Tag Archives: Most

Notre Dame uses N2WS Cloud Protection Manager for backup

Coinciding with its decision to eventually close its data center and migrate most of its workloads to the public cloud, the University of Notre Dame’s IT team switched to cloud-native data protection.

Notre Dame, based in Indiana, began its push to move its business-critical applications and workloads to Amazon Web Services (AWS) in 2014. Soon after, the university chose N2WS Cloud Protection Manager to handle backup and recovery.

Now, 80% of the applications used daily by faculty members and students, as well as the data associated with those services, lives on the cloud. The university protects more than 600 AWS instances, and that number is growing fast.

In a recent webinar, Notre Dame systems engineer Aaron Wright talked about the journey of moving a whopping 828 applications to the cloud, and protecting those apps and their data.  

N2WS, which was acquired by Veeam earlier this year, is a provider of cloud-native, enterprise backup and disaster recovery for AWS. The backup tool is available through the AWS Marketplace.

Wright said Notre Dame’s main impetus for migrating to the cloud was to lower costs. Moving services to the cloud would reduce the need for hardware. Wright said the goal is to eventually close the university’s on-premises primary data center.

“We basically put our website from on premises to the AWS account and transferred the data, saw how it worked, what we could do. … As we started to see the capabilities and cost savings [of the cloud], we were wondering what we could do to put not just our ‘www’ services on the cloud,” he said.

Wright said Notre Dame plans to move 90% of its applications to the cloud by the end of 2018. “The data center is going down as we speak,” he said.

We looked at what it would cost us to build our own backup software and estimated it would cost 4,000 hours between two engineers.
Aaron Wrightsystems engineer, Notre Dame

As a research organization that works on projects with U.S. government agencies, Notre Dame owns sensitive data. Wright saw the need for a centralized backup software to protect that data, and found N2WS Cloud Protection Manager through AWS Marketplace. Wright could not find many good commercial options for protecting that cloud data.

“We looked at what it would cost us to build our own backup software and estimated it would cost 4,000 hours between two engineers,” he said. By comparison, Wright said his team deployed Cloud Protection Manger in less than an hour.

Wright said N2WS Cloud Protection Manager rescued Notre Dame’s data at least twice since the installation. One came after Linux machines failed to boot after application of a patch, and engineers restored data from snapshots within five minutes. Wright said his team used the snapshots to find and detach a corrupted Amazon Elastic Block Store volume, and then manually created and attached a new volume.

In another incident, Wright said the granularity of the N2WS Cloud Protection Manager backup capabilities proved valuable.

“Back in April-May 2018, we had to do a single-file restore through Cloud Protection Manager. Normally, we would have to have taken the volume and recreated a 300-gig volume,” he said. Locating and restoring that single file so quickly allowed him to resolve the incident within five minutes.

Vendors vie for a piece of the SD-WAN market share pie

Most industry watchers still consider the software-defined WAN market an emerging one. This makes sense, given SD-WANs currently account for only a small percentage of enterprise networks. There are signs SD-WAN market share is increasing and maturing, however. The first is the recent merger-and-acquisition activity: Cisco acquired Viptela, and VMware scooped up VeloCloud. The other sign is the vendor landscape has started to settle down, with a few clear leaders in the pack.

Recently, Cliff Grossner, senior research director of cloud, data center and SDN at London-based IHS Markit, released his data center networking equipment quarterly market tracker for the first quarter of 2018. This report covers a wide variety of technology, including SD-WAN.

Editor’s note: The IHS report referenced in this article focused on the SD-WAN vendors that sell SD-WAN appliances and accompanying control and management software to gain revenue, excluding those that offer subscription licensing or software-only approaches. The total SD-WAN market share for the first quarter of 2018 reached $162.1 million.

VMware-VeloCloud and Aryaka battle for the top

The most notable point in the IHS report is a two-horse race is emerging. This quarter showed VMware-VeloCloud with 19% of SD-WAN market share — the same it had in the fourth quarter of 2017. In the meantime, Aryaka — an SD-WAN provider with its global private network — moved to 18%, up 1% from last quarter.

With only 1% separating the two, VMware and Aryaka are now neck and neck for market leadership. It would be easy to assume VMware’s size and channel would allow it to break away from the competition, but VMware has stumbled in networking since it acquired SDN vendor Nicira. The company wisely left the VeloCloud brand in place, as it was one of the premier names in the SD-WAN space.

