"Microsoft Corp. was wrapped into a massive cybersecurity attack late last year," reports MarketWatch, "but the unprecedented intrusion may actually end up being a positive for the company's bottom line." UBS analyst Karl Keirstead, who has a buy rating and a $243 price target, said while Microsoft products were leveraged by hackers in the attack on SolarWinds Corp.'s Orion IT management software, because they are commonplace, "the broader cyber-security community are not pointing fingers at Microsoft." Keirstead noted that the attack actually drove more customers into public cloud infrastructures like Azure, Amazon.com Inc.'s and Alphabet Inc.'s Google Cloud "given a view that cloud data centers are more secure and that constantly patching/updating on-premise software like Orion presents a security risk that can be transferred to Microsoft, Amazon or Google." "Bottom line, we believe this cyber-security attack could be a modest net positive for Microsoft," Keirstead said.

Read more of this story at Slashdot.

Logic magazine has interviewed an anonymous engineer at Amazon Web Services. An excerpt from the story, which touches a wide-range of topics including controversial work with the military and police and takes on other cloud providers: So when you use AWS, part of what you're paying for is security. Right; it's part of what we sell. Let's say a prospective customer comes to AWS. They say, "I like pay-as-you-go pricing. Tell me more about that." We say, "Okay, here's how much you can use at peak capacity. Here are the savings we can see in your case." Then the company says, "How do I know that I'm secure on AWS?" And this is where the heat turns up. This is where we get them. We say, "Well, let's take a look at what you're doing right now and see if we can offer a comparable level of security." So they tell us about the setup of their data centers. We say, "Oh my! It seems like we have level five security and your data center has level three security. Are you really comfortable staying where you are?" The customer figures, not only am I going to save money by going with AWS, I also just became aware that I'm not nearly as secure as I thought. Plus, we make it easy to migrate and difficult to leave. If you have a ton of data in your data center and you want to move it to AWS but you don't want to send it over the internet, we'll send an eighteen-wheeler to you filled with hard drives, plug it into your data center with a fiber optic cable, and then drive it across the country to us after loading it up with your data. What? How do you do that? We have a product called Snowmobile. It's a gas-guzzling truck. There are no public pictures of the inside, but it's pretty cool. It's like a modular datacenter on wheels. And customers rightly expect that if they load a truck with all their data, they want security for that truck. So there's an armed guard in it at all times. It's a pretty easy sell. If a customer looks at that option, they say, yeah, of course I want the giant truck and the guy with a gun to move my data, not some crappy system that I develop on my own.

Read more of this story at Slashdot.

"If you just received a new iPhone 12, Apple Watch or iPad, you might not have gotten immediate satisfaction — Apple was having some iCloud issues," reports CNET: The issue started early on Christmas Day, according to the iCloud account and sign-in entry on Apple's system status page. More than a day later, as of late morning PT Saturday, the Apple system status page indicated that the issue with the storage service remained "ongoing." But by 2 p.m. PT Saturday, the iCloud issue was marked "resolved." No specifics were given about how widespread the problems might have been, only that "some users were affected." The company also noted issues with Apple ID sign-in.

Read more of this story at Slashdot.

When large companies like Netflix or Amazon want to test the resilience of their systems, they use chaos engineering tools designed to help them simulate worst-case scenarios and find potential issues before they even happen. Today at AWS re:Invent, Amazon CTO Werner Vogels introduced the company's Chaos Engineering as a Service offering called AWS Fault Injection Simulator. From a report: The name may lack a certain marketing panache, but Vogels said that the service is designed to help bring this capability to all companies. "We believe that chaos engineering is for everyone, not just shops running at Amazon or Netflix scale. And that's why today I'm excited to pre-announce a new service built to simplify the process of running chaos experiments in the cloud," Vogels said. As he explained, the goal of chaos engineering is to understand how your application responds to issues by injecting failures into your application, usually running these experiments against production systems. AWS Fault Injection Simulator offers a fully managed service to run these experiments on applications running on AWS hardware.

Read more of this story at Slashdot.

