Is Google Drive — Gulp — a Hacking Tool for Bad Actors?
August 17, 2022
Russia is a near-impregnable force when it comes to hacking. Vladimir Putin’s home base is potentially responsible for influencing many events in the United States, including helping Donald Trump win his first presidential election. Russia neither confirms nor denies the roles hackers play in its and global politics. Unfortunately, Cyber Scoop shares how a common Google tool has been purloined by hackers: “Russian Hacking Unit Cozy Bears Adds Google Drive To Its Arsenal, Researchers Say.”
In what is one of the simplest ways to deliver malware, Russian hackers from the state-funded unit Cozy Bear are using Dropbox and Google Drive. Did you read that? Russian hackers are using legitimate cloud storage services, including one from one of the biggest tech giants, to deliver malware. Palo Alto Networks’ Unit 42 researchers are confounded by the delivery process, because it is hard to detect:
“This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide,” the researchers said. “When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign.”
Russian hackers and other black hat people have used cloud storage services to deliver malware before, but using Google Drive is a new tactic. Google is a globally trusted brand that makes more people vulnerable to malware. When people see Google, they automatically trust it, so potential victims could unknowingly download malware.
Dropbox is deleting any accounts that are exploiting their services for hacking. The good news is cloud storage services want to protect users, but the bad news is they are not acting fast enough.
Whitney Grace, August 17, 2022
Is the New Era of Timesharing Winding Down?
August 11, 2022
What kind of question is that? Stupid for sure. The cloud is infinite. The earnings bright spots for Amazon, Google, and Microsoft are cloud revenue and services. Google wants to amp up its cloud because sitting in third place behind the dorky outfits Amazon and Microsoft is not part of the high school science club’s master plan. And Microsoft cannot cope with Amazon AWS. Accordingly Microsoft is chasing start ups in order to be in the front of the ChocoTaco line for the next big thing. And Amazon. Fancy moves like killing long-provided services like backup, making changes that will cause recoding of some applications, and thinking about ways to increase revenue from Fancy Dan billing thresholds.
The cloud is the big thing.
If the information in “Why AI and Machine Learning Are Drifting Away from the Cloud” is on the money, one of those odd ball Hegelian things may be gaining momentum. The reference is to the much loved and pretty obvious theory that sine waves operated in the biological world. I am referring to the old chestnut test question about thesis, antithesis, and synthesis. Stated another way: First there was a big computer. Then there was timesharing. Then there was the personal computer. Then there was client server. That begot the new version of the cloud. The future? Back to company-owned and controlled computers. Hegelian stuff, right?
The article presents this idea:
Cloud computing isn’t going anywhere, but some companies are shifting their machine learning data and models to their own machines they manage in-house. Adopters are spending less money and getting better performance.
Let’s follow this idea. If smart software becomes the next big thing as opposed to feeding people, the big clouds will face customer defection and maybe pushback about pricing, lock in, and restrictions on what can and cannot be done on the services. (Yep, some phishing outfits use the cloud to bedevil email users. Yes, some durable Dark Web sites host some of their data on big cloud services. Yep, some cloud services have “inspection” tools to prevent misuse which may not be as performant as the confections presented in marketing collateral.)
With more AI, perhaps there will be less cloud. Then what?
The write up points out:
Companies shifting compute and data to their own physical servers located inside owned or leased co-located data centers tend to be on the cutting edge of AI or deep-learning use, Robinson [vice president of strategic partnerships and corporate development at MLOps platform company Domino Data Lab] said. “[They] are now saying, ‘Maybe I need to have a strategy where I can burst to the cloud for appropriate stuff. I can do, maybe, some initial research, but I can also attach an on-prem workload.”
Hegel? What’s he got to do with this rethinking of the cloud, today’s version of good old timesharing? Probably nothing. The sine wave theories are silly. Ask any Econ 101 or Poli Sci 101 student. And who does not enjoy surprise charges for cloud computing services which are tough to see through? I know I do.
Stephen E Arnold, August 11, 2022
Oracle: Marketing Experience or MX = Zero?
August 10, 2022
How does one solve the problem MX = 0? One way is to set M to zero and X to zero and bingo! You have zero. If the information in the super select, restricted, juicy article called “Oracle Insiders Describe the Complete Chaos from Layoffs and Restructuring While Employees Brace for More” is accurate, the financially lucrative Oracle database system is unhappy with the firm’s marketing. Not just the snappy PowerPoint decks or the obedient database administrator documentation. Nope. Everything is apparently a bit of indigestion.
The write up which is as I have mentioned is super selected, restricted, and juicy is a bit jumbled. Nevertheless, I noted several observations I found interesting. Let me summarize the 1,100 word report this way: Lots of people from marketing and customer experience (whatever that is) have been fired. Okay. Now let’s look at the comments that struck me as significant. Keep in mind that I love Oracle. Yep, clients just pay those who can make the sleek, efficient, tightly integrated components hum like an electric motor on a fully functioning Ford F 150 Lightning. Here we go. (My comments appear in italics after each bullet.)
- “The common verb to describe ACX is that they were obliterated,” said a person who works at Oracle. (I quite liked the use of the word “obliterated.” Was Oracle using a Predator launched flying ginsu management bomb or just an email or maybe a Zoom call?)
- “There’s no marketing anymore…” (My question is, “Was there ever any marketing at Oracle?” Bombast, yes. Rah rah conferences. Jet flights after curfew at the San Jose airport. But marketing? In my opinion, no.)
- “There’s a sense among many at Oracle of impending doom…” (Yep, upbeat stuff.)
- “We’ve been kind of working like zombies the last couple of weeks because there’s just this sense of ‘What am I doing here?” (The outfit on the former Sea World exit excels at management. Well, maybe it doesn’t? How does the Oracle hit above its weight? That’s a good question. Let’s ask Cerner about the electronic medical record business and its seamless functioning with the Oracle database, shall I? No I shall not.)
- “…Oracle’s code base is so complicated that it can take years before engineers are fully up to speed with how everything works, and workers with over a decade of experience were cut…” (Ah, ha, Oracle is weeding out the dinobabies. Useless deadwood. A 20 something engineer can figure out where an entire database is hiding.)
Net net: I hate to suggest this, but perhaps some database types think using AWS, the GOOG, or the super secure MSFT data management systems is better, faster, and cheaper. Pick two.
Stephen E Arnold, August 10, 2022
Cloud Economics: The Customer Pays Because Going-Back Costs Are Too High
July 11, 2022
Short- and mid-term decisions may not be the optimal ones. Who cares about that pawn? Maybe in the end game, that pawn was on steroids. The player willing to give it up was unwilling to think about what lurks in the future.
I read “FedEx to Close Data Centers, Retire All Mainframes by 2024, Saving $400m.” The main idea is that mainframes are not suited to the zippy world of today. Furthermore, programmers –despite high-tech’s enthusiastic reduction in force moves – are not into the oddities of big iron. Those who do get jazzed with total-code working environments are rarer than a certain prince’s attending a female 15 year-old’s birthday party at the country club pool in Oxfordshire.
The write up reports:
Speaking during the FedEx investor day, FedEx CIO Rob Carter said the company is aiming for a ‘zero data center, zero mainframe’ environment based in the cloud, which will result in $400 million in savings annually. “We’ve been working across this decade to streamline and simplify our technology and systems,” he said. “We’ve shifted to cloud…we’ve been eliminating monolithic applications one after the other after the other…we’re moving to a zero data center, zero mainframe environment that’s more flexible, secure, and cost-effective.”
One way to view IBM’s approach to computing in the pre-person computer days was a person in handcuffs. IBMers disagree with my view. No problem. I also see cloud computing as a variation of the IBM approach to computing: Lock in and change are business benefits. Leasing mainframes and buying services each year is the equivalent of high-tech’s discovery of subscription-centric revenue models.
FedEx does not see the cloud as a variation on the mainframe strategy and its pricing structure. I thought one of the FedEx wizards was a Harvard MBA wizard.
The write up notes:
FedEx has previously said it planned to work with Intel and Switch to build Edge data centers at FedEx locations across the US. Whether this has actually been rolled out is unclear.
Trendy I suppose. I want to point out that there are some interesting comments about this alleged decision in the Y Combinator Hacker News comments. You can find these at this link.
