Tag Archives: leading

National Oilwell Varco selects Microsoft Dynamics 365 to enhance sales and service operations | Stories

REDMOND, Wash. — July 18, 2018 — On Wednesday, National Oilwell Varco, a leading provider of technology, equipment and services to the global oil and gas industry, and Microsoft Corp. announced an agreement to collaborate on digitally enhancing NOV’s sales platform and field service operations to deliver premier experiences, including project management and drilling operations, to the oil and gas industry.

As oil and gas producers continue to push to optimize productivity and minimize downtime, NOV is leveraging Microsoft Dynamics 365 to streamline business processes, access real-time data and insights, and revolutionize field service operations with a digital, mobile-first approach. With Microsoft cloud-powered solutions, NOV is enriching legacy systems and processes to drive consistency and visibility across platforms. The goal is to increase revenue generation while reducing revenue leakage and improve service margins through greater efficiencies, higher levels of customer satisfaction, and better retention rates. Using Microsoft Dynamics 365 is enabling employees across NOV’s departments to be more adaptable, reliable and efficient.

“At NOV, we’re passionate about delivering the highest level of customer service,” said Clay Williams, chairman, president, and CEO. “Field service is the link between our customers and manufacturing, and with Microsoft Dynamics 365 and Power BI, we’re able to better understand our customers’ needs, identify the appropriate resources for each task, and effectively address the issue, creating a seamless experience.”

Microsoft Dynamics 365 unifies customer relationship management and enterprise resource planning solutions, allowing NOV’s sales and commercial teams to effectively identify and capture field service opportunities and service managers to better allocate jobs and resources. Field technicians can also access detailed job descriptions complete with customer information, service needs, and the equipment necessary to accurately and efficiently complete the task.

“NOV continues to invest in state-of-the-art technology and innovations to support the goal of delivering premier customer service,” said Judson Althoff, executive vice president, Worldwide Commercial Business, Microsoft. “Today, NOV is doubling down on its commitment to customers with Microsoft’s intelligent cloud and business applications by enabling customer- and data-driven insights and actions.”

About NOV

National Oilwell Varco, Inc. (NYSE: NOV) is a leading provider of technology, equipment, and services to the global oil and gas industry. NOV has been pioneering innovations that improve the cost-effectiveness, efficiency, safety, and environmental impact of oil and gas operations since 1862. The depth and breadth of NOV’s offerings support customers’ full-field, drilling, completion, and production needs. NOV powers the industry that powers the world. Visit www.nov.com for more information.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, rrt@we-worldwide.com

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

National Oilwell Varco selects Microsoft Dynamics 365 to enhance sales and service operations | Stories

REDMOND, Wash. — July 18, 2018 — On Wednesday, National Oilwell Varco, a leading provider of technology, equipment and services to the global oil and gas industry, and Microsoft Corp. announced an agreement to collaborate on digitally enhancing NOV’s sales platform and field service operations to deliver premier experiences, including project management and drilling operations, to the oil and gas industry.

As oil and gas producers continue to push to optimize productivity and minimize downtime, NOV is leveraging Microsoft Dynamics 365 to streamline business processes, access real-time data and insights, and revolutionize field service operations with a digital, mobile-first approach. With Microsoft cloud-powered solutions, NOV is enriching legacy systems and processes to drive consistency and visibility across platforms. The goal is to increase revenue generation while reducing revenue leakage and improve service margins through greater efficiencies, higher levels of customer satisfaction, and better retention rates. Using Microsoft Dynamics 365 is enabling employees across NOV’s departments to be more adaptable, reliable and efficient.

“At NOV, we’re passionate about delivering the highest level of customer service,” said Clay Williams, chairman, president, and CEO. “Field service is the link between our customers and manufacturing, and with Microsoft Dynamics 365 and Power BI, we’re able to better understand our customers’ needs, identify the appropriate resources for each task, and effectively address the issue, creating a seamless experience.”

Microsoft Dynamics 365 unifies customer relationship management and enterprise resource planning solutions, allowing NOV’s sales and commercial teams to effectively identify and capture field service opportunities and service managers to better allocate jobs and resources. Field technicians can also access detailed job descriptions complete with customer information, service needs, and the equipment necessary to accurately and efficiently complete the task.

