Tesla, the manufacturer of popular electric vehicles and an even more popular orbiting Roadster, recently announced that its Amazon Web Services account was hacked and used to mine cryptocurrency. The company was first informed of the breach by cybersecurity firm RedLock, who found the compromise while simply surveying Tesla's platform for vulnerabilities as part of Tesla's bug bounty program (RedLock was compensated for their find). The breach was sourced to a simple IT administrative console that didn't have a password, though Tesla has not been able to determine who was behind the attack or how much cryptocurrency was mined. Tesla was able to remedy the vulnerability and stop the attack within hours of being notified by RedLock.
Amazon Web Services is the popular cloud storage division of the online retailer, and it is one of the company's most profitable services. However, its accounts have become vulnerable to hacking for the purpose of "cryptojacking", a practice in which hackers use the system to mine cryprtocurrency. Mining cryptocurrency has become more and more lucrative recently.
Tesla vehicles are known for being ultra-connected to the company's home servers, so what does this security breach mean for the vehicle owners and their safety? Fortunately, not very much. It appears that the breach was limited to Tesla company data only, such as data relating to the company test cars. However, some of Tesla's proprietary data relating to mapping, telemetry, and vehicle servicing was compromised and could fall into the hands of competitors. Additionally, the breach highlights a common concern of autonomous driving systems (a mild form of which Tesla offers in its Autopilot) - the fact that the computers controlling vehicles can be compromised and give unsafe or incorrect commands to vehicles.
As is always the mantra when it comes to data security, secure, secure, secure, and secure some more. Hackers are becoming more creative and aggressive in their attacks and even end users can take simple steps to help thwart data loss.
This article was based on a February 20, 2018 Business Insider article by Mark Matousek.
Many enterprises are finding it necessary to evaluate their storage and processing needs, even so far as considering upgrading mission-critical systems to hyper-converged infrastructure (HCI). However, Dell EMC says "Not so fast". While they encourage transition of workloads to HCI, the technologies aren't quite ready for critical systems. However, the end of 2018 will bring updates to the tech that means that HCI and more traditional architectures should align.
The "SAN-less" HCI infrastructure market is hot right now, and the tech is finding favor in datacenter applications that can take advantage of its exceptional scalability. HCI lends itself to general IT use and agile environments; such is Internet of Things (IoT) and analytics. However, "traditional, monolithic applications with large relational and non-relational databases, such as SAP, Oracle, the patient records system Epic" are best served on SAN-based storage at this time. Why? Simply put, mission-critical applications rely on underlying hardware in the SAN for encryption, replication, and high availability. This is in contrast to HCI, where these abilities come from the software stack.
However, the time is approaching where those feature sets will begin to align, and then the differences between SAN and SAN-less products begin to reduce. And, taking advantage of existing hardware reaching end of life is a smart plan for enterprises, says Dell EMC. Non-mission critical applications can be moved to HCI platforms now, and the rest can come later.
This article was based on a February 12, 2018 ComputerWeekly article by Antony Adshead.
Dell EMC, a leader in data storage systems and PaperFree partner, today announced the introduction of three new products to its server line. The PowerEdge R6415, PowerEdge R7415, and PowerEdge R7425 expand the PowerEdge server line, and feature AMD EPYC processors and offer high scalability with outstanding total cost of ownership (TCO). All three models are now available.
“As the bedrock of the modern data center, customers expect us to push server innovation further and faster” said Ashley Gorakhpurwalla, president, Server and Infrastructure Systems at Dell EMC. “As customers deploy more IoT solutions, they need highly capable and flexible compute at the edge to turn data into real-time insights; these new servers that are engineered to deliver that while lowering TCO.”
The partnership with AMD and powerful server technology make the new PowerEdge offerings state of the art and especially suited to emerging workloads, such as software-defined storage. The processor features up to 32 cores (64 threads), 8 memory channels, and 128 PCle lanes, offering flexibility, performance, and enhances security features for today's needs. Designed for scalability as processing needs ramp up as technology moves forward, the products feature NVMe, FPGAs, and in-memory databases. Among their other PowerEdge counterparts, the new products also offer intelligent automation with iDRAC9 and Quick Sync 2 management support.
