Home Tags Security news

Tag: security news

NEWS ANALYSIS: The impact of the hacked Apple iCloud images spreads to Google, but is the search giant actually responsible? Google is being threatened with a potential lawsuit of up to $100 million over alleged privacy violations related to the recent Apple iCloud celebrity photo hacking incident, which led to the disclosure of private pictures of dozens of Hollywood celebrities. The legal threat is being levied by law firm Lavely & Singer, which noted in the complaint that that it is the legal counsel of "over a dozen female celebrities" who were victims of the recent iCloud attack. "Although it has been approximately four weeks since we sent our first DMCA (Digital Millennium Copyright Act) notice to Google, and well over a dozen additional notices and warnings have been sent to you since then, many of the images are still available on Google's sites," the lawyer's letter states. The legal complaint demands that Google fix the situation and do the right thing and remove the images from Google sites and search results. "Rather than be the transgressor, Google should set the example for all other operators and providers," the letter states. "In Google's own words,' Don't be evil.'" Google did not respond to a request for comment from eWEEK about the legal complaint. The issue of whether or not Google is responsible for users who are searching for bad things is one that technology experts contacted by eWEEK had mixed opinions about depending on the context. The idea of searching for bad things, including potential security issues on Google, is a common security researcher practice that is often referred to as Google Hacking. Morey Haber, senior director of program management at BeyondTrust, said that the DMCA has always been a debated piece of legislation, since it can impede free speech as guaranteed by the U.S. Constitution. "The idea of searching for a bad thing can lead easily lead to illegal activity," Haber said. For example, searching for a movie title and BitTorrent implies the user wants to download a movie, probably illegally, he said. "Now, if the content itself was obtained illegally, like the recent nude pictures of celebrities, does it make Google an accessory to the crime, since it knows the images where obtained illegally and being hosted in their domain?" Haber asked. Tom Gorup, security operations center manager at Rook Security, told eWEEK that Google's search engine is just that—a search engine. Google's job is to provide users with access to information they otherwise would never have known about or would have otherwise taken exponentially longer to locate. "Bad things will be on the Internet, and Google offers a 'Safe Search' function if users would rather not be shown that type of content," Gorup said.
With a nod to the past success of macro viruses, more than a quarter of all document malware now spreads via Microsoft's Visual Basic scripting language. In July 1995, a proof-of-concept macro virus, fittingly known as "Concept," started infecting Microsoft Word documents using a Visual Basic script to copy itself to the default template file. For six years after that, macro viruses written in Visual Basic for Applications (VBA) dominated the rogues gallery of malicious software, supplanting boot-sector viruses as the top method of propagating code. And then, in 2001, the technique became nearly extinct, as Internet worms became the favored infection method. Now, document malware written in Visual Basic is once again on the rise, according to an analysis by researchers at security firm Sophos. Macro-based infectors accounted for 28 percent of all document malware in July 2014, up from 6 percent the previous month. The rise in usage is likely due to common macro templates being shared between criminal groups, Sophos researcher Graham Chantry said in an email statement to eWEEK. "Up until now we could only speculate as to why authors moved towards VBA, but these templates would go some way to explaining it," he said. "Getting malware installed on a user’s machine is the one of the most difficult parts of the infection process and with some companies explicitly blocking executable attachments, a VBA template ... provide(s) the perfect solution." Like the macro viruses of the past, a significant number of current malware threats used Visual Basic to encode functionality within documents. In the mid-1990s, the success of Concept in the mid-1990s gave birth to a litany of similar viruses that used the lack of anti-malware technology to spread quickly through email attachments. The Melissa (1999), LoveLetter (2000) and Kournikova (2001) viruses all spread widely, infecting hundreds of thousands of systems. Each program used Visual Basic for Applications, a programming language used for creating macros in Microsoft Office. In 2001, however, macro viruses essentially died off and, with Microsoft disabling macros by default in Office 2007, the technique was largely bypassed for more productive techniques. That is until this year. In a paper published in July, Sophos researcher Gabor Szappanos described the uses of VBA in current malicious documents. Most often, the programming language is used to drop code. However, Microsoft's security settings require that the attackers contrive some way to convince user to allow macros to run. The result is that cyber-criminals are creating documents that claim to need macros to run, including declaring that other software is necessary to open the document or claiming the message is from an antivirus company, according to a blog post published in September by Sophos's Chantry. One example declared that the "contents of the document have been encrypted by SOPHOS encryption software." "Whatever tricks they employ, their aim is always to convince unsuspecting users that a document is from a trusted source and that enabling its macros is safe," Sophos's Szappanos stated in his analysis. Visual Basic is not the only scripting language targeted by attackers. Windows task automation utility software, PowerShell, AutoIt, and Batchscript have all been used as well. "Adding new layers to the infection process is likely an attempt by malware authors to conceal their true intentions from AV detection," Chantry told eWEEK.