"A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket," reports Threatpost. "The records include sensitive data, including credit-card details." Prestige Software's "Cloud Hospitality" is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com. The incident has affected 24.4 GB worth of data in total, according to the security team at Website Planet, which uncovered the bucket. Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said. Some of the records go back to 2013, the team determined — but the bucket was still "live" and in use when it was discovered this month. "The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks," according to the firm, in a recent notice on the issue. "The S3 bucket contained over 180,000 records from August 2020 alone...." The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests; card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more. The exposure affects a wide number of platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre and more.... A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis in September found. The study from Comparitch showed that 6 percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.

Read more of this story at Slashdot.

Come June 1, 2021, Google will change its storage policies for free accounts -- and not for the better. Basically, if you're on a free account and a semi-regular Google Photos user, get ready to pay up next year and subscribe to Google One. From a report: Currently, every free Google Account comes with 15 GB of online storage for all your Gmail, Drive and Photos needs. Email and the files you store in Drive already counted against those 15 GB, but come June 1, all Docs, Sheets, Slides, Drawings, Forms or Jamboard files will count against the free storage as well. Those tend to be small files, but what's maybe most important here, virtually all of your Photos uploads will now count against those 15 GB as well. That's a bid deal because today, Google Photos lets you store unlimited images (and unlimited video, if it's in HD) for free as long as they are under 16MP in resolution or you opt to have Google degrade the quality. Come June of 2021, any new photo or video uploaded in high quality, which currently wouldn't count against your allocation, will count against those free 15 GB. [...] In addition to these storage updates, there's a few additional changes worth knowing about. If your account is inactive in Gmail, Drive or Photos for more than two years, Google 'may' delete the content in that product.

Read more of this story at Slashdot.

Amazon will invest about $2.8 billion in Telangana to set up a new AWS Cloud region in the southern state of India, a top Indian politician announced on Friday. From a report: The investment will allow Amazon to launch an AWS Cloud region in Hyderabad by mid-2022, said K. T. Rama Rao, Minister for Information Technology, Electronics & Communications, Municipal Administration and Urban Development and Industries & Commerce Departments, Government of Telangana. The new AWS Asia Region will be Amazon's second infrastructure region in India, Amazon said in a press release. It did not disclose the size of the investment. [...] There is a lot in it for Amazon as well. Jayanth Kolla, chief analyst at consultancy firm Convergence Catalyst, told TechCrunch that by having more cloud regions in India, it will be easier for Amazon to comply with the nation's data localization policy. This compliance will also help Amazon, which currently leads the cloud market in India, attract more customers.

Read more of this story at Slashdot.

Apple's "System Status" page indicates 14 current issues, some of which began nearly five hours ago. CNET reports the services affected "include Find My, iCloud Account & Sign In, iCloud Backup, iCloud Bookmarks & Tabs, iCloud Calendar, iCloud Contacts, iCloud Drive, iCloud Keychain, iCloud Mail, iCloud Storage Upgrades, Photos and Screen Time." Engadget writes "the timing is less than ideal, even if this is likely to be a small interruption in the grander scheme of things." The issue comes weeks after an outage that affected both iCloud and Apple's media services. It also follows mere days after the debut of Apple One, where iCloud storage (also affected by the outage) plays an important role.

Read more of this story at Slashdot.

Cloudflare has released the beta of its new "browser isolation" service, which runs a web browser in the cloud, reports TechRadar. As more and more computing is done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn't actually run on a user's computer. Instead the browser runs on a virtual machine inside a cloud provider's data center. This means that any threats from the browser will stay in that virtual machine and won't be able to infect a corporate laptop or move laterally across an organization's network... Cloudflare Browser Isolation does thing a bit differently by sending the final output of a browser's web page rendering. As a result, the only thing every sent to a user's device is a package of draw commands to render the webpage and this also means that the company's new service will be compatible with any HTML5 compliant browser including Chrome, Safari, Edge and Firefox. As Cloudflare has data centers in 200 cities around the world, its browser isolation service should be able to deliver a responsive web browsing experience regardless of where a user is located. It's part of a larger push, since this week Cloudflare also released their network-as-a-service solution "Cloudflare One," which according to Cloudflare "protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure." "After decades of building legacy corporate networks, organizations are left with clunky systems designed to protect their now empty offices. The only way to secure today's work-from-anywhere economy is to secure each individual employee, protecting their individual networks, devices, and access to business-critical applications," said Matthew Prince, CEO of Cloudflare... Companies have traditionally used a castle-and-moat approach to security, creating a barrier between the enterprise network and external threats. Now that applications have moved to the cloud, and more employees have moved outside of the office, that model is broken. Employees are frustrated with the speed and experience of VPNs, and organizations want an alternative to the expensive patchwork of legacy solutions required to secure and connect corporate offices to each other and the internet. Today's new landscape requires a zero trust approach, where organizations do not automatically trust any requests to corporate data or resources, and instead, verify every attempt to connect to corporate systems before allowing them access... This unified solution enables fast and safe connections to workplace applications, allows teams to use an app without exposing it to the public internet, makes personal devices safe for business use, and works in any environment with any cloud provider.

Read more of this story at Slashdot.

Tim Nolet, founder and chief technology officer of Checkly, tweeted on Friday: Oh @awscloud I really do love you! But next time you fork my OS project and present it as your new service, give the maintainers a short "nice job, kids" or something. Not necessary as per the APLv2 license, but still, ya know?

Read more of this story at Slashdot.

At the end of September, Amazon debuted two especially futuristic products within five days of each other: a small autonomous surveillance drone, called Ring Always Home Cam, and a palm recognition scanner, called Amazon One. "Both products aim to make security and authentication more convenient -- but for privacy-conscious consumers, they also raise red flags," reports Wired. From the report: Amazon's latest data-hungry innovations are not launching in a vacuum. The company also owns Ring, whose smart doorbells have had myriad security issues and have been widely criticized for bringing unprecedented surveillance to traditionally semi-private spaces. Meanwhile, the biometric data that Amazon Go will collect is particularly sensitive, because unlike a password you can't simply change it if a hacker steals it or it gets unintentionally exposed. Amazon has a strong record for maintaining the security of its massive cloud infrastructure, but there have been lapses across the sprawling business. The stakes are already phenomenally high; the more data the company holds the more risk it takes on. "Amazon has a major genomics cloud platform, so maybe they hold your DNA and now they're going to have your palm as well? Plus all of these devices inside your house. And your purchase history on Prime. That's a lot of information. That's a lot of personal information," says Nina Alli, executive director of Defcon's Biohacking Village and a health care security researcher. "When you give away this data you're giving a company the ability to access and manage you, not the other way around." [...] Additionally, while companies like Apple and Samsung have brought biometric fingerprint and face scanners to the masses by making sure the data never leaves the device, Amazon One takes the opposite approach. Kumar writes that "palm images are never stored" on Amazon One itself. Instead they are encrypted and sent to a special high security area of Amazon's cloud to be converted into "palm signatures" based on the unique and distinctive features of a user's hand. Then the service compares that signature to the one on file in each user's account and returns a match or no match answer back down to the device. It makes sense that Amazon doesn't want to store databases of people's palm data locally on publicly accessible machines that could be manipulated. But the system could perhaps have been set up to generate a palm signature locally, delete the image of a person's hand, and send only the encrypted signature on for analysis. The fact that all of those palm images will be going for cloud processing creates a single point of failure. "I'm worried that people could read your palm vein pattern in other ways and construct an analog. It's only a matter of time," says Joseph Lorenzo Hall, a longtime security and privacy researcher and a senior vice president at the nonprofit Internet Society. "Both the home drone and the palm payment are going to rely heavily on the cloud and on the security provided by that cloud storage. That's worrying because it means all the risks -- rogue employees, government data requests, data breach, secondary uses -- associated with data collection on the server-side could be possible. I'm much more comfortable having a biometric template stored locally rather than on a server where it might be exfiltrated." An Amazon spokesperson told WIRED, "We are confident that the cloud is highly secure. In addition, Amazon One palm data is stored separately from other personal identifiers, and is uniquely encrypted with its own keys in a secure zone in the cloud."

Read more of this story at Slashdot.

"Google LLC is reportedly planning to relinquish direct control over its open-source Knative project to a five-seat steering committee that will have rules to prevent any single organization from having more than two seats," reports SiliconANGLE. "The plan is designed to stymie criticism that Google is secretly planning to retain control over key open-source projects it has developed, according to a report today on the tech news website The Protocol." Knative is an open-source project first developed by Google that provides components for deploying, running and managing serverless, cloud-native applications on top of Kubernetes, a container management platform that was also built by Google and open-sourced in 2015... Google is planning to make some major changes to Knative's governance structure, according to the report. Seats on the committee will now be held by individuals rather than specific companies, and elections will be held later this year to select two new members. In addition, the report said, Google is considering eventually expanding the committee to seven members as a way to include representatives from Knative's user community. The plan comes just a few months after Google angered some members of the open-source software community when it reneged on a promise to hand over control of another project, Istio, to the Cloud Native Computing Foundation, a Linux Foundation project that was founded in 2015 to help advance container technology. In July Google said that it instead of transferring Istio to the CNCF, it would create a neutral organization called Open Usage Commons to manage its trademark policies, while control would be maintained by the project's steering committee. That decision upset many of Google's partners, most notably IBM Corp., which has also contributed greatly to the development of Istio.

Read more of this story at Slashdot.

IBM announced this morning that the company would be spinning off some of its lower-margin lines of business into a new company and focusing on higher-margin cloud services. Ars Technica reports: During an investor call, CEO Arvind Krishna acknowledged that the move was a "significant shift" in how IBM will work, but he positioned it as the latest in a decades-long series of strategic divestments. "We divested networking back in the '90s, we divested PCs back in the 2000s, we divested semiconductors about five years ago because all of them didn't necessarily play into the integrated value proposition," he said. Krishna became CEO in April 2020, replacing former CEO Ginni Rometty (who is now IBM's executive chairman), but the spin-off is the capstone of a multi-year effort to apply some kind of focus to the company's sprawling business model. The new spin-off doesn't have a formal name yet and is referred to as "NewCo" in IBM's marketing and investor relations material. Under the spin-off plan, the press release claims IBM "will focus on its open hybrid cloud platform, which represents a $1 trillion market opportunity," while NewCo "will immediately be the world's leading managed infrastructure services provider." (This is because NewCo will start life owning the entirety of IBM Global Technology Services' existing managed infrastructure clients, which means about 4,600 accounts, including about 75 percent of the Fortune 100.) See also: Cringely Predicts IBM 'Disappears Into Red Hat'

Read more of this story at Slashdot.

GameStop jumped as much as 27% after a strategic partnership with Microsoft gave investors fresh optimism that the video-game retailer can turn around its business. From a report: Under a multiyear agreement, GameStop will use Microsoft's cloud services to handle business operations, including finance, inventory and e-commerce, according to a statement Thursday. In-store workers also will use Microsoft Surface devices while they're helping customers. And GameStop will offer Xbox All Access, a monthly service for the Xbox gaming console. GameStop is expected to get a surge in sales when new video-game consoles arrive in coming weeks, and the Microsoft partnership could help them extend the momentum. A new Xbox and Sony PlayStation are debuting next month, which should drive traffic to GameStop's stores and e-commerce site.

Read more of this story at Slashdot.

On Monday long-time Slashdot reader TorinEdge wrote that Microsoft "appears to have botched an internal Office365 cloud services rollout today, with outages confirmed up and down the West Coast of North America. Confirmed roll backs were good early omens, but in the end did not appear to be successful... Symptoms may include: All 365-related services flaking out, borking, alternately approving logins and confirming they definitely do not exist." CRN reported service was impacted for five hours. But on Thursday some users were now intermittently unable to access Microsoft Exchange from 12:52 a.m. until 10:50 p.m., "according to a Microsoft email update to Office 365 administrators..." "Some partners believe the tech giant is grappling with a DevOps crisis." "It looks like they are pushing out software updates that are causing the outages," said a channel source impacted by one of the outages. "They have so much going on right now, rolling Teams out at a breakneck pace. I think they are running into an issue where code tested out fine but there is a configuration problem when they deploy it." DevOps is a set of practices that, according to the Wikipedia definition, shortens the systems development life cycle and provides continuous delivery of code with high software quality... A senior executive for one of Microsoft's top partners, who did not want to be identified, said he sees both recent outages as clearly DevOps-related... "Microsoft is a development first company, well known in general for DevOps, so the question is: why is this happening?" said the executive. "I love Microsoft but why is a company that paid $7.5 billion for Github, the leading source code repository company in the world, getting taken down by code that is not being well tested or has a single point of failure. That is ridiculous. If we caused this kind of production outage for a customer we would be fired and possibly blacklisted from the ecosystem. We have to bat 1,000 as a partner." The lesson from the outages may well be that a company's DevOps is only as "good as the humans who configure it and execute upon it," said the executive. The executive said the outages will definitely have a ripple effect in the channel. "I bet the Google G Suite sales reps threw a party when they saw this," he said. "No cloud vendor is immune to downtime," Microsoft says in a statement quoted by CRN. "Our number one priority is to get to resolution as quickly as possible and ensure our customers stay updated along the way, as was the case here. "We continuously invest in the resilience of our platform and focus on learning from these incidents to ultimately reduce the impact of inevitable outages..."

