Oracle Q1’15 Preview: Key Trends We Expect

The world’s largest database program vendor, Oracle Corp., is scheduled to recover a mercantile Q1’15 formula on Sep 18, after markets close. (Fiscal years finish with May.) Last entertain (Q4’14), Oracle missed estimates on a sales as good as earnings. Revenues stood during $11.3 billion opposite a accord guess of $11.5 billion while a quarterly bottom line (Non-GAAP EPS) stood during $0.92 opposite accord of $0.95.

For a stream quarter, Oracle guides revenues to grow between 4% and 6% year to year. Consensus researcher estimates for Q1’15 revenues mount during $8.77 billion, indicating a 4.7% year-on-year expansion rate. Oracle’s bottom line (Non-GAAP EPS) superintendence for a entertain ranges between $0.62-$0.66, opposite a accord EPS guess of $0.64.

Below, we yield a brief refurbish on Oracle’s FY14 opening and take a demeanour during pivotal trends for Q1’15.

See Our Complete Analysis For Oracle

FY14 Review:

Last mercantile year, Oracle reorganized a stating format, and has begun stating a cloud subscription and on-premise businesses separately, both on revenues and expenses. Revenues from Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) grew 24% in consistent banking terms, channel $1 billion in FY14. However, Infrastructure-as-a-Service (IaaS) sales flat-lined via FY14, during $456 million. Total cloud revenues stood during approximately $1.6 billion, augmenting about 15.4% over FY13. We design a identical opening in cloud from Oracle in Q1’15.

On a on-premise front, new licenses revenues continued to drag down altogether program sales over a full mercantile year period. However, a cyclical inlet of new permit sales formula in larger permit sales towards mercantile finish for Oracle. Last mercantile year, new permit sales as percent of sum quarterly revenues increasing from 20% to 33% by a Q1’14 – Q4’14 period. Given a comparatively smaller bottom in Q1, sales expansion is expected to he aloft compared to other quarters. Over a march of an whole mercantile year, this cyclicality in new permit sales is averaged out and hence, macro factors that change direct for new on-premise licenses have some-more suggestive impact. Software permit updates and product support sales continued to facade a altogether debility in new permit sales, flourishing 7% in FY14 to strech $18.2 billion.

Oracle’s hardware business displayed initial signs of certain expansion final mercantile year, driven by flourishing direct for a high-performance Engineered Systems. New hardware product revenues stood during $2.98 billion, 1% reduce than revenues from full FY13. However, this decrease in new product sales was many improved than allied total from FY13 and FY12, where sales slumped 19% and 14% respectively. Bookings from Oracle’s SPARC super cluster height clocked a triple number expansion rate in Q4’14 while other systems such as Exalytics, Big Data Appliance and Oracle Database Appliance all grew double-digits. Oracle reports to boat a 10,000th Engineered System in Q1’15.

Key Trends for Q1’15:

1. New License Sales to Trend Lower

New permit sales have been on a downward trend for utterly sometime, quite due to gaining seductiveness in on-demand program adoption. This trend is expected to eat into new permit sales for vast top program vendors such as Oracle, SAP, Microsoft and IBM going forward. In a new statement, SAP Chief Financial Officer Luka Mucic settled that he expects on-demand subscription sales from SAP to outgrow on-premise permit sales by 2020. At FY13 end, SAP had new program sales of €4.7 billion opposite cloud subscription revenues of €800 million. This highlights a strength of a ongoing cloud emigration opposite a IT industry.

2. Oracle’s Cloud Subscription Sales To Lag Salesforce and SAP

As remarkable above, Oracle’s cloud subscription sales in FY14 grew 15.4% on a year-on-year basis. Comparatively, Salesforce and SAP have reported cloud subscription sales expansion of over 30%. Oracle’s altogether SaaS sales expansion was dragged down by diseased opening from a IaaS product offering. Barring a prosaic IaaS performance, cloud subscriptions in SaaS and PaaS purebred a sales expansion rate of 24% in FY14. Although this is reduce than expansion rates from Salesforce and SAP, Oracle has some opportunities to inorganically boost a expansion in SaaS and PaaS. On a IaaS front, we trust Oracle does not have clever prospects of growth, quite since of a huge marketplace share of Amazon’s Web Services in a IaaS marketplace and a cut-throat pricing. AWS has a market share of scarcely 5 times a subsequent fourteen competitors, indicating a scale it has built in a IaaS space.

