A new service designed by white hat hackers has been launched and allows anyone to search for unsecured data stored on Amazon Web Services (AWS) servers.
The Buckhacker plug-in creates a Google-like search engine that is able to crawl through AWS servers, also called buckets, to find those that are incorrectly configured and potentially contain sensitive data exposed to the Internet.
It follows a stream of data leaks in the past year in relation to high profile companies that store customer and customer data on AWS servers without password protection, the content of which is accessible to anyone with the bucket address.
Accenture, WWE, AA, Dow Jones and even the US National Security Agency have been caught by misconfigured servers and have been criticized for failing to follow the most basic security protocols.
Typically, these discoveries were done by tripping research groups on a publicly accessible server. Buckhacker, however, claims to make the process much easier, allowing users to search AWS listings using the bucket name or filenames that can be associated with a business, although it maintains that this is to raise awareness rather than help potential hackers .
Although the tool is simple in design, it can collect the results and store them in a database so that other users can view it, the developer of the tool explained to Motherboard.
"The goal of the project is to increase familiarity with bucket security, too many companies have faced wrong permits on buckets in recent years," says BuckHacker's developer. "The project is still in a real super-alpha stage (there are several errors at the moment that we are trying to fix)."
The Buckhacker plug-in is certainly not the first of its kind, because tools such as AWSBucketDump already allow users to maliciously leak leaking AWS buckets, and some server addresses can be accessed via Google if a user knows what to look for. Buckerhacker is remarkable, however, because it is by far the most user-friendly tool that emerges.
"Given the availability of detection methods for attackers, it is essential that the business infrastructure is not accessible to the public Internet as essential for corporate IT," says Mike Schuricht, VP product management at security company Bitglass.
The news of the tool coincided with the leak of 119,000 files from customers of courier company FedEx, including home and e-mail addresses, as well as driving license and passport data.
"FedEx is the latest in a laundry list of organizations with deep pockets and deep security resources that have fallen victim to this very elemental, yet critical error," added Schuricht.
Amazon unveiled in November that it introduced standard encryption for all new AWS servers, which would in theory prevent such leaks from occurring in the future. But the encryption function must be manually applied to every existing bucket, meaning that data stored on servers that a company is not aware of is still vulnerable.
IT Pro has contacted Amazon to see if it is aware of the new tool .
| Home | AWS Solution Architect Associate Exam Questions | AWS News | AWS Exam PDF |
Sunday, February 18, 2018
Sunday, February 11, 2018
What Small Business Owners Need to Know About AWS
Amazon Web Services (AWS) is not just for megacorporations. This may seem so, with companies like Netflix, Comcast, PG & E and other large entities hosting their data on Amazon.
But much of what AWS offers can also be used by small businesses looking for a way to offload the complexity of managing software or their own infrastructure. The benefits that such cloud offerings offer to large enterprises can also be used by small shops: cheap IT resources, the ability to scale quickly, and a platform-independent approach.
For those who, like me, spend more time in college learning the basics of civilization rather than software, it's useful to think of AWS in terms of what you can build. Browse a few videos and you'll hear a consistent theme: You can use AWS building blocks to create software or other solutions for a business.
Instead of having to buy local storage or manage the infrastructure, you can rent space on Amazon's servers. Because all the work is done online, you can use Amazon's capabilities in various sectors: financial services, digital marketing, media, business, healthcare and various other industries.
Although this is a widely used term, extensibility is really important here. Increasing the speed and efficiency of a project is a difficult task if you are a small team. With a service like AWS, such efforts are more enjoyable with development tools and the ability to outsource all the infrastructure and computing power to Amazon's cloud.
The machine always learns
The other major attraction of cloud computing providers is the work they do with artificial intelligence (AI). AWS, with Google Cloud and Microsoft Azure, is developing artificial intelligence APIs that companies can use to better understand their products.
