Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 24 2014

15:53

January 31 2014

14:42
Twitter Acquires Over 900 IBM Patents Following Infringement Claim, Enters Cross-Licensing Agreement
twitterTwitter announced today that it has acquired over 900 patents from IBM, and that it has entered into a cross-licensing agreement with the Internet services and software company. IBM had issued a complaint against Twitter previously for patent infringement, as reported in an S-1 filing ahead of the social network’s IPO late last year. IBM was seeking a settlement according to that document, and while Twitter appeared ready to defend itself, potentially in court, this deal today indicates that instead the two companies have come to an agreement that involves Twitter buying some of IBM’s intellectual property. In the original filing, IBM had cited “at least three” patents it suggested Twitter infringed upon, so the scope of this deal is obviously much broader. This is a song we’ve heard before: Facebook acquired 750 IBM patents back in March 2012, just ahead of its own IPO. That patent trove was designed to fend off infringement accusations coming from Yahoo, however, rather than IBM. IBM also sold 1,000 patents to Google back in 2010, and the one-time PC maker is still the leading patent holders in the world, having held 6,809 patents as of earlier this month, followed by Samsung at a distant second with 4,676 patents. There’s no word on the specific nature of the patents involved, but we’ve asked Twitter for more info and will update if it becomes available.

January 23 2014

10:03
IBM Dumps Its Server Business On Lenovo For $2.3B
LenovoBuilding-jpgIBM has finally managed to sell its low-margin server business to the world’s largest PC maker Lenovo. The two companies have been negotiating this deal for past few years, and a potential sale fell off last year when Lenovo did not agree to pay what IBM wanted — $6 billion. Now, Lenovo has informed the Hong Kong Stock exchange that it will pay $2.07 billion in cash to IBM for buying its server unit. This is the second time IBM has managed to get rid of a low-end hardware business by selling it off to Lenovo. In 2005, IBM sold its ThinkPad PC business to Lenovo for $1.75 billion. IBM’s revenue from server business have been declining for past seven quarters, forcing the company to act fast and get rid of the unit. Globally, some of the biggest enterprises including Facebook and Google are increasingly turning to stripped-down versions of hardware, and not the pricey ones. These companies are instead asking manufacturers like Quanta to build customized servers for them that work cheaper and more suited. With almost no brand association, servers from Chinese and Taiwanese manufacturers are called the “other” server. For Lenovo, which is already struggling to cope with worsening PC sales because of higher smartphone adoption in the growing markets of Asia, IBM’s server business will give an opportunity to build another revenue stream. As this Reuters article says, IBM’s server business was the world’s second-largest, with a 22.9 percent share of the $12.3 billion market in the third quarter of 2013, according to technology research firm Gartner

January 22 2014

02:21
IBM’s Shares Slip After Its Q4 Revenue Falls On Weak Hardware Performance
Screen Shot 2014-01-21 at 5.55.33 PMThis fine Tuesday, IBM reported its fourth-quarter financial performance and was greeted with raspberries from investors with period revenue of $27.7 billion and earnings per share excluding items of $6.13. Using GAAP, IBM earned $6.2 billion, or $5.73. Off nearly a percent in regular trading, IBM eased another 2.5 percent in after-hours trading. Investors had expected IBM to earn revenue of $28.25 billion and non-GAAP earnings per share of $5.99. So IBM beat on profit, but faltered on the top line question. As ZDNet points out, “IBM missed its revenue targets every quarter in 2013.” Zing. Right, so what’s going on? Well, the company’s hardware business had a terrifically terrible fourth quarter. As MarketWatch notes, “IBM’s systems and technology segment, also known as hardware, saw sales fall 26%, as pre-tax earnings fell by $768 million to $200 million.” Yes the hardware market is rough for incumbent players, but IBM’s decline in the category rivals the beleaguered PC OEM market. Revenue from hardware totaled $4.3 billion. IBM’s services group’s revenue fell 3.6 percent to $9.9 billion. The company did have a ray of sunshine to report, with software revenues up 2.8 percent to $8.1 billion, performance that CNBC called a “bright spot.” It’s worth noting that IBM had fourth-quarter revenue of $29.3 billion in 2012, so the company contracted on a year-over-year basis despite an improving economy. The downward swing in IBM’s share price was perhaps somewhat sedate compared to what we see in younger technology firms, but following a number of preceding misses, there was little optimism premium built into its valuation. Still, another disappointment from Big Blue. Short-term profitability can keep your stock afloat, but it is out of revenue growth that future net income is born. Top Image Credit: Flickr
Tags: Earnings TC IBM