The financial giant details the impact of a summer hacking incident as reports of a new incident emerge. JPMorgan Chase today revealed details of a cyber-attack that was first reported in August. In an 8-K U.S. Securities and Exchange Commission (SEC) filing, JPMorgan revealed that 76 million households and an additional 7 million small businesses were affected by the data compromise. Although the bank admits it was breached, it claims that user information including account numbers, passwords and Social Security numbers were not stolen in the attack. Additionally, JPMorgan asserts that it is not aware of any customer fraud event related to the data breach. So what actually was compromised? "User contact information—name, address, phone number and email address—and internal JPMorgan Chase information relating to such users have been compromised," the 8-K filing states. JPMorgan Chase also emphasized in its filing that even though it is not currently aware of any fraud activities, customers are not liable for unauthorized transactions—that is, if a customer promptly alerts the bank to any issues that are noticed. JPMorgan also asserts that it "continues to vigilantly monitor the situation and is continuing to investigate the matter." Additionally, the bank is working with U.S. government agencies that are investigating the incident. The 8-K filing comes on the same day that reports came out alleging that a second attack took place against JPMorgan Chase. JPMorgan has denied that the reports of the second attack are, in fact, accurate. Beyond the SEC filing, JPMorgan Chase has stated nothing publicly about the hacking incident. A report in the Wall Street Journal, citing people familiar with the matter, indicates that attackers hit the servers that contain contact information for jpmorgan.com and chase.com. According to the report, the attack occurred in June and August and initially went unnoticed by the bank. The report also alleges that the root cause of the exploit was by way of a JPMorgan employee's computer, which led the bank to reset the password of the bank's staff. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Storage-related appliances are all the rage in the industry right now. The idea of "setting it and forgetting it" has attracted serious interest. Symantec on Oct. 2 introduced a new appliance form factor for one software product that pays most of the company bills: NetBackup. The NetBackup 5330 appliance, a media server with scalable capacity and optimizations for improved performance and resiliency over previous appliances, now takes its place on company SKU (stock keeping unit) lists. A lot of people don't realize that Symantec isn't just a software company. The Mountain View, Calif.-based firm has been making data security software to go with its own branded hardware to house it for about four years. Only in the couple of years, however, have the appliance sales numbers begun to move steadily upward as more users find out that they'd rather have a preconfigured appliance sitting in a data center doing tasks in automation instead of a server that requires human interaction to maintain. In fact, storage-related appliances are all the rage in the industry right now. The idea of "setting it and forgetting it" has attracted serious interest, thanks to the increasing amount of business intelligence that is being stored in the software. IT managers have other things to think about. "Customers have told us they derive more value from managing their information than from managing their infrastructure," Symantec SVP of Appliance Solutions Matt Cain wrote in his corporate blog. "We took that input and pioneered a new approach, delivering the integrated, purpose-built backup appliance (PBA) that combined the intelligence of NetBackup with compute, network and storage resources." The NetBackup 5330 appliance doubles the deduplication pool capacity compared to earlier NetBackup appliance versions, providing room for future growth, Drew Meyer, director of marketing for NetBackup, told eWEEK. The new appliance stores up to a whopping 229TB with twice the backup performance and four times the recovery performance as previous Symantec appliances, Meyer said. Other features include mix-and-match deduplication, advanced disk deduplication for either client or target, replication, and integrated security software using Symantec Critical System Protection. Symantec, with NetBackup and BackupExec, owns about 33 percent of the enterprise data backup market and positions NetBackup 7.6, released last January, as the "only backup product designed for enterprise-level scale." IDC reported last March that Symantec continues to be the fastest-growing player in this space. The company competes with vendors that include CommVault, Asigra, Veeam, Microsoft Azure, VMware, STORServer, Dell Quest, EMC Avamar, HP StoreOnce and several others.  