Aryaka has a solid grip on the No. 2 spot in the SD-WAN market and has a chance to jump into the top spot if VMware-VeloCloud stumbles with any integration challenges. Aryaka has a unique offering that uses its global private network instead of the public internet, making it the product of choice for global companies.

One of the perceived advantages of SD-WAN is its use of internet connectivity for transport. This might work when connecting from New Jersey to Chicago, but a global company that needs to make a Dubai-to-Seattle video call will experience much better quality riding Aryaka’s private network, compared with making a bunch of internet jumps. In his report, Grossner pointed out that Aryaka customers have seen a significant performance boost for cloud-based applications, like Office 365.

Silver Peak and Cisco-Viptela vie for position

Expect to see this as a highly contested market over the next few years.

Silver Peak edged Cisco-Viptela out of the No. 3 spot in the SD-WAN market, with just under $1 million more than Cisco in first-quarter 2018 revenue. There’s no question Silver Peak has done a great job of making the pivot to SD-WAN from WAN optimization and is all-in on SD-WAN. Its EdgeConnect product lets customers move to a hybrid network, then quickly migrate to an all-broadband WAN. Most of Silver Peak’s revenue comes from enterprises, but it has been building a stronger book of business with service providers.

Cisco’s position in SD-WAN is curious, as its success with Viptela is bad for its Integrated Services Router (ISR) business unit — one of the largest revenue sources for the company. In the past, Cisco would have done everything in its power to fight the SD-WAN tide, but CEO Chuck Robbins is directing Cisco to be much more in tune with what customers want versus what Cisco wants customers to want. I believe Cisco will be willing to cannibalize its ISR base to win SD-WAN business. Currently, Cisco has only 12% of SD-WAN market share, but I expect it to be a major player over time.

These four vendors are the only ones with at least 10% of the SD-WAN market share, according to IHS. Outside of these four, the largest amount of revenue in Grossner’s numbers comes from the “other” category. I expect to see more consolidation in that area, with one of the current leading vendors — or perhaps another following behind — rolling up several smaller vendors to gain share.

For now, VMware remains in the top spot, with Aryaka nipping at its heels. Expect to see this as a highly contested market over the next few years. This should benefit customers, as the vendors will push each other on innovation and bring more features to market faster. The SD-WAN market is real, and it is showing signs of maturity, but don’t expect it to slow down.

Meet Surface Go, starting at $399 MSRP, it’s the smallest and most affordable Surface yet – Microsoft Devices Blog

Today, Microsoft announces Surface Go: the most portable and affordable Surface product yet.

Many of us play different roles throughout the day, moving from work or school to home and everywhere in between. Our team designs every Surface to adapt to that dynamic lifestyle, to strike a balance between performance and versatility, form and function. Our products don’t do just one thing because people don’t do just one thing.

We pioneered categories like the 2:1 to provide the mobility of a tablet with the performance of a laptop, inspiring new ways of creating. As you pursue your passions, connect with friends and family, and work with your team, the products you’re able to take on the go with you are the ones that can keep up with the huge range of things you want to accomplish. This is true whether you’re a parent and a product-maker like me or a student and amateur photographer like my daughter.

That’s the idea behind the design of Surface Go – our smallest, lightest, and most affordable Surface yet. When we designed this device, we had to ask ourselves what people want and need from a 10” Surface. The answers seem obvious – lightweight, productive, and accessible to more people. I’m pumped to introduce you to Surface Go, because it’s all those things, and so much more.

The power and connectivity in a device this small gives you the style and productivity Surface is known for in a more convenient package. At just 1.15 pounds and 8.3 mm thin, Surface Go packs portable performance into a 10” device. Starting at $399 MSRP, it represents a new entry point for the Surface family, while keeping the premium qualities that have come to define it.

Surface Go offers a stunning, custom-built high-resolution PixelSense Display that supports Surface Pen with 4096 levels of pressure sensitivity, low pen parallax, low latency, and precision for accurate note taking, drawing and computer-aided design. The custom calibrated 3:2 display is soft on your eyes while you’re working and vibrantly high-contrast when you want to watch videos, create art, or edit photos.

In portrait mode, the screen was designed to render the page to the scale of most school textbooks, and in landscape mode, it can render pages side by side as if you were holding a paperback book in hand. At the approximate size of a composition notebook, writing on the screen feels natural and intuitive.

