6 C
Tuesday, November 21, 2017
Home Tags Vip

Tag: vip

Also starts mysterious VIP service for $130,000 The Shadow Brokers is once again trying to sell yet more stolen NSA cyber-weapons, raising the asking price in the process.

And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.…
Whether you’re pushing for a promotion or raise or management has broached the topic with you, one thing is certain: The process will take longer than you expect.
In most companies, managers don’t have the authority to give you new responsibilities or a pay increase.

They must go through the proper channels to get approval.“While it’s natural to feel antsy while waiting for the raise they asked for, it’s critical to find some more productive, tactful ways to prove their worth in the meantime,” says Vip Sandhir, CEO and founder of HighGround, an HR software company.To read this article in full or to leave a comment, please click here
High Wycombe, UK, 7 March 2017 - International POS printer manufacturer Star Micronics announces that intelligentpos, the UK’s leading cloud based point of sale solution for shops, bars and restaurants and Gold member of Star’s VIP Club for software developers, is set to join Star on Stand 6 / E41 at EuroShop 2017 (5 - 9 March 2017, Messe Düsseldorf, Germany).This will be the first time intelligentpos has attended EuroShop, following its merger with iZettle... Source: RealWire
15,000 "consumer passes" available starting next week for $149 to $249.
In-flight entertainment systems create hacker risk, say researchers Vulnerabilities in Panasonic in-flight entertainment systems create a possible mechanism for attackers to control in-flight displays, PA systems and lighting, say researchers. Ruben Santamarta, principal security consultant at IOActive, said it had found vulnerabilities in Panasonic Avionic In-Flight Entertainment (IFE) systems that it claims could allow hackers to "hijack" passengers’ in-flight displays and, in some instances, potentially access their credit card information.

The research revealed it would also theoretically be possible that such a vulnerability could present an entry point to the wider network, including the aircraft controls domain. “I’ve been afraid of flying for as long as I can remember,” said Santamarta. “It might sound like a sick cure to some but, as a hacker, learning everything I could about how planes work, from the aerodynamics to electronics, has reduced the fear significantly. On a 2014 flight from Warsaw to Dubai, I discovered I could access debug codes directly from a Panasonic inflight display.

A subsequent internet search allowed me to discover hundreds of publicly available firmware updates for multiple major airlines, which was quite alarming. Upon analysing backend source code for these airlines and reverse engineering the main binary, I’ve found several interesting functionalities and exploits.” IFE system vulnerabilities identified by Santamarta might most straightforwardly be exploited to gain control of what passengers see and hear from their in-flight screen, he claimed.

For example, an attacker might spoof flight information values such as altitude or speed, or show a bogus route on the interactive map.

An attacker might also compromise the "CrewApp" unit, which controls PA systems, lighting, or even the recliners on first class seating.
If all of these attacks are applied at the same time, a malicious actor may create a baffling and disconcerting situation for passengers.

Furthermore, the capture of personal information, including credit card details, is also technically possible due to backend systems that sometimes provide access to specific airlines’ frequent-flyer/VIP membership data, said the researcher. Aircraft's data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger-owned devices, airline information services, and finally aircraft control.

Avionics is usually located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen.

This means that as long as there is a physical path that connects both domains, there is potential for attack.

The specific devices, software and configuration deployed on the target aircraft would dictate whether an attack is possible or not.
Santamarta urged airlines to steer towards a cautious course. “I don’t believe these systems can resist solid attacks from skilled malicious actors,” he said. “As such, airlines must be incredibly vigilant when it comes to their IFE systems, ensuring that these and other systems are properly segregated and each aircraft's security posture is carefully analysed case by case.” IOActive reported these findings to Panasonic Avionics in March 2015.
It only went public this week after giving the firm “enough time to produce and deploy patches, at least for the most prominent vulnerabilities”. Panasonic Avionic’s technology is used by a several major airlines including Virgin, American and Emirates airlines. El Reg asked Panasonic Avionic to comment on IOActive's research but we’ve yet to hear back. We’ll update this story as and when we learn more. The avionics research has some parallels with IOActive’s remote hack of the Jeep Cherokee in 2014, in which hackers took control of the vehicle’s dashboard functions, including steering, brakes, and transmission, through vulnerabilities existing in the automobile’s entertainment system. Once again, it appears entertainment systems have created a potential route into sensitive systems that hackers might be able to exploit. Stephen Gates, chief research intelligence analyst at NSFOCUS, commented: “In the light of this research, physical separation between in-flight entertainment systems and aircraft control systems could never be more important.

As airlines continue to add new customer-based entertainment and information technologies, airlines need to ensure that an impenetrable barrier is in place protecting aircraft control systems. “This research demonstrates that hackers could cause all sorts of issues that could impact a customer’s 'experience' while flying, but have yet to prove they could impact flight control systems,” he added. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Modern kids have never known a time when they couldn't connect to the whole world using the Internet. They're probably more at home online than you are. The problem is, there are things on the Internet that you'd rather they didn't encounter. Sites promoting violence. Sites full of hate. Pornographic sites that promote a skewed notion of human sexuality. You can't supervise every moment that they're surfing the Web on a PC, much less on a smartphone or tablet. That's where parental control software comes in, with the ability to filter out unwanted content, limit screen time, and in some cases monitor social media interactions.

Note that these applications can't substitute for good communication. If you don't want your kids to visit certain kinds of sites, talk to them about your concerns. And do take time to convince older kids that you'll respect their privacy while monitoring their online actions. Otherwise, you can be sure they'll find ways to evade even the most sophisticated system.

Parental Control Basics
Most parental control tools include content filtering—the ability to block access to websites matching unwanted categories such as porn, violence, and hate. This type of filtering only really works if it's browser-independent, and full coverage requires filtering secure (HTTPS) traffic. With no HTTPS filtering, a smart teen could bypass the system using a secure anonymizing proxy website like MegaProxy or Hide My Ass.

