PaulSpoerry.com

VMware has finally decided to open-source its client for virtual desktops, releasing it under the LGPL. This was in response to intense pressure from the growing number of Linux distros that include virtualization by default. From the post:

The CEO replacement who entered VMware last year was Paul Maritz, a long-time Microsoft executive with intimate familiarity with how Windows swallowed up entire categories of utility software as it grew up by simply wrapping free utilities into the operating system. Paul knows about that, and he had to have seen last year the dual threats to VMware of open source virtualization offerings and virtualization on board in operating systems. The VMware View Open Client allows businesses to host virtualized desktops in the data center, and users can access their desktops from any device. Going with an open source solution like this was VMware’s only choice, especially as Microsoft includes Hyper-V virtualization in Windows Server. I’m sure Maritz was very focused on the Microsoft threat, because he used to be behind similar threats. VMware can grab market share with this move, stave off Microsoft’s dominance, and offer support and services around its open source offering.’

You can get VMware View Open Client here, licensed under the Lesser GPL. It’s essentially a bet that customized user desktops are hosted in data centers, and that businesses will take to the idea that they can save money by centralizing custom solutions in data centers for desktop users to take advantage of through virtualization.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others. Essentially they’ve figured out a way to hack Vista using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

What they are indicating is that they have revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.

Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process’s stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd’s and Sotirov’s methods, it would be of no use.

“This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,” Dai Zovi said. “If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.”

They go on to imply the approach can also potentially be applied to other operating systems such as Windows XP and Mac OSX (but not with this specific technique).

Read more at TechTarget or TrustedReviews

Ubuntu would be neat to try, but for many of us, having to leave Windows and boot into a whole different operating system is a full day project.

Nerdbusiness created this tutorial. So you don’t have to leave Windows to try ubuntu. I’ll be showing you how to setup a “virtual machine” inside Windows that will run Ubuntu inside a tidy little window. So you can launch it from the Start Bar. And have Ubuntu running in the background just like any other Windows program like the internet browser or your game of solitaire.

 Having Ubuntu running inside Windows is just cool. Plus, it's a great way to try out all of Ubuntu's features

Read the rest of this entry »