Tuesday, 31 March 2015

IT Security: British Airways Suffers Cyber-Attack Affecting Thousands of Frequent Flyer Accounts


British Airways said it has frozen tens of thousands of frequent flyer accounts after the company suffered a cyber attack, and the airline apologized to customers for the inconvenience.

The airline owned by International Airlines Group (IAG) confirmed that customers' personal information such as names, addresses and bank details was not stolen in the attack, however they would not be able to use their accumulated air miles for the time being.

The company, which has millions of customers, expects to resolve the problem in a few days.

"British Airways has become aware of some unauthorized activity in relation to a small number of frequent flyer Executive Club accounts," a company spokesman said in a statement sent to IB Times UK.

"We would like to reassure customers that, at this stage we are not aware of any access to any subsequent information pages within accounts, including travel histories or payment card details."

"We are sorry for the concern and inconvenience this matter has caused, and would like to reassure customers that we are taking this incident seriously and have taken a number of steps to lock down accounts so they can no longer be accessed," the spokesman added.

The hacker/hackers behind the attack are yet to be identified. It is believed that the hackers accessed the company's computers with the help of an automated computer programme that looks for vulnerabilities in online security systems.

Saturday, 28 March 2015

IT Security: Android Malware Flaw a Risk to Almost 50% of Devices

Millions of Android devices have been found vulnerable to cyber attack following a security flaw allowing malware to replace legitimate apps, hacker Zhi Xu has found.

Almost half of Android phones may be affected, with the flaw allowing dangerous malicious apps to be downloaded without the user's knowledge, collecting personal data from the infected device.

Xu, a senior staff engineer at Palo Alto Networks, says: “The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data.”

“This hijacking technique can be used to bypass the user view and distribute malware with arbitrary permissions. It can substitute one application with another, for instance if a user tries to install a legitimate version of “Angry Birds” and ends up with a Flashlight app that's running malware.”

According to the report, 49.5 per cent of Android users are still vulnerable to the threat despite patches released by Google and manufacturers such as Samsung and Amazon attempting to tackle the problem.

Applications affected only include those installed via a third-party app store, with the flaw allowing the APK file to be modified by the malware during the installation process.

The flaw was actually first found in January 2014, but the number of devices left vulnerable has dropped from 89.4 per cent to just below 50 per cent (as of march 2015) in the interim.

Users have been advised to update their phones to Android 4.1 or above to avoid being affected, though the report warns those running on Android 4.3 that they may also be open to attack.

Friday, 27 March 2015

IT Technology: Amazon Cloud Drive


Last year, Amazon gave a boost to its Prime members when it launched a free, unlimited photo storage for them on Cloud Drive. Today, the company is expanding that service as a paid offering to cover other kinds of content, and to users outside of its loyalty program. Unlimited Cloud Storage will let users get either unlimited photo storage or “unlimited everything” — covering all kinds of media from videos and music through to PDF documents — respectively for $11.99 or $59.99 per year.

And those who want to test drive it can do so for free for three months.

The move is a clear attempt by Amazon to compete against the likes of Dropbox, Google, Microsoft and the many more in the crowded market for cloud-based storage services. It’s not the first to offer “unlimited” storage, but it looks like it’s the first to market this as a service to anyone who wants it. Dropbox, for example, offers unlimited storage as part of Dropbox for Business, Google also aims unlimited options currently at specific verticals, with its enterprise version, Drive for Work, its closest competitor; Microsoft also offers a business user-focused service for those who subscribe to Office 365.

The idea here is to tap into the average consumer who has started to reach a tipping point with the amount of digital media he or she now owns, potentially across a range of devices and in not a very organised fashion (hello, me).

“Most people have a lifetime of birthdays, vacations, holidays, and everyday moments stored across numerous devices. And, they don’t know how many gigabytes of storage they need to back all of them up,” said Josh Petersen, Director of Amazon Cloud Drive, in a statement. “With the two new plans we are introducing today, customers don’t need to worry about storage space–they now have an affordable, secure solution to store unlimited amounts of photos, videos, movies, music, and files in one convenient place.”

It’s not clear how many customers Amazon  has today for Cloud Drive, but as with other new services Amazon has launched — such as Amazon Music — it seems that the idea here is not to convert consumers already using other services, but to pick up new ones from the masses who have yet to adopt anything.

Prime members and Fire device owners, by the way, can still get the unlimited photo option free, but have to pay for the Unlimited Everything Plan for other kinds of media. Those who are already taking other tiers of Cloud Drive use can swap over from today.

Here are the details on the new plans, as per Amazon:
  • Unlimited Photos Plan (free 3-month trial, then $11.99 per year–equivalent of less than $1 per month): Store an infinite number of photos in Cloud Drivewithout worrying about taking up space on phones, cameras, or other devices. Customers can upload existing collections and store all future photos taken. This plan also includes 5 GB of additional storage for videos or other documents and files.
  • Unlimited Everything Plan (free 3-month trial, then $59.99 per year–equivalent of less than $5 per month): Store an infinite number of new and existing photos, videos, files, documents, movies, and music in Cloud Drive.

Wednesday, 25 March 2015

IT Security: Flaw in Cisco IP Phones Makes Them Vulnerable to Hacking

You don’t need to be the NSA to tap calls on Cisco’s SPA 300 and 500 IP phones: An authentication flaw allows potential attackers to do that by default.

An unpatched vulnerability in the firmware of the SPA 300 and 500 series IP phones, typically used by small businesses, could allow eavesdropping on calls.

“The vulnerability is due to improper authentication settings in the default configuration,” Cisco Systems said in a security advisory.

Unauthenticated remote attackers could send crafted XML requests to affected devices in order to exploit the flaw and remotely listen to audio streams or make phone calls through them, the company warned.

Cisco determined that phones running version 7.5.5 of the firmware are vulnerable, but said that later versions may also be affected. No patches are currently available, so phone owners are advised to take other safeguards.

Administrators should enable XML Execution authentication in the configuration settings of the affected devices and should make sure that only trusted users have access to the networks where the phones are installed, the company said. Solid firewall strategies and IP-based access control lists can also be used to protect the affected systems from external attacks.

According to Cisco, the fact that these systems are typically installed on internal networks, behind firewalls, may reduce the likelihood of a successful exploit, as attackers would first need to gain access to those networks.

However, it’s likely that some phones have been configured to be accessible from the Internet and it would be fairly easy for attackers to locate them, for example by using the specialized device search engine SHODAN.

Tuesday, 24 March 2015

Microsoft: How to Track who Deleted File / Folder from Windows Server

You first will need to turn on auditing, from either local policies, or domain policies and apply it to the machine you want to audit. Once the policy is set you need to configure auditing on everything you want to audit, and that will start adding events to the event log.

GPEDIT:
Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Audit Policy --> Audit object Access

You can turn on success, because if they do not have access to delete things then it would create a failure, so you do not want to monitor those events.

Once that is in place, go to the folder you want to monitor, right click and go to properties. Click the security tab --> Advanced --> Auditing Tab --> Edit --> Add --> then add the group that has access to that folder --> Select the events you want to audit and click OK --> Select Replace all existing inheritable audit entries, to apply the audit on all sub folders and files and click OK.

You are now auditing that folder. You will need to monitor the event logs for the particular events.

Thursday, 19 March 2015

Microsoft: Windows 10 to Launch 'This Summer' with Free Upgrades Even for Pirated Copies


Microsoft has inched closer to announcing an official release date for Windows 10. The new operating system, which is currently in a public preview release, "will launch in 190 countries and 111 languages around the world this summer," according to the company.

Executive Vice President Terry Meyerson, who runs the Windows division, made the announcement at the WinHEC conference in Shenzhen, China, yesterday.

In a separate interview, Meyerson told Reuters that the company plans to deliver free Windows 10 upgrades to all customers, even those running pirated versions of Windows. "We are upgrading all qualified PCs, genuine and non-genuine, to Windows 10," Meyerson told Reuters.

A launch in summer shouldn't come as a surprise. That schedule would square with the one Meyerson projected at the Windows 10 unveiling in San Francisco last fall, when he told reporters the company was aiming to deliver the completed version of Windows 10 by mid-2015.

The additional detail about free upgrades for "non-genuine" (i.e., pirated) copies of Windows was a surprise, and it leaves multiple unanswered questions. Earlier, Microsoft said that consumer PCs running Windows 7 and Windows 8.1 would be entitled to free upgrades to Windows 10 for the first year after the product is released. A Microsoft spokesperson confirmed via email that the plan to allow free upgrades for non-genuine copies of Windows applies to all markets and is not limited to China.

Meanwhile, the scheduling announcement leaves multiple unanswered questions. Because Windows 10 is designed to support continuous, rolling updates, it's possible to "launch" the product as an upgrade while still continuing to develop the core code and accompanying apps. Will the summer launch date also allow OEMs to deliver new Windows 10 PCs to customers, or will they have to wait until a later "General Availability" release? A Microsoft spokesperson was unable to answer that question for me.

In the Northern Hemisphere, summer ends on September 21. The newly announced launch date gives Microsoft only six months to complete development of Windows 10 and deliver it as a free upgrade to hundreds of millions of customers worldwide. That's an ambitious schedule, given that current preview releases are still missing key features such as the new Spartan browser and the just-announced Windows Hello and Microsoft Passport biometric framework.

In a separate technical track for Chinese OEMs, Microsoft disclosed supported upgrade paths for PCs and phones. Any PC running Windows 7 Service Pack 1 or the most recent release of Windows 8.1 can upgrade using the Windows Update path, as can phones running Windows 8.1. All other devices will need to be upgraded manually, using disk image (ISO) files. As previously announced, Windows RT devices will not be upgradable to Windows 10, although a future update will provide some features of the new OS.

Tuesday, 17 March 2015

Microsoft: Getting Event Log Contents by Email on An Event Log Trigger

Here’s the scenario, I wanted to get an email when an event log entry was triggered. But, I also wanted the contents of the event log entry.

So here’s an example of the in-box functionality vs. a simple bit of bolt-on customization. In this example, I’ll use Event 20274 for RemoteAccess on a Windows Server 2008 R2 box running TMG 2010. This particular event is logged when an inbound VPN connection is established, and the body of the message says who connected, on what port, and what IP address they have been allocated.

First, inbox functionality. Establish the VPN, and find the event in the event log.

Down in the bottom right, choose “Attach Task To This Event….”, and walk through the wizard. On the first screen, give it an appropriate name such as “A user connected through VPN”. On the action page, select send an email. On the Send an email page, fill in the appropriate information for From/To/Subject/Text and SMTP Server. What you’ll notice is that there’s nowhere to specify what goes in the body. But you can include a static attachment, but that doesn’t serve our needs.

Finish the wizard, and connect again through VPN to see what email comes through. Not particularly useful. Not yet, anyway.

Now if you go into task scheduler, and drill down through Task Scheduler Library then to Event Viewer Tasks, you’ll see a new item. If you go into the properties of the task, you’ll see there’s no way to include the text of the event log in the message.

So step back a second, and ask “what’s the easiest way to get the last instance of event 20274 firing in the System event log?”. The answer (or an answer) is wevtutil. Here’s a command that will do that (note all on one line):
wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1

Running that in a command prompt will yield the following:

Perfect, so that’s what I want emailed to me. So let’s create a quick batch file which will get the above information and put it in a file. I just called it query.cmd and saved it on my desktop for convenience (again, the wevtutil command is all on one line).

del %temp%\query.txt 
wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1 > %temp%\query.txt 

With that done, let’s revisit the properties of the task and look at the Actions tab. Let’s add an item to run this batch file, and put it top of the list.