AWS offers APIs for machine learning for your own development purposes. Amazon SageMaker is a more robust tool for developers and data scientists who want to use machine learning with their software. Even though this type of development work is higher than your payment level, it's very important to be aware of trends in cloud usage, as the world is moving more towards AI and automation.
Companies will increasingly use the Internet of Things to better understand customer behavior. Such computational possibilities will mean that more industries will engage in how software and analytics will make a tangible difference in their business efforts.
If your business is new in the cloud, AWS may seem like a confusing starting point because Amazon has unveiled products at breakneck speed. Start with this visit if you are interested in a basic overview of the type of services offered. Amazon is also working in the productivity space with Amazon WorkDocs and Amazon Chime, a Skype competitor.
Just like the number of people who can not live without prime, Amazon wants to be as essential as a source of business. The software empire that builds it certainly makes it difficult to ignore.
But much of what AWS offers can also be used by small businesses looking for a way to offload the complexity of managing software or their own infrastructure. The benefits that such cloud offerings offer to large enterprises can also be used by small shops: cheap IT resources, the ability to scale quickly, and a platform-independent approach.
Everything is in the building blocks
For those who, like me, spend more time in college learning the basics of civilization rather than software, it's useful to think of AWS in terms of what you can build. Browse a few videos and you'll hear a consistent theme: You can use AWS building blocks to create software or other solutions for a business.
Instead of having to buy local storage or manage the infrastructure, you can rent space on Amazon's servers. Because all the work is done online, you can use Amazon's capabilities in various sectors: financial services, digital marketing, media, business, healthcare and various other industries.
Although this is a widely used term, extensibility is really important here. Increasing the speed and efficiency of a project is a difficult task if you are a small team. With a service like AWS, such efforts are more enjoyable with development tools and the ability to outsource all the infrastructure and computing power to Amazon's cloud.
The machine always learns
The other major attraction of cloud computing providers is the work they do with artificial intelligence (AI). AWS, with Google Cloud and Microsoft Azure, is developing artificial intelligence APIs that companies can use to better understand their products.
AWS offers APIs for machine learning for your own development purposes. Amazon SageMaker is a more robust tool for developers and data scientists who want to use machine learning with their software. Even though this type of development work is higher than your payment level, it's very important to be aware of trends in cloud usage, as the world is moving more towards AI and automation.
Companies will increasingly use the Internet of Things to better understand customer behavior. Such computational possibilities will mean that more industries will engage in how software and analytics will make a tangible difference in their business efforts.
If your business is new in the cloud, AWS may seem like a confusing starting point because Amazon has unveiled products at breakneck speed. Start with this visit if you are interested in a basic overview of the type of services offered. Amazon is also working in the productivity space with Amazon WorkDocs and Amazon Chime, a Skype competitor.
Just like the number of people who can not live without prime, Amazon wants to be as essential as a source of business. The software empire that builds it certainly makes it difficult to ignore.
Monday, February 5, 2018
Amazon Up 23.4% YTD on AWS Cloud Strength
Equities of e-commerce and cloud computing giant Amazon.com Inc. (AMZN
AMZN Amazon.com Inc. 1,390.00 -2.79%) are now 23.4% year-to-date (YTD), bringing the latest 12-month earnings of the share to as much as 72.8%, because the Street welcomes its growing dominance over the high margin segments. From Amazon's most promising companies, the leading public cloud platform Amazon Web Services (AWS) is a driving force behind the overwhelming bullish outlook of analysts. (See also: Amazon is ahead in competition with alphabet.)
Amazon's cloud business, with sales up 43% to $ 17.5 billion in 2017, is now the fifth largest business software provider in the world. AWS now accounts for about 10% of the total revenue of the Seattle-based retail giant, the company reported last week. In terms of revenue, the cloud activities of Amazon are just mentioned behind listed enterprise software vendors Microsoft Corp. (MSFT), International Business Machines Corp. (IBM), Oracle Corp. (ORCL) and SAP (SAP), which all detract from the retailer in the cloud space and lag behind AWS. The cloud segment of Amazon lowers SaaS market pioneer Salesforce.com Inc. (CRM) already, which has increased sales by 25% to $ 9.9 billion in the last 12 months.
Tech Giants struggle to compete with AWS
SAP, with sales in 2017 of $ 26.5 billion, could lose its position as the fourth largest business software company at AWS before the end of 2019, if the current growth figures of the companies continue. The German technology company achieved a 6% turnover last year, predicting the same growth rate in 2018. The Street expects AWS to peak 38% this year, according to FactSet.
Competing with AWS, consisting of a range of services such as databases, data analysis, productivity apps and raw computing, has proven to be a challenge for the world's largest technology companies. Some, including Cisco Systems Inc. (CSCO), have decided to throw the towel in the ring while others like VMware Inc. (VMW) believe that cooperation with Amazon is a better option.
AMZN Amazon.com Inc. 1,390.00 -2.79%) are now 23.4% year-to-date (YTD), bringing the latest 12-month earnings of the share to as much as 72.8%, because the Street welcomes its growing dominance over the high margin segments. From Amazon's most promising companies, the leading public cloud platform Amazon Web Services (AWS) is a driving force behind the overwhelming bullish outlook of analysts. (See also: Amazon is ahead in competition with alphabet.)
Amazon's cloud business, with sales up 43% to $ 17.5 billion in 2017, is now the fifth largest business software provider in the world. AWS now accounts for about 10% of the total revenue of the Seattle-based retail giant, the company reported last week. In terms of revenue, the cloud activities of Amazon are just mentioned behind listed enterprise software vendors Microsoft Corp. (MSFT), International Business Machines Corp. (IBM), Oracle Corp. (ORCL) and SAP (SAP), which all detract from the retailer in the cloud space and lag behind AWS. The cloud segment of Amazon lowers SaaS market pioneer Salesforce.com Inc. (CRM) already, which has increased sales by 25% to $ 9.9 billion in the last 12 months.
Tech Giants struggle to compete with AWS
SAP, with sales in 2017 of $ 26.5 billion, could lose its position as the fourth largest business software company at AWS before the end of 2019, if the current growth figures of the companies continue. The German technology company achieved a 6% turnover last year, predicting the same growth rate in 2018. The Street expects AWS to peak 38% this year, according to FactSet.
Competing with AWS, consisting of a range of services such as databases, data analysis, productivity apps and raw computing, has proven to be a challenge for the world's largest technology companies. Some, including Cisco Systems Inc. (CSCO), have decided to throw the towel in the ring while others like VMware Inc. (VMW) believe that cooperation with Amazon is a better option.
Sunday, January 28, 2018
AWS snaps up Sqrrl to strengthen threat detection, analytics
A recent Amazon acquisition is likely to lead to another tool to help AWS customers monitor the security of their sensitive data.
Sqrrl, a start-up for security, confirmed this week that it had been taken over by Amazon and would be integrated with AWS. The Cambridge, Massachusetts-based company has its roots in the NSA and focuses on threat detection, hunting and incident response, based on the growing trend of security analysis.
Rumors about the matter are circulating since December when it was reported by Axios. AWS did not publicly confirm the agreement, but this report indicates that the agreement was about $ 40 million. According to Prendergast, co-founder and CEO of Evident.io, a cloud security and compliance company in Pleasanton, the deal works well for Amazon because of the relatively low price and Sqrrl's experience with large sets of data. , California
"Sqrrl is a leading candidate for the integration of GuardDuty, Amazon's internal response and telemetry security team to provide customers with a threat warning," he said. "It seems a natural and logical process to offer and provide better security services over time."
GuardDuty, which became available last November, is the AWS threat detection service that provides alerts based on the intelligent assessment of its own network. Sqrrl can help improve this service with more advanced answers once the threats are detected.
The agreement comes a year after AWS took over a new start-up, Harvest.ai, whose team and alleged technology was used to build Amazon Macie. Macie, which was made available in August 2017, uses machine learning to recognize and keep sensitive data in Simple Storage Service (S3) and warns about abnormal behavior.