The acquisition represents Pulse Secure's first major investment in the broader mobility market following its inception as an independent company. Access and mobile security solutions provider Pulse Secure announced that it has acquired MobileSpaces, a provider of mobile security for application-centric businesses. The acquisition represents Pulse Secure's first major investment in the broader mobility market following its inception as an independent company. The MobileSpaces bring-your-own-device (BYOD) solution helps complete Pulse Secure's solutions to provide seamless, secure access from anywhere and any device. The addition of MobileSpaces' technology to its portfolio reflects Pulse Secure's intention to invest in customer experience and innovation, and its strategy to create a unified user experience for remote and on-campus mobility that spans PCs and mobile devices with central policy and administration. "Security is the No. 1 issue for IT organizations, but it's also the No. 1 reason many BYOD programs fail if not done right," Andy Monshaw, CEO of Pulse Secure, told eWEEK. "So, if we're going to live in a world where employees want to use their own personal devices for work, it's extremely important to get the necessary security policies enacted in a simple, easy-to-use and robust way for both the end user and IT admin." Downloaded to a smartphone or tablet as an app, MobileSpaces creates a virtual partition that separates enterprise and employee data while also providing a secure BYOD workspace for native or enterprise apps on any Android or iOS device. The workspace protects corporate information against data leakage and loss by encrypting all data at rest, controlling data sharing between enterprise apps and connecting directly to the enterprise virtual private network (VPN). "Many times, enterprises focus on the device exclusively, as opposed to also considering data in motion, like secure access to data. Additionally, they fail to consider the compliance aspects, as in who is accessing what with which device," Monshaw said. "Lastly, we've seen many enterprises try to protect apps with container solutions that alter the user experience and require the use of SDKs or app wrapping to secure business applications. We're creating a secure environment on devices that ensures a native user experience for both work and life. For the enterprise, this is an important part of creating a work environment that is conducive to talent retention." MobileSpaces also allows IT administrators to select any mobile app for workspace use and assign it through policy without app modification. "MobileSpaces pioneered a unique virtualization technology that allows enterprises to create a seamless and secure BYOD strategy for the end user, meaning enterprises can connect the native business apps they need seamlessly to campus, data center and cloud applications and services," Monshaw explained. "As more enterprises leverage the cloud and look to enable mobile workforces, we at Pulse Secure feel it's important for us to create an expert team that delivers really easy and effective ways for companies to harness BYOD and the cloud. MobileSpaces gives us that expertise." MobileSpaces joins the Pulse Secure team with 20 employees, based in Silver Spring, Md., and Tel Aviv, Israel. Siris Capital recently announced that it has completed its acquisition of the Junos Pulse business from Juniper Networks, a provider of network innovation, and incorporated that business under the name Pulse Secure. Siris Capital will continue to operate Pulse Secure as an independent company with the mission to empower business productivity through secure and seamless mobility. Pulse Secure and Juniper Networks are also implementing a comprehensive transition plan designed to provide sales support and customer service for all Pulse customers.  
The new Lumia 530 Windows smartphone will be available to T-Mobile customers on Oct. 15 from Best Buy and Microsoft stores, or available directly through T-Mobile starting on Oct. 15. The price for the phones through T-Mobile is $79.20 each, the comp...