Now we need to look at the properties of the “Send an e-mail” option. Remember there was an “Attachment” setting. Well conveniently, we have a file which contains the information we need, %temp%\query.txt now. Simply put “C:\Users\tmgadmin\AppData\Local\Temp\query.txt” in that box. (Obviously replace the username/location as appropriate). I’m also going to remove the body of the message.

So what does the email look like now if I establish a VPN?

Monday, 16 March 2015

Google: Unable to Sign In the Google Apps ( eg. Youtube ) at Mobile Devices

To solve the sign in problem, you would need a App password.

An App password is a 16-digit passcode that gives an app or device permission to access your Google Account. If you use 2-Step-Verification and are seeing a “password incorrect” error when trying to access your Google Account, an App password may solve the problem. Most of the time, you’ll only have to enter an App password once per app or device, so don’t worry about memorizing it.

<< Why you may need an App password >>
When you sign up for 2-Step Verification, we normally send you verification codes. However, these codes do not work with some apps and devices, like Gmail on your iPhone or iPad, Thunderbird, and Outlook. Instead, you’ll need to authorize the app or device the first time you use it to sign in to your Google Account by generating and entering an App password.

<< How to generate an App password >>
1.  Visit your App passwords page. You may be asked to sign in to your Google Account.
2.  At the bottom, click Select app and choose the app you’re using.
3.  Click Select device and choose the device you’re using.

4.  Click Generate.
5.  Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device.

6.  Click Done.

Once you click done, you’ll won’t see that App password code again. However, you will see a list of apps and devices you’ve created App passwords for.

<< Forgot your App password >>
Every App password is only used once. But don't worry, you can always generate a new App password whenever you need one, even for a device or application you've authorized before.

Friday, 13 March 2015

IT Security: Unified Threat Management ( UTM )

Unified Threat Management (UTM) is a solution in the network security industry, and since 2004 it has gained currency as a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.

The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. The primary market of UTM providers is the SMB and enterprise segments, although a few providers are now providing UTM solutions for small offices/remote offices.

The term UTM was originally coined by market research firm IDC. The advantages of unified security lie in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.

A single UTM appliance simplifies management of a company's security strategy, with just one device taking the place of multiple layers of hardware and software. Also from one single centralized console, all the security solutions can be monitored and configured.

In this context, UTMs represent all-in-one security appliances that carry a variety of security capabilities including firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, application control and centralized reporting as basic features. The UTM has a customized OS holding all the security features at one place, which can lead to better integration and throughput than a collection of disparate devices.

For enterprises with remote networks or distantly located offices, UTMs are a means to provide centralized security with control over their globally distributed networks.

Key advantages:
-  Reduced complexity: Single security solution. Single Vendor. Single AMC
-  Simplicity: Avoidance of multiple software installation and maintenance
-  Easy Management: Plug & Play Architecture, Web-based GUI for easy management
-  Reduced technical training requirements, one product to learn.
-  Regulatory compliance

Key Disadvantages:
-  Single point of failure for network traffic, unless HA is used
-  Single point of compromise if the UTM has vulnerabilities
-  Potential impact on latency and bandwidth when the UTM cannot keep up with the traffic

VMware: vCloud Air

vCloud Air is a public cloud platform built on the trusted foundation of vSphere, compatible with your on-premises data center, that includes infrastructure, disaster recovery, and various applications as service offerings. vCloud Air allows you to extend your workloads into the cloud with ease. You can migrate existing onsite virtual machines (VMs) to the public cloud or start up new application VMs directly in the cloud. You can also easily port VMs and other business-critical workloads back and forth to the location of your choice, all with the secure and capable foundation of vSphere.

When you're running infrastructure-as-a-service (IaaS) applications, price and performance matter. A low-cost cloud service isn't useful if it's not powerful enough to run your apps with the performance you need. VMware commissioned benchmarking tests performed by Principled Technologies, who determined that vCloud Air delivers twice the compute power of Microsoft Azure and three times the storage performance of Amazon AWS.

vCloud Air currently supports over 5,000 applications and over 90 operating systems:
-  vCloud Air supports twice as many operating systems as Azure and AWS combined
-  vCloud Air supports more versions of Windows than Azure and more versions of Linux than AWS
-  Over 2,200 ISVs support more than 5,000 apps on VMware including the top ten healthcare apps, top ten finance apps, top five telecom apps, and four of the top five retail apps

vCloud Air delivers the security, reliability and performance you demand from a hybrid cloud platform. It’s the VMware you already know. No matter where your applications are running, there’s only one support call for your onsite and offsite cloud locations. All of your favorite management tools are integrated with vCloud Air including VMware vSphere Client Plug-in, VMware vCloud Automation Center, VMware vCenter Operations Manager, VMware vCloud Connector and more.

Extending into the cloud shouldn’t be a one-way street into unfamiliar territory. You can easily position workloads on your cloud or ours. Network virtualization allows you to configure your firewalls and network like your existing cloud and is customizable to your application and security needs. You can benefit from common identity and access management across your onsite and offsite cloud locations.

VMware works with leading operating systems and applications to support “bring your own license” to the cloud, and offers software for purchase on a subscription basis.

vCloud Air offers automated replication, monitoring, and high availability of your applications without any code changes. Using the same platform you already run internally, you can extend management tools into the cloud to leverage existing investments, processes, and expertise to lower the cost of ownership.

With a common platform that spans both private and public cloud, vCloud Air enables your organization to dynamically scale its IT infrastructure without changing the way you run it. You can write, deploy, and manage applications in the cloud the same way you do today.

