Home Tags Sydney

Tag: sydney

Award celebrates Shavlik’s pioneering patch solution and its strength in helping to protect virtual environmentsLONDON — September 2, 2016 — Shavlik, a global leader in IT management and innovative security systems, today announced that Shavlik Protect has won the Gold Award in the “Security” category of the “Best of VMworld 2016” awards.

These awards honour the most innovative new products in the server virtualisation, end-user computing and cloud markets. “With all of the flash and hype in today’s security landscape, many organisations overlook the importance of patch management, which eliminates vulnerabilities, as well as the countless threats that target each vulnerability,” said Chris Goettl, senior product manager at Shavlik. “At Shavlik, we pride ourselves on delivering patch management that is easy to install and use. We have made a significant investment in improving patch management for data centre and virtual environments; this award validates our strategy and efforts.” Shavlik helps organisations patch everything from VMware hypervisors to Microsoft Windows to the Mac OS, including the third-party applications running on each. Patching virtual environments is a great strength of Shavlik Protect, which includes capabilities such as: Online and offline virtual machine patching Virtual machine template patching Snapshotting of critical assets for superior rollback VMware vCenter integration VMware ESXi Hypervisor patching In addition, Protect offers an agentless option that is particularly well-suited to the datacentre.

This option allows organisations to assess and deploy patches, while minimising impact to server workloads.

This option also ensures that new virtual systems are never missed. The Best of VMworld awards were chosen by a panel of independent expert judges, composed of editors of TechTarget’s SearchServerVirtualization.com, who evaluated 145 nominated products on display at VMworld 2016.

Each product was evaluated for innovation, value, performance, reliability and ease of use.

The security category acknowledges solutions that follow security best practices and monitor and protect cloud workloads, hypervisors, guest operating systems and virtual networks. To learn more about how Shavlik helps meet patching needs specific to virtual environments, visit http://blog.shavlik.com. About ShavlikShavlik is a recognised leader in patch management, and a pioneer in agentless patching technology, virtual machine (VM) patching and third-party application patching.
Shavlik solutions include Shavlik Protect, Shavlik Patch for Microsoft System Center and Shavlik Empower.
Shavlik’s combination of premise- and cloud-based solutions enables organisations of all sizes to begin improving organisational security in as little as 30 minutes.

For in-depth Patch Tuesday analysis, see: http://www.shavlik.com/patch-tuesday www.shavlik.com About SearchServerVirtualization.comSearchServerVirtualization.com™ is an enterprise virtualisation-focused website providing IT professionals and the community with the latest server virtualisation news, articles, tips, and expert advice. Other virtualisation information includes webcasts and industry white papers covering all areas of server virtualisation, such as virtualisation platforms, server hardware, managing virtual environments, virtualisation architecture and strategies, application issues, and more. Its sister site, SearchVMware.com™, is dedicated to helping IT organisations evaluate products, services and business strategies that can lead them to successful implementations of virtualisation technologies in VMware environments.

And sister site SearchVirtualDesktop.com™ is the premier source for information on desktop virtualisation, application virtualisation, and virtual desktop infrastructure.About TechTargetTechTarget (NASDAQ: TTGT) is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Our extensive global network of online and social media, powered by TechTarget’s Activity IntelligenceTM platform, allows technology sales and marketing teams to leverage real-time purchase intent data to more intelligently engage technology buyers and prioritise follow- up based on active projects, technical priorities and business needs. With more than 120 highly targeted technology-specific websites and a wide selection of custom advertising, branding, lead generation and sales enablement solutions, TechTarget delivers unparalleled reach and innovative opportunities to drive technology sales and marketing success around the world. TechTarget has offices in Atlanta, Beijing, Boston, Cincinnati, London, Munich, Paris, San Francisco, Singapore and Sydney. To learn how you can engage with serious technology buyers worldwide, visit techtarget.com and follow us @TechTarget. Copyright © 2016, Shavlik.

All rights reserved. Press ContactsDan SorensenMethod Communications801-461-9756landesk@methodcommunications.com Jay Jay Merrall-WyreOctopus Group020 3837 3757jayjay@weareoctopusgroup.net
Centrify's strategy man says attack re-use is an opportunity for better security Interview Attackers like to re-use code, but vendors don't find out because they don't share, according to Centrify's David McNeely. In Sydney for Gartner's Security and Risk Management Summit, McNeely – the company's veep of product strategy – said that realisation was driven home to him during the recent Black Hat conference in Las Vegas. Just like anybody working with software, black-hats prefer the tried-and-true to creating something new. This year's point-of-sale horrors are a good example: “Attackers tend to re-use their technologies,” McNeely said. “If they work out something in a point-of-sale system, they try it again and again. “The industry needs to share information about what happens, how the attack worked, how to prevent it.” That means overcoming the all-too-common shyness and shame: vendors dislike being “outed”, dislike outing themselves even more, and are fearful of going public in case knowledge enables more attacks. “People are shy about how they secure things, in case they give away too much information about how a breach happened,” he added. The Register also took the chance to sound out McNeely about the National Institute of Science and Technology (NIST) recommendation that its community (US federal government IT) deprecate the use of SMS for two-factor authentication. While the recommendation has been controversial, criticism mostly misses NIST's role – its recommendation is not, for example, something that influences other bodies like PCI (which regulates security of payment cards). McNeely said the NIST publication is “good news – people are talking about it, and working through a lot of the different use cases.
In some cases, SMS might be a satisfactory way to identify a person.” Centrify said the document made it take a look at its own identify and access management products. The decision they came to, he said, was that SMS should be separated from the act of identifying the user. “That means going from SMS as carrying the token, to SMS delivering a link to something else. While the user has an additional action – somehow approving or following the link send to their phone – the validation “feels much the same to the user, but it's a much stronger authentication”. ® Sponsored: 2016 Cyberthreat defense report
Australian governments' liking for data-matching needs more than promises of privacy Australia will conduct a census on August 9th and for the first time will retain name and address details in the data set created by the nationwide data dredge. That's got privacy advocates worried that your data could be linked to multiple other government data sets, so much so that friend of The Register Jack Skinner has decided to absent himself from Australia on census day. His post explains why: the Australian Bureau of Statistics (ABS) has a form telling porkies about how it uses data, and has been less-than-forthcoming in explaining how it will use census data. Which turns out to be to offer it to just about every arm of government for cross-referencing, without disclosure of when and how it is used. The ABS counters by pointing to its long and successful incident-free record of collecting and retaining data without incident.
It also argues that the Census' policy-development-and-improvement aims are pure. There are two things to consider here. Firstly: most of us have already given away vast amounts of personal data by joining social networks, or by agreeing to use apps that can use our phones' cameras to watch us and their GPS kit to track us around the world.
Some of us wear heart sensors that shunt data into the cloud.

The providers of those devices and services have a breadcrumb trail of our lives, literally (thanks to location services) and metaphorically. It's scary that we gave away all that data because the tax affairs of the companies you gave it to show they have few scruples.

The data is also probably stored offshore, beyond the reach of the government of wherever it is you live.

The data you gave away is also at least as sensitive as Census data and is probably stored under flimsy accountability rules so the app or social network you signed up for can exploit it. Why else do you think Verizon bought Yahoo! and AOL? The reason's right there in the press release: targeted ads. Don't forget that third parties mine public data: check out my social feeds and you can probably predict the books and movies my kids have seen and want to buy next just based on the Harry-Potter-derived name of our family cat. Which brings me to my second point: while noble in aims, data matching across government is worryingly pervasive. That's certainly how I felt last week when I encountered the Australian State of New South Wales (NSW) Minister for Innovation and Better Regulation Michael Dominello. At a Fujitsu event in Sydney, Dominello explained he's a big fan of data-driven policy development.

And interventions based on data. He explained that NSW has a scheme called “Home Warranties” that pays compensation to customers of builders who fail to complete jobs.

Dominello wants to figure out leading indicators of project failures – probably missed milestones – and find a way to politely ask builders what's going wrong before things go pear-shaped.

The outcome will hopefully be a reduced number of claims on the Home Warranty fund, which means lower insurance contributions for all. That sounds great until you realise that local government and private enterprise supervise building sites and check on progress.
So this worthy policy goal is going to require data-sharing across a diverse group of stakeholders. Which just makes for a larger attack surface, a larger number of potential leakers and an obvious potential for more complexity. And let's not forget that the building trade has a vast web of interdependencies.
If a material or key supplier essential to a job just isn't available and milestones are missed, that's not a red flag for a future warranty claim.

