The dawn of the autonomous data center

In this article published by Data Center Dynamics, Ravin Mehta, founder of The unbelievable Machine Company, part of the Basefarm group, argues that now could be the time for the next big leap when it comes to the data center.

What AI and machine learning are and how they relate to IoT

We can better exploit new opportunities when we understand what new technologies involve and how they interact. Today’s topic is what artificial intelligence and machine learning are, and an insight into how they can relate to IoT and Big Data.

Ready to speed up your development?

DevOps and Microservices are not new concepts within IT but these aspects of the development process are not often applied. “Really a shame,” in the opinion of Basefarm’s Bent Terp, “because combining DevOps and Microservices yield benefits in a wide range of areas.”

Dev+Ops= development synergy

DevOps revolves around intensive collaboration between software engineers and other IT specialists within a company, resulting in more frequent and faster implementation. To get the highest benefit, applications should not be built as large monoliths but as a suite of smaller, independent components (aka Microservices).

DevOps however is not a product: after all, you can’t buy it anywhere.

“DevOps is much more a culture, a mindset within organizations,” says Terp.

And he should know: as Senior Solutions Architect at Basefarm he has to deal with numerous IT challenges and development methods.

The elusive trust culture

“DevOps relies on a culture of trust ‒ trust in the talent of your team,” Terp explains. “DevOps is only feasible with teams that encompass all the requisite skills at the development as well as the operations end.”

It sounds easy but it’s not. Terp: “We’re not simply dealing with technologies but also with the processes and the people who have to execute the processes.”

For many companies ‒ and their staff ‒ this way of developing software requires a radically different mindset.

Microservices are a developer’s best friend

Developers are responsible for communication with other teams as well as their own piece of code. An advantage of working with Microservices is that each team can work in the language they prefer.

“Everybody can do it their own way in the programming language they know best with their own release cycle,” Terp explains. “There’s no waiting around for everybody else.”

Faster time-to-market

By making it possible to work on smaller pieces of the overall system independently of the rest, microservices enhance the efficiency of software development.

Terp: “One of the largest Nordic banks had a situation where it took ten weeks to find out if a piece of software actually worked; now with DevOps on OpenShift it’s only a matter of hours, considerably reducing the time-to-market.”

More results in less time

And where a piece of code used to pass through many different, isolated teams as it travelled through the entire pipeline ‒ from development through testing and quality assurance to deployment ‒ DevOps and Microservices have made adjustments less dramatic and hence significantly shortened cycle times.

About Bent Terp, Senior Solutions Architect in Basefarm Group: An enthusiastic Linux user for more than 30 years, Bent has designed and operated solutions for credit-card processing, e-health and video streaming services. His current focus is the adoption of public-cloud services and container-based microservices to increase innovation speed and quality.

Would you like to know more? Read more about OpenShift-as-a-Service, Microservices and DevOps here.

Contact us for more information.

BF-SIRT Newsletter 2017-39

This weeks top stories is an update on how the CCleaner APT security incident targeted large technology companies, and a Deloitte breach affecting all company email.

A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux kernel rated ‘high risk’ (CVE-2017-1000253) and a (for now) more theoretical CLKSCREW Attack which can hack modern chipsets via their power management features.

ICANN delays KSK Rollover over fears 60 million people would be kicked offline.

If you are looking for longer reading to keep you company this weekend you are in luck, McAfee Labs Report sees cyberattacks target healthcare and social media users, Accenture reports global cost of cybercrime soars 23% in a year and Europol published it’s Internet Organised Crime Threat Assessment.

Notable CVEs this week
CVE-2017-14867 – git: cvsserver command injection – CVSS3 Base Score 7.8
CVE-2017-1000253 – kernel: load_elf_ binary() – CVSS3 Base Score 7.8
CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server – CVSS3 Base Score 7.5

Top 5 Security Links
Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’
CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features
Internet-wide security update put on hold over fears 60 million people would be kicked offline

BF-SIRT Newsletter 2017-30

The top stories from this week is that Adobe Announces End of Flash for 2020 and Microsoft announces Windows Bounty Program.

You can also read about JA3, TLS Client fingerprinting for malware detection or how Symantecs sloppy key verification leads to revocation of certificates.

Top 5 Security links
Adobe Announces End of Flash for 2020
Microsoft announces Windows Bounty Program
JA3 Hash To Fingerprint SSL/TLS Connections
Symantec Sloppy Key Verification Leads To Revocation of Certificates
Finding Domain frontable Azure domains

BF-SIRT Newsletter 2017-20

The top stories from this week is of course about WannaCry and WannaCry 2.0.

You can also read about how a Google researcher finds link between WannaCry attacks and North Korea, and that WikiLeaks reveals “AfterMidnight” & “Assassin” CIA Windows Malware Frameworks

Top 5 security links
WannaCry 2.0
Google Researcher Finds Link Between WannaCry Attacks and North Korea
WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks
Using Chrome, SCF ands SMB to steal Windows Credentials

BF-SIRT Newsletter 2016-48

The top stories from this week consist of stories such as Ransomware Crooks caught San Francisco Transport System and ImageGate: Check Point uncovers a new method for distributing malware through images. You can also read a story about Paypals OAuth hijacking and Tesla smartphone app was found to lack security.

Top 5 Security links:
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Firefox 0-day in the wild is being used to attack Tor users
Bypassing SAML 2.0 SSO with XML Signature Attacks
SHIFT + F10, Linux gets you Windows 10’s cleartext BitLocker key
Avalanche – Law Enforcement Take Down

Patch Tuesday March 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, 5 of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address vulnerabilities in a large amount of their product portfolio.

UPDATE: Adobe released a critical patch for Adobe Flash, which fixes an issue that may cause remote control of a system.
Adobe Flash


Patch Tuesday June 2015

Another month, another patch Tuesday!
Microsoft and Adobe has both released a large amount of updates. Adobe fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure, while Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.

You can find links to the updates below:

BF-SIRT Newsletter 2014-50

Welcome to the newsletter! This week you can read about how Hackers leak top Sony executives’ emails and how North Korea denies involvement in ‘righteous’ Sony hack. You can also read about how Cost of cybersecurity and risk management will double as well as how Cyber-espionage is expected to surge in 2015. Other big news this week is how POODLE returns, as well as the regular Patch Tuesday for the month.

Top 5 Security links
Analysis of wiper malware, implicated in Sony breach, exposes Shamoon-style attacks
North Korea denies involvement in ‘righteous’ Sony hack
Hackers leak top Sony executives’ emails
An epic ride: A look back at the ever-changing information security industry
Chinese responsible for 85 per cent of website scams

Top 5 Business Intelligence links
Ransomware is the Future of Consumer Cybercrime
13 free tools to monitor your Digital Security during Christmas
EC3 Head Paints Bleak Cybercrime Picture
Cost of cybersecurity and risk management to double
Cyber-espionage expected to surge in 2015: McAfee Labs

Basefarm SIRT Posts
POODLE returns
Patch Tuesday December 2014