Tag Archives: they’ve

Meltdown and Spectre malware discovered in the wild

Chip makers have said they’ve seen no evidence the Meltdown and Spectre vulnerabilities have been exploited to steal customer data, but those days of relative comfort may be coming to an end.

Researchers at AV-TEST, an independent organization that tests antimalware and security software, announced this week they had discovered 139 samples of malware that “appear to be related to recently reported CPU vulnerabilities.” While the good news is that most of the malware samples appear to be based on previously published proof-of-concepts from security researchers, the bad news is that AV-TEST’s latest findings show the number of unique samples has risen sharply in recent weeks.  

The organization had previously reported the discovery of 77 unique samples of Meltdown and Spectre malware on January 17. At that time, AV-TEST said via Twitter that all identified samples were “original or modified PoC code” and that the majority of the samples were for Spectre rather than Meltdown. AV-TEST posted another update on Jan. 23 showing the unique malware samples had risen to 119.

After analyzing most of those samples, Fortinet’s FortiGuard Labs published a report Tuesday saying it was “concerned” about the potential of Meltdown and Spectre malware attacking users and enterprises.

“FortiGuard Labs has analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected [by AV-TEST], and determined that they were all based on proof of concept code,” the research team wrote. “The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us.”

Fortinet also released several antivirus signatures to help users defend against the Meltdown and Spectre malware samples. But detecting other exploits related to these chip vulnerabilities could prove extremely difficult. While Intel and AMD have said there is no evidence the flaws have been exploited in the wild, the researchers who discovered the chip vulnerabilities say it’s “probably not” possible for organizations or users to tell whether Meltdown and Spectre have been used against them.

“The exploitation does not leave any traces in traditional log files,” according to an FAQ on the Meltdown and Spectre research site.

Defending against possible Meltdown and Spectre malware has been further complicated by patch issues. Intel recently announced it was pulling its microcode updates for the chip vulnerabilities because of reboot problems on systems running Intel’s Broadwell and Haswell processors. Microsoft later issued an out-of-band patch that disabled Intel’s update for variant 2 of the Spectre vulnerability, which involves branch target injection.

AWS Cloud9 IDE threatens Microsoft developer base

As cloud platform providers battle for supremacy, they’ve trained their sights on developers to expand adoption of their services.

A top issue now for leading cloud platforms is to make them as developer-friendly as possible to attract new developers, as both Microsoft and Amazon Web Services have done. For instance, at its re:Invent 2017 conference last month, the company launched AWS Cloud9 IDE, a cloud-based integrated development environment that can be accessed through any web browser. That fills in a key missing piece for AWS as it competes with other cloud providers — an integrated environment to write, run and debug code.

“AWS finally has provided a ‘living room’ for developers with its Cloud9 IDE,” said Holger Mueller, an analyst at Constellation Research in San Francisco. That fills a void for AWS as it competes with other cloud providers — especially Microsoft, which continues to extend its longtime strengths of developer tools and relationships with the developer community into the cloud era.

Indeed, for developers that have grown up in the Microsoft Visual Studio IDE ecosystem, Microsoft Azure is a logical choice as the two have been optimized for one another. However, not all developers use Visual Studio, so cloud providers must deliver an open set of services to attract developers. Now, having integrated the Cloud9 technology it acquired last year as the Cloud9 IDE, AWS has an optimized developer platform of its own.

AWS Cloud9 IDE adoption 

“There is no doubt we will use it,” said Chris Wegmann, managing director of the Accenture AWS Business Group at Accenture. “We’ve used lots of native tooling. There have been gaps in the app dev tooling for a while, but some third parties, like Cloud9, have filled those gaps in the past. Now it is part of the mothership.”

Forrester analyst Michael FacemireMichael Facemire

With the Cloud9 IDE, AWS offers developers an IDE experience focused on their cloud versus having them use their top competitor’s IDE with an AWS-focused toolkit, said Rhett Dillingham, an analyst at Moor Insights & Strategy in Austin, Texas.

“[They] are now providing an IDE with strong AWS service integration, for example, for building serverless apps with Lambda, as they build out its feature set with real-time paired-programming and direct terminal access for AWS CLI [command-line interface] use,” he said.

That integration is key to lure developers away from their familiar development environments.

“When I saw the news about the Cloud9 IDE I said that’s great, there’s another competitor in this market,” said Justin Rupp, systems and cloud architect at GlobalGiving, a crowdfunding organization in Washington, D.C. Rupp uses Microsoft’s popular Visual Studio Code tool, also known as VS Code, a lightweight code editor for Windows, Linux and macOS.