AWS touted the shared responsibility model long ago to ensure the safety of the underlying infrastructure, but this model forces its customers to lock everything they build on the AWS cloud. Over time, the company has added important security features, such as key management and identity federation, to make greater use of corporate IT services, not just startups and industries.
Over the past two years, AWS has added many security tools to address security issues and track data: Amazon Cloud Directory, Amazon Inspector, AWS Single Sign-On, AWS Shield, AWS IoT Device Defender, and Amazon GuardDuty. AWS has also updated some of its default settings to prevent embarrassing exposure to sensitive data when customers leave their S3 buckets open to the public.
Despite these efforts, one of the biggest criticisms of AWS cloud security was the incoherent nature of the various tools. Sqrrl can help to meet this short waiting time, which is especially important because Microsoft has made a leap forward in this area in many ways, Prendergast said. For example, Microsoft has integrated detection and threat detection tools into Office 365, Windows Defender Advanced Threat Protection, and as components in Azure Security Center.
"Microsoft has introduced many security chips this year to ensure that customers get defense and depth and make decisions about multiple layers of infrastructure, while Amazon is able to view each layer individually and not bring everything together - a holistic application", he said.
Sqrrl, a start-up for security, confirmed this week that it had been taken over by Amazon and would be integrated with AWS. The Cambridge, Massachusetts-based company has its roots in the NSA and focuses on threat detection, hunting and incident response, based on the growing trend of security analysis.
Rumors about the matter are circulating since December when it was reported by Axios. AWS did not publicly confirm the agreement, but this report indicates that the agreement was about $ 40 million. According to Prendergast, co-founder and CEO of Evident.io, a cloud security and compliance company in Pleasanton, the deal works well for Amazon because of the relatively low price and Sqrrl's experience with large sets of data. , California
"Sqrrl is a leading candidate for the integration of GuardDuty, Amazon's internal response and telemetry security team to provide customers with a threat warning," he said. "It seems a natural and logical process to offer and provide better security services over time."
GuardDuty, which became available last November, is the AWS threat detection service that provides alerts based on the intelligent assessment of its own network. Sqrrl can help improve this service with more advanced answers once the threats are detected.
The agreement comes a year after AWS took over a new start-up, Harvest.ai, whose team and alleged technology was used to build Amazon Macie. Macie, which was made available in August 2017, uses machine learning to recognize and keep sensitive data in Simple Storage Service (S3) and warns about abnormal behavior.
AWS touted the shared responsibility model long ago to ensure the safety of the underlying infrastructure, but this model forces its customers to lock everything they build on the AWS cloud. Over time, the company has added important security features, such as key management and identity federation, to make greater use of corporate IT services, not just startups and industries.
Over the past two years, AWS has added many security tools to address security issues and track data: Amazon Cloud Directory, Amazon Inspector, AWS Single Sign-On, AWS Shield, AWS IoT Device Defender, and Amazon GuardDuty. AWS has also updated some of its default settings to prevent embarrassing exposure to sensitive data when customers leave their S3 buckets open to the public.
Despite these efforts, one of the biggest criticisms of AWS cloud security was the incoherent nature of the various tools. Sqrrl can help to meet this short waiting time, which is especially important because Microsoft has made a leap forward in this area in many ways, Prendergast said. For example, Microsoft has integrated detection and threat detection tools into Office 365, Windows Defender Advanced Threat Protection, and as components in Azure Security Center.
"Microsoft has introduced many security chips this year to ensure that customers get defense and depth and make decisions about multiple layers of infrastructure, while Amazon is able to view each layer individually and not bring everything together - a holistic application", he said.
When you get to the cloud [SIM data] come and go so quickly, so if you're a security team you've got to resolve that in a hybrid environment.