Access scheduling is another very common feature. Some applications let parents set a weekly schedule for Internet access, some control computer use in general, and some offer both as choices. A daily or weekly cap on Internet usage can also be handy.

Devices, Devices, Devices
Long gone are the days when a single parental control utility on the singular Family PC sufficed. Modern kids use all kinds of Internet-connected devices, and modern parental control systems must keep up.

Before settling on a particular parental control utility, you'll want to make sure that it supports all of the device types found in your household. While all the products in the chart above support Windows, support for Mac OS, Android, and iOS varies. Check, too, that any limits on the number of child profiles or devices won't be a problem. And if your kids are strictly mobile, take a look at our roundup of mobile-centric parental control apps.

If getting parental control coverage installed on each of your family's devices starts to seem too difficult, consider a whole-network solution. These systems perform content filtering at the router level, so your settings affect every device on the network. Naturally you don't get the same fine level of control and detailed monitoring that you get with a local agent on each device, but wow, is it ever simple!

Social Media Tracking
As the kids get older, content filtering may start to seem pointless. Hey, you let them watch Game of Thrones, right? At some point you start to worry more about their interaction with the wide, wide world. Sure, if their friends come over to play Street Fighter V or Guilty Gear Xrd in person, you can at least meet them. But what about friends on social media? Who are they, really, and what are your kids discussing with them?

That's where social media trackers come in. Typically you have the option to limit your view to posts and interactions that contain words or phrases that might indicate something inappropriate. Also typically, if you really want to you can dig in and see everything.

In most cases, installation of social media tracking requires that you know your child's login credentials, or that you convince the child to log in and install the tracker's app. Disabling this kind of data collection is a snap for the child, so here, more than ever, you need to get agreement from your child.

Remote Notification and Management
With most parental control systems, you can opt to receive notification via text or email when your child tries to visit a blocked site, makes a post using iffy language, or otherwise bends the rules. Some of these tools let kids remotely request parental override to unblock a particular site, or get extra time online to finish homework.

In most cases, you manage your parental control system by logging in to an online console. From the console, you can tweak settings, review activity reports, or respond to a child's override request. And any changes you make propagate to your children's devices when they connect to the Internet.

Advanced Features
When you get beyond the basics, parental control systems start to diverge, with many advanced features to help them stand out from the crowd. Some limit access to games, TV shows, and movies based on ratings. Some let parents control just who the kids can chat with via various instant messaging systems. Blocking specific applications is another advanced feature, as is forcing Safe Search on popular search portals.

You'll also find advanced versions of standard features. For example, the best content filters don't just use a database of categories. They analyze page content in real time so that, for example, they can allow access to a short-story site but block the erotica. To learn about these advanced features, and to make an informed choice for your own family, you'll need to read our full reviews.


ContentWatch Net Nanny 7

With configuration and reporting moved to the Web, ContentWatch Net Nanny 7 is fully at home in the modern multi-device world of parental control, and it still has the best content filtering around. Net Nanny 7 is a parental control Editors' Choice. Read the full review ››
Qustodio Parental Control 2015

With Qustodio Parental Control 2015, you can keep track of your children's online activity on PC, Mac, iOS, Android, or Kindle devices. Its rich feature set and clever social media tracking make it a new Editors' Choice for parental control.  Read the full review ››
Symantec Norton Family Premier

Symantec Norton Family Premier lets parents track and manage their children's use of Windows, Android, and iOS devices. Its completely Web-based configuration and wealth of features make it a great choice for parental control. Read the full review ››
Kaspersky Safe Kids

Kaspersky Safe Kids offers well-rounded, very affordable parental control and monitoring, and it doesn't limit the number of child profiles or devices you can cover. It's an excellent choice. Read the full review ››


You configure Mobicip's parental control options online, and a local agent enforces the rules on your children's devices. In testing, we hit a few communication problems, but overall it's a good choice for the modern multi-device family. Read the full review ››

OpenDNS Home VIP

OpenDNS Home VIP applies parental control and monitoring at the network level, for all your devices, and its essential features are available for free. Consider using it in conjunction with a more conventional parental monitoring tool. Read the full review ››


When you configure your router to use SafeDNS, you can filter out dangerous or objectionable content for every device that connects using your home network. Just don't expect a full range of parental control features. Read the full review ››

Enlarge / Rep. Mike Honda (pictured here) sued his challenger, Ro Khanna, "Ro for Congress," and Brian Parvizshahi, Khanna's former campaign manager, on Thursday.Bill Clark / Getty Images News reader comments 16 Share this story Mike Honda, the congressman who represents a large portion of Silicon Valley, has sued his political opponent, Ro Khanna, under a federal anti-hacking law known as the Computer Fraud and Abuse Act. Khanna, a former Department of Commerce official, is trying to unseat Honda in the upcoming November 2016 election. Honda, who has been a member of the House of Representatives for 15 years, previously defeated Khanna in a tight race in 2014. The lawsuit claims that Brian Parvizshahi, who was Khanna’s campaign manager until Thursday evening, worked as an intern for a Honda campaign fundraising firm, Arum Group, for just a few weeks in the summer of 2012. However, when Parvizshahi left Arum Group, his access to a Dropbox account that included data on thousands of donors was not revoked. Later, after he began working for the Khanna campaign in 2015, Parvizshahi allegedly contacted many Honda donors one at a time to ask them to consider supporting Khanna instead. “This involves a violation of privacy of our supporters.

They entrusted our campaign with this information,” Honda campaign lawyer Gautam Dutta told Ars. "We consider it a cyberattack. You basically have your political opponent obtaining and using your confidential information, obtained through the Internet in an illegal manner.” Even after the contract with Arum Group ended in December 2014, the Honda campaign didn't notice that anything was amiss until May 2016.