The challenge for AWS is to attract developers that already like the tool they’re using, and that’ll be a tall order, said Michael Facemire, an analyst at Forrester Research in Cambridge, Mass. “I’m a developer myself and I’m not giving up VS Code,” he said.

That’s been the knock against AWS, that they provide lots of cool functionality, but no tooling. This starts to address that big knock.
Michael Facemireanalyst, Forrester Research

For now, Cloud9 IDE is a “beachhead” for AWS to present something for developers today, and build it up over time, Facemire said. For example, to tweak a Lambda function, a developer could just pull up the cloud editor that Amazon provides right there live, he said.

“That’s been the knock against AWS, that they provide lots of cool functionality, but no tooling,” Facemire said. “This starts to address that big knock.”

Who is more developer-friendly?

AWS’ reputation is that it’s not the most developer-friendly cloud platform from a tooling perspective, which hardcore, professional developers don’t require. But as AWS has grown and expanded, it’s become friendlier to the rest of the developer community because of its sheer volume and consumability. And the AWS Cloud9 IDE appeals to developers that fit in between the low-code set and the hardcore pros, said Mark Nunnikhoven, vice president of cloud research at Dallas-based Trend Micro.

“The Cloud9 tool set is firmly in the middle, where you’ve got some great visualization, you’ve got some great collaboration features, and it’s really going to open it up for more people to be able to build on the AWS cloud platform,” he said.

Despite providing a new IDE to its developer base, AWS must do more to win their complete loyalty.

AWS Cloud9 IDE supports JavaScript, Python, PHP and more, but does not have first-class Java support, which is surprising given how many developers use Java. Secondly, Amazon chose to not use the open source Language Server Protocol (LSP), said Mike Milinkovich, executive director of the Eclipse Foundation, which has provided the Eclipse Che web-based development environment since 2014. Eclipse Che supports Java and has provided containerized developer workspaces for almost two years.

AWS will eventually implement Java support, but it will have to do it themselves from scratch, he said. Instead, if they had participated in the LSP ecosystem, they could have had Java support today based on the Eclipse LSP4J project, the same codebase with which Microsoft provides Java support for VS Code, he said.

This proprietary approach to developer tools is out of touch with industry best practices, Milinkovich said. “Cloud9 may provide a productivity boost for AWS developers, but it will not be the open source solution that the industry is looking for,” he said.

Constellation Research’s Mueller agreed, and noted that in some ways AWS is trying to out-Microsoft Microsoft.

“It’s very early days for AWS Cloud9 IDE, and AWS has to work on the value proposition,” he said. “But, like you have to use Visual Studio for Azure to be fully productive, the same story will repeat for Cloud9 in a few years.”

For Sale – Apple 12″ MacBook & Sleeve – 4 weeks old

We recently bought my folks a laptop as a present but have since found out they’ve bought one themselves and not mentioned it… Unfortunately we missed the 14 day grace period for Apple returns.

Its been turned on, setup, put away for their visit… before being opened up and the OS reinstalled following their revelation that they didn’t need it after all. #ungrateful

Details are:

  • 12″ Apple MacBook (A1534) in Space Grey
  • Bought September 2017 from Apple Store
  • 8GB RAM
  • 256GB HDD
  • Intel Iris 615 Graphics
  • 11 months of AppleCare Warranty
  • As-new condition
  • Boxed as-new with all cables etc
  • Black InCase Icon Sleeve

Postage is included – will be insured, 48 hour delivery within the UK.

Price and currency: £900
Delivery: Delivery cost is included within my country
Payment method: Paypal (can send invoice) or Bank Transfer
Location: Edinburgh
Advertised elsewhere?: Yes. I have also listed it on Gumtree
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple 12″ MacBook & Sleeve – 4 weeks old

We recently bought my folks a laptop as a present but have since found out they’ve bought one themselves and not mentioned it… Unfortunately we missed the 14 day grace period for Apple returns.

Its been turned on, setup, put away for their visit… before being opened up and the OS reinstalled following their revelation that they didn’t need it after all. #ungrateful

Details are:

  • 12″ Apple MacBook (A1534) in Space Grey
  • Bought September 2017 from Apple Store
  • 8GB RAM
  • 256GB HDD
  • Intel Iris 615 Graphics
  • 11 months of AppleCare Warranty
  • As-new condition
  • Boxed as-new with all cables etc
  • Black InCase Icon Sleeve

Postage is included – will be insured, 48 hour delivery within the UK.

