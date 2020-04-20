Server: BigBlueButton, New Mainframe Models and IBM Snubs Security
BigBlueButton review
However, the software must be installed on an Ubuntu Linux server, and its installation and ongoing maintenance requires a strong working knowledge of this operating system. Therefore, many schools instead use third-party BigBlueButton managed web hosting companies that install, host, and maintain their BigBlueButton installation for them.
New Mainframe Models
In these days of lockdown and spending all day at home, it’s always good to have news of a new baby in the family. And that’s what we got last week. IBM has shared with its extended mainframe family (and the rest of the world) the news about its two new mainframe products, the z15 Model T02 and LinuxONE III Model LT2.
The z15 platform was originally launched last September, with the z15 Model T01 and LinuxONE III LT1. Their outstanding feature was the ability for data to be ‘encrypted everywhere’, both in transit and at rest and without impacting system performance. This uses the, so called, Data Privacy Passports. Other standout features were increased physical compute capacity, high availability options, and support for container-based development and applications (using the Red Hat OpenShift Container Platform).
[...]
Perhaps the biggest talking point with these models is IBM Secure Execution for Linux, a hardware-based security technology that creates isolated Trusted Execution Environments (TEEs) that restrict access to business critical or sensitive data, but still allow administrators and developers to perform their jobs. Secure Execution is a way to mitigate insider threats to enterprise data. Basically, Secure Execution provides a KVM-based virtual machine that is fully isolated and protected from the hypervisor with encryption keys that only the IBM Z hardware and firmware have access to.
IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report
IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory.
IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk.
[...]
IBM however did say that it had fumbled the report. "A process error resulted in an improper response to the researcher who reported this situation to IBM," a company spokesperson told The Register. "We have been working on mitigation steps and they will be discussed in a security advisory to be issued."
Ribeiro dismissed IBM's response in an email to The Register. "Well, what can I say," he said. "It's a joke right? I think it's pretty sad that I have to disclose a zero-day and shame them publicly to get them to patch critical vulnerabilities in a security product, while they sell themselves as an elite company providing security services."