According to Dutta, that’s when Dropbox sent an e-mail notification about file access that the current fundraiser could not understand. “He went to our former fundraiser about this, and she made the discovery that Mr. Parvizshahi still had access to that account, and she immediately revoked it,” Dutta said. CFAA strikes again In addition to Parvizshahi, Khanna and the “Ro for Congress” campaign were named in the suit as defendants. Khanna and his campaign were officially served with the lawsuit Thursday night at a campaign event in Fremont, California. Parvizshahi resigned from his position on Thursday evening and has yet to be served with the lawsuit. He has not responded to Ars’ requests for comment. The Khanna campaign did not immediately respond to Ars’ requests for comment, but Khanna spokesman Hari Sevugan provided a statement to the Los Angeles Times. He wrote: By filing this lawsuit with six weeks to go and down in the polls, [Parvizshahi] believes Mike Honda is trying to distract voters from the ongoing ethics investigation into how he sold special governmental access to his VIP donors after accepting $3 million in PAC contributions.

And Brian will not let Mike Honda use him to distract voters from the need for real change. The criminal portions of the Computer Fraud and Abuse Act have drawn scrutiny in recent years, as they have been the vehicle for numerous high-profile prosecutions, including that of Matthew Keys. The CFAA is the same law that was used to prosecute activist Aaron Swartz, which ultimately resulted in his suicide.
It is the same law that President Barack Obama has said he would like Congress to expand to encompass broader reach and longer prison sentences.

After Swartz’s death, some lawmakers proposed Aaron’s Law, a Congressional bill that would aim to rein in some of the expansions of the CFAA, but it has languished in Congress. The CFAA also has a civil portion, which is nearly identical to the criminal section.
It allows anyone to bring a lawsuit. Ahmed Ghappour, a law professor at San Francisco’s University of California, Hastings, said that the Honda campaign has a strong case. He told Ars: Under 9th Circuit law, Parvizshahi’s access to the files was arguably “unauthorized” for two reasons.

First, Honda’s termination of Arum Group effectively rescinded any previous grant of permission to Arum Group employees to access the dropbox files.
Second, Arum Group’s termination of Parvizshahi (or his voluntary departure, as may be the case) likely had the effect of rescinding permission to access Arum Group’s client files, past or present. Professor Ghappour pointed to a notable civil CFAA decision at the 9th Circuit Court of Appeals from 2009, LVRC Holdings v.

. In Brekka, the 9th Circuit held that a person uses a computer without authorization “when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” This opens up liability in the post-employment context.

Courts in the Northern District of California have found that the employer doesn’t need to revoke the employee’s access credentials for there to be unauthorized access post termination. Under this interpretation, termination is sufficient to provide notice. Beyond the civil liability, Parvizshahi could still face criminal prosecution. “This is a very serious matter, and we would urge the federal authorities to look into it,” Dutta added.
Here we go again.CSPAN reader comments 21 Share this story Yesterday, Ars reported on the Reddit thread purported to have been started by Paul Combetta, a systems administrator at Platte River Networks involved in the operation of Hillary Clinton's private mail server. In the thread, a user named "stonetear" asked others on the /r/Exchangeserver subreddit how to strip a "very VIP" person's e-mail address from messages in an existing Exchange .PST e-mail archive. Now, the House Oversight and Government Reform Committee, which has been at the center of much of the ongoing congressional probe into Clinton's e-mails, has subpoenaed those posts. The feds are asking Reddit to preserve them for further investigation. The Hill reports that the committee's Republican majority has issued an order to Reddit to provide the posts and metadata related to them to committee investigators, and Reddit is reportedly cooperating with the order. The Justice Department previously granted Combetta immunity from prosecution for cooperating with the FBI's investigation of the Clinton e-mails. Combetta admitted to accidentally deleting Clinton's e-mail archives in an "oh shit moment" when he realized he had not put new retention policies in place for her mail. That took place in March of 2015. The Reddit thread in question corresponds with the period when Combetta and others at Platte River Networks would have been assisting in the collection of Clinton's e-mails to be turned over to the House Select Committee on Benghazi in July of 2014. Combetta has not confirmed that he made the post, though it is tied closely to his other social media and e-mail accounts. "I’m very confident that the amount of circumstantial evidence certainly points in one direction,"  Rep. Mark Meadows (R-N.C.), chair of Oversight's Government Operations subcommittee, told The Hill. "We’re just trying to make doubly sure that we can authenticate that in a real way, because if not it will be challenged on a number of fronts." Even if the post is legitimately from Combetta, its content doesn't indicate he was trying to destroy evidence—it only shows he attempted to conceal e-mail account addresses in the headers of the messages in the archive (as we explained yesterday). The posts (again, if they were Combetta's) were unrelated to his later deletion of Clinton's e-mail archives following their delivery to her lawyers and the State Department.
Bleach those bits away.Adina Firestone reader comments 47 Share this story A system administrator with Platte River Networks, the company that took over hosting Hillary Clinton's mail server after it was moved out of her basement in Chappaqua, has been the target of a crowdsourced investigation on Reddit into whether he took part in a conspiracy to cover up Clinton's e-mails. Paul Combetta, an employee of Platte River Networks who was granted immunity from prosecution by the Justice Department in exchange for cooperation with the FBI's investigation of Clinton's e-mails, apparently went to Reddit for help with a sticky problem related to the e-mail investigation by the House Select Committee on Benghazi—scrubbing the e-mails of Clinton's personal address. While the post doesn't provide evidence that Clinton herself instructed Combetta to erase her e-mails, it does suggest that his staff wanted to excise her private e-mail address from the archives to be turned over to the State Department—ånd in turn, to the House Select Committee.

The later destruction of the e-mails during the continuing investigation was apparently, as Combetta told investigators, an "oh-shit moment." On July 24, 2014, a reddit user with the screen name "stonetear" posted to r/exchangeserver looking for advice on a vexing problem: Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file.

Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished? ...The issue is that these emails involve the private email address of someone you'd recognize, and we're trying to replace it with a placeholder address as to not expose it. Based on other social media profiles and a Google e-mail address, "stonetear" appears to have been Paul Combetta, according to the work of members of Reddit's r/conspiracy.

The date of the post is interesting because it is the day after the State Department and the House Select Committee on Benghazi reached an agreement on producing records related to the Benghazi investigation—but months before the State Department actually requested private e-mails related to work from Clinton and former Secretaries of State Colin Powell and Madeline Albright. That is also the timeframe during which Clinton's chief of staff Cheryl Mills told Platte River Networks to export all of the e-mails sent by Clinton to ".gov" e-mail addresses to a separate .PST mailbox file in preparation for the investigation, according to FBI interviews (PDF) with Mills and a redacted Platte River Networks employee—Combetta.

The report does not say whether Mills requested Combetta do anything else with the e-mails before turning them over—such as scrubbing the incriminating personal domain name from the e-mails before they were passed to Congress to avoid revealing Clinton was using a personal domain for her e-mail, or allowing her e-mail address to become public record. In any case, it turned out that Combetta could not easily erase that information without directly editing the contents of the e-mail files.

A number of tools were suggested by reddit posters as a way to perform some fixes or to correct the problem in the future, but none of the suggestions would have easily stripped e-mail addresses from within a .PST file of the size he was dealing with. In the end, the .PST archive file was passed to Clinton's lawyers.

Clinton's use of a private e-mail domain was exposed before by the New York Times in March of 2015—though it had previously been exposed by the Romanian hacker Marcel Lazar Lehel (aka "Guccifer") two years earlier, without being widely investigated. Captain BleachBit In December of 2014, after the e-mails were provided, Mills apparently requested a change to the retention policy for e-mails on the private server, telling Combetta that Clinton didn't want any of her e-mails going forward to be retained for more than 60 days.

But as had happened with many requests from Clinton's staff—including the request to encrypt the contents of the mail repositories to protect them—the Platte River Networks technicians never implemented the policy. Combetta gave conflicting information several times about Clinton's e-mails on the server.

But in a final follow-up interview this May, Combetta came clean to the FBI and "indicated he believed he had an 'oh shit' moment" when he realized he had not implemented the 60-day policy for Clinton's post-State Department e-mails. Instead of purging e-mails in her current mailbox, "sometime between March 25-31, 2014 [Combetta] deleted the Clinton archive mailbox from the [Platte River Networks] server and used BleachBit to delete the exported .PST files he created on the server system containing Clinton's e-mails," the FBI report on the investigation recounted. He then realized that he had deleted e-mails he was supposed to retain because of the investigation's preservation request, even though he was aware that "he should not disturb Clinton’s email data," the FBI noted.
Cracking the grey market in rent-a-borkers Analysis It’s not often an entirely new and thriving sector of the “digital economy” – one hitherto unmentioned by the popular press – floats to the surface of the lake in broad daylight, waving a tentacle at us. This is the DDoS-for-hire industry, and it’s fascinating for a few reasons.

This shady marketplace has done everything a legitimate “digital” business should do. Hitherto, what are euphemistically called “booter” services have been pretty obscure.

But if anything deserves an as-a-service “-aaS” (“software as a service, SaaS; platform as a service, PaaS) created in its honour, it’s the 'DDoSaaS' or perhaps 'DoSaaS' industry: Denial-of-service-as-a-service. We now know much more about the marketplace because its leading business, vDOS, was hacked this year, and security expert Brian Krebs has been joining the dots. Krebs has documented the DaaS business for some years, a thankless job resulting in regular attacks on Krebs' own website.

The key business and technical architects also helpfully described it in an academic paper. Two Israelis allegedly behind vDOS, both 18, were arrested after an FBI investigation.

The site had been operating for four years. vDOS offered four retail tiers: from a $19.99 “bronze” plan to a $199/month “VIP plan”. Just as blogs and social media “democratised” the media, by making the tools of production and distribution cheap and readily available, so too did booter services. To take a site you didn’t like offline you used to have to have a network of contacts and great technical expertise.

But the booter services put a DDoS attack into anyone’s hands, and all it took was a quick retail transaction -as low as $20.

Booter services were the Uber of DDoS. How’s that for disruption? “To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement.

The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last,” Krebs noted, adding: And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic. Like many “booter” services, vDOS had been hiding behind CloudFlare’s CDN.

The CloudFlare CDN acts as a cloaking service, and has been criticised for keeping pro-ISIS sites online.

CloudFlare has also been under fire for doxing; a sample of CloudFlare’s clients can be found here.) In a January post entitled Spreading the disease and selling the cure, Krebs observed: “The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online.” As well as providing protection for the DoS [denial of service] industry, CloudFlare operates a DoS-protection service for clients worried about DoS attacks. Krebs added: “If CloudFlare adopted a policy of not enabling booter services, it could eliminate a huge conflict of interest for the company and – more importantly – help eradicate the booter industry.” CloudFlare says it responds to individual law enforcement requests and will not proactively police its network for DDoS-ers. What made vDOS particularly interesting was that it operated in both “retail” and “wholesale” markets. “PoodleStresser, as well as a large number of other booter services, appears to rely exclusively on firepower generated by vDOS,” Krebs notes. This isn’t unusual in legitimate sectors.