One comment resonated with me: “Change gives the illusion of progress.”
Stephen E Arnold, July xx, 2022
True or False: Google and Dangerous Functionality
May 13, 2022
I want to be clear: I cannot determine if security-related announcements are PR emissions, legitimate items of data, or clickbait craziness. I am on the fence with the information is “Google Cloud Apparently Has a Security Issue Even Firewalls Can’t Stop.”
The write up presents as real news:
A misconfiguration in Google Cloud Platform has been found which could give threat actors full control over a target virtual machine (VM) endpoint…
These virtual machines are important cogs in some bad actors machinery. Sure, legitimate outfits rely on the Google for important work as well. Therefore, the announcement points some bad actors toward a new opportunity to poke around and outfits engaged in ethically informed activities to batten down their digital hatches.
The write up points out that the Google agreed that “misconfiguration could bypass firewall settings.”
And the Google, being Googley, semi-agrees. Does this mean that the Google Cloud is just semi-vulnerable?
Stephen E Arnold, May 13, 2022
TikTok: Interesting Assumptions and Opinions
March 30, 2022
I am not a TikTok’er. I have an attention span better suited to books, the old fashioned paper artifacts not so popular among certain younger humanoids. I read “The TikTok-Oracle Deal Would Set Two Dangerous Precedents.” The main argument in the write up is that “a global data shortage melee” could erupt. I am not sure what a data storage mêlée would look like. One dictionary defines a mêlée as a ruction. Another offers a lively contention. Let’s assume the write up is based on fact, deeply informed by rigorous search, and absolutely actual factual.
I noted a couple of statements which I found interesting; to wit:
- “The deal would establish precedents likely to harm technology companies and their users.”
- “The costs are worth bearing because they will give TikTok the freedom to compete on its greatest strength: its product.”
- “If the US government succeeds in forcing TikTok to enter this local data-storing arrangement with Oracle, other governments will be more likely to impose comparable requirements on US companies operating within their borders.”
- “The evidence that TikTok posed a national security threat has always been flimsy at best.”
- “Absent evidence of security risks, regulators should allow American and Chinese tech companies to compete without government interference.”
- If the rumored deal between TikTok and Oracle becomes a reality, TikTok will quietly celebrate while other Big Tech firms brace for escalating product battles with one of their strongest competitors.
Some observations are now offered for each of these statements:
- A couple of examples might be helpful.
- What’s the evidence supporting the assertion that China centric firms compete on the “greatest strength”?
- What about governments imposing such requirements on firms; for example, Google and Facebook operations in China.
- What evidence? Why is it flimsy?
- This is an opinion. Are these some facts supporting the assertion?
- Who is the strongest competitor? Oracle? China? Outfits like Amazon, Google, and Microsoft?
I would add one other question: What is the scope of Oracle’s business involvement with China and Chinese supported entities?
Stephen E Arnold, March 30, 2022
The Cloud Horse Race: Rounding Turn One Is the Azure Softie with an Advantage
March 17, 2022
Listen to the cheers of the crowd. “Azure Pulls in Front of AWS in Public Cloud Adoption” says about a really probably objective study:
The key takeaway on the Azure front is its leadership with enterprise users, with 80 percent of respondents adopting Microsoft’s public cloud, up from 76 percent the previous year. This was just ahead of AWS, which claimed a 77 percent adoption rate, down from 79 percent a year earlier. Some way behind was Google, with 48 percent, followed by Oracle Cloud Infrastructure, which tumbled to 27 percent from 32 percent a year ago.
And what outfit generated this straight-from-the-race-track report? Flexera, that’s who. And who or what is Flexera? It is an outfit which has joined the Microsoft Azure Marketplace and “offers game changing solutions to help application producers monetize their solutions in Azure.” Got that. You can read more at this link.
Is this information about the outstanding speed of adoption and uptake of the well bred stallion accurate?
Like Jack Benny’s race track tout says,
“Pssst. Hey, bud, watch that Bezos nag.”
To sum up, marketing PR is not a guarantee of a race winner.
