We are living in unprecedented times. The COVID-19 pandemic has impacted the lives of people around the world and changed the way we go about our daily lives. Here at Microsoft, we’re constantly asking ourselves what we can do to support people during this challenging time. To me, the most important thing to remember is that we’re all living and learning through this together.
I have previously stated that I believe gaming has a unique power to bring people together, to entertain, to inspire and connect us, and I believe that’s even more true under these unique circumstances. Many are looking to gaming to remain connected with their friends while practicing social distancing, and we are seeing an unprecedented demand for gaming from our customers right now.
With hundreds of millions of kids at home due to coronavirus-related school closures more kids are going online to spend time with their friends, explore online worlds and learn through play. Families are trying to navigate the need to help their children with distance learning and balance that with taking time to have fun. That’s why we announced today that we are adding a new Education category to the Minecraft Marketplace with free educational content players and parents can download.
The educational content we’ve curated lets players explore the International Space Station though a partnership with NASA, learn to code with a robot, visit famous Washington D.C. landmarks, find and build 3D fractals, learn what it’s like to be a marine biologist, and so much more. This is launching for free download today and will be available through June 30, 2020.
With so many turning to gaming, helping everyone stay safer online is also a top priority for us. This is why we provide family settings that help parents choose the screen time limits, content filters, purchase limits, communication and sharing settings that are right for their families. While kids may be home from school, family settings can help balance gaming with offline schoolwork and other responsibilities.
There are also some ways that we can bring brand-new players into the fold. For example, our Copilot feature can be especially helpful for children, new gamers or those who need unique configurations to play, allowing two controllers to play as if they were one.
We understand the important role gaming is playing right now to connect people and provide joy in these isolating and stressful times, and our teams are working diligently to ensure we can be there for our players. To that end, we are actively monitoring performance and usage trends to ensure we’re optimizing the service for our customers worldwide and accommodating for new growth and demand.
While these are unprecedented times we are living in, I have no doubt that we’ll come through this experience stronger than ever.
Oracle’s roots as an on-premises software company have made for a complicated and at times contradictory relationship with cloud computing over the last decade, and some say the company can’t afford to lose any more ground.
After all, in 2008, the software giant’s outspoken founder Larry Ellison mocked the very notion of the phrase, saying cloud amounted to a rebranding of existing technologies. Two years later, Ellison launched Exalogic, an application server appliance he dubbed “one big, honkin’ cloud.”
Oracle cloud beginnings and missteps
Prominent examples abound of Oracle’s efforts to lead the way in the Internet era, such as Ellison’s network computer offering from the mid- to late 1990s. It failed at the time, but foreshadowed the rise of products such as Chromebooks — stripped-down thin client computing devices that rely heavily on connections to the web.
More recently, Oracle — like IBM, Cisco and HPE — found itself outgunned in the cloud computing platform race by AWS and Microsoft. Oracle offers IaaS to customers, but has positioned it for more specialized tasks.
Last year, Ellison’s longtime head of product development, Thomas Kurian, decamped and turned up as CEO of Google Cloud. Published reports have it that Kurian left in part because Ellison was too reluctant to embrace partnerships with other cloud providers. That changed in June, when Oracle and Microsoft created a cloud interoperability pact.
Ellison has named no replacement for Kurian, and in fact has taken over the job at age 75. While Oracle seems to have settled on a long-term strategy for IaaS, and has had great success selling SaaS applications, Oracle’s challenge centers on PaaS — most specifically Oracle 19c, the latest version of its flagship database product.
The task at hand is to keep Oracle’s customer base wherever they want to be, whether on premises or on Oracle cloud, and to be competitive on price, as IT pros have more database options than ever before — particularly in open source.
Overall, Ellison’s tone and message to the OpenWorld conference attendees later this month will be critical.
“His last act had better be figuring the cloud out,” said John Rymer, an analyst at Forrester Research. “Cloud is that kind of moment for Oracle. If they don’t get this right, they don’t get to continue to play, and they become legacy.”
