Azure Cloud Flaw Posed Hacking Risk to RHEL Virtual Machines
Today's topics include a Microsoft Azure security flaw that could give attackers access to Red Hat Enterprise Linux virtual machines, Google’s effort to use machine learning to help identify patients at risk of diabetic retinopathy, Hewlett Packard Enterprise's sale of its OpenStack cloud and Cloud Foundry Platform-as-a-Service technologies to SUS and Google’s offer to use its server infrastructure to help other IT organization adjust for this year’s leap second.
Ian Duffy, a software engineer at online retailer Zalando, uncovered a significant Microsoft Azure vulnerability that would have affected Red Hat Enterprise Linux (RHEL).
He was trying to create a secure, custom RHEL machine image that could run on both Amazon Web Services and Microsoft Azure. In the process, he discovered a vulnerability that could have provided an attacker root access to virtual machines.
Any attacker would have "administrator level access to all of the Microsoft Azure-managed Red Hat Update Infrastructure that supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace
Google is hoping to apply its machine learning expertise to help doctors identify patients at risk of diabetic retinopathy early enough in the disease cycle to be able to treat them effectively.
Researchers from the company this week published a paper in the Journal of the American Medical Association describing a deep learning algorithm for interpreting early signs of DR from retinal photographs.
The goal is to help doctors screen and identify patients in need for DR treatment especially in areas where the specialized ophthalmological skills needed for such diagnosis are in short supply.
HPE sold its OpenStack cloud and Cloud Foundry Platform-as-a-Service technologies to Linux vendor SUSE. The deal was announced November 30. However, financial terms of the acquisition are not being publicly disclosed and the deal is set to close in the first quarter of 2017.
HPE's OpenStack technology and staff will help to expand SUSE's existing OpenStack cloud efforts, while the Cloud Foundry assets will provide SUSE with new capabilities that it did not previously offer.
Google is making its Network Time Protocol servers publicly available to organizations that need help keeping their systems running smoothly through a one second addition to clocks the last day of December this year.
The first leap second was added in 1972. Since then IERS has adjusted UTC a total of 26 times. Organizations can use Google’s Public NTP service to keep their local system clocks synchronized with the time on virtual machine instances running on the company’s Compute Engine cloud platform or more generally to handle the leap second on Dec. 31.