Sunday, January 21, 2018
Amazon and Nvidia are hiring people to cozy up to health VCs
Amazon Web Services CEO Andy Jassy in an interview with Jon Fortt of CNBC at the 2017 AWS re: Invent conference in Las Vegas.
Networking with health venture capital firms is now a full-time job.
Amazon Web Services and Nvidia have job postings for people who can network with health investors from elite companies.
In the case of Nvidia, this means funds like Venrock, which is specifically mentioned. The AWS list does not verify by name the companies in its list of jobs, in favor of letting its future locate identify "VC's appropriate to target."
The idea behind these hires seems to be to build relationships with investors and their portfolio companies, so they make a quick decision to buy AI chips and Nvidia or AWS services over others. Cost conversion at a later stage of the business life cycle is labor intensive and expensive.
The idea is not new: high-tech companies have established networks with venture capitalists and start-up acceleration programs for years.
But the health care angle is interesting because traditional technology companies have not generally paid much attention to health.
"What's different today is that they recognize that health care accounts for about one-fifth of GDP and that they need a specific strategy to grow rapidly in this sector," said Venkat Mocherla. , responsible for business development at Qventus. up that uses artificial intelligence tools to speed up the operations of the hospital.
Sunday, January 14, 2018
Amazon's aggressive poaching tactics in Israel have start-ups threatening to abandon AWS
Amazon's aggressive striker tactics in Israel shocked the country's start-up community and prompted some companies to abandon Amazon's cloud service as retaliation.
Shai Wininger, the co-founder of Lemonade, a start-up for insurance that raised $ 180 million, took his frustration on social media, wrote several posts on LinkedIn and Facebook about the poaching activity of Amazon.
"We have just learned that Amazon is actively targeting and testing Lemonade Inc. employees," Wininger writes on LinkedIn. "I wonder if their idea is to support the startup ecosystem - reconsider Amazon AWS."
Wininger later followed and said that the poaching by Amazon's customers, such as Lemonade, is a "breach of trust". He added that the "amount of obscene money" offered to steal his employees could damage the entire Israeli start-up market.
Wininger wrote in a separate Facebook post: "Game on! Werner Vogels FYI", marks Vogels, Amazon's chief technology officer.
Wininger's complaint is the latest proof of the growing tension between Amazon and emerging technology companies. Last year, Amazon thwarted a number of startups after releasing a product that looked and functioned almost as a device manufactured by Nucleus, one of the Alexa Fund portfolio companies. It can also paralyze Amazon's efforts to broaden its presence in Israel, a start-up powerhouse with some of the world's best technical talent.
Although Wininger's messages are gaining popularity, Birds has left a comment below, indicating that he does not support Amazon's poaching by his customers.
"Let me take a dip here," Vogels wrote in the Facebook section posting comments. "It can be a sourcing agency compared to Amazon, and I notice that sourcing from our customers is extremely counter-effective."
Talent War
Amir Konigsberg, CEO of the Tel-Aviv-based start-up company Twiggle, said the problem is not necessarily about the theft of start-ups by Amazon, but rather about the aggressive nature of syrups.
He pointed out that Amazon had "systematically" been in contact with groups of employees working on specific projects in start-ups, which threatened to lose one team at a time. Konigsberg, who previously led Google's expansion to Israel, said that Amazon is much more aggressive than other multinational companies such as Google or Facebook.
"The talent war is going well, but you have to remain respectful," said Konigsberg, adding that Amazon is damaging its relationship with the rest of Israel's technical community. "It is very important to keep a balance in the way you operate: Apple, Google and FB all have a lot of money, but you have never seen such complaints about them."
The biggest problem for Amazon is that it can hurt itself.
In the comment section under Wininger, a number of Israeli start-up CEOs said they are considering other cloud providers because of Amazon's actions. This would add to the flow of companies avoiding AWS, a group that includes a number of large-box retailers such as Walmart, Target and Kroger.