The new PowerEdge models feature up to 4TB of storage with enhancements for database management system and analytics flexibility. According to EMC, they are further optimized for the following uses:
- Edge computing deployments – The highly configurable, 1U single-socket Dell EMC PowerEdge R6415, with up to 32 cores, offers ultra-dense and scale-out computing capabilities. Storage flexibility is enabled with up to 10 PCIe NVMe drives.
- Software-defined Storage deployments – The 2U single-socket Dell EMC PowerEdge R7415 is the first AMD EPYCTM-based server platform certified as a VMware vSAN Ready Node and offers up to 20% better TCO per four-node cluster for vSAN deployments at the edge1. With 128 PCIe lanes, it offers accelerated east/west bandwidth for cloud computing and virtualization. Additionally, with up to 2TB memory capacity and up to 24 NVMe drives, customers can improve storage efficiency and scale quickly at a fraction of the cost of traditional-built storage.
- High performance computing – The dual-socket Dell EMC PowerEdge R7425 delivers up to 24% improved performance versus the HPE DL385 for containers, hypervisors, virtual machines and cloud computing2 and up to 25% absolute performance improvement for HPC workloads like computational fluid dynamics (CFD)3. With up to 64 cores, it offers high bandwidth with dense GPU/FPGA capability. On standard benchmarks, the server with superior memory bandwidth and core density provided excellent results across a wide range of HPC workloads.
As technology demands more robust and flexibile computing power, more enterprises will find a need to upgrade their systems. Dell EMC stands ready to meet those needs and more with the PowerEdge line.
This article was based on a February 6, 2018 Dell EMC press release.
Strava, a social networking app for tracking one's workouts, serves a great purpose in tracking activity and comparing it to friends, but the platform revealed a major security issue over the weekend when it released a heatmap of a billion 2017 user workouts, and in the process revealed several classified military bases that users had jogged around. These bases, in Turkey, Syria, and Yemen weren't the only sensitive locations shown - other installations from Russia, China, and Taiwan popped up too. However, the demographics of the app lean heavily western, young, and active, which means it's in the hands of many US soldiers, and our large military presence around the world creates an ongoing security issue. Many of the installations found exist in countries with virtually no other Strava activity, making them clearly visible.
Strava pulls its data from Fitbits and smartphones, and the further concern is that if users aren't closing the app after excersise it could track their day to day routines. This could be especially concerning because it reveals supply routes or puts users at risk should they leave the installation. And, if user information is ever hacked there is concern that hackers could dig into a specific user's past routes on other installations, or even compromise undercover agents. This kind of information can inform other states or even terrorists about where to attack, especially if that installation was previously secret and in vulnerable territory.
But funny enough, no Strava data shows up over the Pentagon. No official statement from the US military has been released, but this event will likely trigger increased security procedures in an era where the cloud is always watching you.
This article was based on a January 29, 2018 Business Insider article by Alex Lockie.
Amazon, the purveyor of your impulse purchases with two day shipping, today opened a new brick and mortar store that's the first of its kind. The store, named Amazon Go, sells groceries alongside prepared food items, but what makes this store unique is that there is no checkstands. In the Seattle store, buyers simply toss their items in a bag and head on their way, via Amazon's "just walk out technology". Visitors simply check in at the entrance via their smartphone at subway-style gates, then the store's army of overhead cameras and sensors take over - tracking shoppers and the items they take, silently building a tab as one works down their shopping list. The system even has accounting for when items are put back on the shelf. However, questions remain over the system's ability to reliably handle items returned to the shelf incorrectly or its ability to distinguish shoppers who are alike in body shape or clothing. When a shopper has finished collecting their items they just walk out, with the system finalizing the purchases and billing them to the customer's Amazon account. If there's no need to show ID for certain purchases shoppers very well could not even interact with or even see a store employee.