December 19 2013

19:01
IBM Buys Aspera, A File Transfer Company That Counts Apple And Netflix As Customers
7796856900_c1552de2c0_bIBM is acquiring Aspera, a bootstrapped file transfer company that counts media companies, SaaS providers and large enterprises as customers. Terms of the deal were not disclosed. Aspera's software is built on "fasp" its patented file transfer technology. It is designed to leverage a company's wide area network (WAN) and commodity hardware to achieve speeds that are faster than FTP and HTTP over a secure network. A WAN is essentially a company's network across a large geographic region. Aspera's technology optimizes the WAN through its software that allows for granularity in the way the technology is used. Through the process, Aspera optimizes the bandwidth, latency, bottlenecks and a host of other factors.

November 14 2013

05:22
Short Shorts And Long Buses: Amazon Cloud Competitors Look A Bit Foolish At AWS Conference
Amazon Web Services (AWS) is obviously making it very difficult for competitors in the public cloud market. That could not have been made more clear than how IBM and Rackspace are choosing how to make their presence felt this week at AWS re:Invent. For the past week, IBM has been getting trashed for its anti-Amazon ads that declare their superiority to AWS. The ads are a sad reflection on IBM and play very nicely for Amazon, which is quite happy to point out how the campaign is more about serving the customer than trashing competitors.

November 07 2013

14:15

VU#596990: IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability

Vulnerability Note VU#596990

IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability

Original Release date: 07 Nov 2013 | Last revised: 07 Nov 2013

Overview

IBM Tivoli Federated Identity Manager version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2 and possibly earlier versions contain a URL redirection (CWE-601) vulnerability.

Description

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

IBM Tivoli Federated Identity Manager (TFIM) version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway (TFIMBG) version 6.2.2 and possibly earlier versions contain a URL redirection vulnerability. An attacker can append a link to the Identity Manager URL which may cause the user to be redirected to a site with malicious content or scripts.

Impact

A remote unauthenticated attacker may be able to redirect a user to a website that contains malicious content or scripts.

Solution

Apply an Update
IBM has released an advisory detailing the vulnerability and offers patched versions of TFIM and TFIMBG to address this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedIBM CorporationAffected23 Sep 201304 Nov 2013If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N Temporal 4.1 E:F/RL:OF/RC:C Environmental 1.0 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Mukhammed Khalilov of Help AG Middle East for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs: CVE-2013-5431
  • Date Public: 28 Oct 2013
  • Date First Published: 07 Nov 2013
  • Date Last Updated: 07 Nov 2013
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

October 08 2013

05:28
Amazon Web Services Wins Again In Battle To Build The CIA And NSA Cloud
Amazon Web Services has won a major battle against IBM in the pursuit to build a cloud infrastructure for the intelligence community. In a ruling published today, U.S. Court of Federal Claims Judge Thomas Wheeler wrote that AWS legitimately won a $600 million contract with the CIA that IBM had contested. IBM plans to appeal the ruling. In a statement, the company said what the company offers is more cost-effective and that they have decades of experience working with the U.S. government.

October 03 2013

14:19
IBM Acquires Xtify, A Mobile Messaging Company
IBM has announced the acquisition of Xtifty, a provider of mobile messaging tools that allows push notifications to reach customers. Terms of the deal were not disclosed. The company's platform leverages a company's CRM environment, business rules and other data to do targeted campaigns.