3. Engineered Systems To Accelerate Hardware Product Sales

Over a past few years, Oracle aggressively promoted a extended operation of Engineered Systems that run on a Unix-based SPARC architecture. Despite a advantage of carrying a customary procession for a x86 architecture, many modernized program packages that are employed on high-performance servers were still concordant on a Unix system. After a merger of SUN Microsystems, Oracle shutdown a OpenSolaris plan and returned Solaris to a exclusive roots as a many entirely featured of a Unix-based handling system.

This magnitude was meant to refocus a Unix Enterprise charity on a core users by formulating a closed, Unix-based, Solaris system. The aim was to accommodate patron upgrades and beget share gains from incremental Unix deployments and migrations. The standardization of Solaris by a shutting of a OpenSolaris plan helped Oracle de-emphasize a x86 line of products from SUN, enabling it to concentration on a high-end Engineered Systems. It continues to offer a full line of Sparc- and x86 formed systems, however. We trust these initiatives have helped Oracle stabilise a hardware products division, and should be a vital motorist in a division’s liberation going forward.

TCPdump Steps For Linux And Unix Users

Tuesday, Sep 02, 2014

TCPdump is a outline of a essence of packets on a network interface that matches a countenance specified on a authority line. This can also be run with a w dwindle that save a parcel information to a record for after analysis.

TCPdump, Tcpdump commands, Linux, Unix, tcpdump for linux, tcpdump for Unix, tcpdump process, tcpdump steps,  SIGINT signal,  SIGTERM signal,  SIGINFO signal

With a r dwindle it reads from a saved parcel record rather than reading packets from a network interface. Tcpdump continues to constraint packets until it gets disrupted by a SIGINT vigilance or a SIGTERM signal. If a run with a -c dwindle afterwards it captures packets before removing interrupted by a signals or a specified series of packets have been processed.

When capturing packets is finished by Tcpdump it reports depends of a packets ‘captured’, packets ‘received by filter’ and packets ‘dropped by kernel’. On platforms that support a SIGINFO vigilance it reports depends when it receives a vigilance and continues capturing packets. Reading packets from a network interface might need that we have special privileges though reading a saved parcel record doesn’t need any special privilege.

Here are a options:

1. You can imitation any parcel in ASCII as it’s utterly a accessible choice for capturing web pages.

2. You can imitation a AS series in BGP packets in ASDOT footnote rather than a ASPLAIN notation. You can also set your handling complement aegis distance to buffer_size.

3. After we accept a count packets we need to exit. Before we write a tender parcel to a savefile we need to check if a record is incomparable than file_size. If so afterwards tighten a savefile and open a new one.

4. You can now dump a gathered packet-matching formula in a tellurian entertaining form to customary outlay and afterwards stop. Then dump a packet-matching formula as a C module bit and also a packet-matching formula as decimal numbers. Then we take a imitation of a list of a network interfaces accessible on a complement and on that tcpdump can constraint packets. This can be useful on systems that don’t have a authority to list them.

5. Then we take a imitation of a link-level header on any dump line. Then we might use spi@ipaddr algo:secret for decrypting Ipsec ESP packets. This multiple might be steady with comma or newline separation.

6. Then we imitation ‘foreign’ IPv4 addresses numerically rather than symbolically. The exam for ‘foreign’ IPv4 addresses is finished regulating a IPv4 residence and netmask of a interface on that capturing is being done.

7. Then a dump record needs to be rotated with a -w choice privately and savefiles will have a name specified by -w that should embody a time format as tangible by strftime.

8. Then take a imitation of a tcpdump and libpcap chronicle strings, imitation a use message, and exit.

9. Then listen to a interface and if vague afterwards a tcpdump searches a complement interface list for a lowest numbered, configured adult interface (excluding loopback). Put a interface in “monitor mode” as it is upheld usually on IEEE 802.11 Wi-Fiinterfaces, and on some handling systems.

10. You have to set a time stamp form for a constraint to tstamp_type. Then we can list a upheld time stamp forms for a interface and exit.

11. Make a list of a upheld time stamp forms for a interface and exit.

12. Make a stdout line buffered. It can be useful if we wish to see a information while capturing it. For example, tcpdump -l | tee dat or tcpdump -l dat tail -f dat

13. Make a list of a famous information couple forms for a interface, in a specified mode, and exit.

14. Don’t modify addresses (i.e., horde addresses, pier numbers, etc.) to names and also don’t imitation domain name gift of horde names.