A new Singapore facility will help Interpol tackle cyber-crime. By Tom Jowitt Interpol has forged partnership deals with two leading security vendors, as it opens up a new "nerve center" to combat the threat of cyber-crime. The international police body said that the Interpol Global Complex for Innovation (IGCI) building in Singapore will provide it with a state-of-the art facility to help lead the fight against online crime. Nerve Center The state-of-the-art IGCI will provide Interpol with a digital forensic laboratory "for the identification of crimes and criminals, innovative training, operational support and partnerships." The new facility will reinforce Interpol's existing cyber-crime units at Interpol's General Secretariat headquarters in Lyon and its Regional Bureau in Buenos Aires, Argentina. "In the history of international law enforcement, this day marks a milestone. It resonates with the collective dedication of global police cooperation in making ours a safer world," said Interpol Secretary General Ronald K. Noble. "Police are traditionally trained to protect innocent civilians from harm; harm which is visible, or simply physical in nature," said Noble. "The widening intersection of our real and virtual lives challenges that very tradition, and with the IGCI, Interpol now has a dedicated center to tackle cyber-crime so we can better protect citizens both on and offline." "The creation of the IGCI would not have been possible without the overwhelming support of the Singaporean authorities, and it is with immense pride, joy and responsibility that I accept the keys to this building on behalf of all our 190-member countries," concluded Noble. Interpol said that it is creating the "nerve center for cyber threat intelligence and coordination of operations." It said it was bringing together experts from law enforcement, industry and academia to actively identify and develop intelligence about emerging threats and criminal cyber entities. New Partnerships To this end, Interpol also announced that it has teamed up with Trend Micro and Kaspersky Lab to help it tackle the growing cyber-crime menace, with a three-year agreement signed at the IGCI in Singapore. Trend will share its threat information analysis with Interpol to assist the world police body to investigate, deter and prevent cyber-crime, with Kaspersky providing its products, intelligence and ongoing support. Last month Kaspersky also partnered with city of London police to assist them in tackling cyber-crime. "We are proud to support Interpol in their vital role combating cyber-crime across the globe," said Eva Chen, CEO of Trend Micro. "Our partnership with Interpol will provide tools, training and human resources to strengthen their team's capability to fight criminal activity around the world." "I believe that our cooperation agreement with Interpol is an important step forward in our joint struggle against cyber-crime," said Eugene Kaspersky, chairman and CEO of Kaspersky Lab. "Digital crime is an important global threat and such a public-private partnership as ours can make a tangible difference in making the Internet safer and more secure. Trend Micro will also assist with a training program to improve techniques and increase the capabilities of Interpol's 190-member countries in cyber-crime investigations. Likewise, Kaspersky Lab will provide threat intelligence as well as hardware and software to the IGCI's cyber-forensics laboratory. It will also base an expert at the IGCI, and will run a series of training sessions for Interpol officers on malware analysis, digital forensics and financial threat research.
