0 Beta also includes access to the latest stable versions of the following runtime databases:

• MariaDB version 5.5, which introduces an easy-to-adopt alternative for MySQL for Red Hat Enterprise Linux users. Binary compatibility allows MySQL users to drop-in MariaDB without converting data files.
• MySQL version 5.5, which offers performance, scalability, and usability enhancements.
• PostgreSQL version 9.2, which includes native JSON support, covering indexes, and significant improvements in replication, high availability and performance.

More:

https://www.redhat.com/about/news/archive/2013/6/red-hat-software-collections-1.0-beta-now-available

The Risk of Regulated Data on Mobile Devices

According to the findings of The Risk of Regulated Data on Mobile Devices study, many organizations are not taking the necessary steps to protect this type of data on mobile devices and in the cloud. In fact, 54 percent of respondents have had on average five data breach incidents involving the loss or theft of a mobile device containing regulated data. 

More:
http://info.watchdox.com/rs/watchdox/images/WatchDoxWhite%20PaperFINAL2.pdf

The dangers of mobile technology for the NHS

Interesting...
FTA:
Consider the human body for a moment. Every day, it comes into contact with millions of different types of bacteria, germs, viruses. Usually these are stopped by its outer perimeter – the skin – but imagine for a moment that the human body didn't have that external perimeter, and that external forces were able to enter it freely, at a whim. This is the reality of the risk facing the NHS. After all, it can hardly stop patients at the gates, so the solution to the problem of unsecured mobile devices needs to be much more intelligent. Just as perimeter security is a basic requirement in the modern business, the ability to properly manage mobile devices, for work or otherwise, should be fundamental to every IT strategy.

More:
http://www.publicservice.co.uk/feature_story.asp?id=23070

D'oh! Attackers exploit Android bugs to steal Bitcoins from "wallet" apps

The bugs lie in the way Android generates private keys used to authenticate the Bitcoin owners.

Criminals have found a way to steal Bitcoins from users' "wallet" apps by exploiting major vulnerabilities in the Android mobile operating system.

According to an online community of Bitcoin users, who spoke out on a Bitcointalk.orgforum over the weekend, cyber thieves have made off with at least 55 Bitcoins, which amounts to about $5,800, given Bitcoin's current exchange value.

More:
http://www.scmagazine.com/attackers-exploit-android-bugs-to-steal-bitcoins-from-wallet-apps/article/307075/

HIPAA Encryption Compliance Easier With AlertBoot Full Disk Encryption

I guess lots of folks are pushing up against the MU deadline on this one...

FTA:

"The deadline to the Final Omnibus Rule is September 23, 2013," said Tim Maliyil, CEO and founder of AlertBoot. "Frankly, I'm a little surprised to find that HIPAA covered entities are contacting us so belatedly, especially as part of an evaluation group of competing solutions. With less than 50 days until the compliance date, most establishments with 100 computers or so might find themselves strapped for time in implementing traditional encryption solutions. Perhaps that's why we're seeing so much interest in AlertBoot, which has a track record of securing nearly 100 laptops in two weeks and over 1000 laptops in less than a month."

According to the US Department of Health and Human Services (HHS), "Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if"**: 

•     An encryption algorithm meets 45 CFR 164.304 (the "definition of encryption");
•     "Process or key that might enable decryption has not been breached "; and,
•     "Decryption tools should be stored on a device or at a location separate from the data they are used to encrypt or decrypt"

More:
http://www.itbusinessnet.com/article/HIPAA-Encryption-Compliance-Easier-With-AlertBoot-Full-Disk-Encryption-2752774

Dell: We May Never Build Another Data Center

FTA:

Robin Johnson, Dell's CIO, and Dane Parker, its Global Facilities Lead, took part in the virtual conference (you can attend it online through WebEx) yesterday to talk about how the greenest data center is the one you never build.

Dell surveyed its customer base about demand for new hardware and data center floor space, and found that 65 percent of its customers were out of space and considering new facilities. Despite being in the same position as their customers, Dell held off, a move Johnson described as a cost-mitigation play, buying a year's worth of time to think the decision through while renting out a colocation facility.

"The thing that happened in that year is that, one, technology gets cheaper, smaller and more powerful year over year," Johnson said. "And the other key was virtualization, which I describe as carpooling."

By virtualizing their servers, Dell was able to go from an industry average 12-18 percent utilization for its servers to 42 percent utilization, a number that Parker says is still "going north." As a result, "we've doubled our workload at no extra power, and no extra servers," Johnson said.

More:
http://www.greenbiz.com/blog/2010/04/14/dell-we-may-never-build-another-data-center

|| David K. Shepherd ||

Do BYO data centers make sense anymore?

FTA:

While Hamilton has a vested interest in people moving their compute loads to Amazon's infrastructure, his build big or don't build at all mantra resonates with several other IT experts. The consensus: It makes sense for most companies to trust their data center needs to the real experts in data centers — the companies that build and run data centers as a business. More companies will start moving more of their new compute loads — maybe not necessarily all the mission critical stuff — to the big cloud operators. That roster  includes the aforementioned players as well as Google, Microsoft, IBM, Hewlett-Packard, Oracle and others that are building out more of their own data center capacity for use by customers.