15. The packet-matching formula optimizer sould not be run as this is useful usually if we think a bug in a optimizer.

16. Don’t put a interface into random mode.

17. Always indulge in quick/quiet output. Print reduction custom information so outlay lines are shorter.

18. You can assume that ESP/AH packets are to be formed on aged selection (RFC1825 to RFC1829). Packets can be review from record (which was combined with the-w option). Standard submit is used if record is “-”.

19. You should imitation absolute, rather than relative, TCP method numbers.

20. Force packets comparison by “expression” to be interpreted a specified type. Don’t imitation a timestamp on any dump line and don’t imitation an unformatted timestamp on any dump line. You need to imitation a delta (micro-second resolution) between stream and prior line on any dump line.

21. Print undecoded NFS handles. If a -w choice is not specified, afterwards make a printed parcel outlay “packet-buffered”.

22. When parsing and printing, furnish (slightly more) prolix output.

23. Write a tender packets to record rather than parsing and copy them out.

24. When parsing and printing, we should imitation a information of any parcel (minus a couple turn header) in conjuration ans ASCII. The smaller of a whole parcel or snaplen bytes will be printed.

25. Set a information couple form while capturing packets to datalinktype.

26. If a and is used with a -C or -G options, afterwards tcpdump runs “command file” where record is a savefile being sealed after any rotation. If tcpdump is using as base afterwards we should change a user ID to user and a organisation ID to a primary organisation of user. This function can also be enabled by default during accumulate time.

Courtesy: Computer Hope

Sanchari Banerjee, EFYTIMES News Network

RetroBSD: Run aged BSD Unix on a microcontroller

Icon

Modern microcontrollers are apropos utterly beefy. The Microchip PIC32 line is indeed an doing of a MIPS32 4K design – and with 512K of peep and 128K of RAM we can even run Unix! RetroBSD is a pier of BSD 2.11 for a PIC32. You competence not be means to run X11, though it is still really useful and a good sign of how tiny Unix used to be – and how distant it has come.

Alkaline Water Co. Meets Growing Demand by Adding Co-Packer UNIX …

SCOTTSDALE, AZ–(Marketwired – Aug 8, 2014) – The Alkaline Water Company Inc. (OTCQB: WTER) (the “Company”), developers of an innovative state of a art exclusive electrolysis libation process, finished and sole in 700 milliliter, 3 liter and 1 gallon sizes underneath a trade name Alkaline88, is gratified to announce entrance into a co-packing agreement with UNIX Packaging, Inc. of Montebello, California (“UNIX”).

The agreement will supplement over 40 truckloads per month to a company’s stream ability while dwindling costs and smoothness times to a critical Southern California market. The increasing ability is expected to go into full prolongation during a third quarter. Currently, a singular lorry bucket (depending on product mix) can beget adult to $11,000 in additional income for a company.

UNIX specializes in libation agreement wrapping from a 75,000 block feet state-of-the-art plcae that is home to one of a many modernized libation prolongation comforts in a US. The association offers all from finish turn-key prolongation lines including Blowing Mold Solutions, to CSD and Hot Filling, to finish of a line and multipack solutions. The considerable prolongation line speeds operation from an normal of 250-450 bottles per minute. In-house chemists safeguard regulation firmness and conduct tradition mixture permitting clients to say severe standards. Clients operation from vital grocery chains, selling firms, hotels and casinos, restaurants, and inhabitant libation brands.

Alkaline Water Co. President CEO Steven Nickolas states, “With a billboard selling debate entirely underway opposite Southern California we are already experiencing heightened direct in a marketplace. By adding a state-of-the art co-packer like UNIX, we can safeguard a stream and destiny business that combined final will be met efficiently. Adding co-packers opposite a nation is only partial of a efforts to be a many cost fit bottled H2O association in a country. We continue to govern a vital business devise and a increasing ability and reduced costs supposing by this agreement is another critical step along a way. We couldn’t be happier to be operative with a group of professionals during UNIX during this sparkling time for Alkaline88.” 

Additional sum of a Company’s business, finances, appointments and agreements can be found as partial of a Company’s continual open avowal as a stating issuer with a Securities and Exchange Commission (“SEC”) accessible during www.sec.gov. For some-more information, revisit a website during www.thealkalinewaterco.com.