John RymerAnalyst, Forrester
Ellison, as always, is sure to use the company’s annual conference to sling arrows at competitors in an effort to boost Oracle in the cloud. The conference agenda shows that Oracle Cloud Infrastructure (OCI), Oracle’s next-generation IaaS, will play a prominent role through sessions, customer presentations and in a keynote showcasing new features.
But the star should be the Oracle database, with more than 200 OpenWorld sessions associated with it. Expect Ellison to have plenty to say about it on his own.
In part two of this story, we look back at events of the past 20 years that brought Oracle to its present position in the cloud computing market.
Been used a handful of times, can’t get my head around Mac OS sadly.
Pictures included below.
Looking for £670 plus whatever postage you want to do, with insurance. Collection also fine.
Price and currency: 670 Delivery: Delivery cost is not included Payment method: Paypal Location: Westcliff Advertised elsewhere?: Not advertised elsewhere Prefer goods collected?: I have no preference
______________________________________________________ This message is automatically inserted in all classifieds forum threads. By replying to this thread you agree to abide by the trading rules detailed here. Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:
Landline telephone number. Make a call to check out the area code and number are correct, too
Name and address including postcode
Valid e-mail address
DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.
The relationship between law enforcement and the infosec community can be cordial and cooperative at times. But it can also be confrontational and divisive, as in the debate surrounding backdoors in strong encryption for lawful access or the arrest of cybersecurity researcher Marcus Hutchins on charges of creating and selling malware.
In this Q&A conducted at Black Hat USA 2018, Amanda Rousseau, senior security researcher at Endgame Inc., a cyber operations platform vendor based in Arlington, Va., explained why the term “hacker” is unhelpful and how cybersecurity researchers find their way from being a script kiddie to putting on the white, black or gray hat.
Editor’s note: This interview is part two of a Q&A with Amanda Rousseau, and it has been edited for clarity and length.
What is your take on the apparent tensions between the cybersecurity researcher community and law enforcement or the government?
Amanda Rousseau: ‘Hackers’ is really a term for people that don’t know the industry. I don’t usually say ‘hacker,’ unless they don’t know what a security researcher is.
If I’m in my running group, and they ask me what I do for a living, I’m like, ‘Oh, I’m just an engineer — a security engineer.’ [And they ask,] ‘What’s that? It sounds boring.’ You know?
But even people that started out as a black hat or a gray hat hacker when they’re young usually transition to white hat when they get older. Back in the day — like ’80s, ’90s — that was the case. You can probably find someone and ask them, ‘Hey, did you ever download off of Pirate Bay before?’ … And they’ll probably say, ‘Yeah.’
But now, because they have that knowledge, they are the white hats of today helping out law enforcement, because, now that they’re older, they know it’s bad.
I mean, even with law enforcement, there’s a fine line between legal hacking and illegal hacking, right?
What is the best way to explain to those outside the community the nuance that comes with being a cybersecurity researcher?
Rousseau: I think that they’re marketing it wrong. They use Hollywood really heavily to show this cool hacker lifestyle. But there’s a whole other side to that. I see it in the military sense; I see it as my mission. It’s more like cyberwarfare to me — that it’s my duty to protect whoever I’m protecting from the digital threat. If you see it in a sense of being a protector or a blue-teamer, it’s much more approachable than the negative context of being a hacker, right?
And ‘hacker,’ in the dictionary, it was considered as a negative term. But in reality, it’s someone who thinks outside the box, finds the bad thing and then tells people how to fix that. And it’s hard to explain that to people who are not in it. But I think if you explain it in military terms, it’s much more easy to consume.
If you’re going after someone’s assets, you want to protect those assets as the guard. But you have to actively monitor what’s going on and then fix it as you go. And that’s pretty much what we’re doing, [asking], ‘How can we think outside the box to protect ourselves?’ And, ‘Can we probe ourselves to make sure that we’re protected from ourselves, too?’ — which we call pen testing.
With the military analogy, the defensive part is pretty easy to explain. But could you expand on the offensive pen-testing angle?
