News for admins

Tech News

Allocation Proposals for Time on Blue Waters

The US National Science Foundation's Petascale Computing Resource Allocations (PRAC) program is soliciting proposals for projects to run on the NSF-funded Blue Waters supercomputer at the University of Illinois. The goal of the project is to "open up new possibilities in science and engineering by providing computational capability that makes it possible for investigators to tackle much larger and more complex research challenges across a wide spectrum of domains."

According to the announcement from PRAC, "Proposers must show compelling science or engineering challenges that require petascale computing resources. Proposers must also be prepared to demonstrate that they have science or engineering research problems that require and can effectively exploit the petascale computing capabilities offered by Blue Waters. Proposals from or including junior researchers are encouraged, as one of the goals of this solicitation is to build a community capable of using petascale computing."

The proposal deadline for the next round of allocations is April 4, 2016. See the announcement at the NSF website [].

Microsoft Announces New PowerShell

Microsoft has announced the release of Windows Management Framework (WMF) 5.0. The best known component of WMF is the PowerShell command shell and scripting language.

The preview version of WMF 5.0 has been around since February, so many users are already familiar with it. According to Microsoft, new features in the latest edition include the Just Enough Admin (JEA) role-based access control system, PowerShell classes, and a new package management tool. The latest version also comes with enhancements to PowerShell script debugging and software inventory logging.

You can download WMF 5.0 from the Microsoft Download Center. Current versions run on Windows Server 2012 R2, Windows Server 2012, Windows 2008 R2 SP1, Windows 8.1, and Windows 7 SP1. You'll also need .NET Framework 4.5.

Secret Backdoor Affects More Fortinet Firewalls

Security hardware vendor Fortinet has announced that the hidden backdoor in its FortiGate firewall devices, which was revealed earlier this month, affects more systems than previously thought. In a recent post, the company said the hidden backdoor with a hard-coded password, which the company described as a "remote management feature," had been removed in July 2014.

A later blog entry at the Fortinet site (dated January 20) admits the backdoor is still present in several current models. The company strongly recommends an immediate software update for users with the following Fortinet devices:

  • FortiAnalyzer: 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
  • FortiSwitch: 3.3.0 to 3.3.2
  • FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
  • FortiOS 4.1.0 to 4.1.10
  • FortiOS 4.2.0 to 4.2.15
  • FortiOS 4.3.0 to 4.3.16
  • FortiOS 5.0.0 to 5.0.7

The company claims it created the backdoor to access its own products for management purposes, although they now acknowledge that building an undocumented backdoor with a hard-coded password was not an inspired choice for a security company. Sample code for exploiting the backdoor has already been posted online.

The announcement comes a month after the discovery of a backdoor in Juniper NetScreen firewall systems. According to reports, the Juniper backdoor was not created by the vendor but was slipped in without the knowledge of Juniper – possibly as a malicious refinement of an earlier exploit created by the NSA.

Users should upgrade their Fortinet and Juniper systems as soon as possible. If you own a different firewall device, you might want to take this as a wake-up call also to install any vendor updates – and keep an eye on your vendor's security blog. Something tells me we haven't seen the last of these secret firewall backdoors.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus