cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator – December 5th

Level 17

Home from Las Vegas and AWS re:Invent for 60 hours, then I’m back on the road. In Orlando this week for SQL Live, where I have four sessions to deliver. I’ll also be working the SolarWinds booth. If you are attending SQL Live, let’s connect and talk data.

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

AWS Says It’s Never Seen a Whole Data Center Go Down

AWS is a master of spin when it comes to their product statements. Here they are having fun drawing a fine line between “disaster” and “event.” To the customers affected by outages at AWS, they don’t care if the building was down or not. It’s a disaster for them, period.

Amazon gets into the blockchain with Quantum Ledger Database & Managed Blockchain

Here we see AWS leveraging the use of the word “quantum.” It’s meant as “small,” and in no way do they want you to confuse it with “quantum computing.” And, as a bonus, it’s combined with Blockchain, for maximum SEO effect.

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence

If you are using Blockchain successfully, please contact the Register and let them know.

Can blockchain co-exist with GDPR? It’s complicated

Ah, the joy of working with immutable transactions.

Half of all Phishing Sites Now Have the Padlock

The padlock just means traffic to the website server is encrypted. It offers no protection about who is at the other end. You could be having an encrypted discussion with Satan.

Marriott breach exposes more than just customer info

This story is still evolving, but I’d expect things to get worse as details emerge. This has potential to be a case study in cybersecurity worst practices.

Malware vector: become an admin on dormant, widely-used open source projects

Not just malware, but adware, too. Open source projects are susceptible to being hijacked, in legitimate ways, by outsiders that see an opportunity to use the project to further their own needs. It’s like a hostile corporate takeover, but without the excitement of a shareholder vote.

One of my favorite events of the year:

sql-live-chair.JPG

29 Comments
Level 20

Lol the blockchain stuff I totally agree with... geesh it's so ridiculous how this is hyped up it's kinda scary actually o.O!

Level 20

Yeah the padlock means nothing... using open source tools (SET comes to mind) you can clone any bank website or even ebay and then set it up to run on a bogus server in some cloud somewhere that's been compromised.  Then with a little social engineering or DNS poisoning send users to your site instead of the real one for the login page.  Works great for banks, ebay, etc.

Level 20

BitTorrent is now TRON and is also going to use blockchain somehow... what the #$%^ is that about???  Sounds like it's gone off the rails if you ask me.  Hard Fork Decentralized... neat name but whaaaa???

Level 20

Not sure what to say about Marriott and they're our selected primary provider... ugh!

Level 20

Taking over a github project and using it to ransomeware people... geesh what will they think of next?

Level 13

Good Articles as usual

Level 13

As always, thanks for the interesting reads.  I look forward to these every week.

Amazon  never losing a datacenter.... hmmmm....  whether that's true or not (probably not) who cares?  If you're down you're down.

I think you're right on the Marriott/Starwood thing - it's going to get worse, not better.  When you saw that 2014 date you knew they'd been there so long they were probably on the payroll.

Level 14

Thanks for the articles.  Sneaky sneaky AWS!

I appreciate and enjoy your take on AWS's statement about never being down.  Nicely called!

Again, you called it correctly when discussing Amazon and Quantum buzzwords.

In fact, I wonder if they use the buzzword generator I shared with others yesterday. 

Certainly keeping the latest jargon in everyone's face is part of spin--even when the jargon has nothing to do with the jargon everyone's been excited about.

You're three for three in helpful AND ironic links today!  Blockchain not working?  Perhaps not reliable, not predictable, not for ethical/moral humans to use and rely on?

Check. Check.  And check.

Why do I think the folks behind GDPR only have a surface understanding of the problems, risks, and challenges of blockchain? 

Google "immutable transaction" and one of the links does a pretty good job explaining it: Blockchain Explained: How Does Immutability Work?

The rest of the world accepts it as "Internet Magic" and trusts those "thinkers of deep thoughts" who conceive of these ideas, share them, promote them--and fail by them.  Perhaps they ought not trust everything that's on the Internet?

My less-than-Internet-security-savvy friends will be stunned to discover that the padlock on a web browser's URL doesn't guarantee they're communicating with whom they expect.

