‘Bash’ or ‘Shellshock’, a major new security vulnerability that could have greater impacts than Heartbleed, has been uncovered. In this article Continuity Central summarises the views of a number of information security professionals concerning this vulnerability.
Toyin Adelakun, VP of Products at Sestus:
Bash is a command interpreter (or ‘shell’) present on many Unix-based systems — such as Apple’s OS X, various flavours of Linux (such as Red Hat and Ubuntu), and other operating systems such as IBM’s AIX and HP’s HP-UX.
A command interpreter allows users to interact with the operating system, for the purposes of issuing low-level instructions and manipulating data.
On many Unix systems, users might be human, or software applications (apps).
Direct access to data and instructions potentially offers a means for attackers (malevolent users) to circumvent the protections built into a legitimate app in respect of the app’s data.
Therefore, the fact that many apps use Bash to invoke other apps or operating-system commands makes this vulnerability particularly potent.
Continuity Central is currently conducting a brief survey into whether there is a change in business terminology taking place: from business continuity management to organizational resilience. The survey is a follow up to an article in which Lyndon Bird, the technical director of the Business Continuity Institute, claims that such a development is under way.
The results of the survey so far show that just over half of respondents (56.76 percent) agree that a terminology change from business continuity management to organizational resilience is taking place. 33.76 percent of respondents disagree and 9.46 percent don't know.
Interestingly, when respondents were asked about their own organization, the situation was somewhat different, with only 29.73 percent of respondents stating that their organization was starting to use 'organizational resilience' rather than 'business continuity management' terminology. 68.92 percent said that their organization was still using business continuity management terminology; and 1.35 percent didn't know.
Finally the survey asked respondents whether 'organizational resilience' and 'business continuity management' are simply two names for the same process. A third (32.43 percent) think that they are two names for the same thing, while 67.57 percent believe that they are different processes. The implication being that if there is in fact a move in place away from business continuity management towards organizational resilience, this could have fundamental implications for organizations.
The survey will remain open for a further week: click here to take part.
CDC has developed a dynamic modeling tool called Ebola Response that allows for estimations of projected cases over time in Liberia and Sierra Leone. The Ebola Response modeling tool has been used to construct scenarios to illustrate how control and prevention interventions can slow and eventually stop the Ebola epidemic. Importantly, it can help planners make more informed decisions about emergency response resources to help bring the outbreak under control. It allows input of data reflective of the current situation on the ground in affected countries and communities. Ebola Response is intended to help local governments and international responders generate short-term estimates of the Ebola situations in countries, districts, and villages. The tool, in the form of a Microsoft Excel spreadsheet, will be made freely available online.
Ebola Response makes case projections, but also models the impact of key elements essential to controlling the outbreak: the number of sick individuals who are effectively isolated and other actions to control for spread of infection, such as safe burial practices. Currently, many healthy individuals are contracting Ebola from non-isolated individuals with the disease. Others are contracting Ebola because traditional burial practices can involve multiple family members being exposed to the bodily fluids of the deceased body, which are highly contagious. Ebola Response modeling shows that with an increasing rate of isolation and measures to control the spread of infection, the rate of new Ebola cases declines rapidly.
CDC used the Ebola Response modeling tool to calculate Ebola cases through to mid-January in Sierra Leone and Liberia, providing an example of how this tool can be used. The MMWR estimates a range of between 550,000 and 1.4 million cases by January 20th, 2015. The top range of the case estimate, 1.4 million, is explained by the model’s assumption that cases are significantly underreported by a factor of 2.5. It is essential to note that these numbers reflect a moment in time based on scientific and epidemiological data available in August, which did not account for the ramping up of the Ebola relief effort which has occurred in September. Modeling suggests that extensive, immediate actions – such as those already started – can bring the epidemic to a tipping point to start a rapid decline in cases.
The most important part of the report describes the potential effect of public health actions. The news is encouraging. If we do nothing, things could become much worse. If the international community takes the actions that are planned Ebola can be brought under control. The model indicates that once a tipping point is reached, cases will decline about as rapidly as they had increased.
The National Science Foundation and the Semiconductor Research Corporation have given research awards to 10 universities to develop secure, trustworthy, assured and resilient semiconductors and systems.
The awards total $4 million and support research at the circuit, architecture and system levels on new strategies, methods and tools to decrease the likelihood of unintended behavior or access; increase resistance and resilience to tampering; and improve the ability to provide authentication throughout the supply chain and in the field.
"The processes and tools used to design and manufacture semiconductors ensure that the resulting product does what it is supposed to do. However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious," said Keith Marzullo, division director of NSF's Computer and Network Systems Division. "Through this partnership with SRC, we are pleased to focus on hardware and systems security research addressing this challenge and to provide a unique opportunity to facilitate the transition of this research into practical use."