Since my two youngest daughters have started using Surface Go, I see them watching movies, reading, and drawing on it every day. It’s the perfect device for them. And for me, whether I’m at home, in the office, or on a plane, putting my Surface Pen on the screen and letting my thoughts flow is a necessary step in my creative process. It’s how I work. It’s so easy to carry Surface Go with me so I can capture those moments, instantly.

Surface Go is small and mighty, giving you the performance you need to be productive. A device powered by the 7th Generation Intel Pentium Gold Processor 4415Y, in a fanless design, offering up to nine hours of battery. Our team worked closely with Intel to optimize power, performance, and battery for the most critical tasks people perform every day.

Being able to run Office apps on this device with its portability is one of the things that was critical to the experience we had in mind when we designed Surface Go – the productivity of having the apps you use for work and school with the flexibility to relax and read or watch a show on Netflix or Hulu.

Our new Surface Go Signature Type Cover is custom-made for Surface Go integrating design features that give the user the best typing experience possible, with ergonomic key pitch and exceptional key travel. It also has high precision tuning and Windows Precision Trackpad that supports five-point multi-finger gestures, and you can connect the new Surface Mobile Mouse to work the way that you want.

A built-in kickstand with full friction hinge that extends to 165 degrees helps you stay in your flow from tablet to studio mode, and a Windows Hello camera allows for familiar, quick, and secure sign-in using face recognition.

Surface Go also has the ports you need, including Surface Connect for charging and docking; USB-C 3.1 for data, video, and charging; a headphone jack; and a MicroSD card reader for storage expansion. All designed to help you be more productive whether you’re studying in a library, working on a plane, or sharing your content in a boardroom on a 4K monitor.

Surface Go with Wi-Fi will be available for pre-order tomorrow, July 10 in select countries*, with products beginning to hit shelves on August 2. We’re also happy to share that an LTE model will be arriving later this year.

For a family at home or on the move, an expert on the front line of a business interacting with customers, or a school that wants to provide its students with the most versatile tools for learning, this device offers a premium experience with incredible value.

Wherever the day takes you, and whatever unique tasks await you along the way, Surface Go moves with you.

Meet Surface Go, starting at $399 MSRP, it’s the smallest and most affordable Surface yet

Tweet This

*Availability:

Surface Go will be available for pre-order beginning on July 10 in the following markets, US, Canada, Australia, New Zealand, UK, Ireland, France, Germany, Austria, Belgium, Luxembourg, Netherlands, Switzerland, Denmark, Finland, Norway, Sweden, Poland, Italy, Portugal, and Spain.

In the coming weeks, Surface Go will be available for pre-order in Japan, Singapore, Korea, Taiwan, Malaysia, Thailand, Hong Kong, and in China with more markets to follow.

** To learn more join us on our Facebook page at 6AM PT on July 10. 

Updated July 10, 2018 7:37 am

The Gears Pro Circuit and Halo Championship Series Unite July 13-15 – Xbox Wire

This weekend, two of Xbox’s most legendary franchises converge in New Orleans for a unique, crossover esports event. From Friday, July 13 to Sunday, July 15 at the New Orleans Convention Center, Major League Gaming (MLG), The Coalition and 343 Industries will host simultaneous standalone tournaments for the Gears Pro Circuit and Halo Championship Series, where the best players from both franchises compete for separate, $250,000 prize pools.

Featuring hundreds of players, two main stages, multiple feature stations and two open brackets, the joint tournament is sure to feature non-stop spectacle for fans of both franchises. The competition kicks of this Friday at 4 p.m. PDT/2 p.m. CDT, streaming live on live.gearsofwar.com, Mixer.com/Halo, Twitch.tv/Halo, Twitter and Facebook. If you’re interested in attending in-person, spectator tickets are still available online or onsite during the event.

This Gears Pro Circuit event is one of the most anticipated in the program’s history. Ghost Gaming claimed their first Gears Pro Circuit title last month in Las Vegas, putting the entire scene on notice. Heavyweights OpTic Gaming and Echo Fox have both retooled their rosters in response, hoping to recapture their early-season dominance in New Orleans.

Coming off the million-dollar Halo World Championship 2018 Finals in Seattle, New Orleans marks the next chapter in the storied Halo esports legacy. As the first event of the new Halo Championship Series season, pro Halo squads are raring to get back onto the battlefield. Powerhouses like TOX Gaming and newly-crowned Splyce look to continue their run of dominance, but will have to contend with exciting variables like new settings, Forge maps and the introduction of Oddball in Halo 5: Guardians play. These new additions promise to add intrigue to a jam-packed New Orleans event, with new contenders looking to threaten the throne.