Why vCloud Air?
- Compatibility
  • Enjoy support for more than 5,000 applications and more than 90 operating systems, and growing
  • Get the security, availability, and performance you expect from VMware while leveraging existing investments, processes, and expertise
  • VMware brings together the tools, services and applications you need move to the cloud safely and easily

- Agility
  • Set up, tear down, test, and deploy without building new infrastructure, and go live without learning new skills or processes
  • Expand or decommission virtual machines of any size

- Easy, Secure and Compliant
  • Use existing IT policies in the cloud and rely on the same source of support as your onsite data center
  • Understand and plan your budget with a capacity-based subscription

IT Security: Dell Launches All-in-One Endpoint Security Suite


Dell is diving headfirst into data security, providing its commercial customers with comprehensive data security right out of the box or as a standalone offering. The Round Rock, Texas-based IT systems and services provider launched Dell Data Protection Endpoint Security Suite (DDP ESS), a new product that integrates malware protection, data encryption, security monitoring and compliance controls.

Protecting small and midsized business (SMB) networks is a worthwhile exercise, but one that can ultimately prove fruitless if it's not backed with good PC and device-level protection. "The vast majority of all attacks begin at the endpoint," Brett Hanson, executive director of end user computing software and mobility at Dell, told Small Business Computing.

Once an attacker gleans a victim's credentials, it's only a matter of time before sensitive business data disappears. Persistent hackers aren't the only risk. "A staggering amount of data breaches come from traditional device loss," added Hanson. Lost and stolen devices typically contain a trove of data and access to a company's network.

According to Dell's research, it's been a rough year for companies. A whopping 87 percent of organizations have suffered a security breach of some sort in the past 12 months. More than 75 million records have been pilfered from business networks as a result of an estimated 568 breaches. Seventy percent of security breaches can be traced to human causes.

Recovering from a data breach can also prove very costly. A single lost laptop can end up costing a business $49,000, a figure that includes the cost of dealing with breaches. Just one lost or stolen record can end up costing a business $201, up from $188 in just one year.

To help its business customers, from small businesses to large enterprises, avoid racking up these costs, Dell cooked up its own solution.

Dell DDP ESS is the company's homegrown security solution and works with Dell and non-Dell hardware, earning the company the distinction of being the first Tier 1 vendor to develop its own endpoint security software, Dell claims. DDP ESS blends authentication, data encryption and threat protection, and enables businesses to manage it all using a single interface.

Available now, DDP ESS helps protect data by ensuring that users are who they say they are. It supports fingerprint scanners, multi-factor authentication, FIPS 201 smartcards and Windows password resets via a smartphone.

To keep malware and hackers at bay, the solution includes virus and spyware scanning, intrusion prevention, a firewall, and content filtering. Finally, it offers encryption, rendering data useless if it's lost or stolen.

DDP ESS encryption has roots in Dell's acquisition of Credant in 2012. In this implementation, the IT security specialist's technology "allows us to encrypt data versus encrypting devices," said Hanson. In short, the encryption safeguards follow the data independently of the device on which it resides.

It's a seemingly subtle difference that adds up to a powerful data security. This approach gives organizations "a lot more precision and control over said data," Hanson said. One thing that is missing, however, is complexity, he said.

Instead of dedicated point solutions that cause administrators to alt-tab between security applications and can sometimes conflict with each another, DDP ESS consolidates all of its functionality into a single user interface. Settings, status alerts, monitoring, compliance and user management tools are a click away.

Businesses that operate under tough regulatory rules can hit the ground running with a collection of pre-defined compliance policies. Configured by Dell security and regulatory experts, you can use the templates to implement encryption security for healthcare providers (HIPAA) and retailers (PCI DSS), to name just a few.

IT Technology: Open Compute Project ( OCP )

A small team of Facebook engineers spent the past two years tackling a big challenge: how to scale their computing infrastructure in the most efficient and economical way possible. Working out of an electronics lab in the basement of their Palo Alto, California headquarters, the team designed their first data center from the ground up; a few months later they started building it in Prineville, Oregon. The project, which started out with three people, resulted in them building their own custom-designed servers, power supplies, server racks and battery backup systems. Because they started with a clean slate, they had total control over every part of the system, from the software to the servers to the data center. This meant they could:
-  Use a 480-volt electrical distribution system to reduce energy loss.
-  Remove anything in their servers that didn't contribute to efficiency.
-  Reuse hot aisle air in winter to both heat the offices and the outside air flowing into the data center.
-  Eliminate the need for a central uninterruptible power supply.

The result is that their Prineville data center uses 38 percent less energy to do the same work as Facebook’s existing facilities, while costing 24 percent less. Everyone has full access to these specifications. they want you to tell them where they didn't get it right and suggest how they could improve. And opening the technology means the community will make advances that they wouldn’t have discovered if they had kept it secret.

The ultimate goal of the Open Compute Project is to spark a collaborative dialogue. They’re already talking with their peers about how they can work together on Open Compute Project technology. They want to recruit others to be part of this collaboration -- and they invite you to join them in this mission to collectively develop the most efficient computing infrastructure possible.

And on Tuesday, during the project’s U.S. customer conference, the guy responsible for OCP revealed an interesting fact: Apple has been quietly working with the project and has now decided to publicly join it.

“Apple is a new member,” Frank Frankovsky, chairman and president of the project told the audience, as he read off a long list of new members.

“Apple has been involved in this project quietly for a very long time. A lot of people know Apple as a consumer tech company. But they also have excellent infrastructure engineering people. If you look at what they build online, it’s quite substantial,” he says.

Apple’s involvement is interesting because it means that Facebook’s project, which aims to revolutionize the computer hardware industry the way the Linux operating system changed the software industry, now involves nearly all the biggest cloud/internet companies in the world.