"We spend almost $ 2,000,000 a year on AWS, but Amazon recruiters are aggressively trying to trick our TLV developers," said Liad Agmon, CEO of Dynamic Yield, Tel Aviv. "This is a data point that I consider seriously as part of our internal debate, whether we stay with Amazon or go to Google Cloud."
Once reached to comment, Amazon said it did not recruit by focusing on employees of a specific company or a specific customer.
"We have many open positions around the world and hire talent based on work-related skills and expertise, not from the current employer," Amazon said in a statement.
"Although we have employees who leave Amazon for other companies and vice versa, we have not built the kind of customer base that we have by specifically targeting our employees to hire customers - we focus our attention on helping our customers to get big business. create. "AWS."
Given the enormous share of Amazon in the cloud space, it is difficult to imagine that this will have a material impact on AWS. But at least by opening the door for competitors to offer better offers, just like a commercial Google Cloud LinkedIn.
"Google Cloud would like to have you - send me a message", wrote the Google representative under Wininger.
Thursday, January 4, 2018
AWS, Google, and Microsoft promise their clouds are mostly protected from processor flaw
Amazon Web Services, Microsoft, Google, and other cloud providers inform customers that they may experience downtime and performance degradation as a result of an urgent effort to correct critical errors found in many computer processors.
The errors, known as Specter and Meltdown, were revealed today after a report by The Register. They are caused by microprocessor design issues that could potentially allow malicious code to read the contents of a computer's kernel memory. These issues greatly affect the Intel chips that power the overwhelming majority of servers in the cloud running, but other processors, including some designed by AMD and Arm, appear to be affected.
These three major cloud providers have revealed to users that some of them were cryptographically informed about the downtime scheduled late last year as part of the first efforts to implement patches for counter the error. These efforts, initially silent and progressive, have accelerated after the official disclosure of the errors today.
AWS stated in a statement that the overwhelming majority of instances of virtual machines running in its fleet are protected, and the rest receive updates within hours of this notification. Google has already updated its G Suite productivity service and cloud platform to protect users. Microsoft said most of its Azure infrastructure has been updated to protect itself from vulnerabilities, but some customers will still have to spend some time to protect themselves.
However, the owners of the platforms that update the underlying infrastructure on which their clients' workloads are running are only half the battle: users will also need to update their operating systems . Microsoft is expected to release patches for Windows as part of its next patch cycle on Tuesday, as other operating systems remove patches.
Customers can see slowdowns with their workloads because the root cause of the problem is related to speculative execution, a technique used by processors to improve performance. The Microsoft blog said that most of its customers should not see a significant impact on the performance of updates implemented to mitigate errors, but some will see degraded network performance.
The errors, known as Specter and Meltdown, were revealed today after a report by The Register. They are caused by microprocessor design issues that could potentially allow malicious code to read the contents of a computer's kernel memory. These issues greatly affect the Intel chips that power the overwhelming majority of servers in the cloud running, but other processors, including some designed by AMD and Arm, appear to be affected.
These three major cloud providers have revealed to users that some of them were cryptographically informed about the downtime scheduled late last year as part of the first efforts to implement patches for counter the error. These efforts, initially silent and progressive, have accelerated after the official disclosure of the errors today.
AWS stated in a statement that the overwhelming majority of instances of virtual machines running in its fleet are protected, and the rest receive updates within hours of this notification. Google has already updated its G Suite productivity service and cloud platform to protect users. Microsoft said most of its Azure infrastructure has been updated to protect itself from vulnerabilities, but some customers will still have to spend some time to protect themselves.
However, the owners of the platforms that update the underlying infrastructure on which their clients' workloads are running are only half the battle: users will also need to update their operating systems . Microsoft is expected to release patches for Windows as part of its next patch cycle on Tuesday, as other operating systems remove patches.
Customers can see slowdowns with their workloads because the root cause of the problem is related to speculative execution, a technique used by processors to improve performance. The Microsoft blog said that most of its customers should not see a significant impact on the performance of updates implemented to mitigate errors, but some will see degraded network performance.
Subscribe to:
Posts (Atom)