“NOV continues to invest in state-of-the-art technology and innovations to support the goal of delivering premier customer service,” said Judson Althoff, executive vice president, Worldwide Commercial Business, Microsoft. “Today, NOV is doubling down on its commitment to customers with Microsoft’s intelligent cloud and business applications by enabling customer- and data-driven insights and actions.”

About NOV

National Oilwell Varco, Inc. (NYSE: NOV) is a leading provider of technology, equipment, and services to the global oil and gas industry. NOV has been pioneering innovations that improve the cost-effectiveness, efficiency, safety, and environmental impact of oil and gas operations since 1862. The depth and breadth of NOV’s offerings support customers’ full-field, drilling, completion, and production needs. NOV powers the industry that powers the world. Visit www.nov.com for more information.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, rrt@we-worldwide.com

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

Microsoft + GitHub = Empowering Developers – The Official Microsoft Blog

Today, we announced an agreement to acquire GitHub, the world’s leading software development platform. I want to share what this acquisition will mean for our industry and for developers.

The era of the intelligent cloud and intelligent edge is upon us. Computing is becoming embedded in the world, with every part of our daily life and work and every aspect of our society and economy being transformed by digital technology.

Developers are the builders of this new era, writing the world’s code. And GitHub is their home.

As every industry – from precision medicine to precision agriculture, from personalized education to personalized banking – is being impacted by technology, the developer community will only grow in numbers and importance. Developer workflows will drive and influence business processes and functions across the organization – from marketing, sales and service, to IT and HR. And value creation and growth across every industry will increasingly be determined by the choices developers make.

In short, developers will be at the center of solving the world’s most pressing challenges. However, the real power comes when every developer can create together, collaborate, share code and build on each other’s work. In all walks of life, we see the power of communities, and this is true for software development and developers.

That is why we are so excited about today’s announcement. More than 28 million developers already collaborate on GitHub, and it is home to more than 85 million code repositories used by people in nearly every country. From the largest corporations to the smallest startups, GitHub is the destination for developers to learn, share and work together to create software. It’s a destination for Microsoft too. We are the most active organization on GitHub, with more than 2 million “commits,” or updates, made to projects.

Microsoft has been a developer-focused company from the very first product we created to the platforms and tools we offer today. Building technology so that others can build technology is core to our mission to empower every person and every organization on the planet to achieve more.

Chris Wanstrath (left), Github CEO and co-founder; Nat Friedman, Microsoft corporate vice president, Developer Services; Satya Nadella, Microsoft CEO; and Amy Hood, Microsoft Chief Financial Officer.

Microsoft is also committed to empowering communities, from the world’s professionals to IT professionals to gamers. We believe in the power of communities to achieve much more than what their members can do on their own. It’s our ability to work together that helps our dreams become reality, and we are dedicated to cultivating and growing communities to do just that.

And Microsoft is all-in on open source. We have been on a journey with open source, and today we are active in the open source ecosystem, we contribute to open source projects, and some of our most vibrant developer tools and frameworks are open source. When it comes to our commitment to open source, judge us by the actions we have taken in the recent past, our actions today, and in the future.

Given all of this, together with GitHub, we see three clear opportunities ahead.

First, we will empower developers at every stage of the development lifecycle – from ideation to collaboration to deployment to the cloud. Going forward, GitHub will remain an open platform, which any developer can plug into and extend. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects – and will still be able to deploy their code on any cloud and any device.

Second, we will accelerate enterprise developers’ use of GitHub, with our direct sales and partner channels and access to Microsoft’s global cloud infrastructure and services.

Finally, we will bring Microsoft’s developer tools and services to new audiences.

Most importantly, we recognize the responsibility we take on with this agreement. We are committed to being stewards of the GitHub community, which will retain its developer-first ethos, operate independently and remain an open platform. We will always listen to developer feedback and invest in both fundamentals and new capabilities.

Once the acquisition closes later this year, GitHub will be led by CEO Nat Friedman, an open source veteran and founder of Xamarin, who will continue to report to Microsoft Cloud + AI Group Executive Vice President Scott Guthrie; GitHub CEO and Co-Founder Chris Wanstrath will be a technical fellow at Microsoft, also reporting to Scott. You can see how Chris, Nat and I envision the opportunity ahead in this public presentation.

Together we will continue to advance GitHub as a platform loved by developers and trusted by organizations.