At the end of August, JPMorgan Chase was identified as being the target of a large attack. The financial giant has now been breached again, according to a New York Times report today, citing unnamed sources familiar with the incident. At this point, the details are few and it's not clear whether or not this second attack is directly connected to the one reported in August. According to the report, JPMorgan's top executives are currently trying to figure out the full extent of the new attack. JPMorgan, however, is denying that there was a new attack. "The story is false. We are not aware of any new attack," JPMorgan spokeswoman Patricia Wexler told Reuters. Whether or not the JPMorgan was in fact attacked for a second time remains to be seen. Attackers coming back for a second time to the same target is not an uncommon phenomenon. In the physical world, bank robbers have been known to repeatedly rob the same banks. Typically, the only reason why that works is because the crooks have already thoroughly assessed the security of the physical bank and the bank has made no changes in between robberies. With the hacking attack at JPMorgan Chase—which would be the second time JPMorgan, one of the largest banks in the world, has been hit by hackers twice in less than three months—it's far too early to speculate whether the bank made any changes in its infrastructure after the first attack or even if it would have mattered. The facts are sparse, and a bank's attack surface is vast. In the online world, hackers have come back to targets too. Case in point is the disclosure this week from grocery chain Supervalu that it was attacked for a second time. Supervalu first disclosed it had been attacked on Aug. 14; disclosure of the second attack came on Sept. 29. In Supervalu's case—to the grocery chain's credit—it publicly noted that changes made to its security posture limited the risk exposure for the second attack. Criminals will continue to target the weak links of security, wherever they might be. In the modern world, it has now become more important than ever to figure out how attacks occurred and to remediate them as rapidly as possible. Simply put, attackers traverse the Internet at the speed of light, so there is no time to delay on defense, especially when customer trust and money is on the line. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Shellshock is getting NASty. The vulnerability is being exploited in network-attached storage devices, FireEye reports. Shellshock, the vulnerability in the Bourne Again Shell (Bash), is taking a new twist and is now being actively exploited in network-attached storage (NAS) devices, according to a new report from FireEye. The Shellshock vulnerability, first reported Sept. 24, could enable an attacker to inject arbitrary commands into a system where Bash is used. Bash is widely deployed on Linux operating systems, which are found in a wide variety of embedded devices, including NAS boxes. FireEye reported that, starting on approximately Sept. 26, it began noticing Shellshock-related attacks against NAS devices. The attackers were not just scanning for vulnerable systems; they were also actually attempting to inject code that would allow them to retrieve files. Currently, FireEye is only aware of a single NAS vendor being targeted: QNAP. While the QNAP NAS devices are targets, James T. Bennet, a  staff research scientist at FireEye, told eWEEK that QNAP has already issued a patch. While FireEye has discovered the attacks, it hasn't sat idly by and let customer data be stolen. Although FireEye has seen the Shellshock NAS attack attempt to deliver backdoor code, "as far as we can tell, no data was stolen since FireEye blocked the attack from successfully completing," Bennet said. "If the attacker had been successful, they would have access to any file on the file system—we have no info on what they were after specifically." The attacks monitored by FireEye were against universities and research institutes in Korea, Japan and the United States. Determining whether a NAS devices has been infected via Shellshock is currently somewhat of a manual process. "We are not aware of any scanner or script to do this for you; however, it is actually fairly easy for a system administrator to know if they have this particular backdoor installed on their NAS," Bennet said. He recommended steps a NAS administrator can take to find a NAS Shellshock infection: 1. Check if the following Secure Shell (SSH) key was added to the file at /root/.ssh/authorized_keys: AAAAB3NzaC1yc2EAAAADAQABAAABAQCmm9yrZmk82sex8JLLeWs/y4v6iI4cxgqm6Y3sDkT/d5WJZ39pm6k6x8Z7mTKyVWJUSV2MOcwzfUuk10jmaT9PO0Og0mAEv5ZQwFKPZaMvXkI/6B/LQx//RkCWLA7l68/8kKeTV/1bU/iLu/kK4xVFVTQFDh4H72cGCuovslTzqaSZjDDkrDx2uGkWXFejoOBCeGm8aDjZchcekAJBlnHhc56N6vjjwNlDi2gw1pmD+gmNafUYQoimbGPPfKK84TZIBlnNdFIBfz/YbAn4Vib/5HJb9JdFVt+sKiVzm4EPVrY4WwRIvhugmPwlazGcYFZQpB6FFJ2FDmlQAQUugyiv root@nova2. Check for the existence of any of the following files:onceterm_i686term_x86_64 3. Check for a process named term_i686 or term_x86_64 listening on a TCP port or having an established TCP connection to another host. Aside from patching for Shelldhock and then making sure a device has not already been infected, NAS administrators can take other steps to limit risk. "The best thing you can do, aside from patching is to not leave your NAS directly exposed to the Internet; it is asking for trouble," Bennet said. "At a minimum, restrict access to only IPs/networks you trust, disabling unneeded services as well as monitoring access logs for unauthorized activity." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
