Virtualisation is hackers’ next target

Hackers are on their new mission of attacking Virtualisation, which is being adopted by the businesses at a rapid pace. The worrying fact is that not many businesses are aware of the risks or acting adequately to protect from the hackers, noted the market observers.

According to Ovum’s principal analyst Graham Titterington, threats to virtual machines are increasing significantly as virtualisation is getting more and more global prominence. While acknowledging that there was little evidence of foundation layers of virtualisation environment having been attacked yet, he said that strong possibility of attacks did exist and businesses needed to be extra vigilant.

Titterington added attackers could take down many virtual machines in a single attack with the help of virtualisation itself. If the hypervisor security of virtual machines, sharing same physical platform was broken, the information held on machines could also get attacked.

Titterington’ assessment was concurred by Symantec’s manager for systems engineering, Ronnie Ng, looking after Indonesia and Singapore operations. He remarked that although hypervisor breaches were rare, threat of compromising hypervisor layer was quite high, and it could put all virtual servers running business applications at risk.

Secure Computing’s managing director of Asia South, Benjamin Low stated that it would be just matter of time before hackers attack unprotected vulnerabilities of technology and warned that virtualisation could become next frontier for hackers’ attacks.

Satyam to close £1bn of outsourcing deals in the UK

Outsourcing giant, Satyam, looking for new business opportunities in the credit-crunch-hit financial sector is set to clinch up to £1bn of outsourcing deals in the UK.

Satyam will be clinching 10 deals worth £20m to £100m each, claiming that it was making headway in manufacturing, telecom and retail markets.

Satyam’s European business head, Dr. Keshab Panda, told that deals were countering the slowdown in financial sector where businesses were postponing outsourcing agreements.

Panda ruled out a reduction of staff adding that its UK headcount had doubled in the past 2 years and it provided employment to 5,200 new workers during the first 6 months of financial year 2008/09.

Satyam’s second-quarter financial results for the current year showed jump of 38.8% year on year to £338m (28.8bn rupees) and 7.6% on last quarter.

Panda predicted tough third quarter for the company with revenue remaining flat between 29.4bn and 30.3bn rupees.

According to Panda, financial and banking services were larger segment for Satyam’s business. He claimed that quarter 3 was always a difficult period for business worldwide and Satyam had predicted flat quarter 3 but it clinched 10 deals at this time in the UK. Panda added that many customers were interested in doing outsourcing to reduce costs.

Panda informed that EU market was growing faster than the US accounting for 21% of Satyam’s business. Of 21%, 52% accounted for the UK and 48% for Europe.

Novell to acquire business-services management firm

Open-source company Novell is buying data centre management services firm Managed Objects.

Novell will be adding data and workload monitoring tools to its portfolio by acquiring Managed Objects.

According to Novell’s senior vice president systems and resource management, Joe Wagner, Managed Objects’s products were complementary to Novell’s virtualisation and management capabilities and the acquisition was an extension of its approach in making IT work as one in data centre.

Senior analyst Andy Buss at Canalys opined that the deal made sense for Novell especially in the backdrop of its licensing deal with Microsoft. It would take Novell to the services-based model where it desperately wanted to go. The Microsoft partnership would provide Novell access to a wide data centre install base where heterogeneous environment are being run by the people, said Buss.

He felt that Novell’s entry into business-service management (BSM) would enhance its competitiveness with companies like IBM and CA, big players in the same market. It is more critical since businesses were moving into virtualisation and cloud computing.

The acquisition is likely to conclude in first fiscal quarter of 2009, if approved by the regulatory. Though the cost of buying Managed Objects was not made public, Novell confirmed that it would use current cash for acquisition.

Dutch researchers make public Oyster travel smartcard-hack details

Dutch researchers have released vulnerability details of London’s Oyster travel smartcard’s chipset at the Esorics security conference held in Malaga on Monday.

An academic paper highlighting cryptographic vulnerabilities details was also released on Radboud University Nijmegen website.

Professor of computer security Bart Jacobs at Radboud University, who headed the research team, claimed that security of the Mifare Classic chipset was completely ineffectual. The chipset is part of the Oyster card and the Dutch OV- Chipcaart travel cards.

Jacob informed that the chip was fundamentally broken and could only be strengthened with additional security measures and by improving overnight checks. He urged people involved with high value assets to migrate to other chips urgently.

The researchers claimed that Mifare Classic smartcard’s Cryptol encryption algorithm allowed easy retrieval of a 48-bit cryptographic key.

According to the University’s website researchers were able to intercept part of communication between Mifare reader and smartcard, and successfully computed and decrypted cryptographic key. After the decryption of the key it was quite easy to copy and clone the card.

Jacob informed that the publication of the hack details undermined public confidence in Oyster travel cards and criminals could easily clone new cards everyday.

However, Transport for London (TfL) claimed that additional safeguards had already been put in place in consultation with Royal Holloway Information Security Group’s academic team.