Price and currency: £975
Delivery: Delivery cost is included within my country
Payment method: Paypal (can send invoice) or Bank Transfer
Location: Edinburgh
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Announcing… MINECON Earth

For the past few years we’ve hosted MINECONs throughout the world, and they’ve been great! We’re extremely proud of how our annual conference has evolved since the first one back in Las Vegas, and would like to thank every attendee for taking some time out to join us.

But this year we’re switching it up! The Minecraft community is still growing, and there’s only a certain number of players we can host while keeping the friendly, intimate community atmosphere that’s made previous MINECONs so special.

With that in mind, we’re pleased to announce MINECON Earth – an interactive show that will take the best bits of our previous events and incorporate them into a condensed show dedicated to all things Minecraft! It’ll be free to watch and showing on all kinds of popular streaming websites this November.

For more on MINECON Earth, pay a visit to our fancy new page and watch the announcement video above. We’ll be sharing more details soon, including some of the ways you can get involved to make MINECON Earth more special, so watch this space!

Wasabi Technologies takes on Amazon S3 on price, performance

Daring businesses to switch from Amazon to a company they’ve never heard of for cloud storage is a bold challenge. But Wasabi Technologies’ founders were so encouraged by its product launch that they raised another $10.8 million to fund a second data center.

Wasabi CEO David Friend said he expected the free trial of 1 TB for 30 days to attract a few dozen prospects when it became available on May 3. When more than 500 signed up, the Boston-based startup had to waitlist new subscribers until the week of May 17 to keep up with the server capacity demand.

Friend said about 80 users have converted to paying customers, and Wasabi boosted the available storage capacity at its leased data center space in Ashburn, Va., from about 7 PB to more than 20 PB to stay 90 days ahead of demand.

Those customers are likely lured mostly by Wasabi’s claims that its cloud storage is significantly cheaper and faster than Amazon’s Simple Storage Service (S3). They may also find it encouraging that Wasabi founders Friend and CTO Jeff Flowers also started Carbonite, an early successful cloud storage player for consumers and small and medium-sized businesses.

Wasabi CEO David FriendDavid Friend

The founders also likely learned a few things from Flowers’ post-Carbonite efforts to build on-premises cold data storage for financial and security firms and service providers. Storiant, initially known as SageCloud, raised $14.8 million in equity and debt between August 2012 and May 2015. But Storiant shut down operations in November 2015 and sold off its intellectual property for a mere $90,000.

“They were selling hardware systems and ended up competing with EMC, Dell and HP, which I thought was a mistake,” said Friend, who was CEO and later executive chairman at Carbonite, as well as a director on Storiant’s board.

Wasabi Technologies raises $8.2 million in 2016

In 2016, Friend, Flowers and Storiant’s founding engineers shifted their focus back to public cloud storage at BlueArchive, now called Wasabi Technologies. The startup raised $8.2 million over two rounds in 2016 to get started.

Has Wasabi built a better mousetrap when people don’t realize they have a mouse problem? Or, is this a real issue?
Stu Minimansenior analyst, Wikibon

Wasabi added $10.8 million through a convertible note that will become equity when the company decides to raise a Series B round of funding. That will help finance the West Coast expansion to a colocation facility in San Jose, Calif., or Seattle, according to Friend. That would allow Wasabi to add automatic replication across multiple geographies for compliance, and to mitigate the risk of having all customer data in a single data center. Wasabi is also investigating expansion into Europe, a prospect that Friend said he hadn’t planned to pursue until next year.

“I’m a cautious, conservative kind of guy, and I don’t like just spending money without knowing what I’m going to get for it. But at this point in time, the market is almost limitless for this,” Friend said. “Every day, new opportunities show up at the company for amounts of storage that are more than we had in our whole second-year projection. If any of these big deals start to come in our direction, it’s going to be pretty impressive.”

Speed ‘blows people away’

Friend said the speed at which Wasabi’s software can read and write data is “what really blows people away.” It offers performance that he said is generally achievable only at higher cost with on-premises data center hardware. He said the Wasabi software takes control of disk write heads and packs data onto storage drives more efficiently and at higher speed than Linux or Windows operating systems can.

“We get our speed by parallelizing. The speed comes from breaking the data up and reading it and writing it simultaneously to many drives at the same time,” Friend said. He added that the data is distributed with sufficient redundancy to enable 11 nines of data durability, as Amazon does.