Tags: , , , ,

Columbia Sportswear activates Microsoft Cloud to strengthen consumer engagement | Stories

PORTLAND, Ore., and REDMOND, Wash. — Jan. 30, 2018 — Columbia Sportswear Co. (Nasdaq: “COLM”), a leading innovator in the active outdoor apparel, footwear, accessories and equipment industries, and Microsoft Corp. (Nasdaq: “MSFT”) have announced plans to collaborate on enhancing Columbia Sportswear’s global consumer experience and drive its digital transformation using intelligent cloud technology.

As consumers continue to change the way they engage with brands, Columbia Sportswear is working to deliver a more personalized, seamless experience to those consumers by leveraging Microsoft Dynamics 365 and the Microsoft Azure cloud platform for its retail, call center, customer relationship management and merchandising operations. With a single, holistic view of its consumer and improved omnichannel capabilities, Columbia Sportswear will be able to personalize engagement at every touchpoint by providing employees with enhanced digital tools and information across its global customer relationship management database. Columbia Sportswear also intends to use Dynamics 365 and Azure to gain greater consumer insights and business intelligence through every consumer interaction, whether through its wholesale businesses, brick-and-mortar retail stores, ecommerce experiences or mobile channels.

“At Columbia, we have a long history of leveraging innovative technologies to help connect active people with their passions,” said Michael Hirt, chief information officer at Columbia Sportswear. “This practice extends not just to our products, but across every aspect of our business. Through our collaboration with Microsoft, we’re implementing intelligent cloud technology to streamline our global operations and provide additional flexibility and convenience to our consumers.”

In addition, Columbia Sportswear will be able to manage merchandise globally and streamline operations with increased efficiency, providing the ability to garner valuable insights and improved business intelligence through customized reporting and analytics. Columbia Sportswear is implementing these innovations through Microsoft’s flexible, agile development platform, Visual Studio Team Services, and creating revolutionary data platforms at scale with Azure data services and integration platforms.

“Established in 1938, Columbia Sportswear is setting itself up to be an industry leader for another 80 years,” said Judson Althoff, executive vice president, Worldwide Commercial Business, Microsoft. “Columbia Sportswear will leverage Microsoft’s intelligent cloud to connect data, people and processes globally to deliver personalized shopping experiences for its customers.”

About Columbia Sportswear Company

Columbia Sportswear Company has assembled a portfolio of brands for active lives, making it a leader in the global active lifestyle apparel, footwear, accessories and equipment industry. Founded in 1938 in Portland, Oregon, the company’s brands are today sold in approximately 90 countries. In addition to the Columbia® brand, Columbia Sportswear Company also owns the Mountain Hardwear®, SOREL®, prAna® brands. To learn more, please visit the company’s website at www.columbia.com, www.mountainhardwear.com, www.sorel.com, www.prana.com.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:
Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, rrt@we-worldwide.com

Columbia Sportswear Corporate Communications, Sara Bradshaw, (503) 985-4089, sbradshaw@columbia.com

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

Return of Bleichenbacher: ROBOT attack means trouble for TLS

A team of security researchers discovered eight leading vendors and open source projects whose implementations of the Transport Layer Security protocol are vulnerable to the Bleichenbacher oracle attack, a well-known flaw that was first described in 1998.

The Bleichenbacher attack has been referenced in all IETF specifications for the Transport Layer Security (TLS) protocol since version 1.0 in 1999, and implementers of TLS versions through 1.2 were warned to take steps to avoid the Bleichenbacher attack. However, the researchers noted that, based on the ease with which they were able to exploit the vulnerability, it appears that many implementers ignored the warnings.

The attack is named after its discoverer, Daniel Bleichenbacher, a Swiss cryptographer who was working for Bell Laboratories in 1998 when his research on the vulnerability was first published. The TLS protocol, which was meant to replace the Secure Sockets Layer, is widely used for encryption and the authentication of web servers.

The research team  included Hanno Bock, information security researcher; Juraj Somorovsky, research associate at the Horst Görtz Institute for IT Security at the Ruhr-Universität Bochum in Germany; and Craig Young, , computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT). “Perhaps the most surprising fact about our research is that it was very straightforward,” the researchers wrote. “We took a very old and widely known attack and were able to perform it with very minor modifications on current implementations. One might assume that vendors test their TLS stacks for known vulnerabilities. However, as our research shows in the case of Bleichenbacher attacks, several vendors have not done this.”

