2009/06/17
TheRegister: HDS drive array failure suspected in bank giant's ATM outage
by Chris Mellor
Did a Hitachi Data Systems USP-V array controller failure cause the Barclay's ATM outage yesterday?
Yesterday, to its great embarrassment, Barclays' ATM network in the south of England crashed at 1pm, together with a lot of its online banking facilities. Functions were not restored until 4.30pm or later, and thousands of people were caused great inconvenience through not being able to get cash or manage their bank accounts online.
Barclays said it was due to a hardware failure at its data centre in Gloucester, which serves its ATM network south of the Wash. Various reports on the BBC, The Sun, The Mail and elsewhere said that a hardware component of a drive array had failed and that engineers were replacing cards.
What drive array was this? One that was involved in storing data relevant to cash machine operations and online banking? Also, given that the Gloucester data centre has a history of computing system failures (see here, here, and here) why wasn't there an adequate fallback mechanism in place?
We know that, in 2008, Barclays ordered a large, high-end USP-V storage array from Hitachi Data Systems, as part of a 4-year storage-on-demand contract for its Gloucester data centre. It was to provide storage for mainframe and Unix systems. The capacity would rise to 1PB and would start coming online in February this year. There was a separate mid-range AMS storage array supplied by HDS which provided file-based storage for Windows servers through a NetApp NAS head.
Apparently HDS had a similar USP-V contract in a separate part of the data centre.
Under the new contract there was a penalty clause for downtime with the penalty increasing as the downtime increases.
Some of the accounts of the Gloucester data centre's history of ATM crashes show that the mainframe system is involved in ATM operations and this indicates that the USP-V system could be the failed drive array in yesterday's outage.
This was confirmed by a source familiar with the situation from another IT supplier, who also said that HP/EDS have the maintenance contract for the affected system.
HDS recently announced failover clustering facilities for the USP-V. If a USP-V controller in a cluster fails then operations are automatically picked up by a second USP-V controller. Without such a High Availability Manager arrangement, a failed USP-V controller can cause the storage array behind it to be inaccessible until the controller is repaired.
Bastiaan van Amstel, the senior EMEA PR manager for HDS, said, regarding the outage: "A lot of due diligence is happening at the moment and, before it is completed nothing can be said." He added: "Many vendors are involved in the IT at Barclays." ®
CNet: Intel spells out Core i3, i5, i7 branding
by Brooke Crothers
Intel has spelled out its branding for the upcoming Core series of processors including the "Lynnfield" and "Clarksfield" chips. The chipmaker also said that "Centrino" will be phased out as a PC brand.
In a post Wednesday on Intel's Web site, spokesman Bill Calder wrote that the branding will be "simplified into entry-level (Intel Core i3), mid-level (Intel Core i5), and high-level (Intel Core i7)."
Calder added that it is "important to note that these are not brands but modifiers to the Intel Core brand that signal different features and benefits."
The upcoming Lynnfield chip (desktop) will be available as either Intel Core i5 or Intel Core i7 depending upon the feature set and capability, Calder wrote. Clarksfield (mobile) will have the Intel Core i7 name.
Deborah Conrad, vice president and director of corporate marketing at Intel, talks about new branding strategy via video on Intel Web siteDeborah Conrad, vice president and director of corporate marketing at Intel, talks about new branding strategy via video on Intel Web site
Arrandale (32-nanometer mobile) will appear as the Core i3 but will ultimately span the Core brand to include Core i3, Core i5, and Core i7. Clarkdale (32-nanometer desktop) will be available under the Core i3 and Intel Core i5 brands, Calder said.
The widely-used Centrino moniker will be phased out as a PC brand, according to Calder. Centrino "will be used as a name for Wi-Fi and WiMAX products" and "still be in market on mobile PCs into next year," he said. But eventually will be discontinued.
"In the back half of this year you'll begin to see Core i5 and more Core i7s coming to market. Then by the first part of next year you'll begin to see Core i3, and i5, i7," said Deborah Conrad, vice president and director of corporate marketing at Intel, speaking in a video posted on Intel's Web site. "Then the old names will get retired as those products get phased out," she said.
Intel also disclosed other branding. "We will still have Celeron for entry-level computing at affordable price points, Pentium for basic computing, and of course the Intel Atom processor for all these new devices ranging from netbooks to smartphones," according to the post. "For PC purchasing, think in terms of good-better-best with Celeron being good, Pentium better, and the Intel Core family representing the best we have to offer," he wrote.
"We are focusing our strategy around a primary 'hero' client brand which is Intel Core. Today the Intel Core brand has a mind boggling array of derivatives (such as Core 2 Duo and Core 2 Quad, etc). Over time those will go away and in its place will be a simplified family of Core processors," Calder wrote.
Calder continued: "This will be an evolutionary process taking place over time, and we acknowledge that multiple brands will be in the market next year including older ones, as we make the transition."
InfoWorld: 'Nine Ball' attack strikes 40,000 Web sites
by Ellen Messmer
More than 40,000 Web sites have been hit by a mass-compromise attack dubbed Nine Ball that injects malware into pages and redirects victims to a site that will then try to download Trojans and keylogger code, Websense said today.
According to Websense, which has tracked Nine Ball for a week and a half, the compromised Web site, loaded with malware, will first try to identify a Web visitor by IP address to discover if it's a repeat visitor. To evade security researchers and investigators who would likely be among any repeat visitors, the Web page will dump a repeat visitor onto the search engine site Ask.com.
"Ask.com is nothing malicious, you're just sent there if they've seen you before," says Stephan Chenette, manager of security research at Websense. This type of inspection and re-direction is becoming commonplace in Web attacks as a way to evade investigation, he points out.
If a Web visitor is new, the victim is pushed through a few more re-directions to land at the site www.nine2rack.in, which may sound like a site in India, but is in Ukraine, Websense believes. The URL inspired Websense to name the attack method Nine Ball.
The final stop for a Web victim includes a drive-by download attempt after the malware checks for vulnerabilities in the browser, Adobe or Quicktime software on the user's desktop. If it succeeds, the attack will download a Trojan with a keylogger component that many anti-virus software packages do not yet identify, according to Websense.
"These Trojans have a very low detection rate," Chenette says. "Many are polymorphic or created on the fly."
There are a number of security failures that can help Nine Ball to compromise so many Web sites, including SQL-injection attacks on susceptible Web sites as well as bots that have stolen user passwords and logins for administrators of Web sites.
The Nine Ball exploit is distinct from two other mass-compromise methods observed of late - Beladen and Gumblar - but it's possible the same instigators are behind them, Chenette says.
