Categories
cloud security sysadmin

New for Amazon GuardDuty – Malware Detection for Amazon EBS Volumes | AWS News Blog

Once configured, AWS GuardDuty will now scan EBS volumes for malware and report its findings when it detects suspicious activities. If you haven’t enable it already, you should do so.

https://aws.amazon.com/blogs/aws/new-for-amazon-guardduty-malware-detection-for-amazon-ebs-volumes/

When you have GuardDuty Malware Protection enabled, a malware scan is initiated when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious.

Categories
cloud internet privacy

The Era of Borderless Data Is Ending – The New York Times

From data privacy and data residency to digital sovereignty, change is happening, and not necessarily in a good way. The wild west that characterize the Old Internet is being chipped off one block at a time. Some predicts this will lead to the end of general computation and further entrench incumbents, making it even more difficult for new players to break in.

Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.

Source: The Era of Borderless Data Is Ending – The New York Times

Categories
cloud IoT security

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

This is like the worse case scenario that security researchers have been warning about. Someone exploited an old vulnerability for some WD devices and wiped out all the data in those devices that are exposed in the internet.

WD advises customers to immediately unplug their My Book Live and My Book Live Duo from the internet.

“I have a WD mybook live connected to my home LAN and worked fine for years,” the person who started the thread wrote. “I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity.”

It’s too easy to blame IoT device manufacturers, but this is a very tough problem. The following comment from HN says it best.

There’s really no winning with this.

You can release patches 6 years after your device is EoL but there will forever be more security issues and people using your ancient product (think how long it takes some versions of Windows to truly reach less than 100k active machines. Hell I wonder if Windows 3.1 has really reached that number or not. The long tail is going to be loooong). Not to mention you’ve created a precedent that the device is still getting patches and can be used by users, only making the lifecycle issue worse.

You can release a version which severely limits the capability of the product or effectively disables it but this is just a guaranteed way of getting bad press and even more customers will be mad at you for killing a device early.

You can turn the device over to the community (if you can managed to get it through legal and 3rd party agreements) but that isn’t actually going to solve anything as it’s not a product for extremely tech savvy users, at best it buys deflection in the news report in exchange for the effort of doing this (if you can at all).

You can claim the lifecycle is over and years later and be technically correct but still get the bad press and user feedback anyways.

Source: “I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Categories
cloud

Troubleshoot Boot and Networking Issues with New EC2 Serial Console | AWS News Blog

This is extremely useful for those times when the system is unable to get to the stage where sshd is running, or there are network-related issues which prevent a normal ssh connection from working. This is akin to the console view of a VM through the hypervisor.

https://aws.amazon.com/blogs/aws/troubleshoot-boot-and-networking-issues-with-new-ec2-serial-console/

… EC2 Serial Console, a simple and secure way to troubleshoot boot and network connectivity issues by establishing a serial connection to your Amazon Elastic Compute Cloud (EC2) instances.

Categories
cloud internet

AWS Fault Injection Simulator – Fully managed chaos engineering service – Amazon Web Services

Chaos engineering originated at Netflix with the creation of Chaos Monkey. The idea is that large-scale distributed systems require a different approach to test for failure, since there are so many moving parts. AWS is announcing a new service in 2021 that will help teams to implement chaos engineering to test their setup.

https://aws.amazon.com/fis/

With Fault Injection Simulator, teams can quickly set up experiments using pre-built templates that generate the desired disruptions, such as server latency or database error.

Categories
cloud

New – Use Amazon EC2 Mac Instances to Build & Test macOS, iOS, ipadOS, tvOS, and watchOS Apps | AWS News Blog

This is great news for individuals and enterprises that develop mobile and desktop apps for the Apple ecosystem. This could make CI/CD for iOS and macOS apps much more convenient. And yes, it’s available in the Singapore region today.

Also,

Apple M1 Chip – EC2 Mac instances with the Apple M1 chip are already in the works, and planned for 2021.

https://aws.amazon.com/blogs/aws/new-use-mac-instances-to-build-test-macos-ios-ipados-tvos-and-watchos-apps/

You can start using Mac instances in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore) Regions today, and check out this video for more information!

Categories
ai cloud

The Emerging Architectures for Modern Data Infrastructure

This is a very well written summary of the current data science landscape. Everybody building data related solutions should have a good read of this.

Five years ago, if you were building a system, it was a result of the code you wrote. Now, it’s built around the data that is fed into that system. And a new class of tools and technologies have emerged to process data for both analytics and operational AI/ ML.

Source: The Emerging Architectures for Modern Data Infrastructure

Categories
cloud sysadmin

AWS Perspective | Implementations | AWS Solutions

AWS just released AWS Perspective, a new tool to help you create diagrams about your AWS workload/architecture.

In a way this is long overdue. There are quite a number of companies in this space already. AWS’ version supposedly is better integrated and allows you to link to the resource directly in AWS console.

It seems to be quite useful, though it doesn’t come cheap. Someone posted on Twitter that the cost estimate comes up to USD500+ (every month) to use it.

https://aws.amazon.com/solutions/implementations/aws-perspective/

Categories
cloud security

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

A worm has been going around destroying unsecured databases. The intention of the attacker is not clear, but it could be similar to that of BrickerBot.

Dozens of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that wipes data without any explanation.

Source: New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Categories
cloud

Gmail, Office 365 outage

This is not a good day for cloud services. Gmail outage followed by Office 365 outage (unrelated).