Vulnerability in X Server Allows the Unlocking of Computer

A very interesting, and potentially very harmful, vulnerability has been discovered in X.orgs's X Server that allows users to gain access to a locked computer. By pressing the Ctrl key, Alt key and * key simultaneously one can disable a user's screensaver and unlock the computer, a glitch discovered by French blogger "Gu1". The technique has already been verified to work on versions 1.11 and higher of X.org's X Server.

According to Gu1, the vulnerability is caused by something known as the "AllowClosedownGrabs" debug option. If this debug option is activated, pressing that key combination will cause any processes that calculate mouse or keyboard inputs to shut down. In the case of the key inputs above, the computer's screensaver, which usually prevents a locked computer from being accessed, is disabled.

Gu1 also says that this debug option had existed up until 2008, though at that time it was disabled by default and well-documented. It has also been mentioned that the developers explicitly pointed out the potential security problems that may arise when this is used in combination with screensavers. In addition to that, developers were able to use an API to disallow the function for their processes.

The function was re-introduced last year though was enabled by default and was not clearly documented and not easily configurable according to Gu1. Developer at X.org Peter Hutterer stated, "This was caused by a miscommunication within the development team." After the function was re-introduced, developers failed in removing the keyboard combination from the default keymap.

Gu1 also mentioned that any Linux distributions that use version X Server v1.11 are vulnerable and added that he was able to reproduce the problem with Debian and GNOME 3 and even with Arch Linux and GNOME 3 and Slock and Slimlock. It is also reported that KDE can also be unlocked this way.

Source: The H - X.org server allows anyone to unlock computer

Power Point Projectors
Most business class projectors will do a good job displaying your PowerPoint presentation. If you have a small presentation group, a 2000 lumen LCD projector will be able to produce a nice and clear picture. For larger audiences you should consider a 5000 lumen LCD projector.

New Denial of Service Attack Takes Its Time on Your Server

On Thursday a researcher published a proof-of-concept code that takes a new look on the slow HTTP Denial-of-Service (DoS) attack by simply dragging out the whole process of reading the server's response and, eventually, overwhelming it. Senior Software Engineer at Qualys Sergey Shekyan also added this modified Denial-of-Service attack, which he dubs a Slow Read attack, to his Slowhttptest tool.

As far as the attack goes, Slow Read basically sends a legitimate HTTP request and then takes an excruciatingly long time reading the response. By doing so, the Slow Read attack keeps as many open connections as possible and eventually causes a Denial-of-Service attack.

The Slowhttptest attack tool developed by Shekyan was inspired by related open-source tools Slowloris and OWASP's Slow HTTP Post. Slowloris keeps connections open by sending partial HTTP requests and then sends headers at regular intervals in order to prevent the sockets from closing.

OWASP's Slow HTTP Post Distributed Denial-of-Service (DDoS) tool simulates an attack using POST headers that have a legitimate content-length field. This allows a web server to know just how much data is arriving. Once the headers are delivered, the POST message body is transmitted slowly and gridlocks the connection, as well as the server resources.

Slow HTTP attacks are becoming increasingly more popular, especially among hackers, as a way to quietly insert a Denial-of-Service attack due to the fact that these hacks are relatively simple to perform, require minimal computing resources and are often hard to detect until it is too late.

Source: InformationWeek - New Denial of Service Attack Cripples Servers Slowly

Rack-Mount Server rentals are ideal if your company needs an extra storage unit for company information while you are testing various types of storage solutions.

Whether you need a short-term rental or a long-term lease, we have the right kind of server for your needs.

Beta Testing Begins for Red Hat Enterprise Linux 5.8

Linux vendor Red Hat is fancying itself up with a newer platform but is by no means hanging its older customers out to dry. The company is currently in the process of testing the Red Hat Enterprise Linux 5.8 release, which will provide customers with updates to the platform.

Red Hat first launched Red Hat Enterprise Linux 5 in 2007 and in the latter part of 2010 released Red Hat Linux Enterprise 6, which provided the next generation of enterprise Linux features. Red Hat Enterprise Linux was also recently updated to Red Hat Enterprise Linux 6.2, which gave new control and storage features. The upcoming release of Red Hat Enterprise Linux 5.8, which is now in beta testing, will be getting its own set of updates, though resource control won't be among them.

The resource control functionality found in Red Hat Enterprise Linux 6.2 is from the cgroups feature, which is also not present in the Red Hat Enterprise Linux 5.x series. According to Vice President of Linux Engineering at Red Hat Tim Burke, "cgroups was extremely invasive so you'll never see that in Red Hat Enterprise Linux 5. We continue to do minor feature enhancements in Red Hat Enterprise Linux 5." Burke also added that the minor feature enhancements added to v5 must not be invasive or overly risky and that there is also the potential for additional hardware enablement in Red Hat Enterprise Linux 5.

