What is Cloud Computing?
The cloud is a virtualization of resources that maintains and manages itself
Cloud computing is becoming one of the next industry buzz words. It joins the ranks of terms including: grid computing, utility computing, virtualization, clustering, etc.
Cloud computing overlaps some of the concepts of distributed, grid and utility computing, however it does have its own meaning if contextually used correctly. The conceptual overlap is partly due to technology changes, usages and implementations over the years.
Trends in usage of the terms from Google searches shows Cloud Computing is a relatively new term introduced in the past year. There has also been a decline in general interest of Grid, Utility and Distributed computing.
Cloud computing overlaps some of the concepts of distributed, grid and utility computing, however it does have its own meaning if contextually used correctly. The conceptual overlap is partly due to technology changes, usages and implementations over the years.
Trends in usage of the terms from Google searches shows Cloud Computing is a relatively new term introduced in the past year. There has also been a decline in general interest of Grid, Utility and Distributed computing.
Likely they will be around in usage for quit a while to come. But Cloud computing has become the new buzz word driven largely by marketing and service offerings from big corporate players like Google, IBM and Amazon.
The term cloud computing probably comes from (at least partly) the use of a cloud image to represent the Internet or some large networked environment. We don’t care much what’s in the cloud or what goes on there except that we depend on reliably sending data to and receiving data from it. Cloud computing is now associated with a higher level abstraction of the cloud. Instead of there being data pipes, routers and servers, there are now services. The underlying hardware and software of networking is of course still there but there are now higher level service capabilities available used to build applications. Behind the services are data and compute resources. A user of the service doesn’t necessarily care about how it is implemented, what technologies are used or how it’s managed. Only that there is access to it and has a level of reliability necessary to meet the application requirements.
In essence this is distributed computing. An application is built using the resource from multiple services potentially from multiple locations. At this point, typically you still need to know the endpoint to access the services rather than having the cloud provide you available resources. This is also know as Software as a Service. Behind the service interface is usually a grid of computers to provide the resources. The grid is typically hosted by one company and consists of a homogeneous environment of hardware and software making it easier to support and maintain. (note: my definition of a grid is different from the wikipedia definition, but homogeneous environments in data centers is typically what I have run across). Once you start paying for the services and the resources utilized, well that’s utility computing.
Cloud computing really is accessing resources and services needed to perform functions with dynamically changing needs. An application or service developer requests access from the cloud rather than a specific endpoint or named resource. What goes on in the cloud manages multiple infrastructures across multiple organizations and consists of one or more frameworks overlaid on top of the infrastructures tying them together. Frameworks provide mechanisms for:
- self-healing
- self monitoring
- resource registration and discovery
- service level agreement definitions
- automatic reconfiguration
Nasdaq Hackers Target Service for Corporate Boards
Nasdaq's Directors Desk service, which helps companies share documents with directors between board meetings, was targeted by hackers who broke into the service repeatedly over more than a year. Investigators are trying to identify the hackers, but the motive is unknown. Experts say such web-accessible services are a prime target for hackers.Hackers broke into a Nasdaq service that handles confidential communications for some 300 corporations, the company said Saturday -- the latest vulnerability exposed in the computer systems Wall Street depends on. The intrusions did not affect Nasdaq's stock trading systems and no customer data was compromised, Nasdaq OMX Group Inc. said. Nasdaq is the largest electronic securities trading market in the U.S., with more than 2,800 listed companies.
A federal official told The Associated Press that the hackers broke into the service repeatedly over more than a year. Investigators are trying to identify the hackers, the official said. The motive is unknown. The official spoke on condition of anonymity because the inquiry by the FBI and Secret Service is continuing.
The targeted service, Directors Desk, helps companies share documents with directors between scheduled board meetings. It also allows online discussions and Web conferencing within a board. Since board directors have
to information at the highest level of a company, penetrating the service could be of great value for insider trading. Nasdaq OMX spokesman Frank DeMaria said the Justice Department had requested that the company keep silent about the intrusion until at least Feb. 14. However, The Wall Street Journal reported the investigation on its Web site late Friday, prompting Nasdaq to issue a statement and notify its customers.
DeMaria said Nasdaq OMX detected "suspicious files" during a regular security scan on U.S. servers unrelated to its trading systems and determined that Directors Desk was potentially affected. It pulled in forensic firms and federal law enforcement for an investigation. They found no evidence that customer information was accessed by hackers.
Rich Mogull, an analyst and CEO with the security research firm Securosis, said Web-accessible services like Directors Desk are a prime target for hackers, and have sometimes been a back door for systems that aren't directly connected to the Web. The presence of files on the Directors Desk system and the claim that no customer information was compromised could indicate that hackers were able to get in but not complete their attack, he said.