The Alkaline Water Company Inc. (OTCQB: WTER)
The Alkaline Water Company Inc. has grown an innovative, state of a art, exclusive electrolysis routine that produces healthy alkaline H2O for a offset lifestyle. The association is focused on a business of distributing and selling a sell sale of a cost-effectively finished Alkaline88 H2O libation products. Visit us at:www.thealkalinewaterco.com.

About Alkaline Water Products
Alkaline88′s premier alkaline H2O is an 8.8 pH offset bottled alkaline celebration H2O extended with snippet minerals and electrolytes. The product offers consumers a singular event to squeeze alkaline H2O in conveniently finished 3 liter and one gallon sizes (plus 700ml in name markets). The Alkaline Water Company Inc. is now in a midst of a inhabitant mass markets enlargement module and is already accessible for consumer sales during a flourishing series of vital sell locations opposite many tools of a United States. Learn some-more about a scholarship behind alkaline H2O by visiting www.thealkalinewaterco.com.

Notice Regarding Forward-Looking Statements
This news recover contains “forward-looking statements.” Statements in this press recover that are not quite chronological are forward-looking statements and embody any statements per beliefs, plans, expectations or intentions per a future. Such forward-looking statements include, among other things, a further of over 40 truckloads per month to a company’s stream ability while dwindling costs and smoothness times, and that a increasing ability is expected to go into full prolongation during a third quarter, and that a Company can safeguard stream and destiny business that combined final will be met efficiently. Actual formula could differ from those projected in any forward-looking statements due to countless factors. Such factors include, among others, a fundamental uncertainties compared with building new products and handling as a growth theatre company, a ability to lift a additional appropriation we will need to continue to pursue a business and product growth plans, foe in a attention in that we work and marketplace conditions. These forward-looking statements are done as of a date of this news release, and we assume no requirement to refurbish a forward-looking statements, or to refurbish a reasons because tangible formula could differ from those projected in a forward-looking statements, solely as compulsory by germane law, including a bonds laws of a United States. Although we trust that any beliefs, plans, expectations and intentions contained in this press recover are reasonable, there can be no declaration that any such beliefs, plans, expectations or intentions will infer to be accurate. Investors should deliberate all of a information set onward herein and should also impute to a risk factors avowal summarized in a reports and other papers we record with a SEC, accessible during www.sec.gov.

Unmatched formula of ICS BANKS® resolution on HP Superdome 2 i4 Unix …

ICS BANKS® Application Achieves Record Breaking Performance and High-watermark Benchmarking on HP Unix Platform 

ICS Financial Systems Limited (ICSFS), the tellurian program and services provider for banks and financial institutions, successfully benchmarked a ICS BANKS® program apartment on HP Superdome 2 i4 Unix environment. 

Performed in Mar 2014, during HP Atlanta Solution Centre in USA, a benchmark suggested high opening scalability of ICS BANKS® and achieved a top and unmatched formula with high series of point connected users and large injection of financial transactions. 

ICSFS generated ICS BANKS® information deputy of tier 1 and tier 2 concept banking activity volumes of 145 million accounts, 3,000 branches and some-more than 42,000 point users. 

With simulating some-more than 42,000 point users, a throughput of 22,056 for OLTP financial exchange was achieved for generation of 35 minutes. The ATM E-channels benchmark suggested an altogether throughput of 63k (62936) exchange per second. End of Month Capitalization Batch processed 4.2 million Interest Accounts in 4 mins window ensuing in an unmatched collection throughput of 59k (59200) accounts per second. 

ICS BANKS® Internet Banking (IBS) benchmark totalled a online estimate window, installed with some-more than 61,000 point users with 45 million purebred users. The complement upheld around 422,000 user logon and 23 million web page visits within 30 minutes. During this test, a throughput of 5.3k (5338) online financial exchange per second is postulated ensuing in 9.6 million online exchange within a 30-minute window. This exam totalled a scalability and sustainability of ICS BANKS® Internet Banking to offer large clients over 30 mins while still ensuring fit use smoothness but any detriment of speed or peculiarity of service. 

This opening benchmark reflects ICS BANKS® high scalability and lively of providing high levels of operational efficiency, assembly finish users ever-changing final and elaborating business requirements, and delivering absolute banking solutions designed for a world’s largest banks. Sustaining extraordinary and unmatched throughput for both online and collection processing, while still ensuring fit use smoothness but any detriment of speed or peculiarity of service, is the highest achieved currently as no publicly accessible benchmark is famous to yield aloft opening for this kind of benchmark. 