A food manufacturer may sell white label versions of its goods to supermarkets, and mobile networks have for years made better use of their capacity by wholesaling to MVNOs, mobile virtual network operators). The vDOS pair maintained a network of PayPal accounts but many of the participants are US based. Damon McCoy, cited at Krebs' blog, notes that vDOS blocked clients from disabling Israeli sites, most likely to avoid unwanted attention from authorities at home: “The main reason was they didn’t want to make trouble in their local jurisdiction in the hopes that no one in their country would be a victim and have standing to bring a case against them.” The cover story offered by booter operations is that the software has a legitimate use: for sites to stress test their own web servers.
In reality, the “democratization of DDoS” – with kits available on the dark web for a fiver – means that buying DDoS protection offered by CloudFlare is almost mandatory. ®
Red Hat OpenStack Platform 9.0 director Release Candidate is nowavailable for Red Hat Enterprise Linux 7. Red Hat OpenStack Platform director provides the facilities for deploying andmonitoring a private or public infrastructure-as-a-service (IaaS) cloud based onRed Hat OpenStack Platform. Red Hat OpenStack 9.0 director for RHEL 7 SRPMS: Cython-0.21.1-1.el7ost.src.rpm     MD5: db6da76b618a6e4a9026a312c8869651SHA-256: 1c0a9867789b2d48bc1d771b51c118dc5d939fa5861372c6d49dee7c138d9a2a fio-2.2.10-1.el7ost.src.rpm     MD5: 167a7119984e088615328de8222b80d4SHA-256: 5b732ac9254b6ba429c306b184c6e311803f5eb32f2609432bd1f1334e68c26a instack-0.0.8-3.el7ost.src.rpm     MD5: a9f7e420d0d1d5c3b9c45effba448f61SHA-256: 0ca31a35095553e8a0e96cdd137042bd9bf557a0e2d06c15c8a8d2824ffe6e28 instack-undercloud-4.0.0-11.el7ost.src.rpm     MD5: 10c04928626a4edc8227af1774cf7d46SHA-256: f4acc14bbc8acadaea4bff118253782999ed29734a071619055f16f0e5cfcfba ipxe-20160127-1.git6366fa7a.el7.src.rpm     MD5: 19a4368508ff35ad91f3d1b7dd5a1f69SHA-256: d3e9662772f5a5df67c58d4a40d67beb6c150ace92db3d45a99efff00583c6a0 openstack-ironic-inspector-3.2.2-4.el7ost.src.rpm     MD5: 307adfbd781e9cbbd2f5f18c94026aaaSHA-256: 32eb7ca3ed444eb87ac257185c3b5b0870f333c1392e024a40132d4da89a81ef openstack-ironic-python-agent-1.2.2-3.el7ost.src.rpm     MD5: bd2e4e746e5e6b255b7490d15267f8a0SHA-256: 44bf6e6e4108d1a691e24ed98c2a56d0eda792450fb10a02d641e8c48c1d9d9a openstack-tripleo-0.0.8-0.2.d81bd6dgit.el7ost.src.rpm     MD5: 329f5c2b356de903e350686823eb78f9SHA-256: f0e7a40fb5c126fbda1ff6982822c6f4c545fe831f59f3978f25f4ffaff11397 openstack-tripleo-common-2.0.0-8.el7ost.src.rpm     MD5: 3ac1dba9fcc35136641f87ed2b1464fbSHA-256: f9574e30512ad5a45847856750b0f1d67aef9c08b8aade749be89e5de00554d1 openstack-tripleo-heat-templates-2.0.0-30.el7ost.src.rpm     MD5: 37f9be5e14d765145056c80884363ac1SHA-256: b61cb95c1cfcd7fb989899ac98e34d99ddc95f1b11b1e3e50e2ff75ced3dbdec openstack-tripleo-image-elements-0.9.9-6.el7ost.src.rpm     MD5: 60b359fc5a1d9b5e399adf29cda34faaSHA-256: ced4fa38ace2aa809b1775e81d14a73077535f7cfeee4d0f0bb0c949c756e559 openstack-tripleo-puppet-elements-2.0.0-4.el7ost.src.rpm     MD5: 40cfa37fcc6e52358cfb16062b3134cbSHA-256: 6871ffce61a7938a1f5d4ffe8508e3c78082537adb04b65f08d59f8de84cc83f openwsman-2.3.6-13.el7.src.rpm     MD5: 5e32350fa7d094de844e4c42664197bcSHA-256: 5779a08aba0aa376927bb785a2a1cac493f54923ba9092042c080402b394d842 os-apply-config-0.1.32-6.el7ost.src.rpm     MD5: 047b6ffc419a0d3dcf3926ff25078096SHA-256: 734a5fe4324c0630ba241d4905d0ab1152725b37f148cac2388fe253ae20d260 os-cloud-config-0.4.1-6.el7ost.src.rpm     MD5: c0dd5578dc949265a6a99fac84473d38SHA-256: 90c6fe97bc68b84ceaf6ffc60848bf3e8e9861ce5c833d6998f4c5facdd5c612 os-collect-config-0.1.37-6.el7ost.src.rpm     MD5: 2af734cc74e0ca59af7f024e3e9109e4SHA-256: c8212d1a024d73aeb24e8fc8a9173f2f35e8a827312a05b38bd388dfc74af579 os-net-config-0.2.4-4.el7ost.src.rpm     MD5: 66048aaf726a5e0ee2c5af4868faa2e5SHA-256: 8baca6120e0cb5321e0eb3e29e6ff0d4ad5fd1aa8b05fa2d87de64ce3a6990e0 os-refresh-config-0.1.11-5.el7ost.src.rpm     MD5: ba4a28570b672d0594f444fa5604b7d5SHA-256: 1d66f1d6f648d27b10b6685f802d456dc9aea737df45cc61d9b4a3dacdedcc54 python-flask-babel-0.9-3.el7ost.src.rpm     MD5: 8f6ba5083b2453067e5481a53319194cSHA-256: 8056d8126a1a758251379b7b1bb55bf3b35a6eacdaf52fcccf1d55409b7278ae python-hardware-0.17.1-0.20160217225319.790d92a.el7ost.src.rpm     MD5: 43e0fd615407a522bb2775644c917759SHA-256: bd1373e5d4d937c8af46732014451c7490fb8c870845b825df4f89aab03b6feb python-ironic-inspector-client-1.5.0-3.el7ost.src.rpm     MD5: 322a1d675eed3235b23558fa1317111fSHA-256: 8a8c9ed92e394313e9e2b09eb771b85e159985d78648d53197e0f3ab9ec78008 python-ptyprocess-0.4-1.el7ost.src.rpm     MD5: 04afcbf82018b5c34e622160b6a01f88SHA-256: 2d08226548b0073dabcbc972b956244a3e0adf316dca3f3402734cffa400edc3 python-tripleoclient-2.0.0-2.el7ost.src.rpm     MD5: 84701ba8b747ec9ba9b8e01eff9a7a1eSHA-256: a41b595455456e452c7a8eca8e991020bfd7477ec34ece198dd35972fea763d7 sysbench-0.4.12-12.el7ost.src.rpm     MD5: 0e9d7b8c837bed2d402ce530b1c76a03SHA-256: 1d519ebab22f12acc6da271e6fc96a8f56ebb0159edae4a59ced402b0a65cfb4   x86_64: Cython-0.21.1-1.el7ost.x86_64.rpm     MD5: 8b78fb60b931f77b3ebaf213f541a206SHA-256: 9f744da95015ee2df4629c542241c8d6b545d3262774fd9d432f6dc759ab6973 