Computer security experts have long warned that many companies aren't doing enough to protect sensitive data, and recent events have underlined the point. The secret-spilling organization WikiLeaks has published confidential documents from banks in Switzerland and Iceland and claims to have incriminating documents from a major U.S. bank, possibly Bank of America.
In 1999, hackers infiltrated the Web sites of Nasdaq and the American Stock Exchange leaving taunting messages, but Nasdaq officials said then that there was no evidence the break-ins affected financial data.
Nasdaq OMX CEO Bob Greifeld said in a statement that cyber attacks against corporations and government are constant and the company is vigilant in maintaining security.
"We continue to evaluate and enhance our advanced security controls to respond to the ever increasing global cyber threat and continue to devote extensive resources to further secure our systems," he said.
Some of the Wall Street's technological scares have been unrelated to hackers. In June 2009, a computer glitch knocked out trading in 242 stocks on the New York Stock Exchange for several hours.
More recently, high-speed trading software precipitated a "flash crash" on May 6. One trade worth $4.1 billion touched off a chain of events that ended with 30 stocks listed in the S&P 500 index falling at least 10 percent within five minutes. The drop briefly wiped out $1 trillion in market value as some stocks traded as low as a penny.
Hackers in China Hit Western Oil Companies
A security report by McAfee says that "coordinated, covert and targeted" attacks against Western oil companies were perpetrated by Chinese hackers. McAfee said the hackers worked through servers in the United States and the Netherlands and used techniques including taking advantage of vulnerabilities in the Microsoft Windows operating system.Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country. The report by McAfee Inc. did not identify the companies but said the "coordinated, covert and targeted" attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing.
"We have identified the tools, techniques, and network activities used in these continuing attacks -- which we have dubbed Night Dragon -- as originating primarily in China," said the report.
Google Inc. closed its China-based search engine last year after complaining of cyberattacks from China against its e-mail service.
Security consultants say China is a leading center for Internet crime including industrial spying aimed at major companies. Consultants say the high skill level of earlier attacks suggests China's military, a leader in cyberwarfare research, or other government agencies might be stealing technology and trade secrets to help state companies.
The Chinese government has denied it is involved.
Officials in the United States, Germany and Britain say hackers linked to China's military have broken into government and defense systems. Attacks on commercial systems receive less attention because companies rarely come forward, possibly for fear it might erode trust in their businesses.
Spokesmen from several American, British and Greek oil companies said they were either unaware of the hacking or that they could not comment on security matters.
McAfee, based in Santa Clara, California, said the hackers worked through servers in the United States and the Netherlands and used techniques including taking advantage of vulnerabilities in the Microsoft Windows operating system.
McAfee said it identified an individual in the eastern Chinese city of Heze in Shandong province who provided servers that hosted an application that controlled computers at the victim companies. The report did not identify the person and said he was not believed to be the scheme's mastermind.
McAfee said extraction of information occurred from 9 a.m. to 5 p.m. Beijing time on weekdays. It said that suggested the attackers were "company men" on a regular job, rather than freelance or amateur hackers.
The attackers used hacking tools of Chinese origin that are prevalent on Chinese underground hacking forums, McAfee said.
Google announced last January that cyberattacks from China hit it and at least 20 other companies. Google says it has "conclusive evidence" the attacks came from China but declined to say whether the government was involved.
Google cited those attacks and attempts to snoop on dissidents in announcing it wanted to stop censoring search results in China, which the communist government requires. The company closed its China-based search engine last March.
In 2009, a Canadian research group said a China-based ring stole information from thousands of hard drives worldwide. The Information Warfare Monitor said attackers broke into government and private organizations in 103 countries, including the computers of the Dalai Lama and his exiled Tibetan government.
There are no estimates of losses attributable to hacking traced to China, but McAfee has said previously that intellectual property worth an estimated $1 trillion was stolen worldwide through the Internet in 2008.
Training Future 'Cyberwarriors' Is School's Objective
Teaching, arming and training a generation of professionals to protect our nation's cyberassets is the goal of a Cyber Security course series offered by a Maryland college. It's a new field of study with the potential to fill a hole in the market, as there is enormous demand for such specialists at the moment -- and it's likely to rise even further.In two years' time the first "army of cyber warriors" is due to be trained and ready to enter the war against Internet terrorists, hackers and data thieves.
Militaristic language like that is frequently used at the University of Maryland University College (UMUC) when referring to its Cyber Security course. Protecting the Internet has become a matter of national security in the US.