SINGAPORE — On a sunny Saturday afternoon here, children scamper about on a broad green lawn, families lay mats down for picnics, and a man maneuvers a kite in the sky.
This is no ordinary lawn; it’s three floors up on the roof of a pump house next to Singapore’s first urban reservoir, Marina Bay.
“It’s an easy place to fly kites,” says Erich Chew, 45, whose day job is running a small IT business, but whose passion is aerial photography by kite (“Compared to a drone, there are more surprises”).
“It’s quite high,” he says, “and at this level the wind is usually quite good.”
Next to the pump house, a dam known as Marina Barrage stretches across the mouth of a wide channel. On one side of the dam is salt water, leading out to sea. On the other side is the fresh-water reservoir, a shimmering blue backdrop to some of the most expensive real estate in Singapore — tall office towers, a conference center, hotel and shopping complex and the popular Gardens by the Bay botanic garden, all built after the dam went up in 2008.
The deployment of 802.11ac is accelerating, according to ABI Research. The firm released research this week that predicts that it will reach 11 percent of consumer gear – access points (APs), routers and gateways – this year. The total number of units shipped will be more than 176 million. About 32 million of those will be APs.
The firm says that D-Link and NETGEAR represented more than 20 percent of the consumer market during the first quarter of this year. Cisco and Aruba are the leading vendors on the enterprise side. The enterprise market, according to the firm, is expected to generate revenue of $8.1 billion by the end of 2019.
Network World prefaces a piece sponsored by WildPackets on the preparations organizations should take to ensure a smooth rollout of 802.11ac with the warning that the suggestions may favor the vendor. In any case, it offers advice that should be considered.
The Business Continuity Institute will be hosting a networking event following their annual general meeting on the eve of the BCI World Conference and Exhibition. The networking event, sponsored by EPC (formerly known as Emergency Planning College), will be starting at 7pm at the Hand and Flower pub in Hammersmith.
All delegates at the BCI World Conference are invited to attend what will be a sparkling night of entertainment, dancing, drinks and nibbles. The venue is directly opposite the Olympia so conveniently located and provides an informal environment to reacquaint yourself with BC colleagues from across the world.
Lynda Vongyer, Business Continuity Director at EPC said: "Communication is a vital element of resilience planning, implementation and recovery. It’s good to talk, so EPC are very happy to host this pre-conference evening for the BCI. A great way to relax and unwind after your travels, meet old and new colleagues. We look forward to being your hosts."
MALMESBURY, UK – TEXTSQUIRT.com is a new service which aims to transform the way organisations communicate during emergencies. It combines the latest cloud technology with SMS messaging to provide a global urgent messaging service.
Mark Faithfull, CEO, commented: "TEXTSQUIRT is a powerful tool because you can use it just about anywhere - you don’t need 3G, Wifi, a computer or even a smartphone to send or receive a TEXTSQUIRT message. We use good old fashioned SMS and combine that with the latest cloud technology to securely route your messages to over 190 countries. You simply send one SMS to TEXTSQUIRT, and we broadcast that SMS to every mobile number you have added to you TEXTSQUIRT list.”
Businesses are reliant on their in-house IT systems, especially email, to communicate to their staff and clients. TEXTSQUIRT provides a very easy to use, cost effective alternative for when those in-house systems fail.
TEXTSQUIRT’s CEO has previously worked as a senior leader in various mission critical IT organisations and founded TEXTSQUIRT to solve a simple problem: “How do you send out a service alert if your email servers are down? You need a backup service that sits completely outside your own network and it needs to be really easy to use in the rush and confusion of an emergency. You don’t want to have to rely on your Wifi working or getting a 3G signal. TEXTSQUIRT solves this by providing a service that runs over SMS and is completely independent of your own infrastructure. You can be confident we will be up if your systems go down.”
The uses for TEXTSQUIRT extend beyond typical business continuity planning scenarios such as server crashes. Any time an urgent message needs to be delivered to customers, supporters or employees, SMS is much more effective than email. People tend to read an SMS as soon as it arrives. The service’s global reach and use of SMS also makes it ideal for communicating to an international team - think aid workers spread across the globe. A team leader based in the UK can pass on urgent updates and instructions simply by sending a single SMS and within seconds that message is being delivered to hundreds of workers around the world.
To celebrate the launch of the service, TEXTSQUIRT in conjunction with Disaster Recovery Journal, is offering new customers a 10% discount off their first year’s subscription if they quote the coupon code: DRJ10 during sign up.