This project is inventing new kinds of hardware including servers, storage, and networking switches that are faster and cheaper to build and maintain, particularly for huge cloud companies like Facebook.

Most importantly, its hardware designs are free and “open source,” meaning anyone can use them, modify them, and send out to a contract manufacturer, and contribute their technology back to the group.

This is unique in the industry. Other cloud providers build their own hardware too, like Google and Amazon, but they keep their designs close to their chest.

A year ago, the OCP project made waves when Microsoft joined it, Frankovsky acknowledged.

“When we announced Microsoft as a new member I think a lot of people in the community were were skeptical. Why is Microsoft here? Is it like a marketing effort? Will they actually contribute? I can tell you the Microsoft team has contributed not only so much time, but also so much intellectual property, that it’s fantastic. Thank you, Microsoft,” he said.

Microsoft, of course, has a huge need for the kind of cloud-friendly hardware OCP creates. It has a gigantic and growing number of internet data centers that run things like the Bing search engine, Office 365, its Amazon competitor Azure, and a lot of other online services.

Apple has the same need. Its data centers run things like iTunes, Siri, iCloud and its online Microsoft Office competitor, iWork for iCloud.

If Apple gets as involved as Microsoft, contributing hardware designs and software, this project will blow up the traditional tech companies selling servers the old fashioned way.

In actuality, that’s already happening.

OCP hardware has a growing number of other happy customers who are talking publicly about buying their hardware this way. Earlier this week, Bank of America told the Wall Street Journal that it plans to use OCP for 80% of its data center needs by 2018.

Frankovsky says that companies can save up 50% over buying computer servers the traditional way. BofA joins other big name customers like Goldman Sachs, who is on the board of OCP.

And it’s working. The hardware industry is being revolutionized. Not only are there Taiwanese contract manufactures standing by to build OCP servers, but the traditional vendors like HP and Dell have OCP servers that anyone can buy.

HP even announced at the conference that it has a whole new line of OCP cloud-friendly servers for sale, built with via its expanded partnership with China contract manufacturer Foxconn.

IBM has been doing a similar thing with its OpenPower project. OpenPower is an open source project to get people to design servers around its Power CPU chip, a competitor to the Intel x86 chips used in most OCP servers.

Google is famously using OpenPower to build its own cloud servers.

Now, cloud company Rackspace, along with IBM and others, are building servers that uses the OpenPower chip and follows all the other OCP designs, Frankovsky says.

Between the open source hardware chip and the open-source everything else, Frankovsky says  this server is “the most open architecture than we have ever seen,” he says. It’s “a server that has gobs and gobs of memory” and can host more computer applications than “ever before.”

The ultimate goal of all of this?

“I don’t want to even acknowledge the fact that there is an industry norm that needs to be adhered to. Let’s just blow that the hell up and start over. What I've seen over the last four years in this community, is that people are listening,” Frankovsky says.

Wednesday, 11 March 2015

Microsoft: Get the Deleted Item Size of an User in Exchange

You may get the deleted item size of a particular user in Exchange with the following command:
Get-MailboxStatistics -Identity contoso\tim | ft DisplayName,TotalDeletedItemSize

Note: You need to type in the command in the Exchange Management Shell.

Apple: Apple Increases the Price of MacBook Air and MacBook Pro in Malaysia


It looks like the iPhones were not the only Apple products to receive a price increase in Malaysia, Apple also increased the price of its refreshed MacBook Air and MacBook Pro.
The MacBook Air is now available for a starting price of RM3,199, up from RM2,899 for the older MacBook Airs. As always, Apple is offering four MacBook Air models with two 11” models and 13” models.

As for the MacBook Pro, Apple also increases the price starting from RM4,499, up from RM4,199 last year. The non-Retina Display MacBook Pro also sees a price increase from RM3,699 to RM3,799 this year.
There are 5 models of new MacBook Pros to select from, ranging from RM4,499 to RM8,699.

So, how are these new prices compared to last year’s models? They are significantly more expensive now with a hike of up to RM400 on selected models. Here’s a price comparison:

Of course, the prices for the 2015 models of MacBook Air and MacBook Pro are for the refreshed version, featuring improved hardware such as the new fifth generation Intel Core processors. Then again, the price for the U.S. remains the same, while we see a pretty significant increase of up to RM400.

This is definitely a pretty depressing news for Malaysian consumers. The new MacBook Airs are available to ship in 1 business day but for those of you who wish to get the refreshed MacBook Pro, it will only ship in mid-April, which means on top of RM200 to RM400 price increase, you will need to pay extra 6% GST as of 1 April 2015.

Apple: Apple Watch is available April 24 starting at $350

It's been six whole months since Tim Cook revealed the Apple Watch to the world. Here we are again. With good reason, though. Apple may have already officially introduced us to its first smartwatch, but there were still some big questions left unanswered. Today Apple gathered the press to give the Watch the launch event it always deserved (and, you know, tell us how much it'll cost and when we can buy it, what apps we can expect, etc.). Now we have some answers.

First up, before all that, was the latest word on that much-talked-about battery life. Expect 18 hours of "general use" according to Cook. Basically, as assumed/feared, you'll be charging this once a day. On a plus note, there's a magnetic charger that'll make connecting it a little bit more satisfying than fiddling with a USB cable and cradle. Cook also reminded us that the Sport edition starts at $349 or $399 depending on size (38mm or 42mm). If you want the regular Watch (not the Sport or fancy-pants gold one), that'll start at a weighty $549, going up to an eye-watering $1,049 if go wild with the top configuration (there are many, many design options to choose from).

This, incidentally, is for the smaller version. If you want the 42mm version, that's an extra $50 again. Not put off by the price? Pre-orders will open soon, with the timepiece to be available in store starting April 24th. Impatient and rich? A few select people with deep, deep pockets can get their wrists inside the Watch Edition on April 10th starting at $10,000.