UMUC began offering a bachelors degree and two masters programs in Internet security last autumn. It's a new field of study with the potential to fill a hole in the market. Within a short period hundreds of people expressed an interest in taking up the course.
There is enormous demand for such specialists at the moment and it's likely to rise even further. Whether it's administration, government bodies or the private economy, there are networks and systems everywhere that need to be protected, data secured and digital intruders stopped in their tracks.
"Cyber security is a very serious issue. Our aim is to train or teach a generation of professionals how to protect our cyber assets," says Alan Carswell who heads up the program at UMUC.
Wireless broadband networks exist everywhere in the US, both in the private and public sectors. Schools, clinics, transport and not least business and government would not be possible without a constantly functioning computer network. Cyber security affects countless areas from the search for friends in social networks such as Facebook to the financial markets on Wall Street.
Attacks on those systems can have catastrophic consequences, according to Carswell. They range from simple data theft to life-threatening situations such as the manipulation of air traffic control that could kill hundreds of people.
Cyber security has been viewed as a national challenge for a long time in the US. In May 2009, shortly after taking office, President Barack Obama declared that "America's economic prosperity in the 21st century will depend on cyber security," and he also nominated a coordinator for Cyber security. The popular Spy Museum in Washington has even dedicated one of its exhibition spaces to Internet security.
John Michael McConnell, the former director of the US National Security Agency -- and therefore a former "top spy" -- has warned against what he described as a "Cyber Pearl Harbor" -- an attack that could be as dramatic as the Japanese one on the US naval base in Hawaii in 1941 but this time in digital form.
Hacker attacks on countries and Internet-based terrorism have firmly established themselves as part of the real world. The US has set up an organization, the Cyber Command, to defend military networks against attack. Carswell says there is currently a shortage of qualified experts, but he promises that "we will fill that hole."
It's no surprise then that other universities have decided to react and across the US similar education programs are springing up. The names of the programs may differ but usually they all focus on the same theme of cyber security.
University life for the over 500 part-time students who are studying cyber security at UMUC, however, is quite different from what you might expect. Lectures take place via video, says UMUC press spokesman Chip Cassano. The course modules are available 24 hours a day, seven days a week and there are Internet platforms where students can discuss their studies online.
It seems appropriate that the cyber security course can also be completed exclusively online.
Hackers Infiltrate Canadian Government Computers
Hackers infiltrated the computers of the Canadian Treasury Board and Finance Department, but Canada's cybersecurity systems detected the intrusions and blocked them. The hackers were using a technique known as spear phishing, which involves impersonating bureaucrats via e-mail accounts to snoop around government computers.Computer hackers infiltrated some Canadian government computer systems but were not able to
the classified data they were seeking, government officials said Thursday. Stockwell Day, president of the Treasury Board, which is a federal administrative agency, said the attacks were significant but that Canada's cyber security systems detected the intrusions and blocked them. "I wouldn't say it's the most aggressive, but it was a significant one -- significant that they were going after financial records," said Day. "Every indication we have at this point is that our sensors and our cyber-protection systems got the alerts out in time, that the information doors were slammed shut."
The Canadian Broadcasting Corporation reported computers belonging to the Treasury Board and Finance Department were among the systems infiltrated in early January, along with Defense Research and Development Canada, which is a research agency within the Department of National Defense.
Jay Denney, a spokesman for Day, confirmed employee access to the Internet has been limited at the Treasury Board for the time being. He said the government "has plans in place to prevent, minimize and address the impacts of cyber threats."
The Finance Department is preparing the federal budget, which will be delivered next month.
"Our government takes threats seriously and has measures in place to address them. The next phase of our economic action plan is still in development, and we have no indication that budget security has been compromised," Chris McCluskey, a spokesman for the minister of public safety, told The Associated Press.
Denney confirmed there are no indications that any data relating to Canadians was compromised.
Prime Minister Stephen Harper said Thursday that federal security agencies were working to deal with cyber threats.
"I can't comment on any specific reports," Harper said. "But this is an issue we are aware of and our security personnel are engaged in dealing with."
The CBC reported the cyber attacks were traced to computer servers in China, but no government official would confirm the origins of the attacks.
The report said hackers were using a technique known as spear phishing, which involves impersonating bureaucrats via their e-mail accounts to snoop around government computer systems and steal key passwords that unlock government data systems.
Chinese Foreign Ministry spokesman Ma Zhaoxu told a regular news conference Thursday that China was not involved and that Beijing was opposed to Internet crimes. He said China was a victim of hacking and any accusations that it supported hackers were made with "ulterior motives."