July 24 2013

17:15
An Open Letter To Embrace AWS And What It Says About OpenStack's Self-Serving Vendors
Cloudscaling CTO Randy Bias wrote an open letter to OpenStack today. In it he outlines why the open cloud effort will only win if it accepts Amazon Web Services (AWS) and creates a compatible API. He argues that AWS is the defacto leader. The solution: OpenStack should stop trying to build out its own differentiated APIs and accept the reality that AWS is the winner in the public cloud. If it does that then OpenStack can win in the "hybrid" cloud where the AWS-style public cloud meets the modern data center. This is where OpenStack can soar -- helping customers adapt by offering a cloud operating system that has its own elasticity but without the scale of a massive service for tens of thousands of customers.
04:27
IBM Standardizes On Cloud Foundry, The Open-Source Developer Platform
IBM is getting into the platform-as-a-service (PaaS) market by standardizing on Cloud Foundry, originally developed by VMware and now part of Pivotal, the EMC spin-off. The move is significant for IBM, one of the most traditional of enterprise software companies. It reflects a new effort by the company to adopt open-source, cloud technologies. IBM has standardized on MongoDB, the open-source NoSQL database. IBM is also one of the major sponsors of OpenStack, the open-source cloud software for customers to build out their own infrastructure.

June 05 2013

17:27

VU#722868: IBM QRadar SIEM command injection vulnerability

Vulnerability Note VU#722868

IBM QRadar SIEM command injection vulnerability

Original Release date: 05 Jun 2013 | Last revised: 05 Jun 2013

Overview

IBM QRadar SIEM software contains a command injection vulnerability that allows an authenticated user to execute operating system commands on the QRadar device.

Description

The IBM security bulletin for CVE-2013-2970 states:

A command injection vulnerability has been discovered within the IBM QRadar SIEM software that allows an authenticated user to execute operating system commands as a limited access user on the QRadar device. This access could be used to gain remote shell access as that webservices user. Even though authenticated users of the QRadar SIEM do not necessarily have shell access, action should be taken to ensure this issue is patched as soon as possible.

The attack can be conducted over the internet. Some degree of specialized knowledge and techniques are required to conduct this attack. Multiple authentication attempts are required for this attack. An exploit may have a limited impact on the confidentiality of information and the integrity of data and could reduce performance / cause interruptions to availability.

Additional details may be found in the full IBM security bulletin.

Impact

A remote authenticated attacker may be able to run operating system commands on the QRadar device.

Solution

Apply an Update

The vulnerability is fixed in the following version of QRadar SIEM:

  • For QRadar SIEM 7.1 - install QRadar SIEM 7.1 MR2 Patch 1
  • For QRadar SIEM 7.0 - Install Interim Fix 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh
  • Vendor Information (Learn More)

    VendorStatusDate NotifiedDate UpdatedIBM CorporationAffected02 May 201305 Jun 2013If you are a vendor and your product is affected, let us know.

    CVSS Metrics (Learn More)

    Group Score Vector Base 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Temporal 5.0 E:F/RL:OF/RC:C Environmental 3.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

    References

    Credit

    Thanks to Stephen Hosom for reporting this vulnerability.

    This document was written by Jared Allar.

    Other Information

    • CVE IDs: CVE-2013-2970
    • Date Public: 03 Jun 2013
    • Date First Published: 05 Jun 2013
    • Date Last Updated: 05 Jun 2013
    • Document Revision: 11

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

    May 30 2013

    00:21
    Server Sales Are Down As Cloud Apps Abound At The Expense Of IBM, Enterprise Giants
    Gartner Research reports worldwide server sales are down 5 percent for the first quarter of the year, with IBM, HP and the other members of the top five taking the biggest hit. Server shipments declined 0.7 percent. But the drop in server sales is not at all surprising. Cloud apps are popping up by the thousands across the market, as the developer movement speeds up. But these apps are not surfacing from that souped-up x86 server made for big workloads.

    May 03 2013

    16:55

    VU#912420: IBM Notes runs arbitrary JAVA and Javascript in emails

    Vulnerability Note VU#912420

    IBM Notes runs arbitrary JAVA and Javascript in emails

    Original Release date: 30 Apr 2013 | Last revised: 03 May 2013

    Overview

    IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails.

    Description

    The n.runs AG security advisory states:

    Notes 8.5.3 does not filter <applet> tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources (making it an information disclosure as well as this can be used to trigger an HTTP request once the mail is previewed/opened).

    Additional details may be found in the full n.runs AG security advisory. It should also be noted that the IBM JRE that comes with the latest patched version of IBM Notes is IBM JRE 6 SR12 while IBM JRE 6 SR13 has been released and includes many security related fixes.

    Impact

    A remote unauthenticated attack may be able to execute arbitrary code in the context of the user viewing emails within IBM Notes.

    Solution

    Apply an Update

    IBM's Security Bulletin states:

    January 02 2013

    13:46

    VU#194604: IBM Power 5 Service Processor privilege escalation vulnerability

    Vulnerability Note VU#194604

    IBM Power 5 Service Processor privilege escalation vulnerability

    Original Release date: 12 Dec 2012 | Last revised: 02 Jan 2013

    Overview

    IBM Power 5 Service Processor contain a vulnerability which could allow an attacker to operate with elevated privileges.

    Description

    IBM's security advisory states, "A security issue has been identified on IBM Power 5 Systems such that the firewall code does not get executed in certain network configurations leading to elevated privilege. The issue only exists on Service Processor for IBM Power 5 Systems listed below and has not been found to exist in any other IBM System."

    Impact

    An attacker with access to the IBM Power 5 Service Processor could escalate their privileges allowing them to to perform administrative functions on the system.

    Solution

    Update


    The vendor has stated that this vulnerability has been address in SF240_418_382. Users are advised to upgrade to SF240_418_382 or higher. The fix can be obtained from FixCentral by providing the MTM and current fix level.

    IBM's security advisory states the following workaround, "Configure (any) Static IP addresses on at least one Ethernet interface of the IBM Service processor."

    Vendor Information (Learn More)

    IBM's security advisory states the following affected products and versions are affected by this vulnerability:
    Platforms (MTM) Impacted: 9117-570, 9110-51A, 9111-520, 9131-52A, 9113-550, 9133-55A, 9116-561, 9111-285, 9115-505, 9110-510, 9118-575, 9123-710, 9124-720 9405-520, 9406-520, 9407-515, 9406-525, 9406-550, 9406-570

    VendorStatusDate NotifiedDate UpdatedIBM CorporationAffected10 Oct 201204 Dec 2012If you are a vendor and your product is affected, let us know.

    CVSS Metrics (Learn More)

    Group Score Vector Base 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C Temporal 6.2 E:POC/RL:OF/RC:C Environmental 1.8 CDP:LM/TD:L/CR:ND/IR:ND/AR:ND

    References

    Credit

    Thanks to Brian Smith for reporting this vulnerability.

    This document was written by Michael Orlando.

    Other Information

    • CVE IDs: CVE-2012-4856
    • Date Public: 19 Nov 2012
    • Date First Published: 12 Dec 2012
    • Date Last Updated: 02 Jan 2013
    • Document Revision: 14

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

    August 27 2012

    13:32
    IBM Buys Social HR And Talent Management Software Company Kenexa For $1.3B In Cash
    Kenexa | To us, business is personal
    IBM has scooped up talent management and HR software maker Kenexa. The price? A hefty $1.3 billion, or $46.00 per share in cash. The NASDAQ-listed Kenexa offers an HR, talent acquisition and talent management software. The product includes recruitment process outsourcing (RPO) that provides global recruitment services; recruitment technology solutions; onboarding solutions, which offer forms management for legal documents, workflow, and electronic signatures; employee assessments that help organizations to select and retain top performers; Kenexa Prove It, a skills test solution to identify and select the talented candidates;and Kenexa Interview Builder, which provides an online structured interview reference library of approximately 3,000 questions; and employment branding solutions.
    Tags: TC IBM kenexa

    August 21 2012

    03:52
    Apple Is Not The Most Valuable Company In The History Of The World — IBM Won The Prize In 1967 With A Value of $1.3 Trillion
    ibm1967
    Apple is not the most valuable company in the history of the world. It's not even Microsoft, which was reported to have been toppled by Apple today. It's IBM by a long shot. Apple's $661 billion market share does not account for inflation.  With inflation in account, IBM remains the historic winner with a 1967 value of $1.3 trillion.