The idea of line-free shopping isn't new, but when concepting the idea Amazon had very little to go on - the technology used to passively ring up customers did not exist and Amazon was left to build everything from the ground up. The system has been in testing with Amazon employees for some time now while the wrinkles were ironed out. While they're mum on the specifics, Amazon does say that the system does rely on "computer vision, deep learning algorithms and sensor fusion, much like you'd find in a self-driving car." However, while they're not releasing any information about the accuracy of the system a journalist was unsuccessful in shoplifting a can of soda. The system added it to his bill.
Ironically, Amazon's effort to design a store without lines generated so much curiousity that a line formed outside of the building just for entry.
Currently, there are no announced plans to expand Amazon Go into other areas, but with Amazon's purchase of Whole Foods last year there are eyes on possible tech implementation in those stores. And, as anyone who has shopped Amazon knows, the easier the shopping experience is the more likely it is that customers will return, and Amazon is likely banking on that.
This article was based on a January 22, 2018 BBC article by Chris Johnston.
Gartner predicts that 2018 will bring more corproate dollars to enterprise software, by way of new AI automation and digital technology. Growth in the sector has been apparent for some time now, and worldwide software spending is anticipated to increase by 9.5% in 2018 and 8.4% in 2019, for a total of $421 billion. This comes as a result of enterprises shifting their budgets towards software as a service (SaaS) solutions, which is no surprise given new products, such as financial, HR, and analytic management appliations. These services rely heavily on computers to do the work, and often include machine learning functionality to proactively automate repetetive tasks as much as possible.
Compared to 2017, Gartner expects a 4.5% increase in spending this year for a total of $3.7 trillion.
However, buyers are still a bit hesitant to dive right in - uncertainty over the effects of Brexit are looming over European enterprises, and the United States has its own concerns as well. While the outcomes of current events remains uncertain, one thing is known - organizations are moving towars doing business digitally, blockchains, the internet of things, and relying less on big data in favor of AI automation. In fact, $2.9 billion is anticipated to be invested into AI products by 2021 (along with 6.2 billion hours of recouped labor), largely in part due to its fast rate of return and drastic improvements to workflows. IT department spending is expected to fall slightly, likely due to more heavily utilization of cloud services.
This article was based on a January 16, 2018 Computer Weekly article by Cliff Saran.
Everyone knows the drudgery of having to change their passwords - capital letter here, number there, and oh, I have to include a special character now? I'm not going to remember that.
More than two thirds of computer users use the same passwords, or very similar passwords, across the variety of platforms that they use, and weak passwords are the leading gateway to compromised accounts. In fact, the compromise of a single account is the cause of 81% of major data breaches in 2016. And, $20 gets you credentials for 1,000 accounts on the dark web. The advice has long been to frequently change passwords across all of one's accounts, but that doesn't work well - the human mind cannot easily remember the complex combinations of characters that form the most secure passwords and many settle on easy to remember passwords, which are less secure.
Microsft aims to remedy this password problem with its technology - instead of "making you remember a list of passwords, Microsoft is making you the password." By taking the approach of securing the individual as well as securing the device, Microsoft hopes to reduce data theft and ease access to your accounts. The beginning of this campaign in evident in Windows Hello, a biometic sensing utility included with Windows 10 - it secures an account via fingerprints or a user's face.
Other methods are in the works too, using other devices that the user is known to have, such as Google's two-factor authentication that sends a login pin to a smartphone when an account is accessed from an unfamiliar desktop. As technology improves, securing and accessing an account should become easier and easier, but developers are still meeting resistance. Passwords are familiar and easy, and those who don't understand the new securty methods fear that these newfangled requirements will be difficult to use. To allay this, Microsoft is working on marketing the new capabilities to familiarize the market. Fortunately, Microsoft has some friends in the game. Google, Samsung, Qualcomm, Visa, PayPal, eBay, Bank of America, MasterCard, American Express, and Verizon have all joined Microsoft in FIDO, the Fast IDentity Online Alliance, which is working to develop open standards for simpler, stronger authentication. One of these FIDO standards may already be on your smartphone.
There are still many steps to take in the battle to lock down data and find a more competent solution than passwords, but the industry has the brightest minds on the task and is continually making strides to solve that critical problem.
This article was based on a December 26, 2017 Microsoft story by Suzanne Choney.