TEXTSQUIRT is a relay service for SMS messages. It uses a distribution list stored securely in TEXTSQUIRT’s cloud platform. When a subscriber sends an SMS to their personal TEXTSQUIRT number, that SMS is then automatically resent to every member of their distribution list using local SMS gateways all over the world. The distribution list can be amended by authorised users at any time to add or remove numbers simply by sending SMS messages to TEXTSQUIRT.
OTTAWA, Canada – Diablo Technologies announced today that is has filed a lawsuit in the United States District Court, Northern District of California against Netlist (NASDAQ: NLST) for unfair business practices that violate Diablo’s Intellectual Property (IP) rights. Diablo’s Memory Channel Storage™ (MCS™) is a new and innovative architecture that neither infringes upon, nor misappropriates any Netlist IP rights. MCS-based products and the Netlist HyperCloud™ DIMM are designed to serve different purposes and are not interchangeable. The contract between the two companies clearly assigns legal ownership of the implementation IP in the HyperCloud chipset to Diablo. As a result, Diablo is seeking damages for breach of contract for Netlist’s attempt to usurp the company’s IP rights. “We have been very patient throughout this entire process and it is now time for us to share our side of the story. We will demonstrate definitively that products based on the Memory Channel Storage architecture do not use any Netlist IP,” said Riccardo Badalone, CEO and Co-founder of Diablo Technologies. “MCS-based devices are realizing tremendous demand and we are very happy with the success our partners are achieving with them.” https://twitter.com/diablo_tech https://www.facebook.com/pages/Diablo-Technologies/369582183128064 About Diablo Technologies Founded in 2003, Diablo is at the forefront of developing breakthrough technologies to set the standard for next-generation enterprise computing. Diablo’s Memory Channel Storage platform combines innovative software and hardware architectures with Non-Volatile Memory to introduce a new and disruptive generation of Solid State Storage for data-intensive applications. The Diablo executive leadership team has decades of experience in system architecture, chip-set design and software development at companies including Nortel Networks, Intel, Cisco, AMD, SEGA, ATI, Cadence Design Systems, Matrox Graphics, BroadTel Communications and ENQ Semiconductor. Website: http://www.diablo-technologies.com/
Guavus, Inc.a leading provider of big data analytics solutions for operational intelligence, today announced that its Reflex 2.0 platform has been designated a Certified Spark Distribution by Databricks, the company founded by the creators of Apache Spark. This Certification designates that the Guavus Reflex 2.0 platform is commercially compatible with open source Apache Spark and supports the rapidly growing ecosystem of applications leveraging Spark’s capabilities, including interactive queries, streaming data, machine learning and graph computation.
The Guavus Reflex platform is deployed at four out of the five largest mobile network operations, three of the top five Internet Backbone providers and the largest MSOs in North America. Guavus Reflex 2.0, which is built using Spark 1.0 and Hadoop Yarn 2.4, the latest technologies for large-scale processing of big data streaming analytics, which are being deployed at customer sites in 2H2014. With an open source core, the Guavus Reflex Platform also features pre-built engines for the integration of streaming and stored data, machine learning and decisioning applications for network, marketing, care and security. These big data applications deliver unprecedented time to value and enables customers to capitalize on their data assets to improve operating efficiencies, generate new revenue streams and deliver enhanced subscriber experiences.
“Guavus’ significant expertise and experience providing streaming analytics solutions to some of the world’s largest Communications Service Providers (CSPs) led them to build their Reflex 2.0 platform around Spark,” said Arsalan Tavakoli-Shiraji, customer engagement lead at Databricks. “Just as important, certifying their platform demonstrates that support for the rapidly growing Spark ecosystem and continued innovation are not mutually exclusive, but complementary.”
“We are committed to harnessing open source technologies that enable us to stay at the forefront of innovation and deliver the rich functionality and performance that our customers require,” said Eric Carr, Vice President Core Systems Group for Guavus. “Receiving Databricks’ Certified Spark Distribution enables Guavus to move even faster now and continue to enhance our platform with greater flexibility, while ensuring compatibility with the latest standards.”
Guavus provides CSPs and enterprise customers with an operational intelligence platform integrated with a suite of big data analytics applications for network, marketing, security and customer care. The world’s most data-intensive companies trust Guavus to help them take strategic advantage of their data assets to grow revenue, improve operating efficiencies and delight customers in new ways. The company counts 4 of the top 5 mobile network operators, 3 of the top 5 Internet Backbone providers, as well as 80% of cable MSOs in North America as customers. It currently analyzes more than 50% of all US mobile data traffic and processes more than 2.5 petabytes of data per day.