Microsoft’s Azure and Citrix’s XenApp have done a lot to move virtualization services into the mainstream over the years. So, with the announcement that the two companies will work together to combine their platforms into a new cloud-based application delivery system, it’s understandable why there is so much excitement within the industry. Let’s dig deeper into this new service and what it means for your business.

What Citrix’s XenApp already does is deliver applications to users via a variety of methods and pathways other than local installations. The process starts with the creation of server-stored software containers that allow the services an application provides to be delivered to your staff members from a centralized server. XenApp enables you to set rules and procedures for when and how these features can be accessed, and it creates a multitude of versions of the software that can be delivered to different operating systems, devices, and locations.

In a press release back in May, Citrix made a bombshell announcement that it would create cloud-based versions of all its virtualization packages using Microsoft’s Azure as the foundation. While the two companies have been closely aligned for decades, this is an enormous boost to both their reputations. Fast forward to today, and we’re seeing the first rays of sunshine from this new team-up.

And much more than simply lending Citrix the foundation, Microsoft will be directly involved in the development and release of the new cloud-based version of XenApp. The two companies have promised to work together to combine the simplicity and scalability of Azure with the administration and performance improvements of XenApp, thereby creating the most comprehensive software-as-a-service (SaaS) provider on the market.

Because Microsoft’s RemoteApp already acts as an Azure SaaS platform, the potential for conflict means it will be wound down to its eventual sunset in August 2017. But fear not; for faithful users of this service, Microsoft has promised a clear transition plan to reduce the possibility of growing pains.

Cloud-based XenApp is just the first of many improved services to be born out of the partnership between these two titans of tech. Rumors are swirling that XenDesktop will get the same treatment and a release won’t be far behind. Regardless, the tech industry is moving ahead with the virtualization of everything it can get its hands on, and it's time to jump on the bandwagon. When you’re ready to make the leap, our experts are ready to pull you aboard. Contact us today for answers to all of your virtualization questions.

In the Trojan War, a wooden horse wheeled into the city of Troy. Once night fell, the Greek army crept out of the hollow stallion and opened the city’s gates. Having breached the mighty fortress, the entire regiment eventually sealed their victory against the Trojans and won the war. The moral of the story is that pretty objects are able to conceal the most malicious of intentions. The same goes for the most secure operating systems; you should never lower your guard down even for the littlest things.

Recently, researchers from the mobile security firm Lookout confirmed that “an estimated 80 percent of Android phones contain a recently discovered vulnerability that allows attackers to terminate connections and, if the connections aren't encrypted, inject malicious code or content into the parties' communications.” The statement itself might be new, but many have already suspected a flaw in version 3.6 of Linux, dating as far back as 2012. It’s thought that the flaw itself was introduced into Android version 4.4 (aka KitKat) and is still present today, including in the latest developer preview, Android Nougat.

As numerically backed up by the Android install base and quoted by statistic provider Statista, over 1.4 billion Android devices (about 80 percent of users) are currently vulnerable. What Android users can do is to ensure that their communications are encrypted by using VPNs (virtual private networks) or by making sure that whatever sites they visit are encrypted. Encryption allows you to travel without being tracked; if the predator can’t see you, you’re no longer a target.

If you’re vulnerable, you welcome anyone with an Internet connection to determine whether or not two parties have been communicating via a long-lived transport protocol connection. This includes Webmail, news feeds as well as direct messages. Unencrypted connections allow attackers to utilize malicious code or inject content into the traffic. This doesn’t mean that encrypted connections are safe; attackers are still be able to determine and terminate the existence of channels as well. This vulnerability has been dubbed as CVE-2016-5696.

One of the more likely methods used to compromise Android users is the the insertion of JavaScript into legitimate Internet traffic that isn’t HTTPS cryptographic scheme-protected. This may display messages claiming that users have been logged out of their accounts and prompting them to re-enter their usernames and passwords. Having sent the login credentials to the attacker, similar exploits may also be used to target unpatched browsers, emails or chat apps the Android users use.

To initiate the attack, the attacker must spend about 10 seconds to establish whether two specific parties are connected, then another 45 seconds to flood their traffic with malicious content. Because it takes a certain amount of time for the attack to fully commence, these attacks aren’t suited for opportunistic attacks that affect more than one individual. Instead, this technique is ideal for the infection or surveillance of one specific target, especially if the hacker knows some of the sites the target frequently visits.

We can breathe a sigh of relief with a Google representative’s statement that company engineers are aware of the situation and are “taking appropriate actions.” He also noted that among the various vulnerabilities on Google’s patches, the Android security team has officially rated the risk as “moderate” as opposed to “high” or “critical.” Maintainers of the Linux kernel have successfully patched CVE-2016-5696. They are working toward incorporating a fix into a new Android release in the coming months.

Matters of security should never be taken lightly, especially when it comes to your personal device. For more information on this sensitive and intricate matter, please feel free to contact us anytime. We are more than happy to answer your questions. The more you know, the better.