Rousseau: There [are] two sides of that spectrum of people doing the offensive work so that the bad guys don’t actually do it. And [there are] the people who are defending, [who] build those infrastructures to protect it.
Somebody has to play the other side, but they can’t know anything about the other team. They have to figure it out during the exercise. And that’s where you evaluate whether or not your assets are protected, which we call ‘red versus blue.’
The analogy I like to use is my car analogy. You have a purse in your car or a bag, backpack, right? It’s out in the open; [the] bad guy sees it [and thinks], ‘I want that bag.’ He could just bust the window in and get it. And you’ll figure it out early, because the car alarm will go off, the window’s busted and your bag is stolen. So, you can immediately rectify the situation.
But because the bad guys are learning and getting smarter, they’re finding stealthier ways to get the bag out of the car without you knowing about it. Say, they figured out how to open the door through the rearview mirror by messing with the switches and unlocking the door. And instead of just taking up the whole bag, what they do is they put in a decoy bag so that you think that nothing is wrong until you look inside and there’s nothing in there.
It’s similar to protecting your assets. How do you know someone’s in your network if they’re being sneaky about it? You have to bubble up all of these alerts and logs in order to respond to it. And respond to an alert that makes sense.
In the Target breach, they didn’t know how to respond to the alert, because the alert was so vague that they didn’t do anything about it until it was too late. A lot of it comes in usability and scalability. Can I put it on 1,000 desktops? And can I manage it with one to two people?
If you think about it, there are more people trying to attack you than you can defend. So, the whole science around all of these vendor tools and everything is trying to make those two guys’ — that are doing blue team — lives much easier in protecting a huge company.
Rousseau: That’s common. I’ve been in breaches where they didn’t know it was in there for six months. [The attackers] kept coming back in and stealing more, coming back in and stealing more. And they found out they came in from a previous breach, so there were multiple people in the same network stealing.
They thought that they were covered. Their internal team, they had these certain [security] tools, but they weren’t actively looking. When they did log analysis, they were manually printing them out and analyzing the logs one by one, thinking that they would catch something. But scaling-wise, you really can’t do that.
It comes down to data science to bubble up the things that are anomalies and are important. With all of these cloud servers and data all over the place, there’s so much information on the internet that you’ve got to be able to scale to that level.
Even now, I’m having trouble going over just 1,000 samples an hour. I can’t make copies of myself. But I can make code that can do my job.
There [are] not enough people in the industry that do these technical jobs. That’s why I try to give back to the reverse-engineering community as much as I can — doing workshops and talks like this and different code — because I know how hard it is. It took me forever to get to where I am. I didn’t have those types of resources growing up; I just had to sit there and figure it out.
Even the trainings that people come out of the military with, or the DOD [Department of Defense], or law enforcement, they’re forced to get some trainings, but some of them are not up to par of today. I think Black Hat is probably the closest you’re going to get to training that people actually use.
How do we scale training and education to create the next generation of cybersecurity researchers?
Rousseau: That’s a big question that I might not be able to solve.
Slowly, but surely. You look at how big this conference is now and how big DEFCON is and all the other conferences, how big RSA is. There [are] all these little tiny conferences spinning up, and we’re all sharing information, but we have to compete with all the other careers out there, like medicine and finance.
There are so many BSides out there that try to cater to people local in the area, like Minnesota, Chicago, the Midwest, pretty much. So, they’re trying, but the content has to be there, too. Everyone can do technical work, but not everyone can teach. That’s another thing.
If they don’t know their audience, it’s going to be intimidating to people, and they’re going to lose them through teaching it. That’s why you have to provide more opportunities for different learning styles. I’m a visual learner; if you don’t have slides up, I’m not going to absorb anything. Or, [some] people just like to listen; [some] people like to read.
It’s kind of a balance of who can actually learn the material, and who’s passionate about it. When I was young, I was going for art. And I didn’t know I would be really good in this field until I took a class. So, you never know what you’re good at until you actually try it.
