Author

Announced last 14th September with a TechNet blog post, Project Honolulu is the free, Web-based HTML5 platform for centralized management of hosts and clusters that allows to control, manage and troubleshoot Windows Server environments from a single panel. Today is available as a “technical preview”.

Typically, the administration Windows server environments relies upon MMC (Microsoft Management Console) and other graphic tools, in addition to PowerShell, which guarantees a powerful and complete scripting system capable of an high level of automation.
Project Honolulu can be compared to VMware vCenter’s Web Client (albeit some differences), is a centralized management solution for Windows Server hosts and clusters, conceived not as a replacement for System Center and the Operations Management Suite, but as a complementary tool.

Projet Honolulu is the natural evolution of Server Management Tools (SMT is the analog tools retired a few months ago because as it ran on Azure, it required a constant Internet connection that sometimes it can’t be guaranteed) and represents its local, on-prem version. It’s not a substitute for MMC.
During last Ignite, Microsoft introduced the project with two demo sessions (one and the other), and covered the topic with a blog post.

 

project honolulu architecture

Read more Project Honolulu: a web-based management control for Windows Server by Microsoft

HyTrust published its VMworld 2017 Cloud Adoption Survey
HyTrust, an IT company in the security sector, published a report on the enterprise cloud world made during last VMworld 2017.
323 companies were surveyed, and these are the results. 21% of them are concerned about GDPR and have a plan in place and 52% are not concerned about GDPR or are unaware of its relevance for their business and 27% are concerned about GDPR, yet have no plan in place.
Among the other results of the survey, although the hybrid cloud infrastructures are more and more used, 22% don’t use a public cloud, 44% don’t have an hybrid cloud and 28% entrust a single hybrid cloud vendor. The percentage of those who don’t use any form of encryption in a public cloud thankfully lowers from 28% of last year to 10% of this year. The biggest fears in terms of security are about uncontrolled or unmonitored access by admins (32%) and a malicious or accidental exposure of workload data (30%).
Containers are an appealing topic but it’s seldom used in production: just 12% of participants use it a production environment.

Read more Cloud - Datacenter Bulletin - January 2018

CMS

Joomla 3.8.3 is now available
Joomla 3.8.3 is now available; this is a security release that doesn’t introduce any new feature, rather it fixes security issues and improves performances.
In particular, this release adds support for PHP 7.2 multiple download sources on update servers (AKA download mirrors), TinyMCE has been updated to version 4.5.8, improvements for multilingual support and search performances for big sites. A complete list of fixes is available at this address.
This version is available within the admin console or at this address.

Meanwhile, the Alpha 1 version of the upcoming Joomla 4.0 is available. The preview include new Bootstrap 4 templates, removal of obsolete functions, a new installation wizards, integration of Joomla Framework packages and a renewed Application for Consoles.

WordPress 4.9 is now available
WordPress 4.9, nicknamed “Tipton”, is now available. This version introduces several new features, including a Customizer with new features, improvements to the system code, new widgets and several new features for developers like improved JavaScript API customizer, CodeMirror (a new library for code revision), MediaElement.js update to version 4.2.6 and other improvements to plugin and translation files management.
This version is available in the administration console or at this address.
Version 4.9.1 is available as well. This is a security release that doesn’t introduce any new feature, rather it fixes security issues. Improvements of this release include a properly generated hash for the newbloguser key instead of a determinate substring, addition of escaping to the language attributes used on html elements, ensuring the attributes of enclosures are correctly escaped in RSS and Atom feeds and removal of the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Eleven additional bugs have been fixed, including issues relating to the caching of theme template files, a MediaElement JavaScript error preventing users of certain languages from being able to upload media files and the inability to edit theme and plugin files on Windows based servers.

Further information about this version are available at this address.

Read more CMS Bulletin January 2018

You have heard about it for sure, it’s one of the hottest technologies of the moment and it’s gaining momentum quickly: the numbers illustrated at DockerConf 2017 are about 14 million Docker hosts, 900 thousands apps, 3300 project contributors, 170 thousands community members and 12 billion images downloaded.
In this series of articles we’d like to introduce the basic concepts in Docker, so to have solid basis before exploring the ample related ecosystem.

The Docker project was born as an internal dotCloud project, a PaaS company, and based on the LXC container runtime. It was introduced to the world in 2013 with an historic demo at PyCon, then released as an open-source project. The following year the support to LXC ceased as its development was slow and not at pace with Docker; Docker started to develop libcontainer (then runc), completely written in Go, with better performances and an improved security level and degree of isolation (between containers). Then it has been a crescendo of sponsorships, investments and general interest that elevated Docker to a de-facto standard.

It’s part of the Open Container Project Foundation, a foundation of the Linux Foundation that regulates the open standards of the container world and includes members like AT&T, AWS, DELL EMC, Cisco, IBM Intel and the likes.

Docker is based on a client-server architecture; the client communicates with the dockerd daemon which generates, runs and distributes containers. They can run on the same host or on different systems, in this case the client communicates with the daemon by means of REST APIs, Unix socket or network interface. A registry contains images; Docker Hub is a public Cloud registry, Docker Registry is a private, on-premises registry.

 

docker architecture

Read more An introduction to Docker

In the next issue you will find an article dedicated to the recent Meltdown and Spectre vulnerabilities, which are not covered in this bulletin.

DDoS attacks and Botnets

Necurs botnet now distributes ransomware
Necurs is alive and kickin’ and is distributing malware with, at least, three different campaigns as MyOnlineSecurity reports.
The first campaign is about the Scarab ransomware and is spread through emails. A bogus email has [email protected] as sender, “Scanned from HP” (or other brand) as object, the email body is blank but there’s an attachment which, obviously is the ransomware itself. Such email pretends to deliver documents scanned with a network printer.
The second campaign too is conveyed via email and is about another ransomware, Globeimposter. The sender is [email protected], a random alphanumeric string as object (ie, FL-610025 11.30.2017), and as the previous one it has no body content but an attachment.
The third campaign is similar and pretends to deliver an invoice from Amazon as an attachment. It’s not a ransomware, but a banking trojan indeed.

ProxyM botnet attacks websites
Dr.Web identified a botnet, called ProxyM, which is based on the Linux.ProxyM.1 malware and previously used for email spam campaigns (up to 400 messages per device per day).
The malware being distributed attacks Linux devices and creates a SOCKS proxy server; the attack mode has changed recently, and today ProxyM hacks websites. Infected hosts perform SQL Injection, XSS (Cross-Sie Scriptingt) and LFI (Local File Inclusion) attacks on websites like forums, game servers and generic sites, without a precise scheme. Dr.Web observed 10 to 40 thousands attacks per day.

Read more IT Security Bulletin - January 2018

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  •  GURU advisor: issue 21 - May 2019

    GURU advisor: issue 21 - May 2019

  • GURU advisor: issue 20 - December 2018

    GURU advisor: issue 20 - December 2018

  • GURU advisor: issue 19 - July 2018

    GURU advisor: issue 19 - July 2018

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1