In addition to the main festivities, there will be a $5,000 Halo 5: Guardians Free-For-All tournament available for anyone on site in New Orleans at no extra cost. Registration will begin at 10 a.m. PDT/12 p.m. CDT on Saturday, July 14, with the final match played on main stage on Sunday, July 15. Whether you’re a spectator, Halo player or even a Gears player, you can register and enter the fray this weekend!

Players looking to jump into the action themselves can check out the Gears and Halo sale in the Microsoft Store from July 13-19, offering Gears of War 4 for $19.99, Halo 5: Guardians for $14.99 and a bundle featuring both titles for $34.99. Additionally, Gears players will have the chance to earn free in-game weapon skins throughout the weekend simply for tuning in and watching at live.gearsofwar.com.

Visit www.gears.gg and follow @EsportsGears on Twitter to keep up-to-date with Gears Pro Circuit. For all the latest on the Halo Championship Series, keep your browsers locked to Halo.gg and follow @HCS and @Halo on Twitter.

Researchers discover Android apps spying on users’ screens

The good news, according to academic researchers, is that your phone most likely isn’t secretly listening to your conversations. The bad news is that fears of Android apps spying on users aren’t totally unfounded.

Computer science researchers at Northeastern University in Boston conducted a massive study of 17,260 Android apps from the Google Play store, as well as third-party marketplaces AppChina, Mi.com and Anzhi. The study, which was published this week in a research paper titled “Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications,” found no evidence that apps were secretly enabling device microphones to record and exfiltrate audio data. However, the research team did find evidence of “several” Android apps spying on users by recording video and images of users’ screens.

“Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent,” the researchers wrote. “We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.”

The research team, which used a combination of static and dynamic code analysis, didn’t specify the number of Android apps found spying on users, but the paper did say it was “few” compared to the total number of apps reviewed. “On the one hand, this is good news: a very large fraction of apps are not abusing the ability to record media,” the researchers wrote. “On the other hand, it could also indicate that our analysis missed other cases of media leaks.”

The Northeastern University team cited several examples of popular apps that engaged in unauthorized recording of users’ screens, including GoPuff, a food delivery app. The researchers discovered the app sent captured video via the internet to a domain belonging to web analytics firm Appsee, and that the video recording could include personally identifiable information such as ZIP codes. The researchers said that Appsee’s software required no permissions to record the video and did not issue notifications to users.

The researchers noted that GoPuff was notified of the issue and has since removed the Appsee SDK from its iOS and Android apps and revised its privacy policy, which previously did not disclose any recording or exfiltration of video. The researchers also notified Google, which, according to the paper, said it “took the appropriate actions.” Google Play’s privacy policy requires that app developers disclose to users how their data is collected, shared and used.

Northeastern University’s “Panoptispy” research comes as Google has increased its efforts to curb potential Android app spying. The company previewed the security features of Android P, the newest version of the mobile OS, at the Google I/O conference in May. Android P will only grant access to device sensors such as microphones and cameras to apps in the foreground, preventing potentially harmful apps from running covertly in the background and using sensors to spy on users. However, that particular feature wouldn’t prevent apps like GoPuff from performing unauthorized video exfiltration.

In other news

  • A former employee of NSO Group Technologies, an Israeli company that specializes in spyware and iPhone hacking tools, has reportedly landed in hot water. According to an indictment, Israeli authorities claim an unnamed NSO employee stole the company’s Pegasus spyware product and tried to sell it for $50 million in cryptocurrency. According to reports, the indictment states the disgruntled employee began working for NSO last year as a senior programmer and was granted access to the company’s source code. The indictment also claims the employee posed as a hacker and tried to sell the Pegasus code to other hackers on the dark web; one potential buyer notified NSO of the matter, which investigated the individual with the assistance of law enforcement.
  • Computer scientists from the University of California, Irvine, published research regarding a new attack technique they call “Thermanator,” which records thermal residue on keyboard keys to determine users’ passwords and other sensitive information such as PINs. According to the researchers, a midrange thermal imaging camera could allow threat actors to observe and record keystroke. “Results show that entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as 1 minute after entry,” the research paper states. While attackers would need to have a clear view of a target’s keyboard, the researchers say the Thermanator attack shows that “using external keyboards to enter (already much-maligned) passwords is even less secure than previously recognized.”
  • A newly discovered update of malware descended from an old Trojan is now equipped with a downloader that can decide whether to mine cryptocurrencies or encrypt files for ransom on victim systems. Kaspersky Lab researchers Egor Vasilenko and Orkhan Mamedov wrote that the new version of the malware, which is related to the Rakhni family of ransomware that Kaspersky Lab uncovered in 2013, checks system attributes before downloading its malicious payload, specifically looking at whether there is a folder named %AppData%Bitcoin. If the folder is present, then the downloader selects the ransomware cryptor; “If the folder doesn’t exist and the machine has more than two logical processors, the miner will be downloaded. If there’s no folder and just one logical processor, the downloader jumps to its worm component,” to continue propagating the malware locally, the researchers wrote. The cryptomining malware mines for the Monero, Monero Original and Dashcoin cryptocurrencies.

For Sale – CPU water and air coolers

Having a clear out as managed to sell most of the desktops. Starting with some coolers

Intel stock £3
Arctic Freezer 13 £12
Cooler Master Hyper 212 EVO £15 SOLD LOCALLY

Corsair Hydro H80i £30
Corsair Hydro H70 £25 SOLD LOCALLY

Price and currency: 12
Delivery: Delivery cost is not included
Payment method: PPG BT
Location: Bristol
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – CPU water and air coolers

Having a clear out as managed to sell most of the desktops. Starting with some coolers

Intel stock £3
Arctic Freezer 13 £12
Cooler Master Hyper 212 EVO £15 SOLD LOCALLY

Corsair Hydro H80i £30
Corsair Hydro H70 £25 SOLD LOCALLY

Price and currency: 12
Delivery: Delivery cost is not included
Payment method: PPG BT
Location: Bristol
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – CPU water and air coolers

Having a clear out as managed to sell most of the desktops. Starting with some coolers

Intel stock £3
Arctic Freezer 13 £12
Cooler Master Hyper 212 EVO £15

Corsair Hydro H80i £30
Corsair Hydro H70 £25

Price and currency: 12
Delivery: Delivery cost is not included
Payment method: PPG BT
Location: Bristol
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Voice assistants present new challenges for call clarity

As consumers, most of us are familiar with voice assistants, such as Amazon Alexa and Google Assistant, to help us find information, make calls and order groceries using just our voices. In fact, a survey of 1,000 U.S. consumers found as owners of voice assistants become more familiar with their devices, they are “speaking more and clicking less.” For example:

  • Nearly 90% of respondents use their intelligent voice assistants every day.
  • Nearly 60% use them to accomplish tasks they previously would have done on their smartphones via typing and swiping.
  • Nearly one-quarter of respondents reported they were making more calls to businesses than they previously did. And 35% reported making more calls to friends and family with their virtual assistants.

Ease and convenience are two of the main factors driving the use of voice assistants to place phone calls, as the popularity of virtual assistants continues to rise among consumers and businesses. Consumers are increasingly using virtual assistants to place calls they would have previously done on their smartphones, tablets or landline telephones.

Despite many pundits forecasting voice is dead, it’s actually undergoing a modern renaissance and becoming more critical than ever — especially for businesses.

Voice assistants should initiate clear calls

Al Castle, vice president of product and engineering at FlowrouteAl Castle

Clear and reliable call quality — regardless of the device a caller may be using — is imperative for today’s businesses. Voice assistants can present unique challenges in terms of audio quality. Issues such as background noise or having multiple voices speaking concurrently can affect audio quality.

Being able to deliver reliable connectivity and strong audio quality when a call request is made through a virtual assistant can make or break a customer service interaction or an important sale, which places a direct correlation between call clarity and a company’s bottom line.

While many businesses have worked to make the customer service process faster, efficient and easier, customers usually want to interact with a live human when they have a personalized or complex customer service question. As this Forbes article noted, “While companies are using AI to address customers’ basic questions and requests, like a change of address or checking on a bank balance, it has not gone to the level of replacing people for handling higher-level questions.”

In this scenario, whether a phone-initiated query comes to a business from a landline or a virtual assistant, customers simply want their calls connected flawlessly. The call audio should be clear and strong, and the call shouldn’t drop during the interaction. Actual issue resolution becomes secondary if customers can’t reach a business in the first place, or if they can’t hear clearly during their call.