Times may be changing for diplomatic relations between North Korea and the U.S., but the threat of North Korean hacking still looms.
This week’s summit between President Donald Trump and North Korean leader Kim Jong Un could lead to improved relations between the two countries and a possible denuclearization plan for North Korea. However, it’s unclear what impact, if any, the summit may have on nation-state cyberattacks coming from the country. According to various reports from the summit, the talks between Kim and Trump did not include any provisions concerning cyberattacks, and several cybersecurity companies have said there is evidence that North Korean hacking attacks may be ramping up this year.
Priscilla Moriuchi, director of strategic threat development at Recorded Future, a threat intelligence provider based in Somerville, Mass., told SearchSecurity that while Kim’s regime wants to increase the country’s role in the international community, there’s no indication the government has curbed its hacking efforts.
In fact, she said there are signs that the opposite may be occurring.
“What we can say from looking at the data is that there are two stories: the data story, which shows us that North Korea increasingly cares about being monitored and watched, and that they are taking measures to hide their activity online; and the diplomacy story, where it’s telling the rest of the world that it’s ready to denuclearize and be more transparent,” Moriuchi said. “And the two stories just don’t match up.”
Recorded Future published research in April that showed a massive increase in anonymization of North Korean internet activity. “We conducted the research back in July, and we saw, for example, that less than 1% of all web browsing activity was anonymized — they didn’t even use HTTPS most of the time, let alone [virtual private networks (VPNs)],” she said, either because they didn’t care about hiding activity or because they didn’t know they could anonymize traffic. “But six months later, it was a completely different story — there was about a 12,000% increase in anonymization services and technology.”
Recorded Future issued another report last week detailing an increasingly large presence of U.S. technology in North Korean networks and usage by North Korean leadership, despite economic sanctions that prevent such trade. Moriuchi said North Korea has “professionalized sanctions evasion” over the last three-plus decades and found various ways to exploit weaknesses in U.S. export controls.
“We think this is a problem for two reasons. First, there are gaping holes in U.S. export control regime, and they’re being exploiting by this rogue nation,” she said. “Second, the U.S. government doesn’t want U.S. technology being used in cyberattacks from North Korea to harm businesses and government agencies.”
If Kim agrees to a denuclearization plan, there may be less incentive for the government to drops its hacking operations. Ross Rustici, senior director of intelligence services at Boston-based threat detection vendor Cybereason, believes North Korea’s hacking operations are a crucial bargaining chip for Kim and also present a unique threat to the Trump administration.
“North Korea currently lacks many options to force the U.S. into working inside a START [Strategic Arms Reduction Treaty] framework. Almost all of its military and foreign policy capabilities are defensive at this point,” Rustici wrote in a research post last month, prior to the summit. “The one exception is its cyberprogram. And, unfortunately, this is one domain where North Korea can impact the Trump brand in a way that it could not against any other President.”
Several vendors have reported increased sophistication and capabilities from suspected North Korean hacking groups this year. For example, Dragos Inc., a security firm based in Hanover, Md., that specializes in industrial control systems (ICS), published a threat report on a group it calls Covellite, which the company said uses malware and infrastructure similar to Hidden Cobra.
Dragos noted that Covellite, which had targeted U.S. organizations in the past, had recently abandoned North American companies and focused its attacks on European and Asian companies. Dragos also said that while Covellite lacks ICS-specific capabilities at this time, the group’s “rapidly improving capabilities, and history of aggressive targeting” made it a primary threat to the ICS industry.
In addition to Hidden Cobra, FireEye earlier this year reported that another North Korean hacking group known as APT37 had demonstrated increased capabilities, including the use of an Adobe Flash zero-day vulnerability in attacks on South Korean targets. “Our analysis of APT37’s recent activity reveals that the group’s operations are expanding in scope and sophistication, with a toolset that includes access to zero-day vulnerabilities and wiper malware,” FireEye wrote, adding it has “high confidence” that the group is working on behalf of the North Korean government.