I am implementing a project that consists of installing a server with Windows Server 2012 Standart 64 bit . So
far so good , to save money with fixed servers , will be used
virtualization with Citrix XenServer 6.2.0 that is now free , thanks
Citrix . Citrix XenServer is one of the best virtualization tools, because they do not consume too much memory and hard disk space .For those working in Unix / Linux is a breakthrough in configurations terminal via ssh .
I
had no problem to install and create virtual machines , but I had a
problem that the management platform always said that the VM did not
have XenServer Tools installed .
The problem is that they had already installed .
I'm usingXenServermanagement toolthatworks in32-bit (x86), so I thought reinstalling first x64 driver, citrixvssx64.msi and citrixguestx64.msi, then installwizzard.msi in theVM.
And voila, the errorthatXenServerTools wasnot installedisresolved.
Inanother virtual machinehad to uninstalltheXenServerTools, update WindowsbyWindowsUpdate,InstallingXenServerToolsx86manually and thenrun theprocedure for automaticinstallation ofXenServerTools.
Free online Linux courses
that are either affiliated or not, generally offer self-study material
and do not provide academic credits. Some of the material that we bring
to you today is offered through schools' OpenCourseWare (OCW) projects
and can be found in PDF, video and screenshots formats.
Though
content is usually directed towards first time users of Linux systems,
the IBM and the University of California at Davis' offerings cater to
intermediate users. Students may need to have access to their own
computers running Linux in order to complete some lessons.
This
online OCW course covers the knowledge needed to build a website.
Consisting of various video lectures, this tutorial instructs
individuals on how to build a website using Linux, as well as various
other frameworks. Students learn how to set up domains, design
databases, program with Java and build web pages using CSS (cascading
style sheets) and XHTML (extensible hypertext markup language). There
are sample projects in PDF format.
The
focus of this course is to teach students how to do physics
calculations using a computer as a calculator. They also learn Java
programming in a Linux environment. Through external website links, this
online course teaches students about using algorithms and working
within the Linux operating system.
The
free tutorial, which lasts less than an hour, provides learners with an
introduction to the Linux environment. Narrated by Chris Simmonds at a
2010 Embedded Linux Conference Europe, this video is the first in a
3-part series on Linux. Students learn the four basic elements of Linux:
toolchain, boot loader, kernel and user space.
A
simple introductory tutorial of slides in PDF format, this course
material shares basic information about what Linux is, the different
versions - or distributions - available, and how to use it. Files,
folders, pages, commands and writing script are some of the topics and
tools this course covers.
Offered
as an online podcast training, the Linux Effect offers information on
the Linux operating system and how it's advanced through the years.
Students learn the origin of Linux, how Linux is used in our daily lives
and the connection between Linux and cloud computing. Students need a
PDF viewer, such as Adobe Reader, to complete this course.
In
this free tutorial series, users prepare for the Linux Professional
Institute Intermediate Level Administration (LPIC-2) Exam 201. The first
tutorial guides students through the components, compiling, patching
and customizing of a Linux kernel. Other topics in the series include
system maintenance, web services, hardware and troubleshooting.
In this MicroNugget, CBT Nuggets trainer Keith Barker explains using a
wireless LAN controller to quickly identify rogue access points and
verifies the results using Wireshark.
Want to request a MicroNugget? Express your ideas here:
Join CBT Nuggets trainer Garth Schulte for a free, 30-minute webinar
on Hadoop. He’ll discuss the popular platform that’s used to store and
analyze large amounts of data. Garth will also answer questions from
webinar participants, so be sure to mark your calendars!
The webinar is free, but registration is required. You can sign up below.
Thereason for thiswebinarto show the newtrainingserieson theBackTrackLinuxandKali.
Have
you ever wondered what Kali Linux is, and how it can help you? Find out
in a free 30-minute webinar with CBT Nuggets trainer Keith Barker!
Keith, creator of CBT Nuggets' "BackTrack and Kali Linux"
training series, will give an overview of these valuable pentesting
tools and will answer participants' questions. Don’t miss it!
Slides about Java EE 7 Platform Productivity++ and HTML5
Java Platform, Enterprise Edition 7 (Java EE 7) is a major update of Java Enterprise Edition scheduled to be final in Q2 2013. Java EE 7 is specified in JSR 342.