The researchers said many web hosts are still vulnerable to the ROBOT attack and that nearly a third of the top 100 sites in the Alexa Top 1 Million list are vulnerable. The team identified vulnerable products from F5, Citrix, Radware, Cisco, Erlang, and others, and “demonstrated practical exploitation by signing a message with the private key of facebook.com’s HTTPS certificate.”

The researchers described their work as the “Return Of Bleichenbacher’s Oracle Threat” (ROBOT) and published it in a paper of the same title, as well as on a branded vulnerability website. The team also published a capture the flag contest, posting an encrypted message and challenging the public to decrypt the message using the strategies described in the paper.

TLS protocol designers at fault

The researchers placed the blame for the ease of their exploits squarely on the shoulders of TLS protocol designers. The ROBOT attack is made possible by the behavior of servers implementing TLS using the RSA Public-Key Cryptography Standards (PKCS) #1 v1.5 specification; the issues that enable the Bleichenbacher attack are fixed in later versions of PKCS. TLS 1.3, which is expected to be finalized soon, deprecates the use of PKCS #1 v1.5 and specifies use of PKCS #1 v2.2.

The TLS protocol designers absolutely should have been more proactive about replacing PKCS#1 v1.5.
Craig Youngcomputer security researcher, Tripwire VERT

“The TLS protocol designers absolutely should have been more proactive about replacing PKCS#1 v1.5. There is an unfortunate trend in TLS protocol design to continue using technology after it should have been deprecated,” Young told SearchSecurity by email. He added that vendors also “should have been having their code audited by firms who specialize in breaking cryptography since most software companies do not have in-house expertise for doing so.”

TLS as currently deployed ignores improperly formatted data, and as described in 1999 in RFC 2246. “The TLS Protocol Version 1.0,” the original specification for TLS 1.0, the ROBOT attack “takes advantage of the fact that by failing in different ways, a TLS server can be coerced into revealing whether a particular message, when decrypted, is properly PKCS #1 formatted or not,” the RFC 2246 document states.

The solution proposed in that specification for avoiding “vulnerability to this attack is to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks. Thus, when it receives an incorrectly formatted RSA block, a server should generate a random 48-byte value and proceed using it as the premaster secret. Thus, the server will act identically whether the received RSA block is correctly encoded or not.”

Potential for attacks, detection and remediation

The researchers noted in the paper that the ROBOT flaw could lead to very serious attacks. “For hosts that are vulnerable and only support RSA encryption key exchanges it’s pretty bad. It means an attacker can passively record traffic and later decrypt it,” the team wrote on the ROBOT website, adding that “For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack. We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.”

Young said that it might be possible to detect attempts to abuse the Bleichenbacher vulnerability, but it would not be easy. “This attack definitely triggers identifiable traffic patterns. Servers would observe a high volume of failed connections as well as a smaller number of connections with successful handshakes and then little to no data on the connection,” he told SearchSecurity. “Unfortunately, I am unaware of anybody actually doing this. Logging the information needed to detect this can be cumbersome and for a site receiving a billion connections a second, it could be quite difficult to notice 10-100 thousand failed connections.”

As for other, ongoing risks, Young said that while “PKCS#1 v1.5 is not being used in TLS 1.3 but it is still used in other systems like XML encryption. Whether or not it can be disabled through configuration is highly application specific.”

The future is quantum: Microsoft releases free preview of Quantum Development Kit – The AI Blog

From left, Charles Marcus, Krysta Svore, Leo Kouwenhoven and Michael Freedman are leading Microsoft’s quantum computing efforts. Photo by Brian Smale.

So you want to learn how to program a quantum computer. Now, there’s a toolkit for that.

Microsoft is releasing a free preview version of its Quantum Development Kit, which includes the Q# programming language, a quantum computing simulator and other resources for people who want to start writing applications for a quantum computer. The Q# programming language was built from the ground up specifically for quantum computing.

The Quantum Development Kit, which Microsoft first announced at its Ignite conference in September, is designed for developers who are eager to learn how to program on quantum computers whether or not they are experts in the field of quantum physics.

It’s deeply integrated into Visual Studio, Microsoft’s suite of developer tools, so aspects of it will be familiar to people who are already developing applications in other programming languages. And it’s designed to work with a local quantum simulator, also released as part of the kit, that can simulate around 30 logical qubits of quantum computing power using a typical laptop computer. That will allow developers to debug quantum code and test programs on small instances right on their own computers.

For larger-scale quantum challenges, Microsoft also is offering an Azure-based simulator that can simulate more than 40 logical qubits of computing power.

Along with the kit, Microsoft also is making a comprehensive suite of documentation, libraries and sample programs available. That will give people the background they need to start playing around with aspects of computing that are unique to quantum systems, such as quantum teleportation.

That’s a method of securely sharing information across quantum computing bits, or qubits, that are connected by a quantum state called entanglement.

“The hope is that you play with something like teleportation and you get intrigued,” said Krysta Svore, a principal researcher at Microsoft who has led the development of the quantum software and simulator.

The kit will let people create applications that can run right now on the quantum simulator, and those same apps also will eventually work on a topological quantum computer, which Microsoft is in the process of developing for general purpose quantum computing.

“The beauty of it is that this code won’t need to change when we plug it into the quantum hardware,” Svore said.

[embedded content]

From artificial intelligence to climate change

Experts believe quantum computers could allow scientists to address some of the world’s toughest challenges, such as world hunger or the dangerous effects of climate change. That’s partly because quantum computers will be able to do calculations in hours or even minutes that would take the lifetime of the universe for even the most advanced classical computers in use today.

Quantum computers also are expected to help spur major advances in fields such as artificial intelligence.

For example, many of the current breakthroughs in AI are based in part on machine learning, in which a system is given a set of data and learns from that data to recognize things like words, sounds or objects.

With a quantum computing simulator, Svore said computer scientists are already seeing how they could create quantum algorithms for that type of AI research. In early testing on the simulator, they are seeing how these quantum algorithms could more quickly find more nuanced patterns in data, which could spur major advances in fields such as speech, vision or language recognition.

“It seems like there’s a huge amount of potential there, and we’re just scratching the surface,” Svore said.

Topological quantum computing

The Quantum Development Kit is part of Microsoft’s plan to build a robust, full-fledged quantum computing system, which includes everything from the quantum computing hardware to the full software stack. The company’s researchers also are working on projects focused on cryptography and security in a quantum computing world.

Microsoft’s approach is centered on the development of a topological qubit, a more robust type of qubit that Microsoft’s experts believe will provide a better basis for practical, scalable quantum computing.

One big challenge about quantum computing is that qubits are extremely finicky. They need to be stored at very low temperatures, for example, or they might be disturbed and destroyed.

Because they are so finicky, most approaches to building qubits require massive amounts of error correction, or techniques to ensure information is delivered reliably. With a topological qubit, error correction is built right into the physics of the qubit itself. That makes it easier to scale up and deliver reliable results, and to do computations that are orders of magnitude larger than is possible on a classical computer, with fewer qubits than other quantum systems.

It goes without saying that quantum physics is extremely complex, and even some of the smartest people in the world confess that quantum computing is hard for them to understand.

Todd Holmdahl, the corporate vice president in charge of Microsoft’s quantum effort, noted that it’s up to Microsoft to figure out the quantum physics – and then to deliver tools like the Quantum Development Kit that people without a quantum physics degree can use. The hope is that these tools will make the power of quantum computing accessible to many more people.

“What you’re going to see as a developer is the opportunity to tie into tools that you already know well, services you already know well,” Holmdahl said. “There will be a twist with quantum computing, but it’s our job to make it as easy as possible for the developers who know and love us to be able to use these new tools that could potentially do some things exponentially faster – which means going from a billion years on a classical computer to a couple hours on a quantum computer.”

Related:

Allison Linn is a senior writer at Microsoft. Follow her on Twitter.

Tags: Quantum, Quantum computing

Certificate authority business undergoes major changes

Significant changes are underway in the certificate authority industry with two recent acquisitions leading the way.

Comodo Group Inc. announced earlier this week it had agreed to sell its certificate authority business Comodo CA Ltd. to equity firm Francisco Partners. Comodo is the leading certificate authority business in the market today, having issued 91 million SSL certificates to more than 200,000 customers.