Google: Google New Calendar App Just Came to iOS


The fantastic Google Calendar revamp that Android users have been enjoying for a while now has finally hit iOS.

The app will breeze through your inbox to find dates, locations, and any other important info you might need. Assuming the information about that event exists in your inbox in the first place, but these days, that's a pretty safe bet. And for everything else, you can just type in your event in sentence form, and the app will automatically fill in the blanks, linking in addresses from Google Maps and attendees from your contacts.

If you've got an iPhone/iPad and use Google Calendar at all (or even if you just have a Gmail account), it's definitely worth checking out—if not for the neat auto-fill-in feature alone. You can read more about the app down below, and head over to the iTunes store to check it out for yourself.

Tuesday, 10 March 2015

Apple: Bypass Mac Firmware Password


This solution should work on both EFI (Intel) and OFI (PPC) based Macs. This is a hardware based hack, proceed with caution! We are not responsible for anything that may go wrong in the process.

Essentially you are removing the systems RAM and reinstalling it, here are the steps for a MacBook. This works the same on other Macs, but removing the RAM is obviously different, so you’d need to understand how to do that. Here are instructions for MacBooks:
  1. Shut down your computer
  2. Remove the battery
  3. Remove the three philips head screws that are on the L-bracket
  4. Remove the L-bracket
  5. Slide one of the levers (it doesnt matter which one) to the left. This will release the RAM
  6. Gently wiggle the RAM card out and put it aside, you will put it back later(do NOT touch the gold bars on the front; you could break it)
  7. Replace the L-bracket and put the battery back in
  8. Boot up the computer while holding COMMAND+OPTION+P+R (this resets the parameter ram)
  9. Wait for the startup chime to sound 3 times
  10. Release the keys and shutdown the machine once you reach the login screen
  11. Remove Battery and L-Bracket, replace the RAM module and slide the lever back while pushing it in until it does not wiggle anymore
  12. Replace The battery and L-Bracket
  13. Now if you boot up the machine you should bypass the Mac firmware password
You can now use the machine as usual, boot from an external drive, or whatever else.

Microsoft: Azure Search


Microsoft Azure Search is a search-as-a-service for web and mobile app development. The advantages of Azure Search are as follows:
  • Powerful, reliable performance
  • Easily tune search indices to meet business goals
  • Scale out simply
  • Enable sophisticated search functionality
  • Deep understanding and support of 50+ languages
  • Simplify search index management
Many applications use search as the primary interaction pattern for their users. When it comes to search, user expectations are high. Users expect great relevance, suggestions, and solid linguistics that effortlessly handle spelling mistakes, near-instantaneous responses, multiple language, and more. Azure Search makes it easy to add powerful and sophisticated search capabilities to your website or application. The integrated Microsoft natural language stack has been improved over 16 years of development. Quickly and easily tune search results and construct rich, fine-tuned ranking models to tie search results to business goals. Reliable throughput and storage provide fast search indexing and querying to support time-sensitive search scenarios.

Azure Search removes the complexity of setting up and managing your own search index. The fully-managed service helps you avoid the hassle of dealing with index corruption, service availability, scaling, and service updates. Create multiple indexes with no incremental cost per index. Easily scale up or down as the traffic and data volume of your application changes.

Azure Search boosts development speed thanks to support for familiar tools and a consistent global cloud platform. Quickly provision search and start populating the index to get up and running quickly. Like other Azure services, Search uses familiar REST API calls and offers a .NET SDK. The worldwide network of Azure datacenters means reduced search latency no matter where your application is located.

Google: Google Takeout


Google Takeout is a project by the Google Data Liberation Front that allows users of Google products, such as YouTube and Gmail, to export their data to a downloadable ZIP file.

Users can select different services from the list of options provided. As of 6 December 2013, the services that can be exported are as follows:
  • Blogger posts
  • Gmail data
  • Google+ +1s, Circles, Pages, and posts
  • Google Buzz posts
  • Google Calendar appointments
  • Google Contacts
  • Google Drive files
  • Google Latitude
  • Google Profile
  • Google Voice settings
  • Picasa albums
  • YouTube videos
The user can elect to export all of the available services or choose services from the above list. Takeout will then process the request and put all the files into a zip file. Takeout then optionally sends an email notification that the export is completed, at which point the user can download the archive from the downloads section of the website. The zip file contains a separate folder for each service that was selected for export. For Google+ Page data, it will only allow you to export data from pages that you have created, not pages that you manage.

Thursday, 5 March 2015

Microsoft: Microsoft's New Windows 10 Universal App Platform

Microsoft officials went public with some new details about its strategy for enabling developers to write once and run on any version of Windows during a deep-dive session at Mobile World Congress on March 2.

For the last few years, Microsoft officials have been evangelizing the idea that "One Windows" running across a variety of device types will enable developers to create universal apps that will build on a single runtime, use an increasingly similar set of application programming interfaces (APIs) and developer tools and be available from a single store.

With Windows 8 and Windows Phone 8, Microsoft got a step closer to realizing its "One Windows" vision. But with Windows 10, the company is hoping to get a lot closer to this promised nirvana.

The new universal app platform (UAP) that Microsoft is building with Windows 10 will sit on top of the Windows core. The UAP is a superset of WinRT, the Windows 8 and Windows RT runtime, according to tweets from Matt Lacey (@mrlacey), who runs the Windows Apps London developer group.

"The migration path to Windows 10 UAP apps is from 'universal' 8.1 apps," Lacey tweeted. There are some "additional conversion steps" needed, ranging from referencing extension development kits, to moving Charms bar interactions.

Developers will be able to target different versions -- either a range or individual -- of the UAP, not the underlying version of Windows, according to Lacey. The UAP "is a versioned collection of versioned contracts," he explained.