Those interdependencies also mean that news of a probe will travel through the industry at speed. Which won't be great for reputations. Then there's the honeypot a database of red-flagged builders represents.

Gee it would be a shame if nobody turned up to work on your site, Mr Builder.

But we can make that risk go away ... Dominello tempered his remarks with numerous insistences that privacy must be done right. But that call needs to be more than a promise. We need to know what data is gathered and what criteria create a red flag. We need to know exactly how and when agencies will be able to use data. We need to know how security will work for data sharing among agencies and private sector third parties.

And we need oversight and frequent, transparent reporting of compliance with those data-sharing rules. It would nice if this stuff were explained well in advance, rather than dismissively in a short campaign on the eve of a census. We need these better explanations and assurances across all levels of government, because Dominello is far from alone in believing in data sharing.
In recent weeks data sharing has been advocated as a way to curb welfare fraud and stage targeted interventions (sometimes executed by the private sector) in the lives of welfare recipients. Yet as The Register recently revealed, hackers need just your address to commit identity fraud or worse, using entirely public datasets. Sleep-walking into acceptance of well-meaning government data use is therefore just as stupid as the sleep-walking into surrendering personal data to social networks. And now that we've seen the latter in action, surely we should demand better of the former. ® Sponsored: Global DDoS threat landscape report
And fail anyway, as will you in 'the year of pointless blockchain projects' says analyst “This is the year of pointless blockchain projects” and anything you build with blockchain will need to be ripped out and replaced within 18 months, according to Gartner fellow Ray Valdes. Speaking to The Register in Sydney today, Valdes said blockchain is among the most secure technologies he's ever seen, having survived seven years at the heart of bitcoin.

But he said the technology remain immature and is often misrepresented.
Some “implementations” he's seen have nothing to do with blockchain and instead represent “blockchain washing” in which projects involving integration and security are labelled as having something to do with blockchain, just as legacy IT scored “private cloud” labels in the early 2010s. Plenty of other projects he's seen can best be described as “blockchain tourism”, as they are small scale proof of concepts that don't touch core systems. Others he's seen see teams bogged down in complex integration projects turn to blockchain as an act of “wishful thinking for magic middleware.” Such efforts predictably fail. He's also seen blockchain projects conducted in closed environments, which he thinks is futile because the whole point of the technology is to build a network of trust.
If you're only going to run blockchain on one machine, he asks why you wouldn't just use a database that is already very good at recording transactions. IBM and Microsoft's blockchain-as-a-service efforts confuse him for the same reason.

The whole point of the technology is that the network collectively makes transactions trustworthy, yet Microsoft and IBM are offering themselves up as centralised blockchain hubs.
In private, Valdes says Microsoft will say its blockchain effort is to help developers understand the technology. Real implementations can wait. Valdes says it's futile trying to pick winners in blockchain, because it's at a stage similar to the Web in 1995, a time when the first wave of innovators started to build services and win millions of customers. Just as the likes of Lycos and Magellan were surpassed by Google, and early social networks were swamped by Facebook, Valdes believes the world's dominant blockchain concerns will emerge in a second wave of innovation that takes place years from now. But the analyst was at pains to say he is not recommending against experimentation. He's convinced blockchain will be important, but equally sure that anything you do with it now will be a learning experience rather than game-changer for your organisation. ® Sponsored: Global DDoS threat landscape report
NSA nemesis says Australia's surveillance state is even nastier than the USA's National Security Agency (NSA) leaker Edward Snowden has opined that last week's National Broadband Network (NBN) raids in Australia last week are a misuse of the Australian Federal Police (AFP) power. Snowden appeared via satellite link in the Australian city of Melbourne last night, live from Russia where he resides under temporary asylum after leaking classified documents that revealed the extent of the modern global western government intelligence apparatus. The AFP Friday raided the office of Labor power-broker and former comms minister Stephen Conroy and the home of a staffer of shadow communications minister Jason Clare. "[The raids] were ordered because there was a scandal involving the NBN where there has been incredible cost over-runs, it hasn't been as effective as it should be - it is embarrassing for the current government," Snowden told a packed audience. "Is it the role of the Australian Federal Police to uncover the private sources of journalists, of parliamentarians, who are revealing information about scandals, revealing information about waste, revealing information … of public importance that voters need to know? "Is this is what the Australian Federal Police is there for? I don't have an answer for that .. but if you don't know that it (NBN failures) is happening, how can you do anything about it." Snowden says confidentiality of sources is key to a free press and an informed society. The 'dumbest' thing I can imagine He told the audience Australia's approach to whistleblowers is more draconian than the US thanks to what he claims is a lack of intelligence agency oversight. Edward Snowden at Think Inc.
Image Darren Pauli / The Register. "We haven't seen new restrictions, new oversight of intelligence services in Australia which are in fact much more unrestrained than they are in the United States despite how dire the situation is there," he says. "We have seen intelligence services in Australia become worse." Snowden cites the nation's "drag net" data retention and anti-whistleblower laws in which citizen metadata is retained for two years, and those who leak national security documents may be imprisoned. However, he says official internal channels should be considered as the primary avenue for whistleblowing over going to press. But he adds whistleblowers who go through internal channels can be ignored, or worse, penalised.

