Worried that implementing Linux might be too much of a risk

Posted on September 5, 2016 by nb1302

For those of you businesses that might be out there and worrying about switching to Linux thought I am posting a list of some major organisations that are using Linux
New York stock Exchange
Department of Defence in the US
Amazon
Google
Facebook
Twitter
IBM
McDonalds
Nasa
To name but just a few big corporations so if you want better performance and to pay less on licensing contact us and its us show you how

Posted in Blue Shell News | 5 Comments

Dell software Group Sold off

Posted on June 21, 2016 by nb1302

Dell Software Group has been acquired by Francisco Partners and Elliot Management , in the announcment Dipanjan Deb, Francisco Partners CEO said
“We founded our firm in 1999 to pursue divisional carve outs in the technology sector and today’s agreement continues that vision,”
Dell Software has a comprehensive portfolio solutions which include advanced analytics, database management, data protection, endpoint systems management, access and identity management, Platform management for Microsoft products, network security and performance monitoring

Posted in Uncategorized | 1 Comment

Microsoft Launches its own version of FreeBSD Distribution

Posted on June 8, 2016 by nb1302

Microsoft today announced it has launched a fully supported version the FreeBSD Unix 10.3 operating system and made it available in Azure.

Jason Anderson Principal PM Manager, Open Source Technology Centre said,

“One of our primary reasons for making these investments in FreeBSD on Hyper-V was to enable FreeBSD VMs to run in Azure, as Hyper-V is the virtualization platform for Azure. You may be wondering, Why is it so important for FreeBSD to run in Azure? Many top-tier virtual appliance vendors base their products on the FreeBSD operating system. Over the past 2 years, we’ve worked closely with Citrix Systems, Array Networks, Stormshield, Gemalto and Netgate to bring their virtual appliances to the Azure Marketplace, and we’re continuing to work with a long list of others for future offerings. However, if you wanted to run your own FreeBSD image in Azure, your only option so far was to bring a custom image from outside of Azure.

Today, I’m excited to announce the availability of FreeBSD 10.3 as a ready-made VM image available directly from the Azure Marketplace. This means that not only can you quickly bring-up a FreeBSD VM in Azure, but also that in the event you need technical support, Microsoft support engineers can assist”

For more information read Jason’s Blog

Posted in News | 2 Comments

Russian Government makes plans to replace windows with Linux as its preferred Operating System

Posted on February 13, 2016 by nb1302

In a dispute more about taxes or the lack of payment of them by the Big IT companies German Klimenko’s Russia new Internet Czar has announced he is banning Microsoft Windows platform from government computers and will more than likely replace them with the Linux platform. It is already known Russia is working on bringing its own Version of Linux and a replacement for Android . For more information please follow the links below

fossBytes Report Russian Government to switch to Linux

Bloomberg Reports on new Russian Internet Czar

Posted in News | 6 Comments

Microsoft patches ‘critical’ Windows bug

Posted on July 21, 2015 by Blueshell
Microsoft has released an emergency patch for a “critical” bug present on almost every version of Windows.
Microsoft said the vulnerability was so severe that it needed to release a patch outside its usual monthly security update. Security researchers from Google were among the experts who helped uncover the loophole. The vulnerability was found in the parts of Windows that let the software handle some types of fonts. If exploited, the bug would let attackers take over a target machine and run their own software on it. In its advisory note about the vulnerability, Microsoft said the bug was being talked about online but had no information “to indicate this vulnerability had been used to attack customers”. However, it said, its own research had shown that attackers exploiting it could “take complete control” of a vulnerable system. Windows users could fall victim to attackers who booby-trapped websites with exploit code or were tricked into opening a malicious email attachment. The vulnerability has been found in Windows 7, 8 and RT as well as older versions such as Vista, Server 2008 and Server 2012. Microsoft said it was tipped off about the bug by security researchers from security companies FireEye and Trend Micro as well as experts from Google’s Project Zero that seeks out unknown loopholes in code. The patch comes less than a week after Microsoft closed another loophole in the same font-handling system. That separate hole came to light following a hack attack on a security company called the Hacking Team. The attack involved the theft of hundreds of megabytes of documents that, among other things, exposed software bugs it had been planning to exploit for its own ends.
Posted in Security Alerts | 5 Comments