It is important to note that the Java EE 7 specification and its underlying specifications are still work in progress and as such timing and exact content are subject to change
Just because you are paranoid doesn't mean your phone isn't listening to everything you say
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native
Unix), the operating system that powers all Cisco TNP IP phones. We
demonstrate the reliable exploitation of all Cisco TNP phones via
multiple vulnerabilities found in the CNU kernel. We demonstrate
practical covert surveillance using constant, stealthy exfiltration of
microphone data via a number of covert channels. We also demonstrate the
worm-like propagation of our CNU malware, which can quickly compromise
all vulnerable Cisco phones on the network. We discuss the feasibility
of our attacks given physical access, internal network access and remote
access across the internet. Lastly, we built on last year's presentation
by discussing the feasibility of exploiting Cisco phones from
compromised HP printers and vice versa.
Cisco PSIRT has assigned CVE Identifier CVE-2012-5445 to this issue.
<Begin RNE Text>
Symptoms:
Cisco Unified IP Phone 7900 series devices also referred to as Cisco TNP
Phones contain an input validation vulnerability. A local,
authenticated attacker with the ability to place a malicious binary on
the phone could leverage this issue to elevate their privileges or take
complete control of the device.
The issue is due to a failure to properly validate certain system calls
made to the kernel of the device. This failure could allow the attacker
to overwrite arbitrary portions of user or kernel space memory.
The following Cisco Unified IP Phone devices are affected:
Cisco Unified IP Phone 7975G
Cisco Unified IP Phone 7971G-GE
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7965G
Cisco Unified IP Phone 7962G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7961G-GE
Cisco Unified IP Phone 7945G
Cisco Unified IP Phone 7942G
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7941G-GE
Cisco Unified IP Phone 7931G
Cisco Unified IP Phone 7911G
Cisco Unified IP Phone 7906
The following models have reached end-of-life (EOL) status (for hardware
only):
Cisco Unified IP Phone 7971G-GE
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7961G-GE
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7941G-GE
Cisco Unified IP Phone 7906
Refer to the following link to determine what product upgrade and
substitution options are available:
http://www.cisco.com/en/US/products/hw/phones/ps379/prodeolnotices_list.html
Conditions:
Cisco Unified IP Phones within the 7900 Series running a version of
Cisco IP Phone software prior to 9.3.1-ES10 are affected. The fixed
software release is expected to be available for customers mid-to-late
November 2012.
Workaround:
Restrict SSH and CLI access to trusted users only. Administrators may
consider leveraging 802.1x device authentication to prevent unauthorized
devices or systems from accessing the voice network.
Further Problem Description:
This issue was reported to Cisco PSIRT by Ang Cui of Columbia
University. Cisco PSIRT would like to thank Ang and his staff for
working with Cisco to resolve this issue.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 6.8/5.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-5445 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/productssecurityvulnerability_policy.html
<End RNE Text>
Oracle launch new version of Java for Oracle Java 7 Security Manager Bypass Vulnerability
Systems Affected
Any system using Oracle Java 7 (1.7, 1.7.0) including
Java
Platform Standard Edition 7 (Java SE 7)
Java SE Development Kit (JDK
7)
Java SE Runtime Environment (JRE 7)
All versions of Java
7 through update 10 are affected. Web browsers using the Java 7 plug-in
are at high risk.
Overview
A vulnerability in the way Java 7 restricts the permissions of Java applets
could allow an attacker to execute arbitrary commands on a vulnerable
system.
Description
A vulnerability in the Java Security Manager allows a Java applet to grant
itself permission to execute arbitrary code. An attacker could use social
engineering techniques to entice a user to visit a link to a website hosting a
malicious Java applet. An attacker could also compromise a legitimate web site
and upload a malicious Java applet (a "drive-by download"
attack).
Any web browser using the Java 7 plug-in is affected. The Java
Deployment Toolkit plug-in and Java Web Start can also be used as attack
vectors.
Reports indicate this vulnerability is being actively exploited,
and exploit code is publicly available.
Further technical details are
available in Vulnerability Note VU#625617.