The Canadian Cyber Incident Response Centre, the Canadian Security Intelligence Service and the Communications Security Establishment -- all of which help secure federal computers -- have not commented on the recent attacks.
Cybercrime Fighters To Gather at Dublin Summit
Cybercrime Fighters to Gather at Dublin eCrime Researchers Sync-Up, March 15-16 -- Electronic crime researchers from academia, industry and law enforcement converge on Dublin March 15-16, 2011, for an unprecedented meet-up of eCrime research pioneers who are defining the emerging discipline of electronic crime researchDublin, Ireland and Cambridge, Mass. March 9, 2011 -- Organized by the APWG in conjunction with University College Dublin's Centre for Cybercrime Investigation, the first annual eCrime Researchers Sync-Up, will be held March 15th and 16th, 2011. The gathering of cybercrime fighters from around the world is a two-day exchange of presentations and discussions related to eCrime research in progress -- and for networking of researchers within the disciplines that are defining the eCrime research field today. Learn more about eCrime Sync-Up at http://www.ecrimeresearch.org/2011syncup/cfp.html.
"I applaud The University College Dublin's leadership in suggesting and hosting this first eCrime research Sync-up, said Randy Vaughn," Professor of Information Systems at Baylor University and chairman of the APWG eCrime Researchers Summit, the peer-review conference that spawned the Sync-Up program. "This unique symposium offers academic and industrial eCrime researchers the opportunity to advance and coordinate their research agendas."
The eCrime Researchers Sync-Up has been established as an extension of the annual APWG eCrime Research Summit held every year in the fall in the United States, an event that has become a vital nexus for the development of eCrime research and its pioneering investigators since it was founded in 2006.
Instead of a formal conference presenting peer-reviewed papers and posters, the eCrime Researchers Sync-Up is an opportunity for the principal investigators within the discipline from academia, industry and government to discuss their research in progress, find research areas of common interest and establish collaborations.
Fergus Toolan, Post Doctoral Researcher at UCD's Centre for Cybercrime Investigation said, "UCD's Centre for Cybercrime Investigation are delighted to host this global event, focusing on solutions to a growing global problem. The E-Crime Researchers Sync-up will bring together academia, industry and law enforcement to create an integrated means of tackling the E-Crime problem."
Research in progress being presented will include: Language Models for Phishing, IP Reputation, Killing Zombies and other Botnet Remediation, eCrime Metrics for Measuring Theft Damage, Analysis of Patcher and Carberp crime network, Cybercrime Education for Law Enforcement, and more.
Leading industry speakers to date include Dr. Hassen Saidi, SRI; Fergus Toolan, UCD; Gary Warner, UAB; Marc Vilanova, la Caixa; Jart Armin, HostExploit; Richard Urbanski, AIB; David Perry, TrendMicro; Martin Grooten, Virusbtn.com; Randy Vaughn, Baylor University; Erin Kenneally, eLCHEMY, Inc.; Peter Kruse, CSIS Security Group; Paul Stephens, Canterbury Christ Church University; Andrew Cushman, Microsoft.
For updated agenda of topics and speakers visit http://www.ecrimeresearch.org/2011syncup/agenda.html.
"The fascination and strength of ecrime research is the hybrid nature of the discipline. The cross-disciplinary discussions at our research conferences continue to cultivate the dialog that we believe will lead the larger community of stakeholders to durable, sharable solutions to the ecrime threat," said APWG Secretary General and eCRS conference founder Peter Cassidy.
Added Vaughn, "I foresee the relationships established with other researchers and law enforcement eCrime Sync-Up attendees will serve both to strengthen the counter eCrime community and in in fostering new avenues for cooperative research."
Electronic crime (eCrime) research is a relatively new field of study, rising out of the roiling chaos, and in response to, the criminal innovation that followed the emergence of the Internet as a workaday commerce platform.
Over the years, the number of researchers around the world submitting papers to the conference has grown in size and depth of interest into a community that is defining a new hybrid discipline -- and required more time to cultivate research collaborations.
Register for eCrime Sync-Up: https://secure.lenos.com/lenos/antiphishing/ecrsyncup2011/home.htm.
About The UCD Centre for Cybercrime Investigation: http://cci.ucd.ie/.
About APWG: http://www.antiphishing.org/index.html/.
Chinese Attackers Grab Data from Energy Companies
Hackers from China have been stealing internal documents from energy companies for at least two years, and possibly up to four. McAfee has named the hackers Night Dragon and described them as "incredibly sloppy." The Night Dragon hackers exploited holes to compromise web servers, McAfee said, and could attack other industries.In another time, