Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • DDoS defenses emerging from Homeland Security

    Government, academic, and private-sector officials are collaborating on new ways to prevent and mitigate distributed denial-of-service (DDoS) attacks, based on research years in the making but kicked into high gear by the massive takedown this month of domain name system provider Dyn.

  • US DMCA rules updated to give security experts legal backing to research

    The US government has updated and published a new list of exemptions to the Digital Millennium Copyright Act, a move perhaps long-overdue which will protect cybersecurity professionals from prosecution when reverse-engineering products for research purposes.

    On October 28, the US Copyright Office and the Librarian of Congress published the updated rules on the federal register.

    The DMCA regulations now include exceptions relating to security research and vehicle repair relevant to today's cybersecurity field. For the next two years, researchers can circumvent digital access controls, reverse engineer, access, copy, and manipulate digital content which is protected by copyright without fear of prosecution -- within reason.

  • Stop being the monkey's paw

    This story got me thinking about security, how we ask questions and how we answer questions. What if we think about this in the context of application security specifically for this example. If someone was to ask the security the question “does this code have a buffer overflow in it?” The person I asked for help is going to look for buffer overflows and they may or may not notice that it has a SQL injection problem. Or maybe it has an integer overflow or some other problem. The point is that's not what they were looking for so we didn't ask the right question. You can even bring this little farther and occasionally someone might ask the question “is my system secure” the answer is definitively no. You don't even have to look at it to answer that question and so they don't even know what to ask in reality. They are asking the monkey paw to bring them their money, it's going to do it, but they're not going to like the consequences.

  • Tyfone looks to open-source to solve IoT security issues

    It came as no surprise to Tyfone CEO Siva Narendra when tens of millions of Internet connected devices were able to bring down the Web during a coordinated distributed denial of service attack on Oct. 21.

    Narendra's Portland-based company Tyfone has been working on digital security platforms to safeguard identity and transactions of people and things for years.

    Narendra says mobile devices in conjunction with the cloud have brought new levels of productivity to our lives. Internet of Things devices (the common name given to these connected items) are poised to bring even greater levels of productivity and cost-savings to businesses, and safety and convenience to our everyday lives.

  • Google just disclosed a major Windows bug — and Microsoft isn’t happy

    Today, Google’s Threat Analysis group disclosed a critical vulnerability in Windows in a public post on the company’s security blog. The bug itself is very specific — allowing attackers to escape from security sandboxes through a flaw in the win32k system — but it’s serious enough to be categorized as critical, and according to Google, it’s being actively exploited. As a result, Google went public just 10 days after reporting the bug to Microsoft, before a patch could be coded and deployed. The result is that, while Google has already deployed a fix to protect Chrome users, Windows itself is still vulnerable — and now, everybody knows it.

    Google’s disclosure provides only a general description of the bug, giving users enough information to recognize a possible attack without making it too easy for criminals to replicate. Exploiting the bug also depends on a separate exploit in Adobe Flash, for which the company has also released a patch. Still, simply knowing that the bug exists will likely spur a lot of criminals to look for viable ways to exploit it against computers that have yet to update Flash.

  • AtomBombing: A Code Injection that Bypasses Current Security Solutions

    Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection. We named this technique AtomBombing based on the name of the underlying mechanism that this technique exploits.

    AtomBombing affects all Windows version. In particular, we tested this against Windows 10.

  • Disclosing vulnerabilities to protect users

    On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.

    After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

    The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call

  • The next president will face a cybercrisis within 100 days, predicts report

    The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report.

    The crisis could come as a result of hostile actions from another country or internal conflict over privacy and security legislation, said Forrester analyst Amy DeMartine, lead author of the firm's top cybersecurity risks for 2017 report, due to be made public Tuesday.

    History grades a president's first 100 days as the mark of how their four-year term will unfold, so those early days are particularly precarious, said DeMartine. The new commander in chief will face pressure from foreign entities looking to embarrass them early on, just as U.S. government agencies jockey for position within the new administration, she said.

  • Hackforums Shutters Booter Service Bazaar

    Perhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter” and “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last week that it has permanently banned the sale and advertising of these services.

    On Friday, Oct. 28, Jesse LaBrocca — the administrator of the popular English-language hacking forum Hackforums[dot]net — said he was shutting down the “server stress testing” (SST) section of the forum. The move comes amid heightened public scrutiny of the SST industry, which has been linked to several unusually powerful recent attacks and is responsible for the vast majority of denial-of-service (DOS) attacks on the Internet today.

Security News

Filed under
Security
  • Security advisories for Monday
  • Tug of war between SELinux and Chrome Sandbox, who's right?

    Over the years, people have wanted to use SELinux to confine the web browser. The most common vulnerabilty for a desktop user is attacks caused by bugs in the browser. A user goes to a questionable web site, and the web site has code that triggers a bug in the browser that takes over your machine. Even if the browser has no blogs, you have to worry about helper plugins like flash-plugin, having vulnerabilities.

  • Trick or Treat! Google issues warning of critical Windows vulnerability in wild

    Recently, Google’s Threat Analysis Group discovered a set of zero-day vulnerabilities in Adobe Flash and the Microsoft Windows kernel that were already being actively used by malware attacks against the Chrome browser. Google alerted both Adobe and Microsoft of the discovery on October 21, and Adobe issued a critical fix to patch its vulnerability last Friday. But Microsoft has yet to patch a critical bug in the Windows kernel that allows these attacks to work—which prompted Google to publicly announce the vulnerabilities today.

    “After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” wrote Neel Mehta and Billy Leonard of Google’s Threat Analysis Group.”This vulnerability is particularly serious because we know it is being actively exploited.”

    The bug being exploited could allow an attacker to escape from Windows’ security sandbox. The sandbox, which normally allows only user-level applications to execute, lets programs execute without needing administrator access while isolating what it can access on the local system through a set of policies.

    But by using a specific type of call to a legacy support Windows system library generally used for the graphics subsystem—win32k.sys—malicious code can escalate its privileges and execute outside of the sandbox, allowing it to execute code with full access to the Windows environment. Win32k.sys has been a problem before: Microsoft issued a warning back in June about a similar privilege escalation problem that had not yet been exploited, and another arrived in August.

Security News

Filed under
Security
  • DDoS of SN Underway [Updated]

    Right, so there's currently a DDoS of our site specifically happening. Part of me is mildly annoyed, part of me is proud that we're worth DDoS-ing now. Since it's only slowing us down a bit and not actually shutting us down, I'm half tempted to just let them run their botnet time out. I suppose we should tweak the firewall a bit though. Sigh, I hate working on weekends.

  • AtomBomb: The New Zero-Day Windows Exploit Microsoft Can't Fix?

    There's a new zero-day Microsoft Windows exploit in the wild by the name of AtomBomb, and Microsoft may not be able to fix it.

  • New code injection method affects all Windows versions [iophk: “watch the ‘news’ play this one down or ignore it; full product recall is needed at this point”]

    Researchers at cyber-security firm enSilo have discovered a method of code injection in all versions of Windows that cannot be eliminated as it is part of the operating system design.

    The design flaw allows for code injection and is dubbed AtomBomb as it makes use of the system's atom tables.

    As Microsoft defines it, "An atom table is a system-defined table that stores strings and corresponding identifiers. An application places a string in an atom table and receives a 16-bit integer, called an atom, that can be used to access the string. A string that has been placed in an atom table is called an atom name."

    In a blog post describing the method of attack, enSilo's Tal Liberman wrote: "Our research team has uncovered a new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection."

  • British parliament members urge Obama to halt hacking suspect’s US extradition

    This week, culture minister Matt Hancock and more than 100 fellow MPs (Members of Parliament) have signed a letter calling on president Barack Obama to block Lauri Love's extradition to the US to face trial over the alleged hacking of the US missile defence agency, the FBI, and America's central bank.

    Love—an Asperger's syndrome sufferer from Stradishall, Suffolk—was told in September at a Westminster Magistrates' Court hearing that he was fit to be extradited to the US to face trial in that country. The 31-year-old faces up to 99 years in prison in the US if convicted. According to his lawyers, Love has said he fears for his life.

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Bug Bounty Hunter Launches Accidental DDoS Attack on 911 Systems via iOS Bug

    The Maricopa County Sheriff's Office Cyber Crimes Unit arrested Meetkumar Hiteshbhai Desai, an 18-year-old teenager from the Phoenix area, for flooding the 911 emergency system with hang-up calls.

    According to a press release from the Maricopa County Sheriff's Office, Desai created a JavaScript exploit, which he shared on Twitter and other websites with his friends.

    People accessing Desai's link from their iPhones saw their phone automatically dial and redial 911.

  • Dyn DDoS attack exposes soft underbelly of the cloud

    It's apparently possible that a DDoS attack can be big enough to break the internet -- or, as shown in the attack against ISP Dyn, at least break large parts of it.

    The DDoS attack against Dyn that began Friday went far past taking down Dyn's servers. Beyond the big-name outages, organizations could not access important corporate applications or perform critical business operations.

  • [Older] ​The Dyn report: What we know so far about the world's biggest DDoS attack

    First, there was nothing -- nothing -- surprising about this attack. As Paul Mockapetris, creator of the Domain Name System (DNS), said, "The successful DDoS attack on DYN is merely a new twist on age-old warfare. ... Classic warfare can be anticipated and defended against. But warfare on the internet, just like in history, has changed. So let's take a look at the asymmetrical battle in terms of the good guys (DYN) and the bad guys (Mirai botnets), and realize and plan for more of these sorts of attacks."

  • Incident Report: Inadvertent Private Repository Disclosure

    On Thursday, October 20th, a bug in GitHub’s system exposed a small amount of user data via Git pulls and clones. In total, 156 private repositories of GitHub.com users were affected (including one of GitHub's). We have notified everyone affected by this private repository disclosure, so if you have not heard from us, your repositories were not impacted and there is no ongoing risk to your information.

    This was not an attack, and no one was able to retrieve vulnerable data intentionally. There was no outsider involved in exposing this data; this was a programming error that resulted in a small number of Git requests retrieving data from the wrong repositories.

    Regardless of whether or not this incident impacted you specifically, we want to sincerely apologize. It’s our responsibility not only to keep your information safe but also to protect the trust you have placed in us. GitHub would not exist without your trust, and we are deeply sorry that this incident occurred.

Security News

Filed under
Security
  • Friday's security advisories
  • Here's How to Protect Linux Servers & Android Phones from Dirty COW Vulnerability
  • The Inevitability of Being Hacked

    The last attempted hack came 5 minutes ago, using the username root and the password root.

  • New Windows code injection method could let malware bypass detection

    Security researchers have discovered a new way that allows malware to inject malicious code into other processes without being detected by antivirus programs and other endpoint security systems.

    The new method was devised by researchers from security firm Ensilo who dubbed it AtomBombing because it relies on the Windows atom tables mechanism. These special tables are provided by the operating system and can be used to share data between applications.

    "What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table," Ensilo researcher Tal Liberman said in a blog post. "We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code."

    This new code-injection technique is not currently detected by antivirus and endpoint security programs because it is based on legitimate functionality, according to Liberman. Also, the atom tables mechanism is present in all Windows versions and it's not something that can be patched because it's not a vulnerability.

  • Of course smart homes are targets for hackers

    The Wirecutter, an in-depth comparative review site for various electrical and electronic devices, just published an opinion piece on whether users should be worried about security issues in IoT devices. The summary: avoid devices that don't require passwords (or don't force you to change a default and devices that want you to disable security, follow general network security best practices but otherwise don't worry - criminals aren't likely to target you.

  • OpenStack Security Project Aims to Protect the Open-Source Cloud

    The OpenStack Security project adds new tools and processes to help secure OpenStack technologies. The project technical leader offers insight on the program.
    Security is such a critical element of the open-source OpenStack cloud platform that there is an entire project—the OpenStack Security project—dedicated to the task of helping protect OpenStack technologies.

    In a well-attended session at the OpenStack Summit in Barcelona, Spain, on Oct. 27, Rob Clark, the project technical leader of the OpenStack Security project, detailed the group's most recent efforts.

Security News

Filed under
Security
  • GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

    Last week was the disclosure of the Linux kernel's Dirty COW vulnerability while the latest high-profile open-source project going public with a new security CVE is GNU's Tar. Tar CVE-2016-6321 is also called POINTYFEATHER according to the security researchers.

    The GNU Pointy Feather vulnerability comes down to a pathname bypass on the Tar extraction process. Regardless of the path-name(s) specified on the command-line, the attack allows for file and directory overwrite attacks using specially crafted tar archives.

  • Let’s Encrypt and The Ford Foundation Aim To Create a More Inclusive Web

    Let’s Encrypt was awarded a grant from The Ford Foundation as part of its efforts to financially support its growing operations. This is the first grant that has been awarded to the young nonprofit, a Linux Foundation project which provides free, automated and open SSL certificates to more than 13 million fully-qualified domain names (FQDNs).

    The grant will help Let’s Encrypt make several improvements, including increased capacity to issue and manage certificates. It also covers costs of work recently done to add support for Internationalized Domain Name certificates.

    “The people and organizations that Ford Foundation serves often find themselves on the short end of the stick when fighting for change using systems we take for granted, like the Internet,” Michael Brennan, Internet Freedom Program Officer at Ford Foundation, said. “Initiatives like Let’s Encrypt help ensure that all people have the opportunity to leverage the Internet as a force for change.”

  • How security flaws work: SQL injection

    Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. After being extradited to the US recently, he stands accused of attacking systems belonging to the US government. The attack was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the tragic suicide of Aaron Swartz as the hacktivist infamously awaited trial.

  • How To Build A Strong Security Awareness Program

    At the Security Awareness Summit this August in San Francisco, a video clip was shown that highlights the need to develop holistic security awareness. The segment showed an employee being interviewed as a subject matter expert in his office cubicle. Unfortunately, all his usernames and passwords were on sticky notes behind him, facing the camera and audience for all to see.

    I bring this story up not to pick on this poor chap but to highlight the fact that security awareness is about human behavior, first and foremost. Understand that point and you are well on your way to building a more secure culture and organization.

    My work as director of the Security Awareness Training program at the SANS Institute affords me a view across hundreds of organizations and hundreds of thousands of employees trying to build a more secure workforce and society. As we near the end of this year's National Cyber Security Awareness Month, here are two tips to incorporate robust security awareness training into your organization and daily work.

FOSS Security

Filed under
OSS
Security
  • European Parliament votes to extend Free Software security audits

    Remember how I raised €1 million to demonstrate security and freedom aren’t opposites? Well here’s what happened next and how we are going to move forward with this.

    In 2014, two major security vulnerabilities, Heartbleed and Shellshock, were discovered. Both concerned Free Software projects that are widely used throughout the Internet, on computers, tablets, and smartphones alike. My colleague Max Andersson from the Swedish Greens and I proposed a so-called “pilot project”, the Free and Open Source Software Audit (FOSSA).

  • Princeton Upskills U on Open Source Security

    During Wednesday's Upskill U course, lecturer Gary Sockrider, principal security technologist for Arbor Networks , explained the history of DDoS attacks, case studies of recent attacks, and the business impact of these security threats. DDoS attacks not only raise operational expenses, but can also negatively affect an organization's brand, and result in loss of revenue and customers. (Listen to Security: Tackling DDoS.)

    "Having visibility is key, you can't stop something you can't see. Having good visibility across your own network is vital in finding and stopping these attacks," said Sockrider. "You can leverage common tools and technology that are already available on the network equipment you own today such as flow technologies, looking at SIP logs … Obviously you'll want to get to some specific intelligent DDoS mitigation in the end."

CentOS 6 Linux Servers Receive Important Kernel Security Patch, Update Now

Filed under
Linux
Red Hat
Security

We reported a couple of days ago that Johnny Hughes from the CentOS Linux team published an important kernel security advisory for users of the CentOS 7 operating system.

Read more

Security News

Filed under
Security
  • Thursday's security updates
  • Mirai will be dwarfed by future Android botnet DDoS attacks, Lookout warns

    THE MIRAI BOTNET will seem like nothing compared to the havoc that is caused when hackers turn their attention to hijacking Android smartphones, Lookout’s security research chief has warned.

    Speaking to the INQUIRER, Mike Murray said it would be easy for cyber crooks to take over millions of smartphones, noting how often the Android requires patching.

  • Deal Seeks to Limit Open-Source Bugs

    Seeking to spot potential security vulnerabilities in systems that increasingly rely on open source software, software license optimization vendor Flexera Software has acquired a specialist in identifying potentially vulnerable software components.

    Flexera, Itasca, Ill., said Thursday (Oct. 27) it is acquiring San Francisco-based Palamida Inc. Terms of the transaction were not disclosed.

  • Senator Wants to Classify Insecure Internet of Things Devices As 'Harmful'

    A massive attack carried out with a zombie army of hacked internet-connected devices caused intermittent outages on Friday, preventing tens of thousands of people from accessing popular sites such as Twitter, Reddit, and Netflix.

    For many security experts, an attack like that one, which leveraged thousands of easy-to-hack Internet of Things such as DVRs and surveillance cameras—weaponized thanks to a mediocre but effective malware known as Mirai—is just a sign of things to come.

    That’s why Sen. Mark Warner (D-Va.) wants the US government to do something about it.

  • Senator Prods Federal Agencies on IoT Mess

    The co-founder of the newly launched Senate Cybersecurity Caucus is pushing federal agencies for possible solutions and responses to the security threat from insecure “Internet of Things” (IoT) devices, such as the network of hacked security cameras and digital video recorders that were reportedly used to help bring about last Friday’s major Internet outages.

    In letters to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS), Virginia Senator Mark Warner (D) called the proliferation of insecure IoT devices a threat to resiliency of the Internet.

Syndicate content

More in Tux Machines

today's leftovers

  • 5 Things To Expect From The World Of Linux In 2017
    Linux has come out of oblivion to become a mainstream technology today - making its presence felt in the world of marketing, finance, operations and in every other domain. The New Year 2017, should hold promise for Linux, as Bryan Lunduke said recently. There will be some crucial outcomes of the Linux Foundation-Microsoft partnership as well, which made waves in the tech circles the world over. From the predictions available, there will be increased focus on some areas, while the others will witness a lot of trial and error, and even predictive failure, for that matter.
  • Over 1,000 games have released on Steam this year with Linux support
    Don't adjust your screens, as you did read that correctly. Over 1,000 games have released on Steam this year alone with Linux support. I've been slowly writing up an end of year roundup and something I wanted to know was how well we have done this year in terms of actual releases. It took a while to add it all up, as some games show up in the list with a date that’s passed and they aren’t actually released. I had to be pretty careful and do it slowly to make sure it's right.
  • KDE Neon User LTS Edition Released, Powered By Plasma 5.8
    Jonathan Riddell has announced the KDE Neon User LTS Edition availability. Rather than tracking the bleeding-edge KDE developments as KDE Neon traditionally does, the User LTS Edition tracks Plasma 5.8 LTS.
  • KDE e.V. Community Report - 2nd Half of 2015
    The KDE e.V. community report for the second half of 2015 is now available. It presents a survey of all the activities and events carried out, supported, and funded by KDE e.V. in that period, as well as the reporting of major conferences that KDE has been involved in.
  • Best distro of 2016 poll
    Time for you to express yourselves. It's been another year full of ups and downs, good distros and bad distros. Or if I may borrow a quote from a movie, Aladeen distros and Aladeen distros. Indeed. The rules are very similar to what we did in years gone past. I will conduct my own annual contest best thingie wossname, with a sprinkling of KDE, Xfce and other desktops, having their separate forays. But then, I will incorporate your ideas and thoughts into the final verdict, much like the 2015 best distro nomination. Let us.