    August 10 2012

    03:00
    The Kicking Of RIM’s Tires Continues, As IBM Reportedly Considers Its Enterprise Unit
    IBM-Blackberry
    The fear and loathing of RIM has been well-documented by this point. At the end of June, the company released its Q1 2013 earnings, which were more than a little disappointing, with RIM reporting its first operating loss in eight years, that it would be cutting 5K+ employees and that the release of its new BlackBerry were again being delayed -- this time until the beginning of 2013. The acquisition rumors had already been swirling around the BlackBerry maker, and since then, they've intensified, with some big names kicking the company's tires. This morning, Chris wrote about Samsung's confirmation that (again) it was neither considering a buy-out nor a licensing agreement, even though it's been reported numerous times that it, in fact, it's been considering both. And, today, Bloomberg has reported that IBM has "made an informal approach" to acquire RIM's enterprise services unit, which is really at the core of BlackBerry's business.

    July 26 2012

    01:02
    Oracle Pulls Ads After National Advertising Group Says It Made False Claims Against IBM
    oracle1
    Oracle is stopping a marketing campaign attacking IBM in wake of a national advertising board's recomendation that the company made false claims when comparing its Exadata technology to competing IBM products. It's the second time in four months the National Advertising Division (NAD)  has taken action against Oracle for making false claims when comparing its Exadata products to IBM's technology. The NAD is an advertising industry group that falls under the umbrella of the Better Business Bureau.

    July 25 2012

    17:50

    VU#659791: IBM ISS Proventia Mail Security contains multiple vulnerabilities

    Vulnerability Note VU#659791

    IBM ISS Proventia Mail Security contains multiple vulnerabilities

    Original Release date: 25 Jul 2012 | Last revised: 25 Jul 2012

    Overview

    IBM ISS Proventia Mail Security contains cross-site scripting and arbitrary file read vulnerabilities.

    Description

    The IBM security advisories state:

    CVE-2012-2955
    "The administrative user interface contains pages where it is possible to inject arbitrary JavaScript code contained in an HTTP request query string (Reflected XSS). If the HTTP request is executed in the web interface after a user has authenticated, the attacker could access cookies, files, or session information. To be successful, this requires the attacker to have specific information about the installed product."

    CVE-2012-2202
    "An Arbitrary File Read is possible on the javatester_init.php page by passing an unvalidated parameter after authentication has occurred. It enables an administrative user to access file content otherwise inaccessible through the administrative web interface."


    Additional details may be found in the full advisories linked above.

    Impact

    An attacker may be able to read arbitrary files or launch an XSS attack to steal cookies, execute scripts in the user's browser, etc.

    Solution

    Apply an Update

    The IBM security advisory recommends the following.

      Lotus Protector for Mail Security 2.8.x and later

      - If automatic System Package Updates are enabled, no further action is necessary. The system will download and install the update automatically.

      - For manual System Package Updates:

      - Log in to the Management Console

      - Go to "Updates" -> "Updates & Licensing"

      - Install all pending System Package Updates

      Lotus Protector for Mail Security 2.5.x

      - Follow the instructions on http://www-01.ibm.com/support/docview.wss?uid=swg21605199 to download and install the fix.

      Lotus Protector for Mail Security 2.1.x

      - Upgrade to version 2.5.x or 2.8.x and follow the remediation steps listed above

      IBM Proventia Network Mail Security System 2.5.x and later

      - Follow the instructions on http://www-01.ibm.com/support/docview.wss?uid=swg21605199 to download and install the fix.

      IBM Proventia Network Mail Security System 2.4.x and earlier

      - Upgrade to version 2.5.x or later and follow the remediation steps listed above

      Vendor Information (Learn More)

      VendorStatusDate NotifiedDate UpdatedIBM CorporationAffected25 Jun 201225 Jul 2012If you are a vendor and your product is affected, let us know.

      CVSS Metrics (Learn More)

      Group Score Vector Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Temporal 3.6 E:F/RL:OF/RC:C Environmental 3.6 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

      References

      Credit

      Thanks to Offensive Security for reporting these vulnerabilities.

      This document was written by Jared Allar.

      Other Information

      • CVE IDs: CVE-2012-2955 CVE-2012-2202
      • Date Public: 20 Jul 2012
      • Date First Published: 25 Jul 2012
      • Date Last Updated: 25 Jul 2012
      • Document Revision: 16

      Feedback

      If you have feedback, comments, or additional information about this vulnerability, please send us email.


    This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

    Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
    Could not load more posts
    Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
    Just a second, loading more posts...
    You've reached the end.
    Get rid of the ads (sfw)

    Don't be the product, buy the product!

    Schweinderl