When you wrote "You could be having an encrypted discussion with Satan", that'll really set 'em off.  I can't wait to share!

It's interesting to me that the article about Marriott breach notes they may have lost their decryption private keys.  Oops!

Worse is that unfortunate and poorly-thought-out things like the Patriot Act permitted (required?) businesses like Marriot to collect (and retain!) information that ends up being PII--without having first put in appropriate security measures and continual testing and verification that those measures fill the customers' privacy needs.

Some of the retained data is necessary.  Some is purely for the business's (and possibly the customers') convenience.

Before you will make a reservation for me, you say you're required (or you choose to) to obtain (and retain) my:

  • Name
  • Age
  • Social Security Number
  • Credit Card information
  • Work telephone number
  • Home phone
  • Cell phone
  • E-mail address

I'm not so certain how many of those are necessary for us to do business with each other.  Some are intrusive, some are Big Brother-ish, some are unnecessary.  And all are part of PII, and are required to be properly protected.

Maybe I'll show up in person and pay cash.  Not that I'm interested in trying to outfox the government that's trying to protect us from the results of our nation's or business's transgressions and follies.  But perhaps I'm just trying to live a quiet and private, non-spammed life?

So many malware vectors.  It's smart for them to target administrators and advanced users.

It's unfortunate people are not ethical, kind, or forgiving.  That causes malware.

Level 12

Interesting read on blockchain.  Someone didn't buy the sales pitch, clearly.

Level 14

You forgot blood type!

You're right.  How long will it be before DNA is required to make a reservation or validate a contract or get a driver's license?

And then that DNA info will be encoded / digitally scanned and stored many places.  And those places will become targets for information theft.  And soon, without your permission, your DNA has been used to biometrically sign your bank over to someone else, to enter into a contract for annual vinyl siding replacements and an AOL account.

Level 12

The DNA and health profile stuff, coupled with the health information that our 'smart' devices are gathering from us in increasing orders of magnitude, is in all likelihood part of a growing data set.  Insurance companies are likely suspects for those who might use that data to discriminate in various ways.  I say they're likely because they have strong financial motives.  I agree with you that it's not likely to be long before government(s) require affirmative bio-ID to prove who you are. 

Meanwhile, I know a person who somehow got incorrectly marked as deceased, much to their surprise, by the Social Security Administration.  No telling how many hoops they will have to jump through to confirm their continued existence.  

Padlock sites. I could be having a conversation with someone? Could it be? Could it...

thXM2RFODX.jpg

I understand what Amazon is saying, but truthfully the location has no meaning to anyone, which is why they have a successful business model. People only care about the service delivery.

Level 9

As always, a great read.  The AWS article hits home.

I'm not medically-oriented enough to know the answer to this:  Doesn't DNA info also contain blood type?

Certainly blood is not required to get enough DNA to analyze.  But I would not be surprised if the DNA contained the blood type.

On the other hand, who cares what your blood type is once they have your DNA information?  There are a handful of blood types for your Identity to hide behind, but there's only one "you" when it comes to DNA.

. . .  I think . . .

There are probably exceptions.

Twins?

Stolen copies of your DNA records.

Mirror copies of if from the backwards Bizarro universe.  (Thank you, Jerry Seinfeld).

Level 14

It doesn't take a whole data centre to be down, just the bit that holds my stuff.  Then I am down and that's all I really care about.

Level 14

Blockchain is STILL a solution looking for a problem to fix. 

Level 14

Padlock doesn't mean legitimate.  It's a pity we in IT have spent years telling non IT literate people that it means that the site is safe.  Now the bad guys have stepped up we now have to drum it out of people.  I'm constantly trying to keep my ageing parents clued up about what to look out for.  Hopefully they don't lose my inheritance.

Level 14

Not really surprised Marriott had issues.  I'm surprised that other massive chains haven't either been hit or discovered they have been hit.  It's such an obvious source of data and there are so many access points for the data.  I bet a lot of companies are looking closely at their systems now.

Level 14

I've found far too many open source products with malware / adware etc. enclosed.  Lots of it from the original sites too.  I wonder how much of it is because the original site looked to make a few bucks.

I really like this! It is so true.

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.