Welcome!

Government Cloud Authors: Elizabeth White, Flint Brenton, Liz McMillan, Gopala Krishna Behara, Raju Myadam

Related Topics: Government Cloud, Cloud Security

Government Cloud: Blog Feed Post

Anonymous Takes Down More Governmental Websites

CTO Security Weekly Round-Up

This week Ustream gets an injection of political reality, Apple fixes a critical encryption blunder affecting some of its users, FBI documents are leaked detailing their worries over Bitcoin digital currency, and Anonymous takes down more Governmental websites as part of its ongoing operations.

UStream Targeted by Advanced Distributed Denial of Service:

UStream was the target of Distributed Denial of Service attacks (DDoS attacks) that crippled its personal video streaming service and caused “significant” damage to site revenues.  The co-founder and CEO was quoted saying “What we saw today were systematic attempts, method after method, up to seven methods”.  Ustream has determined with “100% confidence” that the attacks were against several Russian anti-government citizen journalists.

While no governments were specifically pointed out as having carried out the attack, it is safe to say that advanced denial of service attacks, at this point in time, with this many resources, and this much planning was likely state-sponsored.  Russia has also had a love affair with denial-of-service attacks in the past–Some were used by Russians during the Georgian occupation to disable internet infrastructure there.  While it may not be politically correct to finger any specific government, the evidence certainly does point pretty clearly in one direction.

Read More here

Pirate Bay Blocked…Again.

The Pirate Bay, the (in)famous torrent sharing and indexing site is under legal fire again, this time from the Dutch judicial system.  Dutch ISPs must now block access to the website, making it the second time a government has mandated that access to the website be restricted (the first was the UK).  Fortunately for The Pirate Bay, the blockage in the UK earlier had the opposite intended effect — 12 million more users ended up visiting the website, which took the opportunity to explain how to bypass access restrictions through the use of various technologies.

It is unlikely that attempts to restrict access to the website will result in much of a difference for those who still wish to access the website due to the nature of the internet it is quite easy to subvert any access restrictions put in place by ISPs.

Read More here

Bitcoins, The Sinister Currency

A bitcoin is a type of internet-based currency that is cryptographically difficult to generate and is distributed across the internet to anyone with enough computing power to generate them.  The “coins” exist as strings of numbers and can be transacted anonymously through the bitcoin peer-to-peer network.  Several online shops take them as payment for goods, and many hackers take that form of currency (and several others besides actual cash) for services as well.  A new document leaked to the internet marked “For Offical Use Only” details how this scenario of using untraceable money to pay for hacking services worries the FBI.

While the bitcoin service can be anonymous, the FBI acknowledges that it is only as anonymous as the user makes it, since once bitcoins are converted to cash they can be easy to trace, and that with enough access, the IP addresses of bitcoin users can be unearthed.  The document reads like a guide to both anonymizing bitcoins and uncovering it’s users.

Read the Report here

Twitter Breached…But Not Really

When this pastebin document showed up with a list of users and passwords, it caused some alarm in the twittersphere because it appeared to be 55,000 usernames and passwords to people on twitter.  Upon analysis by Twitter, however, it was found to be mostly a dud.  20,000 names are duplicates, most of the passwords don’t match, and those that do were mostly spam accounts, having since been disabled on twitter for their spamming.  Overall Twitter doesn’t seem to be making a big deal about this, and it’s likely that this is some sort of brute-force attack.

Read More here

Critical Mac Password Bug Fixed, But…

Less of a bug, and more of a debugging feature that was forgotten about, Apple developers have exposed (and since fixed and patched) passwords to Mac encryption program filevault by logging the password in the debug logs in cleartext.  The flaw exposes passwords for those who have upgraded to OSX Lion 10.7.3 with filevault enabled prior to the upgrade and uses the legacy filevault (not filevault 2) is vulnerable.  Whole-disk encryption with Filevault 2 is unaffected.  Only users with root access can read the debug file with the plaintext password.

Since its disclosure, this bug has been fixed, but what is truely concerning about this and smoe other Apple security issues is the time it took to get the issue recognized, fixed, and disseminated.  The bug took three months to be fixed, which is a long time for such a serious issue affecting security integrity.  The Mac Flashback Java exploit also took some time for Apple to deploy, even though Oracle had a fix weeks before Apple would send it to their customers as an Apple update.

As Apple grows as a computing platform in the manner it has in the past few years, it will experience these problems.  Windows went through similar pains and has managed to evolve slowly and painfully into the fast and agile responder to security threats is today.  Apple will need to do the same to remain competitive in the security domain.

Read More here

Anonymous Activity Report:

Anonymous was active around the world this week.  The following websites were taken offline via Distributed Denial of Service:

CIA.gov
Interpol
kremlin.ru
Russian Federal Security Service
Bahraini Interior Ministry
Bahraini Police and Police Academy
Bahraini State News Agency
Gulf Air

The last 4 websites were due to Anonymous’s continued contempt for the human rights abuses in Bahrain and the decision to hold an Grand Prix F1 event there despite news of the abuses.  The Russian websites were likely taken down in a show of support for the opposition to President Putin.

Expect to see more Anonymous activity in Russia, United States, and NATO online presences as political turmoil in Russia increases and the G8 and NATO summits begin later this month in the United States.

Read More here

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo at the Javits Center in New York City, NY.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...