Stephen E Arnold, March 17, 2022
Google Cloud: A Marketing Challenge
March 15, 2022
I read a report which I think is assembled by a human or two working with smart software. What’s interesting is the observation about Google Cloud expressed in “Google-cloud Is About to Get More Expensive.” [Note: Links to content on Dailyhunt often result in 404s. There’s not much I can do about this run-and-gun news source, folks.]
I noted this passage:
At present, Google – and Google Cloud particularly – suffers from the perception that it will close down services randomly, despite the fact that its users rely upon them. Now, add to that the insight that it will arbitrarily raise its costs and its sales team will probably need to work overtime to satisfy the aggressive development objectives the company has surely set for itself.
There’s been some additional chatter about Google modifying the cloud storage deals for certain academic institutions.
Is this a PR challenge or clever management of the users who make the Google system hum like a well fed Googzilla?
Stephen E Arnold, March 15, 2022
Oracle Enters the Classified Cloud Arena
March 4, 2022
Oracle is keeping secrets—those of the Air Force, to be specific. Nextgov reports, “Oracle’s Cloud Can Now Host Select Top Secret Defense Data.” The sensitive data will reside in a classified Cloud. Reporter Frank Kinkel writes:
“According to the company, Defense Department assessors granted it an authority to operate, or ATO, for secure processing of some of the Air Force’s most sensitive data in what the company calls Oracle National Security Regions. These air-gapped computing regions are connected only to government networks and not to the rest of the internet. … The ATO applies only to Air Force data now, but the company expects to host classified data from other agencies over time through future accreditations. Thus far, only two companies—Amazon Web Services and Microsoft—have achieved the Defense Information Systems Agency’s Impact Level 6 accreditation to host data at all government classification levels, yet Oracle’s latest accreditation continues the competition among several cloud giants that continually vie for important and lucrative Defense Department and intelligence community contracts.”
Gotta love this me-too innovation. Will Oracle reach the coveted Impact Level 6 accreditation? Perhaps. The company’s Glen Dodson touts the firm’s long history working with the DoD and intelligence community and boasts about its data management, analytics, and AI tools. The write-up reminds us that last year, along with AWS, Microsoft, Google, and IBM, Oracle was awarded part of the CIA’s Commercial Cloud Enterprise contract. That seems like a good sign for the company. Movin’ slow. But movin’.
Cynthia Murrell, March 4, 2022
There Is No Avoiding the Cloud for Aspiring IT Pros—For Now
February 15, 2022
Every business is different, allows ZDNet contributor Joe McKendrick. Some eagerly update to the latest technologies while others still rely on legacy systems and software. This means IT workers must tailor their skillsets to their specific organizations. Nevertheless, a recent interview with AWS’s director of learning products Scott Barneson suggests, “For Technology Skills, Cloud Is the Common Denominator.” The write-up quotes Barneson:
“There are the three areas where we hear strong need for upskilling from our customers: migration, as CIOs want to make sure their team is prepared to migrate workloads to the cloud; cloud fluency, as CIOs want all functions to have a baseline understanding of the cloud, the taxonomy, and the core benefits to help build common taxonomy and remove unnecessary friction; and AI/ML [Artificial Intelligence/ Machine Learning], as we shift from the experimentation phase to production use cases. CIOs are looking to equip their teams, from decision makers to practitioners, with the baseline skills to identify use cases that have positive customer and business impact. We regularly hear from our enterprise customers a desire to increase cloud fluency throughout their organizations – from individuals in technical and non-technical roles alike. That’s a desire we hear mirrored from individuals too. Our own research shows that the need for digital skills training has increased due to the pandemic with 85% of workers reporting that they now need more technical knowledge to do their jobs. The study also found that the use of cloud-based tools is the top-most in-demand skill employers will need by 2025.”
The AWS guru shares some advice for IT professionals looking to get ahead. For one thing, they should focus more on quickly getting customers what they need and less on growing their org charts. It is important to measure teams’ impact on customer satisfaction, he adds. Reducing complexity is also suggested to help organizations move swiftly and be ready to embrace opportunities. Naturally, he recommends taking advantage of relevant learning opportunities, like the (free) AWS course “Machine Learning Essentials for Business and Technical Decision Makers.” Though Mr. Barneson understandably has a bias toward AWS, would like to remind out dear readers that several other cloudy alternatives exist.
Cynthia Murrell, February 15, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