Impact
By convincing a user to load a malicious Java applet or Java Network
Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a
vulnerable system with the privileges of the Java plug-in process.
In Europe the consumer does not loose the obligatory 2-year warranty on the device just because the device is flashed.
FSFE Legal team has analysed this issue and the answer, if the consumer bought it inside the EU, is no.
The consumer does not loose the obligatory 2-year warranty on the device just because the device is flashed.
"A good test to see if it is the software’s fault is to flash it
back with stock firmware/OS and see if the problem persists. If it does,
it is not a software-caused problem. If it is not possible to revert it
to stock software any more, it is also not a software-caused defect.
There are very few hardware defects that are caused by software".
Directive 1999/44/CE dictates1
that any object meeting certain criteria (incl. telephones, computers,
routers etc.) that is sold to a consumer2. inside the European Union,
has to carry a warranty from the seller that the device will meet the
quality that you would expect for such a device for a period of 2 years.
A telephone is an example of such a device and is an object that
comprises many parts, from the case to the screen to the radio, to a
mini-computer, to the battery, to the software that runs it. If any of
these parts3 stop working in those 2 years, the seller has to fix or
replace them. What is more these repairs should not cost the consumer a
single cent — the seller has to cover the expenses (Directive
1999/44/CE, §3). If the seller has any expenses for returning it to the
manufacturer, this is not your problem as a consumer.
If your device becomes defective in the first 6 months, it is presumed
that the defect was there all along, so you should not need to prove
anything.
If your device becomes defective after the first 6 months, but before 2
years run out, you are still covered. The difference is only that if the
defect arises now, the seller can claim that the defect was caused by
some action that was triggered by non-normal use of the device4. But in
order to avoid needing to repair or replace your device, the seller has
to prove that your action caused5 the defect. It is generally recognised
by courts that unless there is a sign of abuse of the device, the
defect is there because the device was faulty from the beginning. That
is just common sense, after all.
So, we finally come to the question of rooting, flashing and changing
the software. Unless the seller can prove that modifying the software,
rooting your device or flashing it with some other OS or firmware was
the cause for the defect, you are still covered for defects during those
2 years. A good test to see if it is the software’s fault is to flash
it back with stock firmware/OS and see if the problem persists. If it
does, it is not a software-caused problem. If it is not possible to
revert it stock software any more, it is also not a software-caused
defect. There are very few hardware defects that are caused by software —
e.g. overriding the speaker volume above the safe level could blow the
speaker.
Many manufacturers of consumer devices write into their warranties a
paragraph that by changing the software or “rooting” your device, you
void the warranty. You have to understand that in EU we have a
“statutory warranty”, which is compulsory that the seller must offer by
law (Directive 1999/44/CE, §7.1) and a “voluntary warranty” which the
seller or manufacturer can, but does not need to, offer as an additional
service to the consumer. Usually the “voluntary warranty” covers a
longer period of time or additional accidents not covered by law6. If
though the seller, the manufacturer or anyone else offers a “voluntary
warranty”, he is bound to it as well!
So, even if, by any chance your “voluntary warranty” got voided, by
European law, you should still have the 2 year “compulsory warranty” as
it is described in the Directive and which is the topic of this article.
In case the seller refuses your right to repair or replace the device,
you can sue him in a civil litigation and can report the incident to the
national authority. In many European countries such action does not
even require hiring a lawyer and is most of the time ensured by
consumers associations.
The warranty under this Directive is only applicable inside the European Union and only if you bought the device as a consumer.
[1] EU member states must have by now imported the Directive 1999/44/CE
into their national laws. So you should quote also your local law on
that topic.
[2] A consumer is a natural person who acts for their own private purposes and not as a professional. .
[3] Batteries can be exempt of this and usually hold only 6 months warranty.
[4] E.g. a defect power button could be caused by spreading marmalade in
it or hooking it onto a robot that would continuously press the button
every second 24/7 — of course that is not normal or intended use.
[5] Note that correlation is not causation — the defect has to be proven
to be caused by your action, not just correlate with it.
[6] E.g. if a device manufacturer guarantees the phone is water- and
shock-proof or a car manufacturer offers 7 years of warranty against
rust.