Bill Holtz, the former COO of security company Entrust Datacard Corp., has been named the new CEO for Comodo’s certificate authority business, and Bill Conner will chair the board of directors. Conner is currently the president and CEO of SonicWall, a vendor of security appliances including SSL proxy boxes that is also owned by Francisco Partners. Comodo founder Melih Abdulhayoglu will remain a minority owner and board observer.

“The alignment of the Comodo CA acquisition with the current market demand for trusted certificates and certificate lifecycle management signals a monumental opportunity for all parties,” Holtz said in a press statement. “The need to responsibly provide the required verification, oversight and operational management to encrypt network traffic and identify websites will only grow.”

Francisco Partners also owns NSO Group, which makes government spyware and surveillance technologies and is believed to be behind Pegasus malware. Therefore, Comodo’s sale to Francisco Partners has raised some concerns within the security community.

Further changes to the certificate authority industry

Another company ushering in changes for the certificate authority industry is Symantec. After a series of missteps with its TLS certificates, Symantec has sold its certificate authority business to DigiCert Inc. for $950 million and a 30% stake in DigiCert’s stock. The sale, which was announced in August, was finalized earlier this week.

“Today starts an exciting era for the current customers and partners of both Symantec and DigiCert,” said DigiCert CEO John Merrill in a press release. “For Symantec customers, they can feel assured that they will have continuity in their website security, and that we will provide a smooth transition. Our customers and partners will benefit from our accelerated investment in products and solutions for SSL, PKI [public key infrastructure] and [the internet of things].”

Symantec’s struggles with certificates may require more than a smooth transition of the business to a new owner. Web browser giants Mozilla and Google have previously said that certificates issued by Symantec would no longer be trusted and that all certificates would need to be replaced and issued from a different CA. Now, Mozilla is expressing additional concerns about the DigiCert purchase.

“It would not be appropriate for a CA to escape root program sanction by restructuring, or by purchasing another CA through M&A [mergers and acquisitions] and continuing operations under that CA’s name, essentially unchanged,” said Gervase Markham, an engineer at Mozilla, in a statement. “And examination of historical corporate merger and acquisition activity, including deals involving Symantec, show that it’s possible for an M&A billed as the ‘purchase of B by A’ to end up with name A and yet be mostly managed by the executives of B.”

Markham went on to urge DigiCert not to allow Symantec to have any power in the certificate authority business going forward. “We would be concerned if the management of the combined company, particularly that part of it providing technical and policy direction and oversight of the PKI, were to appear as if Symantec were the controlling CA organization in the merger.”

In other news

  • New research found that malware creators are abusing digital code-signing certificates. Researchers from the University of Maryland, Doowon Kim, Bum Jun Kwon and Tudor Dumitras, looked at digitally signed malware that can bypass security measures to install or launch programs with valid signatures. The attack method is similar to that of Stuxnet, but goes even further. The threats behind this, the researchers noted in their paper “Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI,” include, “stealing the private keys associated with benign certificates and using them to sign malware or by impersonating legitimate companies that do not develop software and, hence, do not own code-signing certificates.” The flaw affects 34 antivirus products, and malware samples that use this method are also common in the wild.
  • Oracle is recommending that users apply updates immediately following a vulnerability in Oracle Identity Manager that received a Common Vulnerability Scoring System score of 10.0, which is the highest possible score for severity. The vulnerability, being tracked at CVE-2017-10151, enables attackers to completely compromise Oracle Identity Manager “via an unauthenticated network attack,” according to Oracle’s advisory. The advisory also notes that the flaw is “easily exploitable” and “may be exploited over a network without requiring user credentials.” The advisory, however, doesn’t include further details about the issue, and strongly suggests users apply a workaround, though a patch seems to be on the way.
  • The hacker behind Operation #LeakTheAnalyst, which targeted FireEye employees, was arrested at the end of October. “For the past 90 days, we have worked closely with law enforcement, both domestically and internationally, to assist in the investigation and identification of the anonymous person who is responsible for the attack on one of our employees and who falsely claimed to have breached our corporate networks,” said FireEye CEO Kevin Mandia. Operation #LeakTheAnalyst took place earlier this year, and a hacker who identified as 31337 Hackers released batches of files on security companies and researchers, most of which were from the personal computer of a FireEye employee. While the hacker claimed to have breached the systems of FireEye and Mandiant, FireEye said there is no evidence of that being true.