Archive for February 13, 2018

Altibase Goes Open Source To Challenge Oracle, IBM & Microsoft

Posted in Commentary with tags on February 13, 2018 by itnerd

On February 12 in 2018, Altibase, an enterprise grade relational database, announced that it is now open source.

Altibase is a mature, battle-tested database. For nearly 20 years, Altibase has served over 600 enterprise clients, including 8 Fortune Global 500 companies, in more than 6000 deployments.

Altibase was included in Gartner’s Magic Quadrant for operational DBMSs in 2013, 2014 and 2015.

By going open source, Altibase directly challenges Oracle, IBM and Microsoft by providing equal functionality at much lower cost. Now, users don’t have to choose between low cost and reliability. With Altibase, they can now have both.

Furthermore, Altibase provides state-of-the-art sharding technology. With Altibase, enterprises do not have to make any changes to their existing systems running on relational databases, so execution is easy and quick.

In addition, Altibase super-minimizes the use of coordinators in sharding so that enterprises experience almost no coordinator-related bottlenecks. No matter how many servers are added, linear performance enhancement is maintained, resulting in lower TCO. (https://youtu.be/T1JbefKxmPA)

Download Altibase today to discover why so many major companies around the world have chosen Altibase.

More information about Altibase is available at www.altibase.com.

Advertisements

Huawei Caught Trading Phones For Fake Reviews

Posted in Commentary with tags on February 13, 2018 by itnerd

Well this looks a wee bit shady.

Huawei has been caught by 9to5Google.com apparently trading their new and cool Mate 10 Pro phone for five star reviews on Best Buy’s website. Here’s the kicker, the phone doesn’t go on sale until Sunday in the US. So this appears to be astroturfing:

The phone is only up for pre-order so far, and yet 108 people have left glowing “reviews” of the phone on its Best Buy listing. Almost all of the reviews are a solid 5-stars, saying it is the “unbeatable smart phone of the year,” a “great new flagship phone,” and even a device that “puts Samsung to shame.”

If you don’t look a little closer, you might think that the phone genuinely has lots of buzz and excited customers. It would certainly be easy to be misled by the small 5-star review that shows on the listing page and in search results, as well as the reassuring (108) number right next to it. Unfortunately, nothing here is what is seems.

So why are all of these people are so ecstatic about a phone they haven’t even used yet? It turns out Huawei posted to a private Facebook group asking its 60,000 members to post “why they WANT to own the Mate 10 Pro” on the review section at Best Buy’s website. We managed to get a screenshot of the post which you can see below.

#EpicFail

I have to wonder if this tactic is in response to what happened recently where they were pretty much shut out of partnering with Verizon because of spying concerns? Whatever the reason, now that the cat is out of the bag, the optics really doesn’t look good for Huawei.

 

Hacker Demonstrates Weak Security In Freedom Mobile’s Customer Login System

Posted in Commentary with tags on February 13, 2018 by itnerd

MobileSyrup is reporting that goes by the moniker NullHumanity has uncovered a vulnerability in Freedom Mobile’s customer login system. Meaning  that Freedom Mobile customers could be at risk of hackers gaining access to some of their personal information.:

It’s CAPTCHA after 3, which is not unbreakable. Also there exists a method to forcibly reset the counter after one hour. This was a trivial discovery during my initial research period.

A skilled attacker would find this, and would be almost guaranteed to have a CAPTCHA bypass method at their disposal. 5 requests per hour is still going to result in a lot of account details being found.

I added very large delays in my script so as not to stress the login server and I was still seeing a new success every 30 or so seconds.

I would say a skilled attacker could breach an account and extract data 200 times per minute on a mid level machine.

In other words, it’s possible to brute force your way into the system. And once you’re in, you could have access to all that personal information.

Freedom Mobile said this:

For its part, Freedom Mobile’s vice-president of external affairs, Chethan Lakshman, stated over email: “The security measures we have in place cannot protect against guessing common passwords. We continue to strongly encourage our customers to use unique PIN numbers that are not easy to guess, and to change their PINs frequently to best protect their personal account information.”

Lakshman also said that Freedom continuously reviews its security practices and is “committed to making improvements and changes as appropriate to continue keeping our customers’ information secure.” Freedom’s security measures, said Lakshman, are designed to protect Freedom Mobile customers’ information from malicious activity while “meeting customer demands for a resonable login process.”

I guess that translates to “if you get pwned, it’s not our fault.” In terms of their advice of changing your PIN. That’s not going to make you any safer. What will make users safer is for Freedom Mobile to give their security a rethink. Because you’d think that Freedom Mobile would take the security of their user base seriously. But clearly they don’t based on the statement above.

#Fail

 

 

 

Skype Has A Bug That Would Be Hard To Fix Which Leaves You Open To Pwnage

Posted in Commentary with tags on February 13, 2018 by itnerd

ZDNet reports of a security flaw in Skype’s updater process that “can allow an attacker to gain system-level privileges to a vulnerable computer.” If the bug is exploited, it can escalate a local unprivileged user to the full ‘system’ level rights. Which means that a hacker can do anything they want.  What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.” Instead, Microsoft is putting all its resources on building an altogether new client.

Microsoft has this really wrong. Now that this bug is public, it is only a matter of time before the pwnage begins. And what will Microsoft do then? Likely throw all its resources towards trying to stop the pwnage. So they might as well do that now and protect their user base in the process. But I guess the folks over in Redmond don’t see it that way. Thus, consider warned if you’re a Skype user.

 

Infographic: The Digital Office Today

Posted in Commentary on February 13, 2018 by itnerd

greetly-dot-0802.jpg

Source: Greetly.com