Thursday, December 15, 2016

I do like to start my Computer Security classes by discussing epic failures.  Thanks again Yahoo.
Yahoo’s new billion-account data breach could threaten $4.8 billion sale to Verizon
Yahoo on Wednesday said it had discovered a new data breach of more than a billion accounts, dwarfing the hack it revealed three months ago and threatening the company’s $4.8 billion sale to Verizon.
And security experts are warning of potential far-reaching damage to Yahoo users from the just-announced breach.
The fresh disclosure gives Yahoo the unfortunate distinction of being the victim of the two largest hacks in history.


Where should we fit this in the spectrum of international relations?  More than a speech to the Duma, less than an invasion of the Crimea?  Should we view it differently if Russia only hacked one party? 
NBC reports U.S. Intel Directly Links President Putin to Campaign to Disrupt U.S. Election
by Sabrina I. Pacifici on Dec 14, 2016
Follow up to multiple postings included in NYT details how Russian Cyberpower Invaded the U.S., today’s NBC News report – U.S. Officials: Putin Personally Involved in U.S. Election Hack: “U.S. intelligence officials now believe with “a high level of confidence” that Russian President Vladimir Putin became personally involved in the covert Russian campaign to interfere in the U.S. presidential election, senior U.S. intelligence officials told NBC News.  Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used.  The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said…”


Are some products taxed at a different rate?  Why would government want to know anything beyond “the sales tax has been paid?” 
Kieren McCarthy reports:
Online retailers in America will soon be required by law to disclose to state governments what purchases their customers – meaning, you – have made.
That extraordinary situation is the result of a long-running legal case that the US Supreme Court this week refused to hear.  This means a decision by the Tenth Circuit [PDF] requiring out-of-state retailers to report to the Colorado state government the details of all purchases – including what that purchase was and who bought it – stands.
So if you bought a dildo in Denver, some bureaucrat is going to be informed about it.
Read more on The Register.


Perspective.
Financial regulators use AWS’s cloud to analyze 75 billion trades daily
   FINRA records every order and quote in the New York Stock Exchange daily.  That’s about 75 billion individual events per day.  FINRA processes in one day the magnitude of data that Visa and Mastercard process in six months, Randich says.

FINRA stores this information so that it can analyze trends over days, weeks and months.  That amounts to trillions of records and about 20 petabytes of storage. FINRA’s IT “center of gravity” is now in Amazon Web Services, he says.
   FINRA evaluated many providers. Legacy infrastructure vendors tried to convince him that a database of this scale could not run in the public cloud.  After an evaluation and proof of concept process FINRA found AWS to be “several years ahead of the closest competitor,” a gap that Randich says is increasing.
   Using the cloud has reduced costs, allowed FINRA to get rid of proprietary infrastructure and has allowed the organization to leverage massive processing and storage at large scale and commodity costs, Randich says.  The system has a 400X improvement in interactive queries compared to the previous platform, he added.  “It (was like) researching something and only being able to do a few Google searches a day, it’s impossible,” he says.  “Now we can do these things in seconds and subseconds.”
FINRA can better absorb “flash-crashes” and other extreme market events by automatically spinning up tens of thousands of nodes momentarily and then taking them offline, “without generally being aware of it until after it's happened and we review the logs.”

No comments: