VMworld 2013 in Barcelona

2013-10-16 18.05.11Basefarm participated as an exhibitor at Vmworld 2013 in Barcelona for the second time. In addition to having a booth at the VMware service provider pavilion, we also had the pleasure of taking part in a panel debate about VMware products together with one of our customers. Our business developer in Sweden, Stefan Månsby, represented Basefarm in the panel together with the former CIO from the Norwegian State Educational Loan Fund. VMware increased the focus on Service providers like Basefarm at VMworld this year, and even included the Basefarm logo in one of the key note presentations 🙂

basefarm-vmworld2013-1So far there has not been reported of any other nordic based companies participating as an exhibitor or VMware partner at VMworld. We are happy with the exposure and the interesting people we have meet at the booth this year. Additionally there were also participants from Basefarm at VMworld solely to focus in the latest developments in VMware technology.

Thanks to all of you who came by our booth! We had many interesting discussions and hope to meet you again in the future!

2013-10-15 13.09.56

Mozilla Vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Because of the nature of these vulnerabilities, it is recommended to update your software as soon as possible!

More information: http://www.mozilla.org/security/announce/2013/mfsa2013-93.html

BF-SIRT Newsletter 2013-43

Anyone using Apple products needs to be sure to apply the latest updates that are now available, as per Apple security updates.
If you are using Cisco ASA for VPN then you can have a look at our post about that here.
WordPress also updated their software to 3.7, and it’s recommended to apply this.

Top 5 Security links
Group Leveraging Cutwail Spam Botnet Opts For “Magnitude” Over BlackHole Exploit
Hacker Group Claims To Have Looted $100k Via SQL Injection Attack
Doctors Disabled Wireless In Dick Cheney’s Pacemaker To Thwart Hacking
Dropbox Users Hit With Zeus Phishing Trojan
Cisco Says Controversial NIST Crypto ‘Not Invoked’ In Products

Top 5 Business Intelligence links
Universities Schooled By Malware
DARPA Slaps $2m On The Bar For The ULTIMATE Security Bug KILLER
Google Launches Project Shield To Defend Sites Against DDoS Attacks
UN Nuclear Regulator Infected With Malware
India Tops APAC Ransomware Table With $4 BILLION Losses

BF-SIRT Posts
WordPress 3.7 “Basie”
Cisco ASA VPN Denial of Service Vulnerability
Apple security updates

WordPress 3.7 “Basie”

WordPress 3.7 has now been released and it includes quite a few updates that are related to security and maintenance.

More information: http://codex.wordpress.org/Version_3.7

How we went from 40 to over 35 000 services

This is our story of how Basefarm went from handle the operations of 40 to over 35 000 services, reaching over 40 million end users around the world. What’s the secret behind our success?

Born out of the IT bubble ashes
When we founded Basefarm in 2000, we wanted to support companies and organizations that wanted to build their success through the Internet. We had a strong belief that Internet would still exist and it might be strange to hear that today, but after the IT bubble, no one knew what was going to happen with the Internet in the future. We also believed that Internet would be a market place for businesses in the future. It turns out we were right. In 2000, only 5% of the world’s population had access to the internet. Today over 40 % have access, and more and more services are available online for companies and the end users.

How we distinguish ourselves from our competitors
We have always had a unique profile from day one; we’ve focused on Application Management for mission critical business applications. Our other competitors usually have a different focus, they started companies that focused on server hosting. In that way you build two completely different solutions. We built everything from the principal that everything should work at all times, but you should still be able to do changes without affecting the end user experience.

Don’t be a coward, dare to be brave
We did something radical on the financial side. We focused on our customers first and the price later. By that time this was a new thinking in the IT-industry and something fascinating. We have always been brave and had the approach that you should ensure the business and the customers needs first, before you need to invest.

Always looking ahead
Today, over ten years later, we are still specialized in mission critical business applications and we see ourselves as experts within our field. There is always a need for experts and this is one of our key success factors. We didn’t wanted to be like the other start-up companies in the early 2000 that had a wider business focus. We decided to make the best butter and to accomplish that we had to specialize ourselves to succeed in our role as the technical expert.

And that’s the secret behind our success of how we have went from handle the operations of 40 to over 35 000 services. We still grow and so do our services, in line with the technical development. Today, over ten years later, new technologies have emerges on different platforms and devices, but we will always have our original approach. It’s still about passionate people, taking pride in our customers success.