Universal apps don't mean apps that look and work exactly the same across all device types. Microsoft is building "extension SDKs (software development kits) that will allow developers to build platform/device-specific elements while still building on top of a single binary, according to tweets from the event.

The Adaptive User Interface in universal apps will adapt to the device, tweeted freelance tech journalist Tim Anderson (@timanderson). This Adaptive UX is a set of adaptive controls that support mouse, keyboard and touch, and "look a bit different from Metro," Anderson said.

Microsoft also is opening up Windows 10 across platforms to a new category of applications officials are calling "hosted web apps," or simply "Web apps." These are wrapped versions of Web sites that will be available for download from the coming single store. These apps also will be able to call universal APIs like notifications, camera, contact list and calendar from JavaScript. Microsoft is making these hosted Web apps pinnable and able to be integrated with Cortana, Microsoft's personal digital assistant.

It's worth noting that Microsoft execs still have not confirmed a report in a (now-removed) Microsoft blog post that Win32 apps, along with other digital content, also will be available in the coming single store.

During the session for developers, Microsoft officials said that a first public build of Project Spartan -- Microsoft's new lightweight browser for Windows 10 and Windows 10 mobile -- will be available as part of the next preview build of Windows 10. Microsoft officials confirmed today that Spartan will be a universal Windows Store app that will be downloadable from the unified Windows Store.

Microsoft officials were hoping to deliver a new preview test build of Windows 10 roughly every month. There was no February test build of Windows 10 for desktops, but a new one is expected some time in the coming weeks, as is one for Windows Phones.

Wednesday, 4 March 2015

Google: New Google Contacts


Google is offering up a preview of the new version of Google Contacts today. Contacts gets a big visual overhaul to make it easier to manage your contacts and see everything you've been talking about.

The new design makes it a lot easier to get rid of duplicates and it makes sure contacts are kept up to date by tapping into their Google profile. Likewise, you can now see your most recent emails and meetings with a person right in their contact card. You can try out the new Contacts by heading to contacts.google.com/preview.

Tuesday, 3 March 2015

IT Technology: SanDisk 200GB MicroSD


SanDisk has taken the wraps off “the world’s highest capacity microSD card.” Packed with 200GB of speedy flash storage, the SanDisk Ultra microSDXC Premium Edition card represents a jump of 56% over the previous record holder. It can move data at up to 90MB/s, which SanDisk says is fast enough to transfer up to 1,200 photos per minute.

A 200GB microSD card is an eye-popping achievement. Just consider that it’s more space than many people’s laptops and more than 150% larger than the biggest available iPhone. Slide it into your Android smartphone or tablet, GoPro, and other portable gadgets and you’ll instantly have access to a massive amount of storage.

This is also big news for Mac users. We’ve shared with you just how easy it is to upgrade MacBook Air/Retina MacBook Pro laptops with a microSD card. Using the same method of putting SanDisk’s new microSD card into a custom MacBook adapter, you’ll now be able to add 200GB of semi-permnenant storage to your Mac.

The 200GB model isn’t due to hit stores until Q2 this year and will be priced at $399.99.

Google: Google Getting Ready To Launch Own 'Virtual' Mobile Phone Network


Google is planning to launch its own mobile phone network, the software and search firm has confirmed, as it plots a major business shift that will see the company move into supplying broadband connections across the planet

Details of what Google insiders are calling “Project Nova” were unveiled by Sundar Pichai, recently promoted as second in command to co-founder Larry Page, at the Mobile World Congress trade show in Barcelona.

The world’s largest mobile computing show also saw Facebook founder Mark Zuckerberg outline his strategy for connecting the four billion people worldwide who still have poor internet connections or simply live life offline, through his Internet.org project.

Subscribers of Google’s “virtual network” will be able to switch seamlessly between mobile phone and Wi-Fi signals, and between the masts of competing mobile phone networks, as their phones seek out the best signals.

Dropped calls may also become less of a nuisance, as phones will automatically try to redial the number should the communication be cut mid conversation.

Nova, which will begin life as a US project, is part of a wider move by Google from software into networks, and the company’s ultimate goal is to beam internet connections to the earth’s remotest reaches, where four billion people have poor internet connections or simply live offline.

“We are creating a backbone so we can provide connectivity,” said Pichai. “We will be working with carriers around the world so they can provide services over our backbone. We want to focus on projects which serve billions of users at scale and which make a big difference in their every day lives.”

Leaks in January suggested Google had already signed agreements for Nova with Sprint and T-Mobile in the US. Google will not put up its own masts but will buy airtime wholesale from networks and repackage it for Nova subscribers. The model is known as MVNO, or mobile virtual network operator. It is used by services such as Tesco mobile and would be relatively simple to expand into Europe and further afield.

Pichai claimed Google’s intention was not to compete with existing operators like AT&T, but to improve their performance by demonstrating what was possible.

He said the project would follow the same model as Google’s Nexus devices, low cost but high performance phones and tablets which are made in partnership with manufacturers such as Samsung and LG.

“We don’t intend to be a network operator at scale,” said Pichai. “All innovation in computing happens at intersection of hardware and software. That is why we do Nexus devices. We do it at enough scale to achieve impact. We are at a stage now where it is important to think about hardware software and connectivity together.”

Pichai set out plans to bring four billion people online. The company is experimenting with three methods of reaching remote or poorly served areas. With Project Link, Google is building a high speed fibre-optic network, which internet resellers can use to offer services to homes and businesses, in the Ugandan capital Kampala. Pichai said Link would now be rolled out to other parts of Africa.

Project Loon, in which helium-filled balloons are beaming out superfast 4G mobile internet, is nearing a commercial launch scheduled for 2016. Pilots are under way in Latin America with Telefonica, in New Zealand with Vodafone and in Australia with Telstra.