And for startup companies, the decision to not build is a no brainer. Connectivity to the cloud is the real issue for these companies. "If I was starting a greenfield company, the data center would be the size of my bathroom; there wouldn't necessarily even be a server, maybe a series of switches — all my backoffice apps, my sales force automation, my storage would be handled in the cloud," said David Nichols, CIO Services Leader for Ernst & Young, the global IT consultancy

More:
http://gigaom.com/2011/12/16/do-byo-data-centers-make-sense-anymore/

Hybrid hosting (video) — Internap

Hybrid hosting has been gaining a lot of momentum, and it's a valid concept that's here to stay. Hybrid hosting can refer to many different things, such as hybridizing private clouds and public clouds, or hybridizing different public clouds. We think the idea of hybridizing the old fashioned and the newfangled – or, colocation and cloud – is one of the more interesting approaches.

The benefit of doing this is quite extreme, because colocation and cloud are at opposite ends of the spectrum. With colocation, you have a complete CAPEX model with high degrees of control but very little agility. With cloud, you have a purely OPEX model but with high levels of agility and low levels of control. The ability to mix and match those two infrastructure types allows you to split your application up depending on what makes sense.

More:
http://www.internap.com/2013/07/25/hybrid-hosting-video/

Metasploitable - Metasploit Unleashed

Metasploitable

One of the problems you encounter when learning how to use an exploitation framework is trying to configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called 'Metasploitable'. 

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. 
The VM will run on any recent VMware products and other visualization technologies such as VirtualBox, VMFusion. You can download the image file of Metasploitable 2 fromhttp://sourceforge.net/projects/metasploitable/files/Metasploitable2/.

More:
http://www.offensive-security.com/metasploit-unleashed/Metasploitable

Why MDM and ITSM need to play nice

Impact to ITSM Processes

For companies with process-based ITSM programs, every step of the lifecycle framework will need to be reassessed with MDM in mind. This includes rethinking service strategy, design, service transition, and operation.

Each ITSM process may need to be adapted to incorporate the unique requirements of MDM. This can include issues such as separate protocols for employee-owned devices, different services added to the service catalog, new update workflows, and mobile-based service offerings.

BYOD Security with ITSM

Many organizations implement BYOD policies because of security concerns with these devices. But the same organizations will often overlook the enhanced security capabilities that can be achieved using their existing ITSM infrastructure.

By developing systems and processes at the service level that mitigate risk, IT can become the champion of preferred devices. This can include adapting service strategies when on-boarding and off-boarding employees as well as decommissioning employee-owned devices.

More:
http://m.blogs.computerworld.com/mobile-device-management/22576/you-had-me-help-when-itsm-meets-mdm

The rise and rise of BYOD

Bringing your own possessions into the workplace is one of those creature comforts you simply expect as an employee. A framed picture of your family, a coffee mug with a funny slogan on it, maybe some knick-knacks to brighten up your workspace.

Personal electronics such as smartphones and tablets, however, are a different story. The latest research from back-up and online storage vendor Acronis shows that while most organisations in Australia allow staff to bring their own devices into the workplace - a practice known as BYOD, or bring your own device - a third do not.

The report, which surveyed 4300 IT professionals in eight countries, including 390 in Australia, also found that most Australian companies do not have secure BYOD policies to protect corporate data.

"Generally, employees are expecting to be able to bring their own devices and be able to connect them to the network," Simon Howe, Asia-Pacific sales director of mobility solutions at Acronis says. "But one of the key findings from the research is that most organisations don't have any kind of policy in place around BYOD."

More:
http://m.brisbanetimes.com.au/it-pro/business-it/the-rise-and-rise-of-byod-20130803-hv181.html

Really? This is just sad... | Former SAP Exec Gets Prison Time for Lego Price Switcharoo

Authorities say that Langenbach made more than $30,000 selling Legos on eBay, where he did business under the seller name "Tomsbrickyard." He would print up low-value Universal Product Code (UPC) tickets at home, and then slap them on more expensive items at the store so he could purchase them at a discount.

More:
http://www.wired.com/wiredenterprise/2013/08/langenbach/

DC Area - BrickFair LEGO Convention, August 3 - 4, 2013

BrickFair VA 2013 1 day away
Aug 3^rd & Aug 4^th, 2013.
11:00am - 4:00pm

Join us at the Dulles Expo Center in Chantilly, VA.

LEGO models, displays and winding trains sprawled out over100,000 square feet.

BrickFair brings together adult fans of LEGO from across the USA (and Canada, and a few other countries) to show off their projects, great and small, and to share their passion for LEGO - the most awesome toy - ever.

LEGO fan festivals like BrickFair are great fun for the whole family!

Join in a game or two - maybe win a LEGO set.

Vendors will be offering all things LEGO, including shirts, hats, minifigures, custom-molded weapons, unique models, keychains and... really... everything you neverimagined.

More:
http://www.brickfair.com/

DTrace

DTrace is a comprehensive dynamic tracingframework created by Sun Microsystems fortroubleshooting kernel and application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems.

DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.

More:
http://en.m.wikipedia.org/wiki/DTrace

|| David K. Shepherd ||

I do love this... The Netflix Tech Blog: Chaos Monkey Released Into The Wild

We have found that the best defense against major unexpected failures is to fail often. By frequently causing failures, we force our services to be built in a way that is more resilient. We are excited to make a long-awaited announcement today that will help others who embrace this approach.

We have written about our Simian Army in the past and we are now proud to announce that the source code for the founding member of the Simian Army, Chaos Monkey, is available to the community.

Do you think your applications can handle a troop of mischievous monkeys loose in your infrastructure? Now you can find out.

More:
http://techblog.netflix.com/2012/07/chaos-monkey-released-into-wild.html