Data breaches in recent years have shown the risk that data always faces, and that risk is on the horizon of expanding. Now, cloud storage services appear to be in the crosshairs of ransomware attacks, according to MIT research. Cloud services often hold extensive libraries of data, often personal information, which makes them an ideal target for a hacker payday and notoriety. Though larger cloud vendors such as Google and Amazon have anticipated this risk and have the resources to put safeguards in place, most at risk are the smaller cloud services who would be more likely to pay up. And, among the risk of ransomware infecting your cloud account there's even more threats predicted for 2018:
- More data breaches
- Weaponization of AI
- Cyber-physical attacks
- Mining cryptocurrencies
- Election hacking
As helpful and promising as AI has been, the efforts to use it to thrawrt hacking attempts (by learning how they work), appear to be backfiring and ransomware authors may utilize the same technologies to analyze the defensive measures deployed during an attack to figure out what vulnerabilities exist in the system. And, with hackers now turning to distrupting infrastructure (cyber-physical attacks) and using critical systems such as airport networks to mine cryptocurrency, it's becoming more and more important to secure systems before hackers can adapt.
But what's a cloud provider to do? As of yet the methods aren't clear, unfortunately, and as we wait to determine how to proceed the best advice is to backup, backup, and backup some more.
This article was based on a January 2, 2018 ComputerWeekly.com article by Warwick Ashford.
Recently, PaperFree and its employees completed a heartfelt charity project for local families in need. This project, the first of its kind at PaperFree, gave employees the option to either adopt a family for Christmas or purchase items for and assemble "Welcome Bags" to be donated to new residents at the Ronald McDonald House location in San Diego. In either case, funding was provided by PaperFree but employees personally researched, purchased, and wrapped gifts and other items to donate. PaperFree was delighted to work with the Ronald McDonald House, and supports their mission is to provide housing, meals, schooling, and so much more to the families of critically ill children being treated at numerous hospitals in San Diego's Kearny Mesa area. Learn more about the Ronald McDonald House San Diego.
Many of the employees involved remarked that the project helped them to more fully appreciate their situation and to be grateful for what they had, and also the joy that they had in helping those who were facing difficult financial or health trials. And, PaperFree employees certainly enjoyed the opportunity to be personally involved in the project.
PaperFree is grateful for its many opportunities to contribute to the local communities and wishes all a happy and safe holiday season.
M-Files, a PaperFree partner specializing in developing ECM solutions, recently announced its M-Files 2018 product. This product is a highly updated and refined version of their M-Files content management software. M-Files 2018 features a new Intelligent Metadata Layer, which provides a "unified and simple interface that enables users to quickly access documents and other information regardless of the system in which they are stored." With specialized connectors installed on every target system, M-Files can run queries on all of an enterprise's existing systems. Now, business documents on SharePoint can be linked to accounts in Salesforce or to a file in project management software. This new feature also operates without interrupting current processing tasks or users on systems, allowing enterprises easier innovation as there is no complex and expensive migration projects required.
"M-Files 2018 introduces a new approach we call ‘intelligent information management’ that has driven analysts, industry experts and all types of organizations to completely re-think their traditional definitions and approaches for managing information," said Miika Mäkitalo, CEO at M-Files. "M-Files 2018 signifies the end of the myth that 'all content must reside in one system.' Our vision has always been that it doesn’t really matter where information is stored; what's important is the actual information itself, as well as what it's related to and the context that makes it relevant."
M-Files 2018 features mobile, web, and desktop access for easy connectivity worldwide, and as before has helpful sharing tools for viewing documents outside of the enterprise. Nearly any external system is compatible with M-Files 2018, and development is underway to add more systems in the near future, such as Google Drive and Microsoft Exchange. Patent-pending artificial intelligence features are also included and help by automatically classifying and tagging documents and other information by looking at visible data while also considering the context of that data. This feature also assists in classifying information that resides on other systems.
With these new and expanded features, M-Files 2018 is poised to create new opportunities for productivity and access to information for enterprises. Click here to learn more about M-Files 2018's features.
This article was based on a December 13, 2017 M-Files press release.