Friend said Wasabi keeps costs low by buying directly from hard disk drive (HDD) manufacturers at about the same price as Amazon does in the low-margin HDD business. He said Wasabi’s technology also enables longer disk life.

Wasabi charges a flat 0.39 cents per GB per month for storage and 4 cents per GB for egress. Competing public clouds vary prices based on the amount of data stored or transferred, the type of storage service — such as cold or nearline — and the requests made, such as puts and gets.

“Our vision is that cloud storage is going to become a commodity that’s out there for everybody to use. You don’t need three plugs in the wall for good electricity, so-so electricity and crappy but cheap electricity. You don’t need all these different kinds of storage as well,” Friend said.

Wasabi vs. Amazon S3 and Glacier

Friend said he expects most potential customers to compare Wasabi to Amazon S3. But one trial participant, Phoenix-based WestStar Multimedia Entertainment Inc., pitted Wasabi against Amazon’s colder, cheaper Glacier, Backblaze and Google Coldline in addition to Amazon S3, Microsoft Azure Backup and Rackspace.

WestStar vice president of information technology Chris Wojno said his company had a pressing need to back up more than 26 TB of video with an estimated data growth rate of 2.7 TB per month. WestStar produces The Kim Komando Show, a syndicated digital lifestyle radio program, and operates a multimedia website.

Wojno calculated costs based on storing 39 TB of data and found Wasabi had the lowest per-month price per GB. If he chose Wasabi, his per-month cost would be $3,747.90 less than Rackspace, $1,590.80 less than Azure Backup, and $744.90 less than Amazon S3. The price differential was far less over Google Coldline ($120.90), Backblaze ($42.90) and Glacier ($3.90), according to his spreadsheet analysis.

Wojno also weighed the data recovery cost for 39 TB of backed-up video in the event of a disaster. Backblaze was least expensive at $780, compared to $1,560 for Wasabi and $3,900 for Glacier. But Wojno figured Blackblaze’s higher per-month storage fee than Wasabi would negate the savings.

Based on Wojno’s calculations, WestStar selected Wasabi Technologies for cloud storage. Wojno admitted he would have been suspicious of the new company had he not been familiar with Friend through his work at Carbonite, a former sponsor of the radio show. Komando, an owner of WestStar, last month invested in Wasabi after her company became a paying customer.

Wojno said WestStar spent about two weeks backing up 26.5 TB of video over a 200 Mbps connection with backup software from Wasabi partner CloudBerry Lab. He noted that WestStar received a complimentary CloudBerry license for his participation in a webinar with the vendors.

Friend said migrating data through transfer to a storage appliance, such as Amazon Web Services (AWS) Snowball, and transport by truck to the cloud storage provider is “an idea whose time has come and gone.”

“It’s much cheaper to go and put in a 10 Gigabit [Ethernet] pipe for a month, move your data and then shut it off, assuming you’re in a metropolitan area where such things are available,” Friend said.

AWS remains a formidable Goliath

Stu Miniman, a senior analyst at Wikibon, said Wasabi faces a stiff challenge against Amazon, the clear No. 1 cloud storage player. He said Amazon could lower costs as it has done in the past, or improve performance to respond to any perceived threat. Plus, he hasn’t heard many public cloud users complaining that storage is a problem.

“Has Wasabi built a better mousetrap when people don’t realize they have a mouse problem? Or, is this a real issue?” Miniman said.

Miniman said users might look to the free 30-day trial for new applications. He said the question is how long they’ll stick with the service over the long haul, especially if the initial application runs for only a limited time.

Opportunities with AWS customers

Friend said Wasabi Technologies is going after AWS customers who want to save money on their long-term data storage or keep a second copy of their data with a different cloud provider. Wasabi provides a free tool that customers can install in Amazon Elastic Compute Cloud (EC2) to copy their S3-stored data to Wasabi automatically.

Friend said, thanks to Wasabi’s S3 compatibility, organizations using EC2 to host applications could leave the applications there and move data to Wasabi’s data center via Amazon’s Direct Connect, rather than store it in Amazon S3. He said Wasabi does not compete against Amazon’s Elastic Block Storage, which he said is designed for fast-moving data that doesn’t stay in memory long.

Friend said Wasabi uses immutable buckets to protect data against accidental deletion, sabotage, viruses, malware, ransomware or other threats. Customers can specify the length of time they want a data bucket to be immutable.