Former Pentagon investigator John Crane has today told The Guardian how the agency became a trap for whistleblowers, including forerunner NSA leaker Thomas Drake. Crane claims documents necessary to Drake's defence were destroyed. Declarations that someone does not care about privacy is one of the 'least intellectual' positions, Snowden says. "If someone is saying I don't care about the right to privacy because I've got nothing to hide' that's no different to saying 'I don't care about freedom of speech because I have nothing to say'," Snowden says. "it is the least intellectual thing, the most anti-social thing I can imagine." The privacy pundit backs his argument by citing the ubiquitous mantra of the pro-surveillance crowd "if you have nothing to hide, you have nothing to fear" attributing the quote to Nazi propaganda minister Joseph Goebbels. He says any Australian minister parroting that line should be "marked off forever". Snowden also spoke of the power of metadata, suggesting it is more valuable than content because it provides the investigator with similar intelligence while often foregoing the need to acquire warrants. He says it is easy to use internet subscriber metadata to determine the news sites a target has visited by fingerprinting the data size of articles and matching those to the data consumed in a given session. Snowden will appear live via satellite link in Sydney tonight. ® Darren Pauli attended the Snowden lecture as a guest of Think Inc. Sponsored: Rise of the machines
Hacker finds video, etc/passwd leak in Vidyo teleconf tool used by US Army, NASA and CERN Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in popular video platform Vidyo, used by the likes of the US Army, NASA, and CERN, that could see videos leaked and systems compromised. O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client test and reported it to the New Jersey video company which has since issued a patch. Google searches for vulnerable strings reveal hits for affected clients. The company says some 3000 Fortune 100 SMB customers and 39 of the top 100 healthcare networks in the US use the product, together clocking more than 50 million minutes in talk time. "I ended up finding an arbitrary file disclosure vulnerability," O'Reilly told The Register. "It's more than just [leaked] videos, also Linux filesystem files (/etc/passwd) and other conf files. "I've never heard of this software before and thought that the risk exposure was quite low until I looked at the clients. "There are a lot of publicly accessible Vidyo endpoints that a probably vulnerable that you can you can identify using Google." O'Reilly says the patch version 3.0.1.20 has been released to close the hole. ® Sponsored: Rise of the machines
Taxi payment company knows where you live ... and so can anyone who runs Shodan Researchers from Risk Based Security have Shodanned up a Cabcharge database that was running without security. The taxi fee monopoly has lurched into damage control, telling the Sydney Morning Herald it's contacting the 3,400 Cabcharge Fastcard holders whose details were left lying around in public. RBS's post says the database exposed sensitive information of both customers and drivers. While only the last four digits of credit cards were held, the customer's name, pickup, and dropoff locations and times were all in the database. Driver information included name, ABN, taxi ID, terminal ID, and trip logs. The company sent a statement over to the SMH to the effect that the “old” information didn't put customer payment information at risk, and claiming that the information hadn't been misused. Clearly, Cabcharge doesn't understand the threat of identity theft any better than it understands why Uber is eating its lunch. ® Sponsored: Rise of the machines
Don't sit on your ideas, bug chief urges hackers Bugcrowd chief executive officer Casey Ellis says its recent win of $15m in Series B investment is a signal that Australian startups can score big. The funding round is led by Blackbird Ventures with participants Rally Ventures, Costanoa Venture Capital and Paladin Capital Group, along with Industry Ventures and Salesforce Ventures. The company, forged in Sydney and matured in San Francisco, has secured high profile customers under its crowdsourced bug bounty model where some 27,000 hackers compete to find and report bugs in customer networks in exchange for cash and fame. It lists Fitbit, Motorola, Tesla, and TripAdvisor among its clients while "top-tier" customers running private bug bounties remain unnamed. The latest funding is part of some US$24m raised in total since it received its first push in Startmate, Sydney. Bugcrowd chief executive officer Casey Ellis told Vulture South it proves Aussie security startups can score financial backing for the right idea. "It is one of the largest investment rounds for an Australian company," Ellis says. "There are a bunch of really smart guys in Australia and they need to know that this (Series B investment) is possible." Startup investor Alan Jones says the Bugcrowd was one of many Ellis had pitched over beers and laksa in Sydney during 2012. "I don't remember how many laksas before he pitched the idea behind Bugcrowd but it was immediately clear he was on to something," Jones says. "It's not that long ago we were all complaining about how Australia's VC industry was too small to lead a Series B round. "While raising capital isn't the end goal, it's usually necessary to scale faster than your competitors, prove out your model and provide services customers love." ® Sponsored: Accelerate application development the modern way
28 October 2014, Sydney, Australia: Global mobile messaging specialist, Dialogue Group has today announced the appointment of Owen Davies as Solutions Architect of the company's SMART A2P (Application-to-Person) Monetisation program. Davies comes in as...
The company's Business Services division is providing a requirement for the growing multi-site enterprise hybrid cloud trend. Like most things in IT, everything old eventually becomes new again. France-based global telecom Orange on Sept. 22 breathed new life into the venerable virtual private network by adding a new-generation Business VPN option to its list of Internet services. The new-gen ingredient inside the service is that instead of using separate access ports for VPN and the Internet, Orange developers have created for Business VPN Internet a single common circuit to accommodate both data streams simultaneously. The approach enables better -- and more granular -- management of security and data flow, the company said. Orange enterprise customers can select traditional T-1s, Ethernet or DSL to access the Business VPN. With the service, the corporation’s Business Services division is providing a requirement for the growing multi-site enterprise hybrid cloud trend in which AT&T, Verizon and Sprint also compete: a secure network within the public cloud.   The new service adds security by incorporating virtual firewall protection at each gateway based on the customer's security policy. Orange Business Services also offer cloud-based security options, such as URL filtering. Orange claimed that its hybrid Internet/WAN ports, available at no extra cost, can reduce bandwidth costs by up to 30 percent thanks to the added efficiencies of the single connection. VPNs, various types of which have been in use in enterprises for more than 40 years, enable a private network across a public network. They enable computers to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. "We now have what we call a hybrid port, so we use a single access circuit connected to a single port, and by doing that we can offer greater flexibility, but also be able to use the spare bandwidth available for Internet access when the port is carrying less VPN traffic,” Andrew McFadzen, Orange’s Director of Global Marketing, Network Solutions, said during a conference call launching the new product. For example, a user with an 8 Mbps access circuit could use 4 Mbps for his business VPN -- specifically for the highly sensitive traffic -- and the other 4 Mbps for Internet traffic. The new-gen VPN is uses 15 global Internet gateways in major cities in five continents, including the U.S., the Asia-Pacific region, Europe, Africa, and Australia. Gateways are in London, Frankfurt, Stockholm, Amsterdam, Hong Kong, Singapore, Mumbai, Sydney, Tokyo, New York, Atlanta, San Francisco, Sao Paulo, Johannesburg and Bahrain. Orange will make more available as needed, McFadzen said.
Thursday 7 August 2014 - Telstra will today launch new low latency connectivity to CME Group's Aurora data center, providing local financial services organisations with fast and reliable connectivity into other major financial centres including the Aus...
Russian coach blames World Cup draw on fan's laser pointer aimed at goalkeeper.