Managing Director of ICSFS; Mr. Robert Hazboun commented on this milestone, “Our record violation formula denote that ICS BANKS® can simply hoop a transaction estimate mandate of any bank, anywhere in a world. ICS BANKS® valid a robustness, scalability, potency and agility. ICS BANKS® uses and utilizes a latest record accessible in a marketplace in further to a plain architecture.’’ 

ICS BANKS® provides a finish apartment of banking business modules with a abounding brush of functionality and features, addressing business needs and automating accounting processes, as needed, to urge a bank’s business performance. ICS BANKS® has always been a colonize in utilizing a latest record to offer financial institutions. In further to a embedded Service-Oriented-Architecture (SOA), a complement is deployed in a multi-tiered setup that runs on a web skinny client, J2EE environment. ICSFS references in Iraq embody a following banks: Bank of Baghdad, Gulf Commercial Bank, Warka Bank for Investment Finance, Investment Bank of Iraq, United Bank for Investment, Ashur International Bank for Investment, Dar Es Salaam Investment Bank, Emerald Bank, Vakif Bank, Iraqi Islamic Bank, T.C. Ziraat Bankasi, Albaraka Türk Participation Bank. The banking zone in Iraq consists of a Central Bank of Iraq and 56 banks distributed as below; (7) supervision banks, (29) private Banks, (9) Islamic banks, and (11) unfamiliar banks.

Perl – Sending Email with NET::SMTP using username and password

First of all double check that Authen::SASL is an installed module.. If you are not getting emails this could be why – it doesnt provide an error that is understandable!

#!/usr/bin/perl
### ENSURE Authen::SASL is installed
use Net::SMTP;
use strict;
use warnings;

my $host= 'yourhostname';
my $username= "yourpop3username";
my $password = "yourpassword";

my $from = 'bob\@GOemail.com';
my $to = 'bob@here.co.uk';
my $DOMAIN = "somedomain.co.uk";

my $smtp = Net::SMTP->new($host, Hello =>$DOMAIN, Timeout => 60) or die "Failed to Open SMTP Connection : $!";
$smtp->auth($username, $password) or die "Failed to authenticate";

my $subject = "Build";
my $emailBody = "This is the body...\n BOB";

$smtp->mail("$from"); ## FROM
$smtp->to("$to");
$smtp->data();
$smtp->datasend("To: $to\n");
$smtp->datasend("From: $from \n");
$smtp->datasend("Subject: $subject \n");
$smtp->datasend("\n");
$smtp->datasend("$emailBody:\n");
$smtp->datasend("\n");
$smtp->dataend();
$smtp->quit;

These links were useful also:

http://quark.humbug.org.au/publications/perl/perlsmtpintro.html

http://www.perlmonks.org/?node_id=449583

http://search.cpan.org/~shay/libnet-1.27/Net/SMTP.pm

Mayhem malware ropes Linux, UNIX servers into botnets

A new malware that researchers have dubbed Mayhem is being used to aim Linux and Unix web servers and has so distant compromised over 1,400 Linux and FreeBSD servers around a world, advise researchers from Russian Internet hulk Yandex.


Mayhem has a functions of a normal Windows bot, though doesn’t need base entrance to make use of them. The malware is modular, and can be expected done to do a series of things, though a stream chronicle can:

  • Find websites that enclose a remote record inclusion (RFI) vulnerability
  • Enumerate users of WordPress sites
  • Identify user login pages in sites formed on a WordPress CMS
  • Brute force passwords for sites formed on a WordPress and Joomla CMSs
  • Brute force passwords for roughly any login page
  • Brute force FTP accounts
  • Crawl web pages (both by URL and IP) and remove useful information.

During their investigation, a researchers also rescued that Mayhem is a delay of a Fort Disco brute-force debate unearthed by Arbor ASERT in Aug 2013.

“Initially, a square of malware appears as a PHP script,” a researchers shared. “After execution, a book kills all ‘/usr/bin/host’ processes, identifies a complement design (x64 or x86) and complement form (Linux or FreeBSD), and drops a antagonistic common intent named ‘libworker.so’.”