Cython-debuginfo-0.21.1-1.el7ost.x86_64.rpm     MD5: 700dc8eaeb88e0e64f502c701eba89c5SHA-256: bed954fb2d6b3746d66132382dfb6c921f72b3b13b16189e75b8f524c54e1fad fio-2.2.10-1.el7ost.x86_64.rpm     MD5: bed2241db0bab2ece586601725d333c5SHA-256: 3cfe46efc26531727c8ce31695909eab68966bccd5d4823a851c97940a60fff9 fio-debuginfo-2.2.10-1.el7ost.x86_64.rpm     MD5: aa3ea0ebd3d193bbff5e680ccf5cf55dSHA-256: 9a1bf6e48c4d56c1f11c2554ccc3c6265f72cdd027199c1f8557996a0129c296 instack-0.0.8-3.el7ost.noarch.rpm     MD5: a04890ced14f59500a691610edb14396SHA-256: 4c3347783acb56a5a38f03362dda0e51251cfb75077e72f65d6ae1f9e39a2987 instack-undercloud-4.0.0-11.el7ost.noarch.rpm     MD5: 3037a15ee49a48acb5384c109d37a2a4SHA-256: 30c2fc1de04084326595219d7802ddc9b79fa076b420826e282074c68d250d68 ipxe-bootimgs-20160127-1.git6366fa7a.el7.noarch.rpm     MD5: eefa0bf9e1a6ffce83bc53d8006b3069SHA-256: cbd1fcfcbf7b88260fe3615a0384812f9304a6f2695c6b9280c05e1c821ef4c3 ipxe-roms-20160127-1.git6366fa7a.el7.noarch.rpm     MD5: 1cbd5e3bf83ef50cf3bd7a05c0d42b15SHA-256: d578b9c5fad484aa551b9227e4c944303569216d8cc41153dc35d858f093dde3 ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch.rpm     MD5: 30efa478418a6cc3a76ee0fb30f4f5c8SHA-256: d4afbda47fc53bdd468ae3d0bfcfa3d2450b8d8f606d92327219cc3fdf774de3 openstack-ironic-inspector-3.2.2-4.el7ost.noarch.rpm     MD5: 95f2613c51d1ea447fe57e27bdf0d1fdSHA-256: bff12024bdb07ed4b6457cda2f3dcbb32e675653ef6070538ed43130bf30fa0b openstack-ironic-inspector-doc-3.2.2-4.el7ost.noarch.rpm     MD5: 13d00c723a00e081cf4a6f70bff2b624SHA-256: 9e0f82725c28e567029a211a19d5a306b1ee5a353a1cba344d8da5bc3d6435e0 openstack-ironic-python-agent-1.2.2-3.el7ost.noarch.rpm     MD5: 9a4ac09225f3672f4ea6ac4bff738f3cSHA-256: 0fdc46e62853e1c6369093ea9f14b0986cc33cdbf40a94db5351523c29a40038 openstack-tripleo-0.0.8-0.2.d81bd6dgit.el7ost.noarch.rpm     MD5: 0ce2f3beb91e49c813e48d720c9dbc74SHA-256: 6b84b52916f76dc79d1210b2f3d4a65d3ecd52e2211f6791f82e87a533d86905 openstack-tripleo-common-2.0.0-8.el7ost.noarch.rpm     MD5: 25dd33bca1e5056532dc0777b85284c3SHA-256: 791f2146c86b76e7d05bb30c3f7ce9ca148612f903eeca5cf21ca1f3e0264ef1 openstack-tripleo-doc-0.0.8-0.2.d81bd6dgit.el7ost.noarch.rpm     MD5: 605c0452554e38e1ec57b351a1ab7d1cSHA-256: 559adf232126c9a12ac37382e1a56226e12963595a0502f19cc8de30149bae8c openstack-tripleo-heat-templates-2.0.0-30.el7ost.noarch.rpm     MD5: d846802502b8a1acb895909b1acc0582SHA-256: 73a26c127f16e2bfb8a55ff66329691ff2e470aa18bddb1046ae04f52e3ef517 openstack-tripleo-heat-templates-liberty-2.0.0-30.el7ost.noarch.rpm     MD5: abd522de4f5085f83069ce17f93d8b7fSHA-256: 685bf13cc3a69ec78e4ffaf5f57e2bcf8e66fee1184a76b2c948428bc468c257 openstack-tripleo-image-elements-0.9.9-6.el7ost.noarch.rpm     MD5: cd4994aa3f7e003c9466f57635a8c4a6SHA-256: 3196933a856995716166917a0d956ef917d4e1fdd1004ec31d2f8c575fe8ac75 openstack-tripleo-puppet-elements-2.0.0-4.el7ost.noarch.rpm     MD5: dd1d139e4d9729f37c5df4ca86bc52afSHA-256: 131af5bc0599701b292fdfe81ad0b3bdd8a21e8896d18c1be9188464001d3d47 openwsman-python-2.3.6-13.el7.x86_64.rpm     MD5: acaad1c129ffca2d54ea918279fcc37aSHA-256: 8ea8dd800f2b76ba528e898e42d9d3ed1569331b1eb93a94d6cf0810b495b15b os-apply-config-0.1.32-6.el7ost.noarch.rpm     MD5: f8ac5fe2795105d5a13b6520e02d4bf0SHA-256: 047e974fc035897f2568d952dbea85a5c04b669b451cf6bf3f620e0346c199cf os-cloud-config-0.4.1-6.el7ost.noarch.rpm     MD5: ed5d3d2e51e15c39b7f4cd68b833f32aSHA-256: 6e84c6805aa123b31a9e3786e2d8205c4c541d268c04c17b0ca26f9d5016080d os-collect-config-0.1.37-6.el7ost.noarch.rpm     MD5: 2458e1659f6750ab7f2b3184f40d7f3dSHA-256: 9dbfe74cb3a6882835b5882b00af0c7ff40ea12e386158bde8db49800bb62c08 os-net-config-0.2.4-4.el7ost.noarch.rpm     MD5: 5f777c734c3f35cc35c3f030357c607bSHA-256: e7740e2800897b0db4d6ababa2e8f61de0c49c7c870a2d32021bf6d996731039 os-refresh-config-0.1.11-5.el7ost.noarch.rpm     MD5: b8deb54fa01406dbac533539bdf56b99SHA-256: 9abe8bdf67626089dfd0d0c7c66e67399ca93ac3070952fc4f8f1a956fee634e python-flask-babel-0.9-3.el7ost.noarch.rpm     MD5: 16f2c74792a882a798c66ebdef5310d8SHA-256: 6d2896d0452093c5380aa7f31e0fee95690372541b35d1274d2baf47ce5aea56 python-hardware-0.17.1-0.20160217225319.790d92a.el7ost.noarch.rpm     MD5: 051460aa8a4df61eafc8cb48004865f4SHA-256: 593fb45dbe0336400a75328db24bf2978b76adf0036ead4600fd37c92a5c97ab python-hardware-detect-0.17.1-0.20160217225319.790d92a.el7ost.noarch.rpm     MD5: 85e1f0625c50bd42ce86b6689ff7860eSHA-256: aae9f536bf92f99bced03f97e313a5ba28191e7dc60b57ac553aa142a8bf543c python-ironic-inspector-client-1.5.0-3.el7ost.noarch.rpm     MD5: 8695fc912aedd50f625bf76328618dbbSHA-256: 28d3db07a385ecd88d32b6b3cd4e2c5e30502112b2d617cbba59dd77a6ebfa79 python-ironic-python-agent-1.2.2-3.el7ost.noarch.rpm     MD5: 169da42f5192e8a89c0eff339ba9c36aSHA-256: 579ababc91534d955e13b81700faf6fc646fc53fc2af32c0179e6b84cd254092 python-ptyprocess-0.4-1.el7ost.noarch.rpm     MD5: e9413b92011e607f33586754d4cfe50eSHA-256: 5caf8e5556e1a8633987a2f1c038df039ed603bd570187adf5cd9a373b14646b python-tripleoclient-2.0.0-2.el7ost.noarch.rpm     MD5: 2f5bb43c31184bb66a21d3e7ca357126SHA-256: 4d2e4bd2d7729a49cdc3467c9ebb43a00fef0ef2678d893dbf6fc14790fbd14b sysbench-0.4.12-12.el7ost.x86_64.rpm     MD5: 7e2d9d6e7ab732a56ede6a4cc86f67a8SHA-256: 