Ensure high-quality voice connections

In an age of voice assistants, smartphones and other intelligent devices, the role of voice and call quality is regaining its importance for businesses.

In an age of voice assistants, smartphones and other intelligent devices, the role of voice and call quality is regaining its importance for businesses. As consumers and businesses adopt smart speakers, this new technology will emerge as a viable alternative to traditional telephony devices.

Therefore, businesses should work closely with their communication service providers to ensure a clear, reliable and high-quality voice connection, regardless of the devices used today and in the future, as technology companies continue to innovate and offer new advancements for call connectivity.

Al Castle is vice president of product and engineering at Flowroute, a cloud-based communications provider based in Seattle.

Exactis leak exposes database with 340 million records

A marketing firm exposed records on most adults in the U.S., but experts weren’t surprised at the number of people affected and said the lesson should be about the depth of data gathered.

Marketing firm Exactis, a data company based in Palm Coast, Fla., exposed 340 million records — 230 million for individuals and 110 million for business customers — via a publicly accessible server, meaning anyone who knew where to look could have taken the data. Vinny Troia, security researcher and founder of NightLion Security, headquartered in St. Louis, Mo., discovered the potential Exactis leak and wrote on Twitter that he is working with the company to determine if anyone accessed the data. Exactis has since secured the server.

The data potentially exposed in the Exactis leak added up to 2 terabytes of information, including phone numbers, home and email addresses, but Bruce Silcoff, CEO of Shyft Network International, a cybersecurity company based in Barbados, said the Exactis leak is noteworthy “not only for the number of customers impacted, but also for the depth of compromised data.”

“It’s been reported that every record includes more than 400 variables of personal characteristics,” Silcoff wrote via email. “The reality is that we live in a digitized world and all our interactions on social channels are recorded, and this isn’t stopping anytime soon. The centralized storage of user information makes institutions like Exactis hacker bait. Never has there been such urgency nor opportunity to introduce a disruptive alternative to an antiquated system and solve an urgent global problem.”

Wired’s original report on the Exactis leak noted that the personal characteristics data could include information such as personal interests and habits, if the person smokes, has pets or the number, age and gender of the person’s children.

The reality is that we live in a digitized world and all our interactions on social channels are recorded, and this isn’t stopping anytime soon.
Bruce SilcoffCEO of Shyft

Troia told Wired that he found the Exactis leak with a simple Shodan search for ElasticSearch databases on publicly accessible servers in the U.S. While there is a huge trove of personal information, the dataset does not include Social Security numbers or credit cards, so experts said it would be more useful for social engineering.

Nico Fischbach, global CTO at Forcepoint, said the highly sensitive data in the Exactis leak “could be exploited by malicious actors to carry out a number of different types of attacks.”

“If an attacker combined this intel with data from the 2015 OPM breach, they could run human intelligencetype special operations attacks against cleared personnel. It’s also a huge asset to criminals using impersonation as a tool for phishing. Further, as 110 million of the records pertain to businesses, criminals could utilize the data for spear-phishing campaigns aimed at data exfiltration,” Fischbach wrote via email. “In the case of Cambridge Analytica, attackers had to ‘steal’ this type of profile data from Facebook, but, with Exactis, the data was publicly accessible on a server with weak or no authentication. This further underscores the need for enterprises to focus on knowing how their people interact with their data, have insight to risky activity and to think ahead on how vulnerabilities like this could be mitigated against, or prevented entirely.”

Ruchika Mishra, director products and solutions at Balbix, a cybersecurity company headquartered in San Jose, Calif., said this was likely a problem of Exactis not understanding the mindset of an attacker.

“There’s no doubt in my mind that Exactis knew exactly what type of information they had and the ramifications there would be if there was a breach,” Mischra wrote via email. “But the problem with most enterprises today is that they don’t have the foresight and visibility into the hundreds of attack vectors — be it misconfigurations, employees at risk of being phished, admin using credentials across personal and business accounts — that could be exploited.”

Robert Capps, vice president and authentication strategist for NuData Security, a behavioral biometrics company based in Vancouver, British Columbia, said “if U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is.”

“Unfortunately, breaches are here to stay, but government agencies, businesses, and organizations across the U.S. can protect users by applying a new authentication framework,” Capps wrote via email. “Multi-layered security solutions based on passive biometrics and behavioral analytics make this stolen information useless to cybercriminals, as they identify users based on their behavior instead of data such as names, last names, dates of birth, passwords, addresses, and more.”