Even though cgroups isn't going to be in RHEL 5.8, other types of enterprise controls are. Some of the new features support Power Management Quality of Service (QoS), a feature that provides power savings to enterprise via automated scheduling based on QoS policies. In addition to that, there is something known as "iotop" support. This is said to provide monitoring for I/O from a process perspective that will be helpful in troubleshooting performance issues.

According to Burke, "RHEL 5 is still getting development features so it's definitely not the end of the road for RHEL 5. Remember we have a 10-year product lifecycle. At this point RHEL 5 is only four years old, so we still have a long runway left for RHEL 5."

Source: Server Watch - Red Hat Enterprise Linux 5.8 Enters Testing

A Copier Rental is a quick way to mass produce important documents for potential customers at an event or conference. Renting office equipment is simple and easy and it can also save you loads of time and money. Rentacomputer.com has been offering copier rentals to more than 1000 cities worldwide for over 20 years.

Battlefield 3's PC Server Browser Gets Updated

One thing that PC gaming has always had over console gaming (at least in terms of multiplayer) was the ability to buy your on server to host your favorite games online. In addition to that, you also had the ability to join any server you could find, dramatically increasing the chances of you finding a game. Battlefield 3 brought a little of this functionality to consoles upon its release, though the PC still does it better in my opinion. However, it appears as if PC gamers will have even more to brag about as DICE has made a plethora of "super charged" improvements to the Server Browser for the PC version of Battlefield 3.

The full list of all the changes is as follows:

Filter by Country - This allows you to search for servers by country (obviously). This is highly useful for any gamer looking to play with gamers from all corners of the earth or want to play on the server of your favorite country.

Server Queuing - This is sure to make a lot of gamers happy. Server queuing allows you to be added to a waiting queue if the server you want to play on is full. This is good if you are trying to play a specific map, game mode or with specific players.

New Navigation Icons - New quick links are available that take you directly to some of the more popular areas of Battlelog as well as easy access to things like stats and dog tags.

Easier Server Joining for Parties - The whole process of joining a server with a party of friends has been improved. The update allows everybody in your party to connect to the server asynchronously, without having to wait for your team to ready up.

Battle Report Sharing - You now have the ability to share your favorite battle reports on Facebook, Twitter and Google+, letting all your friends know just how much of a boss you really are (or aren't) at the game.

Improved Server Browser - The server browser has now been equipped with more search options like Kill Cam, Friendly Fire and 3D Spotting. This is sure to make finding specific things in a game much faster and easier.

That's the run-down of all the new features in DICE's update to the Battlefield 3 PC Server Browser system. Hopefully this helps make finding games, servers and parties a lot simpler. Battlefield 3 fans should also keep an eye out for the game's first set of DLC, "Back to Karkand", set to drop on December 13th. Owners of the Limited Edition game will already have free access to the DLC with everybody else having to pay for it.

Source: ComputerAndVideoGames.com - Battlefield 3 PC Server Browsers gets 'super charged' update

SMBnow.com is news of, for and by SMBs!
SMBnow.com... The Small & Medium Business Magazine!

Intel Debuts Pentium 350 Chip for Low-End Servers

Intel, the most widely renowned and largest computer chip manufacturer on the planet, has just introduced a brand new, low-power Pentium 350 processor which is specifically aimed at low-end servers. The company had talked previously about its intentions to move into the low-end server market by producing "server versions" of the Atom processor which would support technologies like ECC memory.

However, Intel has taken that idea and done something that simply has most tech industry professionals scratching their heads. Intel has gone ahead and jumped right into the market, though with a Pentium branded processor instead of an Atom. The processor the company has decided to use? The dual-core 1.2GHz Pentium 350.

Even though the Pentium brand from Intel is extremely well known, the company has relegated it to cut down processors, effectively taking the place of the company's Celeron processors. Regardless, the Pentium 350 supports Hyperthreading and, most importantly, has a thermal design power (TDP) of only 15W.

What makes the Intel Pentium 350 processor a server-oriented chip is the complete lack of an on-chip GPU and support for ECC memory with the memory controller supporting two channels. In addition to that, there is support for Intel's Vpro virtualization technology, presumably meaning that the Pentium 350 chip was designed for very specific and traditional workloads.

The Xeon range of processors from Intel currently dominates the commodity server market, though the company needs to start producing lower power chips to compete with ARM-based servers in the future. It was expected that Chipzilla would serve the low-end server market with an Atom processor, but for now the 15W Pentium chip will have to take its place until 22nm Atom chips begin coming off of Intel's production lines sometime next year.

Source: The Inquirer - Intel outs 15W Pentium 350 chip for servers

Computers, Desktops, Laptops, Servers and the latest in Portable Tablet PCs are available from your computer rental company, Rentacomputer.com.

Talk to a Rentacomputer.com Tech Travel Agent Today!
Call Toll free 800-736-8772.

New SQL Server Licensing from Microsoft

It seems that most people, on the internet at least, have come to accept some new changes to Microsoft's SQL Server 2012 licensing model which is a clear contrast to the anarchy that ensued over changes to VMware's vSphere 5.0 back in July. In that case complaints forced VMware to modify its pricing. Microsoft debuted SQL Server 2012 earlier in the month as the relational database management system upgraded from SQL 2008. However, it is still going to take some effort by customers to figure out what these new changes mean for them, as well as for their IT budgets.

On the other hand, Microsoft is attempting to make it as easy as possible with an SQL Server 2012 Licensing Datasheet. Microsoft explains, in a six-page PDF, the different licensing options, differences among the different editions and how to transition from SQL 2008 to SQL 2012 licenses. However, it is still recommended that users consult with a Microsoft sales representative, preferably one that is the most familiar with their account.

Last month Microsoft and HP jointly announced the development of HP Alliance which will be able to run SQL 2012. VMware landed in some hot water with more than a few customers when it introduced a new licensing policy with vSphere 5.0, specifically when the company switched from a hardware-based licensing model per physical server to a "vRAM metric", where the company billed the amount of virtual RAM per physical server.

A plethora of blogs and reports noted complaints about the limitation on the number of vRAMs per license and, after only three weeks of customer disapproval, VMware relented and increased the limits per license of vRAM. It is no surprise that the backlash of that business venture is on the minds of the people at Microsoft who are responsible for SQL 2012. Some of the highlights of the new release include a new license category called Business Intelligence (BI) Edition, which fits between the existing Standard Edition (SE) and the Enterprise Edition (EE).

The BI Edition is fine-tuned to manage databases that are tied to a business intelligence application, which just so happens to be a growing category of IT for companies that are looking to crunch petabytes of data in order to get a little insight into how to run their businesses. Each edition of SQL 2012 will offer two broad options, pricing based on computing power and pricing based on the total number of end users. This is known as the Client Access License (CAL). However, computing power in the Enterprise Edition will be based on the number of sockets in a server as opposed to the number of processors.

Pricing information is detailed in the datasheet that notes that in EE a license is $6,874 per core for mission-critical apps. The BI edition is $3,952 per server plus an additional $209 per CAL. The SE edition is sold on a per-server ($898) or per-core ($1,793) basis with the addition of the same $209 per CAL license. It's going to take some calculations on the customer's part to determine if it is financially better to go with a per-server or per-core plan. Regardless, SQL Server 2012 will be available sometime in the first quarter of 2012.

Source: Information Week - Microsoft Revamps SQL Server Licensing

Computers, Desktops, Laptops, Servers and the latest in Portable Tablet PCs are available from your computer rental company, Rentacomputer.com.

Talk to a Rentacomputer.com Tech Travel Agent Today!
Call Toll free 800-736-8772.

ARM Enters the World of 64-bit with New ARMv8 Chip Architecture

ARM has just introduced its very first 64-bit microprocessor architecture, known as ARMv8. This new architecture should enable wider use of ARM chips in servers as well as other enterprise equipment and also increase the competition the company currently has with Intel.

ARMv8 adds 64-bit addressing capabilities, which is an improvement over the ARMv7-A architecture. The ARMv7-A architecture is capable of up to 40-bit addressing, though this new architecture puts ARM into more direct competition with Intel and its 65-bit Xeon processors.

The new architecture will take time to show up, though. ARM expects to release its first ARMv8 processor designs next year with prototype consumer and enterprise systems not expected to arrive until sometime in 2014 according to ARM. In a speech by ARM CTO Mike Muller at ARM TechCon on Thursday where the new design was announced, Muller stated, "This is the beginning of quite a long road to 64-bit products."

The ARMv8 processor architecture will offer backwards compatibility as well as migration for existing software, ARM added. Most of the PC and server operating systems in today's market ar 64-bit. 64-bit allows computers to address larger amounts of storage and memory, something that is especially useful for data-intensive applications.

ARM licenses processor architectures and designs to mobile chip companies, like Nvidia, Samsung, Qualcomm and Texas Instruments, and the company's processors are also used in most smartphones and tablets on today's market. However, the company has practically no presence in the server and PC markets, both of which are dominated by Intel and its x86 processors.

The new ARM architecture will be implemented in chips that range from tiny sensors to large-scale infrastructure equipment, according to ARM, who also stated that it will bring "energy-efficient 64-bit computing" to high-end servers. Microsoft has said previously that 64-bit applications run faster than 32-bit applications, and ARM's new architecture could make future chips with ARM processors capable of running 64-bit Windows applications.

Microsoft's Windows 8 will work on ARM and x86 processors, and devices like tablets have been demonstrated running on ARM's 31-bit processors. The lack of 64-bit capabilities was considered a drawback in ARM's efforts to enter the PC and server markets with most applications running 64-bits. ARM had previously stated that it would address 64-bit only when necessary, pointing out that it would not sacrifice power consumption in order to bring more performance. It looks like that time has come.

Source: Computer World - ARM goes 64-bit with new ARMv8 chip architecture

SMBnow.com is news of, for and by SMBs!
SMBnow.com... The Small & Medium Business Magazine!