8aaac8169c09793480cb2e8d2a185c9cc5823ead991b48b3005b7c5734d12c3d sysbench-debuginfo-0.4.12-12.el7ost.x86_64.rpm     MD5: 94cb36a562d05f0b633da50d360d9435SHA-256: 3a741d546e9b558bbc9a64ff3ff5b221ad58521bf7b48506f39ca59c015a7afc   (The unlinked packages above are only available from the Red Hat Network) 1290121 - [Bug] [HA] Remove keystone constraints and add the openstack-core dummy resource in its place1317312 - With latest puddles of RHOSP 8.0, "openstack flavor delete" fails with "public endpoint for messaging service not found"1320816 - osp-director: ironic-inspector service is missing from undercloud catalog - upstream backport needed1322311 - On SSL enabled undercloud the aodh publicURL gets configured as non-https1322313 - On undercloud the AODH port is not allowed in the firewall rules1322484 - ceilometer-alarm-(evaluator|notifier) services running/enabled when aodh is installed1323305 - Password not required to login as root to MariaDB1336509 - Dependency Gnocchi_config[indexer/url] has failures:1337276 - rhel-osp-director: On undercloud: neutron-openvswitch-agent: failed (memory issue)1337511 - Property error: resources.ManagementNetwork.properties.ManagementNetValueSpecs: Value must be a string1337537 - rhel-osp-director: 9.0 - the overcloud deployment fails because pacemaker isn't the default1338954 - openstack-gnocchi-statsd fails to start1340453 - Heat stack on overcloud fails with: Resource CREATE failed: Error: Cannot get stack domain user token, no stack domain id configured, please fix your heat.conf1340475 - Nova novnc console doesn't load 2/3 times: Failed to connect to server (code: 1006)1340822 - OS_AUTH_URL for AODH points to localhost1341350 - rhel-osp-director: registering the overcloud images fails on first attempt with "500 Internal Server Error: Failed to upload image 51672726-cc40-40ea-9ca0-1f8b2267313c (HTTP 500)"1341838 - rhel-osp-director: Deploy with external ceph: "ERROR: The Parameter (GlanceRbdPoolName) was not defined in template"1343093 - Coordination URL for gnocchi is not set1343918 - Update fails trying to work with openstack-keystone pacemaker resource1343979 - CLI overcloud update interactive mode doesn't work1344026 - Gnocchi requires bulk delete enabled in swift1344307 - Horizon help URL points to upstream documentation1344380 - Run gnocchi-upgrade with '--create-legacy-resource-types' during deployment1346275 - python-hardware-detect missing dependency[osp-9]1347716 - Nova-client: Cannot use v2 authentication with domain scope1348147 - Add python-cradox to overcloud image1348831 - Keystone WSGI migration: httpd temporarily collides on port binding1348842 - After migration to AODH, its services run only on one controller1349180 - Including the nework-isolation.yaml file after network-management.yaml disables the Management network.1349436 - AODH on undercloud configured with 'admin' tenant1349456 - During overcloud deployment the ceph monitor gets started only on one of the controllers which causes the deployment to get stuck for some time1349890 - rhel-osp-director: 9.0 Update to async fails - os-collect-config restarted during yum update1350489 - Upgrade fails because os-collect-config is restarted during yum update1351254 - Data Processing section doesn't show up in the Dashboard1352057 - Duplicate nova hypervisors show up in nova hypervisor-list post 8 -> 9 upgrade1353031 - osp-director-9: After successful upgrade from OSP8 to OSP9 there are failed resources on the controllers for heat-engine/gnocchi/ceilometer.1353361 - install: cannot stat ?/usr/share/ipxe/undionly.kpxe?: No such file or directory1353368 - ipxe_timeout should be set to 601353378 - openwsman-python is missing in osp9-director repository1353637 - External load balancer deployment fails with: Error: Could not find dependency Pacemaker::Resource::Ocf[openstack-core] for Pacemaker::Constraint::Base[openstack-core-then-httpd-constraint]1354046 - rhel-osp-director: 8.0->9.0 upgrade, Keystone WSGI migration step fails, httpd resource is down on the cluster and fails to start.1354627 - Existing nodes get rebuilt during scale out after 8->9 upgrade1356107 - nova-compute service is down on compute nodes added post 8->9 upgrade (tripleO Heat Template)1356997 - openstack-core resource does not have interleave=true meta attribute1357090 - [Backwards Compatibility] UC9-OC8 fails keystone authentication1357925 - Undercloud: Nova-client: Cannot use v2 authentication with domain scope1358345 - Add a base constraint so gnocchi services should start after galera1359760 - python-cradox not installed during upgrade1360408 - [regression] Allow updating of nodes in baremetal import1361100 - SSL enabled undercloud doesn't configure the AODH public VIP in haproxy These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
'Advanced technology for those where cost is not an issue' El Reg got hands-on with the Solarin $14,000 ultra-high-end Android smartphone during a trip to Tel Aviv this week. As previously reported, the Solarin handset is an Android-based smartphone pitched at privacy-conscious executives and the ultra-wealthy. The smartphone comes with a 24 megapixel camera and integrated 3D audio as well as support for Wi-Fi and a high end metal chassis.