Google criticises US rules on finding software bugs

Posted on July 21, 2015 by Blueshell

A US plan to require a licence to export “intrusion software” would make the web more dangerous, Google says. The 41 nations in the Wassenaar arms-control arrangement want it updated to stop oppressive regimes acquiring net-based surveillance systems. But Google says their definition of “intrusion software” is “dangerously broad and vague” including information about bugs and vulnerabilities. The US says the plan balances computer security and foreign policy goals. Google, like many other companies, uncovers thousands of vulnerabilities, such as Heartbleed and Poodle, every year, and seeking a licence to publish information about each one would slow the process. Google lawyer Neil Martin said the change would “hamper our ability to defend ourselves, our users, and make the web safer”. “It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure.” Google said it would ask the US Department of Commerce to put in place exemptions for vulnerability research and to allow companies that operated internationally to easily share information internally. Story Courtesy of BBC News

Posted in Technology | 10 Comments

Openssl Vulnerability patch to be released

Posted on July 7, 2015 by Blueshell

It has been announced that a patch will be released on the 9th of July to rectify what has been referred to as “High Severity” defect in OpenSSL. No details of the actual vulnerability has been published which is standard practice until the patch has been released. The last big vulnerability was the so called “Heart-bleed” vulnerability, if you need further advice please don’t hesitate to get in touch with our specialists at Blue Shell Limited on +44 (0)1624 620469

 

Posted in Security Alerts | Comments Off on Openssl Vulnerability patch to be released

Alert (TA15-103A) DNS Zone Transfer AXFR Requests May Leak Domain Information

Posted on April 14, 2015 by Blueshell

National Cyber Awareness System:TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information

 

04/13/2015 03:36 PM EDT

 

Original release date: April 13, 2015

Systems Affected

Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests.

Overview

A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Description

AXFR is a protocol for “zone transfers” for replication of DNS data across multiple DNS servers. Unlike normal DNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal subdomain names [1]. Because a zone transfer is a single query, it could be used by an adversary to efficiently obtain DNS data.

A well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see CVE-1999-0532 and a 2002 CERT/CC white paper [2][3]. However, the issue has regained attention due to recent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are now available to scan for the possible exposure, increasing the likelihood of exploitation [4].

Impact

A remote unauthenticated user may observe internal network structure, learning information useful for other directed attacks.

Solution

Configure your DNS server to respond only to zone transfer (AXFR) requests from known IP addresses. Many open-source resources give instructions on reconfiguring your DNS server. For example, see thisAXFR article for information on testing and fixing the configuration of a BIND DNS server. US-CERT does not endorse or support any particular product or vendor.

References

Revision History

  • April 13, 2015: Initial Release

 

 

Posted in Security Alerts | 1 Comment

US Government refuses permission for Intel to help upgrades worlds biggest super Computer in China

Posted on April 10, 2015 by Blueshell

Intel has been refused an export Licence by the US Government to help China update the Worlds biggest supper Computer the Tianhe-2 computer. The Reason cited was the US Government was concerned about Nuclear Research being done on the Machine. The Tianhe-2 computer uses 80,000 Intel Xeon chips which allows the super computer to generate a a computational capacity of over 33 petaflops, a petraflop  equates to over  one quadrillion calculations per second.

Posted in Technology | 1 Comment

National Cyber Awareness System Alert TA15-098A: AAEH

Posted on April 9, 2015 by Blueshell

Today the US National Cyber Awareness System release the following:-

National Cyber Awareness System:

TA15-098A: AAEH

04/09/2015 12:00 AM EDT

 

Original release date: April 09, 2015

Systems Affected

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Overview

AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

Description

AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network.  AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

Impact

A system infected with AAEH may be employed to distribute malicious software, harvest users’ credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.

Solution

Users are recommended to take the following actions to remediate AAEH infections:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection.

Users can consider employing a remediation tool (examples below) that will help with the removal of AAEH from your system.

Note: AAEH blocks AV domain names thereby preventing infected users from being able to download remediation tools directly from an AV company. The links below will take you to the tools at the respective AV sites. In the event that the tools cannot be accessed or downloaded from the vendor site, the tools are accessible from Shadowserver (http://aaeh.shadowserver.org).

The below are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Revision History

  • April 9, 2015: Initial Release

 

Posted in Security Alerts | 4 Comments