Pichai revealed Google’s balloons were now able to remain airborne for up to 200 days. When the project began two years ago, keeping the balloons airborne for more than five days was a challenge.

As many as 80 Google balloons were in the air at any one time in November, the company said, but numbers are increasing with 10 new balloons launched each week.

Finally project Titan, for which solar-powered glider planes developed by a US company acquired by Google last year will be able to beam out broadband to wide areas. The planes would be particularly suited to bringing emergency broadband to disaster zones.

“We think we can bring first-world connectivity to many rural areas,” said Pichai. “You can imagine planes and balloons which we can stitch together to create this mesh of floating cell towers. It sounds like science fiction at first but we’ve made tremendous progress.”

In a keynote speech on Monday evening, Facebook founder Mark Zuckerberg said internet drones and satellites were only a small part of getting the developing world online. Last year, Facebook snapped up Ascenta, a the Somerset, UK based maker of solar powered drones.

“Google have their balloons, we’re working on planes and satellites,” said Zuckerberg. “That’s at the fringe of the real work that is going on. 90% of people in the world live within range of a network already.”

Zuckerberg’s solution is Internet.org, a partnership with Samsung, Nokia and other telecoms groups to tempt more people online by allowing access to a selection of websites – including Facebook and Wikipedia – for free.

Since its beginnings last summer, Internet.org has launched in four African countries, Colombia, and in India last month. Zuckerberg has spent the last year travelling to Mexico, China, Indonesia, Colombia and India to promote his project.

Mobile networks have railed against the erosion of their profits from calls and text messages because of alternatives like WhatsApp, the messaging application bought by Facebook last year. But Zuckerberg used his appearance at Mobile World Congress to tender an olive branch, saying investment by traditional telecoms companies was the key to getting more people online.

“In order to grow the internet it’s expensive work and building all the infrastructure that needs to get built to connect everyone costs a lot of money,” he said. “The only way we can get to that is to grow the operator businesses faster.”

Monday, 2 March 2015

Apple: Reset Network Setting in Mac OS X

The following steps allow you to reset the network setting in Mac OS X:
1.  Turn Off Wi-Fi
2.  Go to /Library/Preferences/SystemConfiguration/
3.  Delete com.apple.airport.preferences.plist and preferences.plist
4.  Restart the computer
5.  Turn on Wi-Fi

Apple: Forgot Passcode For iPhone, iPad, or iPod Touch, or The Device Disabled

If you enter the wrong passcode into an iOS device six times in a row, you'll be locked out. You'll also see a message that says your device is disabled.

<< Erase and restore >>
If you can't remember your passcode, you'll need to erase your device, then use a backup to put your data and settings back on your device. Please use one of the methods below for the backup and restore.

<< iTunes >>
If you've synced your device with iTunes, you can restore your device.
1.  Connect the device to the computer you normally sync with.
2.  Open iTunes. If iTunes asks you to enter your passcode or asks you to allow access, try another computer that you've synced with. Or use recovery mode. (Click the link to be taken to the steps.)
3.  iTunes will automatically sync your device and create a backup. If it doesn't, sync the device with iTunes.
4.  After the sync is complete, restore your device.

5.  When iOS Setup Assistant asks to set up your device, choose "Restore from iTunes backup."
6.  Select your device in iTunes and choose the most recent backup.

<< Find My iPhone >>
If you enabled Find My iPhone through iCloud, you can use it to erase your device.
1.  Go to icloud.com/#find.
2.  If prompted, sign in with your iCloud Apple ID.
3.  Click All Devices at the top of your browser window.
4.  Select the device you want to erase.
5.  Click "Erase [device]" to erase your device and its passcode.
6.  Use the Setup Assistant on your device to restore the most recent backup.

<< Recovery mode >>
If you've never synced your device with iTunes, or haven't set up Find My iPhone, you'll need to put your device in recovery mode. Then you'll restore your device as new or from a backup. This will erase the device and its passcode.
1.  Disconnect all cables from your device.
2.  Hold down the Sleep/Wake button, then "slide to power off" to turn off your device.
3.  Press and hold the Home button and plug the device into your computer. If your device doesn't turn on automatically, turn it on. Don't release the Home button.
4.  Continue holding the Home button until you see the Connect to iTunes screen.

5.  If iTunes doesn't open automatically, open it. iTunes will alert you that it has detected a device in recovery mode.
6.  Click OK. Then restore the device.
If your device doesn't go into recovery mode, try steps 1–4 again.

Google: Sync Tabs Across Devices

<< Enable tab syncing >>
Chrome syncs your tabs across all your devices.
Sign in to Chrome using the same Google Account on the devices you want to sync. Then check your sync settings on each device:
  • On Windows, Mac, Linux, or Chrome devices
    1. Go to the Chrome menu Chrome menu > Settings.
    2. Click Advanced sync settings and make sure the “Open Tabs” checkbox is selected. Note: To disable tab syncing, deselect the “Open Tabs” checkbox.
  • On Chrome for Android
    1. Touch Chrome Menu > Settings > your email address.
    2. Touch Sync and make sure the “Open tabs” checkbox is selected. Note: To disable tab syncing, deselect the “Open tabs” checkbox.
  • On Chrome for iOS
    1. Touch Chrome Menu > Settings > your email address > Advanced.
    2. Slide the "Sync Everything" switch to On. If you don't want to sync everything, slide the switch to OFF and choose the data you want to sync, specifically "Open Tabs". Note: To disable tab syncing, slide the "Open Tabs" switch to Off.

<< Access open tabs on other devices >>
You can access any open tabs from other synced devices.
  1. Go to the Chrome menu Chrome menu .
  2. Click Recent Tabs.
  3. Click the tab you want to open from a device listed.