4 tips to succeed

  • Everything should be recyclable
    Place everything into systems to avoid spending time manually doing things more than once. You should be able to half the delivery time when you do it again.
  • Be able to answer why something work
    If you can answer that in a system context, you can also ensure fixing something if it would break.
  • One Basefarm
    Use what we call the ”One-thinking”: one platform, one product, one responsible and one service desk to be focused on the right things.
  • Make the best butter
    Be brave and make sure you are aware of what you have to accomplish to make the best butter.

Cisco ASA VPN Denial of Service Vulnerability

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.

The vulnerability is due to parallel processing of a large number of Internet Key Exchange (IKE) requests for which username-from-cert is configured. An attacker could exploit this vulnerability by sending a large number of IKE requests when the affected device is configured with the username-from-cert command. An exploit could allow the attacker to cause a reload of the affected device, leading to a denial of service (DoS) condition.

More information: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544

Apple security updates

Apple have released security updates for the following applications:
iTunes 11.1.2
Apple Remote Desktop 3.7
Apple Remote Desktop 3.5.4
Keynote 6.0
Safari 6.1

They have also released the following Operating System updates.
OS X Mavericks v10.9
OS X Server 3.0
iOS 7.0.3

These updates fixes more than a hundred security vulnerabilities, with many being labeled as critical, and it’s highly recommended to apply them as soon as possible!

BF-SIRT Newsletter 2013-42

This week, Akamai has released their latest “State of the Internet” report, and as always it’s a worthwhile reading. There is also a lot of sites which has been attacked by a 0day vBulletin Hole.
If you are using Oracle products you should have a look at our blog post regarding the latest Oracle vulnerabilities

Top 5 Security links
Thousands of Sites Hacked Via vBulletin Hole
FBI Silk Road shutdown will have little impact on Bitcoin cyber rackets
Digital ship pirates: Researchers crack vessel tracking system
New malware enables attackers to take money directly from ATMs
Hackers compromise certs to spread Nemim malware, which hijacks email and browser data

Top 5 Business Intelligence links
Akamai Releases “State of the Internet” Report for Q2 2013
DDoS attack size accelerating rapidly
NORKS cyber mayhem cost South Korea £500 Million
Security Spending Continues to Run a Step Behind the Threats
Breach at PR Newswire Tied to Adobe Hack

BF-SIRT Posts
Oracle fixes vulnerabilities

Oracle fixes vulnerabilities

Oracle have released fifty one vulnerabilities, where twelve are critical.

Oracle Java SE: 51
Oracle Database Server: 4
Oracle Fusion Middleware: 17
Oracle Enterprise Manager Grid Control: 4
Oracle E-Business Suite: 1
Oracle Supply Chain Products Suite: 2
Oracle PeopleSoft Products: 8
Oracle Siebel CRM: 9
Oracle iLearning: 2
Oracle Industry Applications: 6
Oracle Financial Services Software: 1
Oracle Primavera Products Suite: 2
Oracle and Sun Systems Products Suite: 12
Oracle Virtualization: 2
Oracle MySQL: 12

More information: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

BF-SIRT Newsletter 2013-41

Norton Security report shows that Sweden is worst in the world when it comes to security in social medias. You can find more information about this and many other things in their report where 13000 people in 24 countries have been interviewed.
This month’s OUCH! covers password managers that we have discussed earlier in this newsletter.
We also have a post about Cisco ASA and FWSM – multiple vulnerabilities and Patch Tuesday October 2013 that is recommended to read and decide if an upgrade is in place or not.

Top 5 Security links
US Indicts 13 Suspected Anonymous Members For Operation Payback
Gang Behind Adobe Hack Hit Other Unnamed Companies
Blackhole Exploit Kit Author Arrested in Russia
Silk Road Leads To Eight Arrests In US, UK, Sweden
Russia Revs Up “PRISM On Steroids” To Monitor All Olympics Communications

Top 5 Business Intelligence links
This month’s version of OUCH! covers Password Managers
Norton Security Report 2013
Chinese Hackers Miss Google Network, But the Checks Go on
UK Bankers Prep For Cyberwar: Will Simulate ATTACK On System
The Cost and Frequency Of Cyber Attacks On The Rise

BF-SIRT Posts
Patch Tuesday October 2013
Cisco ASA and FWSM – multiple vulnerabilities