'Data Defined Perimeter' solution protects critical assets wherever they reside by giving enterprises and service providers visibility, control and threat defences for the agile data centreLONDON, UK AND MOUNTAIN VIEW, Calif - Oct 2, 2014 - Recently surfaced from stealth mode with the world's first post-cloud, post-virtualisation data centre security solution, vArmour is today formally launching in the EMEA market and will demo its solution at the upcoming IP EXPO event in London on 8th-9th October. With a dedicated focus on protecting global enterprises' most valuable asset - their data - vArmour brings a unique approach to data centre security. Through an exclusive distribution partnership with Big Technology, a division of Exclusive Networks Group, vArmour offers the UK and pan-EMEA market the only solution that visualises the enterprises' entire set of data, no matter where it comes from or how it changes. In a recent Gartner report, 'Big Data Needs a Data-Centric Security Focus', the research company identifies a glaring security issue: "Big data initiatives require data to move between structured and unstructured data silos, exposing incoherent data security policies that CISOs must address to avoid security chaos. CISOs must address big data initiatives that will expose uncoordinated data security policies, operations and management responsibilities of security, and database and identity management teams." [1]vArmour's solution is engineered from the ground up for big data and the cloud to protect against this security chaos. Existing security solutions and legacy technologies fail to effectively combat cyber criminals because they focus on protecting traditional location-based perimeters which increases the risk of attacks on low profile assets. 83% of traffic now flows 'east/west' within the data centre and is never seen by the traditional perimeter, allowing attackers to move undetected and laterally across the data centre to critical enterprise assets. "Data centre consolidation and horizontal scalability (Web Scale), has paved the way for massive increases in data centre scale and complexity, and as a result a monumental increase in network traffic - especially machine to machine traffic within the data centre itself," said Sean Remnant, group chief technology officer, Exclusive Networks. "This growth in east/west traffic creates new risks and attack surfaces that need to be monitored and protected, and as a result there is a growing mismatch between data centre advances and existing cyber security strategies. The problem here is you can't fight new wars with old weapons."By defending this 'Data Defined Perimeter', vArmour's solution is unique as it allows customers to understand an attack's progression across the data centre. It can identify both the extent of the compromise as well as the 'Patient Zero' - the attacker's point of origin into the network. The solution provides distributed sensors and enforcement points in a single logical system that scales horizontally, delivering superior security with simple operations. "Security and virtualisation are rapidly converging and the digital war in this battleground will not be won by the enterprise if security solutions are not built with this in mind," said Tim Eades, vArmour CEO. "We bring a different approach to data centre security, with our existing customers are seeing value in our solution in as little as 30 seconds after deployment. We see huge opportunities in EMEA for us to deliver similar results and gain accelerated market traction."vArmour's data centre security solution, deployed into enterprises and service partners since early 2014, delivers a converged set of forensic and enforcement capabilities including:Security Visibility - Complete visibility into every application, asset, packet and connection in the data centre.Threat Analytics - Complex threat analytics as delivered through real-time detection and visualisation of laterally moving threats.Attack Remediation - Business-process-aware remediation policies to contain compromised hosts and prevent exfiltration.Policy Control and Enforcement - Micro-segmentation and policy enforcement to isolate and control communications between applications, workgroups and tenants."Enterprises are fast evolving from physical and hybrid to full virtual environments, but security solutions have been struggling to adapt to this alongside managing how to bridge the growing mis-match between legacy gateway perimeter devices and the agile infrastructures being deployed today," said Jason Dance, managing director of Big Technology UK. "vArmour changes all that at a stroke; we offer our partners something different and valuable; vArmour is the simplest and most effective way to secure