The audio and visuals are undeniably impressive.

The tech features an eight-core processor, a Qualcomm Snapdragon 810. Sirin Labs’ hardware features Koolspan’s TrustChip processor.

The phone operates in two modes: a regular high-end Android phone where users can download apps and an encrypted mode isolated from the operating system and connected devices. A switch on the back of the device enables "shielded mode" for encrypted texts and calls.

This enclave comes with a walled garden.
Sirin Labs is a Swiss firm but its R&D team is based in Israel and its marketing and sales team is based in London.

The device is pitched at business users, tech lovers and high net worth individuals. Chief executive officer Tal Cohen, whose background is in internet advertising startups rather than mobile or security, said his firm had identified a niche market comparable to the high-end watch market but for smartphones.
Its potential customers wanted ease of use, a general purpose phone and security in one device.

The device is pitched at investment bankers, lawyers, accountants and investment houses. The smartphone features mobile security from Zimperium and support for Qualcomm’s TrustZone technology.

Cohen described the devices as Mobile Device Management “friendly” but wasn’t immediately able to provide details even when pressed on this point. MDM technology allows corporate IT managers to support the BYOD trend, aspects of which involve people using personal devices instead of relying on company-issued kit. Such execs looking for the last word in security can already use the Blackphone, which comes from crypto wars hero Phil Zimmermann and former Navy SEALs, a formidable combination. Much is known about the security aspects offered by the Blackphone, whereas the Solarin handset’s security bona fides are yet to be substantiated or even specified.

Cohen told El Reg that smartphone featured anti-tampering on the ROM as well as app protection from anything below “agency-level attacks”. Post Enron and after the LIBOR rate-fixing scandal, the use of the technology in investment banking or other heavily regulated industry seems problematic. Yet that’s not really the market the Solarin is aimed at, even though the marketing blurb may say otherwise.

The Solarin handset is a gold-plated iPhone for those who prefer Android. “It’s the most advanced technology for those where cost is not an issue,” according to Cohen.

Asked by El Reg what car the Solarin would be if it was an automobile, Cohen said it would be a “Lamborghini, McLaren or Bugatti.” Initial sales outlets include a store in Mayfair and the Heathrow VIP area. Independent security experts remain unconvinced about Sirin Labs' proposition – especially in the absence of details.
Security through obscurity isn't going to win hearts and minds among mobile security experts. “The anti-virus will be essentially a waste of time, and expecting a plug-in card to secure Android's microphone and speaker is fundamentally flawed logic,” a mobile security expert who asked not to be named told El Reg. “There might be some value in some of it, but Blackphone is a much more sound approach overall.” ® Sponsored: Rise of the machines