Categories
ZDNet

At Amazon, it’s a ‘hands-off’ approach to continuous integration and continuous deployment of software


It’s no surprise that Amazon Web Services is way ahead of the world with continuous integration and continuous deployment of software, especially since it advertises itself as a go-to place for organizations seeking to put CI/CD into full practice. The online services giant has taken its own internal CI/CD practices to the next level, however, making it essentially a completely “hands-off” operation.


Photo: Joe McKendrick

At AWS, changes in microservices are automatically deployed to production “multiple times a day by continuous deployment pipelines,” according to Clare Liguori, a principal software engineer at AWS. This pipeline-centered strategy is key to its ability to keep pumping out code. In a recent post, she explains how Amazon moves software through its phases rapidly and automatically. Remarkably, managers and developers spend little to no time shepherding deployments and watching logs and metrics for any impact. “Automated deployments in the pipeline typically don’t have a developer who actively watches each deployment to prod, checks the metrics, and manually rolls back if they see issues. These deployments are completely hands-off. The deployment system actively monitors an alarm to determine if it needs to automatically roll back a deployment.”  Read More

Categories
ZDNet

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL


The Visa and Mastercard payment processors, along with Adobe, have tried last-ditch efforts this month to get online store owners to update their platforms.

In three days, on June 30, the Magento 1.x platform is set to reach its official end-of-life (EOL) date, after which Adobe plans to stop offering security updates.

Stores that haven’t updated to the latest 2.x branch and are still running Magento 1.x installations will become highly vulnerable to attacks from hackers.

The danger is considered high as for the past three years, hackers have been heavily exploiting Magento bugs to breach stores and insert payment card-stealing code in checkout forms — in a form of attack known as web skimming or Magecart. Read More

Categories
ZDNet

Demand for employee surveillance software soars


Hmm, what is my employee doing now?


Getty Images/iStockphoto

Your bosses have become a little more caring.

They understand that working from home isn’t ideal. They know you may have kids or a small apartment. Or both.

So, with the advent of the coronavirus, they’re showing their human side a little more.

I want to believe this. I truly do. It seems, though, that COVID-19 has led to an interest in covert activities. Covert management activities, that is.

A new study, you see, suggests that interest in employee surveillance software has risen greatly since we were all locked down and loaded with toilet paper. As measured by search data, that is. Read More

Categories
ZDNet

Nvidia squashes display driver code execution, information leak bugs


Nvidia has released a set of security updates to remove vulnerabilities in the Nvidia GPU Display Driver.

This week, the tech giant published a security advisory for a total of six bugs in the driver, varying in severity with CVSS scores of between 5.5 and 7.8 and impacting both Windows and Linux machines.

The first vulnerability, CVE‑2020‑5962, is found in the Nvidia Control Panel component of the driver, in which a local attacker can corrupt system files, leading to denial of service or privilege escalation. Read More

Categories
ZDNet

More than 75% of all vulnerabilities reside in indirect dependencies


The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components.

“Aggregating the numbers from all ecosystems, we found more than three times as many vulnerabilities in indirect dependencies than we did direct dependencies,” Alyssa Miller, Application Security Advocate at Snyk, told ZDNet in an interview discussing Snyk’s State of Open Source Security for 2020 study.

The report looked at how vulnerabilities impacted the JavaScript (npm), Ruby (RubyGems), Java (MavenCentral), PHP (Packagist), and Python (PyPI) ecosystems. Read More

Categories
ZDNet

Ex-Intel engineer: Apple turned away from Intel over Skylake CPU bugs


A former Intel engineer reckons Apple decided to switch from Intel due to the unusually high number of bugs in the chip maker’s Skylake CPUs that powered Macs released between 2015 and 2017.

The claim is made by François Piednoël, now principal architect at Mercedes-Benz R&D North America. While it is just the opinion of one former Intel engineer, Piednoël worked at Intel for 20 years and was one of its top CPU architects. He left the company in 2017.

At WWDC last week Apple confirmed the long-predicted switch to Arm for its future Macs, but Piednoël pinpoints the arrival of buggy Skylake Core CPUs as the key event that prompted Apple to move away from Intel. Read More

Categories
ZDNet

Credit card skimmers are now being buried in image file metadata on e-commerce websites


Cybercriminals making use of online credit card skimmers continue to improve their attack methods, and this time, malicious code has been found buried in image file metadata loaded by e-commerce websites.

According to Jérôme Segura, Malwarebytes Director of Threat Intelligence, the new technique is a way to “hide credit card skimmers in order to evade detection.”

Over the past few years, with the gradual increase of popularity in online shopping — now more so than ever due to the novel coronavirus pandemic — has given rise to cyberattacks dedicated to the covert theft of payment card information used when making online purchases.  Read More

Categories
ZDNet

IBM mocks a startup and the question is what are you doing, IBM?


Was this really necessary?

Here’s how it’s supposed to work.

When you’re a big company, say one worth $100 billion or more, you stay above the fray.

You pose as a great contributor to society. You might even choose to withdraw from offering facial recognition technology.

One thing you shouldn’t really do is mock companies that are a lot smaller than you are.

I’m a touch perturbed, therefore, to learn that IBM — for this is the company on our purple chaise-lounge today — thought it would make a barbed joke about a relatively small cloud data warehouse company called Yellowbrick. Read More

Categories
ZDNet

Going back to the office? Here are five major tech problems that lie ahead of you


IT departments have had a hectic few months. With organizations across the globe switching to remote working overnight, the majority of IT professionals report that their workloads have increased significantly – by as much as 37%, according to recent research. And unfortunately for support desks, this might only be the beginning.

Now countries are gradually exiting lockdowns, and the focus is on a potential return to the office, at least for some employees. That may sound like fewer tickets filed for faulty WFH laptops or video call fails; but in reality, IT teams are bracing themselves for a storm of new issues.  Read More

Categories
ZDNet

For business customers, Microsoft’s Windows 10 documentation is an unruly mess


One of the unexpected and unwelcome side effects of Microsoft’s push to Windows as a Service is that its documentation has become an unruly mess.

The problem isn’t a lack of information. Microsoft’s generally been doing a good job of describing high-level changes in Windows and then supplying lots of technical detail about those changes in relatively short order. That’s especially true for topics that matter to developers and to people deploying Windows at scale in enterprise shops. Read More