Read more of this story at Slashdot.

An anonymous reader shares a report: Seems everything charges a monthly fee, these days. It also seems that every Apple event brings another way to fork over $10 a month to the company. This time out, it was the addition of Fitness+, which brings metric-focused video workouts to an Apple TV near you. To keep things simple (and to keep you subscribing), the company is offering up a trio of new Apple One bundles. It's not quite mix and match yet, but there are three pricing tiers. Individual offers Apple Music, TV+, Arcade and iCloud for $15 a month. The Family version will get you those four services for $20 a month. For the hardcore, there's the $30 a month Premier tier, which bundles iCloud, Music, TV+, Arcade, News+ and Fitness+.

Read more of this story at Slashdot.

Microsoft is looking to challenge Amazon in offering a service that connects satellites directly to the company's cloud computing network, according to documents the company filed with the Federal Communications Commission last month. From a report: The effort shows how the two largest providers of cloud infrastructure -- data centers in far-flung places that can host websites and run applications with a smorgasbord of computing and storage services -- regularly seek to one-up each other. That way, the companies can appear ready and willing to meet many of the needs of prospective customers. Microsoft plans to connect a Spanish imaging satellite to two ground stations -- both located in Microsoft's home state of Washington -- to show that it can directly download satellite "data to the Azure Cloud for immediate processing," the FCC documents said. A ground station, sometimes called an earth station, is the vital link for transmitting data to and from satellites in orbit. Microsoft notably proposed to construct one of the two ground stations itself at its data center in Quincy, Wash. The FCC on Sept. 2 authorized Microsoft to perform proof-of-concept demonstrations of the service. The authorization gives Microsoft a six month license that allows for communications and imagery data downloads. The Spanish satellite, called Deimos-2, was launched into orbit in June 2014. The satellite is operated by a subsidiary of Canadian satellite imagery company UrtheCast and, for the tests, the Deimos-2 satellite will only be in range of Microsoft's antennas for "just a few minutes."

Read more of this story at Slashdot.

ZDNet reports: An anonymous reader shares this enthusiastic report from ZDNet: Earlier this year, Linus Torvalds approved of adding drivers and other components in Rust to Linux.* Last week, at the virtual Linux Plumbers Conference, developers gave serious thought to using the Rust language for new Linux inline code. ["Nothing firm has been determined yet," reported Phoronix, "but it's a topic that is still being discussed."] And, now Amazon Web Services (AWS) has announced that its just-released Bottlerocket Linux for containers is largely written in Rust. Mozilla may have cut back on Rust's funding, but with Linux embracing Rust, after almost 30-years of nothing but C, Rust's future is assured. Rust was chosen because it lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS Product Manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar. Bottlerocket also improved its security by using Device-mapper's verity target. This is a Linux kernel feature that provides integrity checking to help prevent attackers from overwriting core system software or other rootkit type attacks. It also includes the extended Berkeley Packet Filter (eBPF), In Linux, eBPF is used for safe and efficient kernel function monitoring. * Linus's exact words were "people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day." The article also reminds readers that AWS's Bottlerocket "is also designed to be quick and easy to maintain... by including the bare essentials needed to run containers..." "Besides its standard open-source elements, such as the Linux kernel and containerd container runtime, Bottlerocket's own code is licensed under your choice of either the Apache 2.0 or the MIT license."

Read more of this story at Slashdot.

Google announced Wednesday that its cloud wing has received a contract from the Defense Innovation Unit (DIU) to develop artificial intelligence solutions for cancer screening at Department of Defense (DOD) facilities. The Hill reports: The project is aimed at helping analyze data collected when making diagnostic and treatment decisions to help lower the misdiagnosis rate. Google Cloud is planning to provide DIU with a prototype of an augmented reality microscope that provides doctors with real-time info while working. The technology will first be available at a few Defense Health Agency and Veteran's Affairs facilities.

Read more of this story at Slashdot.