New variables, scripts and tasks are created, functions executed and processes run (for in-depth sum check out a researchers’ paper during Virus Bulletin), and a malware contacts a CC server in sequence to send a host’s complement information and accept instructions on what to do next.

The researchers managed to benefit entrance to dual of a 3 CC servers used to conduct a botnet, and have rescued that those dual control about 1,400 bots, many of that were used to beast force WordPress passwords.

“During a analysis, we found some common facilities common between Mayhem and some other *nix malware. The malware is identical to ‘Trololo_mod’ and ‘Effusion’ – dual injectors for Apache and Nginx servers respectively,” they noted, and supplement that notwithstanding a miss of evidence, they think that all these malware families were grown by a same gang.

Yandex researchers weren’t a initial ones to have rescued and analyzed Mayhem – a Malware Must Die group has spotted it scarcely a month earlier. Both teams researched a malware independently.

Yandex researchers charge a rising recognition of botnets done adult of *nix web servers to several factors: Web servers are some-more absolute than typical personal computers and have good uptime; a admins customarily refurbish a program manually and irregularly, permitting enemy to find and feat vulnerabilities; and Web server botnets are ideal for earning criminals income off of trade redirection, drive-by download attacks, black shawl SEO, and so on.

BusyBox crams 117 Unix collection into a little Windows executable

BusyBox

Unix is eminent for a absolute authority line tools, and there are many ways we can try during slightest some of them on a PC. Installing Gnu on Windows gets we 100+ of a best famous tools, recompiled to run underneath Windows, while favorites like grep have been ported individually.

But if you’re looking for morality and convenience, it’s tough to kick BusyBox, that crams little versions of 117 Unix utilities into a singular 645 KB executable. There’s no bulk, no formidable folder structure, only one package that provides all we need.

You don’t need any Unix/ Linux believe to get during slightest something from a program, as many of a commands are really simple. Cal displays a content calendar (month or year); df and du promulgate tough expostulate use; conduct displays a initial 10 lines of a content file; nap pauses your book for a tangible time; unzip extracts files from archives, and so on.

If you’re gentle during a Windows authority line afterwards you’ll conclude BusyBox’s some-more modernized tools. Diff compares content files and displays their differences; ftpput and ftpget store and collect files around ftp; grep is a absolute hunt apparatus with unchanging countenance support; hexdump displays files in several tradition formats; and there are smarter ways to duplicate files, review them, and generally take improved control of your system.

Linux experts should keep in mind that BusyBox has been optimized for size, and a collection generally don’t have as many options as a originals. The module is some-more about preference and portability than ancillary each singular discretionary switch.

For all that, many collection keep their core features, and BusyBox does support a lot of utilities:

[, [[, ar, ash, awk, base64, basename, bash, bbconfig, bunzip2, bzcat, bzip2, cal, cat, catv, chmod, cksum, clear, cmp, comm, cp, cpio, cut, date, dc, dd, df, diff, dirname, dos2unix, du, echo, ed, egrep, env, expand, expr, false, fgrep, find, fold, ftpget, ftpput, getopt, grep, gunzip, gzip, hd, head, hexdump, kill, killall, ls, lzcat, lzma, lzop, lzopcat, man, md5sum, mkdir, mktemp, mv, od, patch, pgrep, pidof, printenv, printf, ps, pwd, rev, rm, rmdir, sed, seq, sh, sha1sum,  sha256sum, sha3sum, sha512sum, shuf, sleep, sort, split, stat, strings, sum, tac, tail, tar, tee, test, touch, tr, true, uname, uncompress, unexpand, uniq, unix2dos, unlzma, unlzop, unxz, unzip, usleep, uudecode, uuencode, vi, wc, wget, which, whoami, xargs, xz, xzcat, approbation and zcat

That’s a lot to learn, though we can collect out a collection we need, and a module comes with a possess simple help. Enter BusyBox during a authority line to see a full list of utilities, or supplement a duty name — BusyBox grep — for sum on accurately what we can do.

Oh SNAP! Old-school ’80s Unix penetrate to pound OSX, iOS, Red Hat?

The pierce to DevOps

Unix-based systems, as used worldwide by sysadmins and cloud providers alike, could be hijacked by hackers abusing a hard-coded vuln that allows them to inject capricious commands into bombard scripts executed by high-privilege users.

A category of vulnerabilities involving supposed wildcards allows a user to impact bombard commands released by other users by filename manipulation. If a other user is a absolved user, such as root, afterwards a tactic could be used to run betterment of privilege-style attacks.


In a context of programming a wildcard is a character, or set of characters, that can be used as a deputy for some other operation or category of characters. Wildcards are interpreted by a bombard book before any other movement is taken.

The old-school hacking technique, unclosed by confidence researchers during DefenseCode, uses specifically crafted filenames featuring wildcards to inject capricious arguments to bombard commands run by other users.

DefenseCode’s whitepaper contains examples for opposite Unix commands and their impact if used in multiple with wildcards. All Unix derivatives are potentially vulnerable.

Although it competence during initial seem that a smirch usually affects badly-coded bombard scripts that are executed by a aloft absolved user, implying that it’s not generally serious, a outcome could go deeper than that, according to third-party investigate of a disadvantage by confidence consultancy SEC Consult.

SEC Consult reckons a disadvantage has implications for a foot and shutdown sequences of servers using with high privileges on many Unix-like handling systems.

The bug potentially affects Android, iOS, OS X and all a embedded solutions using on Linux. Oracle, RedHat and other blurb Linux formed systems competence also be during risk.

“Many of these handling systems have opposite bombard utilities and collection usurpation even some-more authority line options,” SEC Consult records in a blog post “A brief check on Ubuntu gave us during slightest 5 commands, besides a ones mentioned in a whitepaper, unprotected to this specific problem.”

Cloud service- or web hosting providers using cron jobs for backups and identical tasks competence also be exposed, according to SEC Consult, that argues that a disadvantage is a good claimant for serve research.

“Since this bug originates from a pattern problem it will be unequivocally engaging on how handling complement vendors residence this problem. It is something we can't repair with a elementary patch. The approach on how a complement interacts with files has to be totally redesigned,” SEC Consult writes.

“This is a ‘feature’ that has been benefaction here given emergence of a internet, though nobody unequivocally attempted to injustice it previously,” explained Leon Juranic, arch exec of DefenseCode, in an email to El Reg.”It is both hacking technique and tangible vulnerability/weakness of Unix systems. Probably all Unix distributions are unprotected to this.”

“We wanted to surprise all vital *nix distributions around a obliged avowal process about this problem before posting it,” he added, “because it is rarely expected that this problem could lead to internal base entrance on many distributions. But, given partial of this investigate contained in a request was mentioned on some blog entries, we are forced to recover it in a full version.”

Juranic combined that a new recover of similarly-themed third-party research stirred DefenseCode to recover the investigate – that it had been operative on given Apr 2013 – progressing than it primarily intended. ®

Architecting a Big Data Platform for analytics

Speaking in Tech: Unix beards, coders in hoodies – we’re live during HDS Summit

Securing technologies for mobile and BYOD

Podcast

speaking_in_tech Greg Knieriemen podcast enterprise

Our unchanging podcast was available live this week during a HDS Influencers Summit, where horde Greg Knieriemen has a row crowded of those really people – including during slightest one chairman who appears to have been in stealing over a past few months… But after rising in Moscow Airport (we kid, we kid) Colorado Springs, he’s here to discuss to us.

We also have a voice that should be of good seductiveness to a channel crowd: former systems integrator/value-added reseller dilettante and stream indie consultant Enrico Signoretti (currently with Juku.IT).


Rounding out a heavyweight row are special guest Michael Hay, VP and arch operative during Hitachi Data Systems, Chris Evans of Architecting.IT and Nigel Poulton of Pluralsight.

Today’s agenda

Check out a using list below, with indexes in mins and seconds, download a MP3, allow to it, or only press play to listen in.

  • Catching adult with a aged squad (0:45)
  • The miss of craving API adoption (8:45)
  • Network programing ability necessity (11:23)
  • Need for Development Environments (13:00)
  • IT as a use (16:57)
  • Bridging a API stupidity opening (20:00)
  • Hoodie-wearing programmers and a generational transition (21:10)
  • Python for kids (24:55)
  • Raspberry Pi, Arduino and lessons schooled (27:21)
  • Apple releases 4,000 APIs (29:23)

Listen with a Reg actor below, or download here.

Speaking in Tech: Episode

Podcast Subscriber Links

Subscribe by iTunes

Subscribe by Google

Subscribe by Stitcher

Feed URL for other podcast collection – Juice, Zune, et cetera: http://nekkidtech.libsyn.com/rss

2013 Cyber Risk Report