Government Cloud Authors: Pat Romanski, Elizabeth White, Liz McMillan, Dana Gardner, Gopala Krishna Behara

Related Topics: Government Cloud, Cloud Security

Government Cloud: Blog Feed Post

Anonymous Takes Down More Governmental Websites

CTO Security Weekly Round-Up

This week Ustream gets an injection of political reality, Apple fixes a critical encryption blunder affecting some of its users, FBI documents are leaked detailing their worries over Bitcoin digital currency, and Anonymous takes down more Governmental websites as part of its ongoing operations.

UStream Targeted by Advanced Distributed Denial of Service:

UStream was the target of Distributed Denial of Service attacks (DDoS attacks) that crippled its personal video streaming service and caused “significant” damage to site revenues.  The co-founder and CEO was quoted saying “What we saw today were systematic attempts, method after method, up to seven methods”.  Ustream has determined with “100% confidence” that the attacks were against several Russian anti-government citizen journalists.

While no governments were specifically pointed out as having carried out the attack, it is safe to say that advanced denial of service attacks, at this point in time, with this many resources, and this much planning was likely state-sponsored.  Russia has also had a love affair with denial-of-service attacks in the past–Some were used by Russians during the Georgian occupation to disable internet infrastructure there.  While it may not be politically correct to finger any specific government, the evidence certainly does point pretty clearly in one direction.

Read More here

Pirate Bay Blocked…Again.

The Pirate Bay, the (in)famous torrent sharing and indexing site is under legal fire again, this time from the Dutch judicial system.  Dutch ISPs must now block access to the website, making it the second time a government has mandated that access to the website be restricted (the first was the UK).  Fortunately for The Pirate Bay, the blockage in the UK earlier had the opposite intended effect — 12 million more users ended up visiting the website, which took the opportunity to explain how to bypass access restrictions through the use of various technologies.

It is unlikely that attempts to restrict access to the website will result in much of a difference for those who still wish to access the website due to the nature of the internet it is quite easy to subvert any access restrictions put in place by ISPs.

Read More here

Bitcoins, The Sinister Currency

A bitcoin is a type of internet-based currency that is cryptographically difficult to generate and is distributed across the internet to anyone with enough computing power to generate them.  The “coins” exist as strings of numbers and can be transacted anonymously through the bitcoin peer-to-peer network.  Several online shops take them as payment for goods, and many hackers take that form of currency (and several others besides actual cash) for services as well.  A new document leaked to the internet marked “For Offical Use Only” details how this scenario of using untraceable money to pay for hacking services worries the FBI.

While the bitcoin service can be anonymous, the FBI acknowledges that it is only as anonymous as the user makes it, since once bitcoins are converted to cash they can be easy to trace, and that with enough access, the IP addresses of bitcoin users can be unearthed.  The document reads like a guide to both anonymizing bitcoins and uncovering it’s users.

Read the Report here

Twitter Breached…But Not Really

When this pastebin document showed up with a list of users and passwords, it caused some alarm in the twittersphere because it appeared to be 55,000 usernames and passwords to people on twitter.  Upon analysis by Twitter, however, it was found to be mostly a dud.  20,000 names are duplicates, most of the passwords don’t match, and those that do were mostly spam accounts, having since been disabled on twitter for their spamming.  Overall Twitter doesn’t seem to be making a big deal about this, and it’s likely that this is some sort of brute-force attack.

Read More here

Critical Mac Password Bug Fixed, But…

Less of a bug, and more of a debugging feature that was forgotten about, Apple developers have exposed (and since fixed and patched) passwords to Mac encryption program filevault by logging the password in the debug logs in cleartext.  The flaw exposes passwords for those who have upgraded to OSX Lion 10.7.3 with filevault enabled prior to the upgrade and uses the legacy filevault (not filevault 2) is vulnerable.  Whole-disk encryption with Filevault 2 is unaffected.  Only users with root access can read the debug file with the plaintext password.

Since its disclosure, this bug has been fixed, but what is truely concerning about this and smoe other Apple security issues is the time it took to get the issue recognized, fixed, and disseminated.  The bug took three months to be fixed, which is a long time for such a serious issue affecting security integrity.  The Mac Flashback Java exploit also took some time for Apple to deploy, even though Oracle had a fix weeks before Apple would send it to their customers as an Apple update.

As Apple grows as a computing platform in the manner it has in the past few years, it will experience these problems.  Windows went through similar pains and has managed to evolve slowly and painfully into the fast and agile responder to security threats is today.  Apple will need to do the same to remain competitive in the security domain.

Read More here

Anonymous Activity Report:

Anonymous was active around the world this week.  The following websites were taken offline via Distributed Denial of Service:

Russian Federal Security Service
Bahraini Interior Ministry
Bahraini Police and Police Academy
Bahraini State News Agency
Gulf Air

The last 4 websites were due to Anonymous’s continued contempt for the human rights abuses in Bahrain and the decision to hold an Grand Prix F1 event there despite news of the abuses.  The Russian websites were likely taken down in a show of support for the opposition to President Putin.

Expect to see more Anonymous activity in Russia, United States, and NATO online presences as political turmoil in Russia increases and the G8 and NATO summits begin later this month in the United States.

Read More here

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...