enterprise data from the advanced threats and cyber attacks it faces."vArmour takes a software-first approach to enterprise security as cyber criminals become ever more agile and intelligent. The ubiquity of the cloud combined with increasing automation and virtualisation means that enterprises' applications, databases and storage systems can be hosted anywhere, making traditional perimeter-based security protocols obsolete."We are looking for effective bridges between public and private clouds that enable consistency and efficiency for our customers, particularly in regards to security," commented Sean Catlin, chief technology officer at Canopy. "The vArmour security fabric enables this transparently. With vArmour we can deploy a single security solution to protect a Virtual Data Centre in any cloud from a single cloud management and control plane."vArmour and Big Technology will both be participating in the upcoming IP EXPO event in London on 8th-9th October. Visit Stand CC3 to meet the team and explore the technology.[1] Big Data Needs a Data-Centric Security Focus, Analyst(s): Brian Lowans, Earl Perkins, 26 March 2014-END-About vArmourBased in Mountain View, CA, vArmour is the data center security company focused on protecting enterprises and service providers from advanced cyber attacks and lateral moving threats. Built for the cloud world where traditional perimeters have disappeared, vArmour helps global enterprises protect their most valuable asset—their data—wherever it resides. The company was founded in 2011 and has raised $42 million in funding led by Highland Capital Partners, Menlo Ventures, Columbus Nova Technology Partners, Citi Ventures, Work-Bench Ventures and Allegis Capital. Executives from NetScreen, Juniper Networks, Silver Tail Systems, Citrix, Riverbed and IBM lead the company. Learn more at www.varmour.com. Source: RealWire
The WMD-06 swing gate with tempered glass swing panel is an up-market product. This automatic gate offers modern solution for access control at banks, business centers and other sites with the highest requirements for design and safety.PERCo swing gate...
NEWS ANALYSIS: More details are now public on the open-source Xen hypervisor vulnerability that triggered full Amazon, Rackspace and IBM cloud reboots. A proverbial lynchpin holds the world's major public cloud providers together, and that pin is the open-source Xen hypervisor. Amazon, Rackspace and IBM SoftLayer have all had to reboot their servers in the last several days to fix a flaw in Xen that was privately reported two weeks ago and only publicly disclosed on Oct. 1. The flaw in question is detailed in Xen Security Advisory XSA-108 and is also identified as CVE-2014-7188. Technically speaking, the vulnerability is titled "Improper MSR range used for x2APIC emulation," which is basically a memory-related issue. Model Specific Registers (MSRs) are control registers within an x86 chip, while x2APIC is Intel's next-generation Advanced Programmable Interrupt Controller (APIC). "The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs," according to the Xen advisory. "Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs." The impact of the flaw is that an attacker could potentially crash the underlying host server and potentially read data from other virtual machines on the system. So, the problem for public cloud providers, for example, is that the flaw could have enabled an attacker to potentially get access to other resources and data on the cloud. Needless to say, that would have been catastrophic for any public cloud provider, especially the world's largest. The issue only affects hardware-assisted virtual machines (HVMs) and not paravirtualized (PV) virtual machines. HVMs leverage capabilities within silicon, including Intel's VT-x and AMD-V. The flaw was first reported two weeks ago to the open-source Xen Project by SUSE Linux employee Jan Beulich. In contrast with the Heartbleed vulnerability in April and the Shellshock vulnerability that was first reported Sept. 24, the open-source Xen project was able to keep details of the CVE-2014-7188 flaw private until the major public cloud providers could be patched. The Xen Project has been run as a Linux Foundation Collaboration Project since 2013. Xen has had a detailed security response process in place since 2011 that has been incrementally updated many times to refine the process. "If a vulnerability is not already public, we would like to notify significant distributors and operators of Xen so that they can prepare patched software in advance," the Xen security response process document states. "This will help minimize the degree to which there are Xen users who are vulnerable but can't get patches." Software vulnerabilities are an inevitable fact of modern applications. What the Xen project has managed to achieve is a way of properly managing the bug fixing process, without the hype and hysteria that is associated with zero-day bug disclosure. More importantly, by getting all the major cloud providers fixed before the flaw was publicly disclosed, the Xen Project likely saved the IT world from a major security nightmare. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.