Networking and Servers

  • Best Open Source Hosting Control Panels
    Most website owners use web hosting control panels to manage their hosting environment. The fact is, the control panel facilitates the server administration and allows users to manage multiple websites without hiring an expert. Today, with so many options available, you don’t have to be a command line guru in order to host a simple website. All you need is a server and a web hosting control panel. There are paid control panels like WHM/cPanel or DirectAdmin which are very powerful, but if you don’t like to pay for a control panel you can simply choose one of the open source alternatives. In this guide, we will present to you some of the most popular open source hosting control panels.
  • ZEPL Announces $4.1M Funding to Accelerate Innovation and Adoption of Apache Zeppelin For End-to-End Analytics Workflow
  • Apache Zeppelin Gets Commercial Backing from ZEPL
    NFlabs rebrands as ZEPL and announces $4.1M in funding in support of open-source Apache Zeppelin data analytics project. The open-source Apache Zeppelin project is an increasingly popular, web-based notebook for interactive data analytics that directly integrates with the Apache Spark project for Big Data analytics. Among the commercial backers of Zeppelin is ZEPL, formerly known as NFLabs. On December 8, the newly branded ZEPL announced that it has raised $4.1 million in an initial funding round. The funding round was led by Vertex Ventures and it included the participation of Translink Capital, Specialized Types and Big Basin Capital. The funding is set to be used to help ZEPL build a successful business model. Sejun Ra, co-founder and CEO at ZEPL said that the plan for the new money to help his company build and develop a single platform for end-to-end data analytics workflow.
  • New Amazon Web Services Region Opens in Canada
    Amazon launches AWS Canada (Central) Region in Montreal, extending Amazon's cloud infrastructure to 15 regions and 40 availability zones around the world. At long last, the cloud is coming to Canada. Amazon Web Services (AWS) announced on December 8, the official launch of the new AWS Canada (Central) Region, providing cloud infrastructure from data centers in Montreal, Quebec. The new AWS region is set to help serve customers in Canada with Amazon already highlighting a number of well-known organizations including National Bank of Canada, Porter Airlines and clothing retailer Lululemon.
  • MEF, TM Forum Unite With Open Source Groups on Network Vision
    MEF Thursday announced the release of a new white paper – “An Industry Initiative For Third Generation Network and Services“ – spearheaded by MEF and co-authored by ON.Lab, ONOS, OPEN-O, OpenDaylight (ODL), the Open Networking Foundation (ONF), Open Platform for NFV (OPNFV), and TM Forum. The white paper describes an industry vision for the evolution and transformation of network connectivity services and the networks used to deliver them. MEF refers to this vision as the “Third Network,” which combines the agility and ubiquity of the Internet with the performance and security of CE 2.0 (Carrier Ethernet 2.0) networks.
  • The New Role of Assurance for Virtualized Networks
    For as long as any of us can remember, fulfillment and assurance were two independent processes, mostly because they were conceived, operated and purchased by separate departments. As Alfred D. Chandler demonstrated in his classic book “Strategy and Structure,” operations and even business structure follow organizational charts and vice-versa. Fulfillment and assurance are no exceptions, with those organizations driving processes and supporting software purchases. While many know that its not ideal, the situation has mostly worked.
  • IBM building blockchain ecosystem
    IBM believes blockchain technology, with its capability to create an essentially immutable ledger of digital events, will alter the way whole industries conduct transactions. To make that happen, Big Blue asserts, requires a complete ecosystem of industry players working together. To that end, IBM today said it is building a blockchain ecosystem, complete with a revenue sharing program, to accelerate the growth of networks on the Linux Foundation's Hyperledger Fabric. IBM envisions the ecosystem as an open environment that allows organizations to collaborate using the Hyperledger Fabric.

today's howtos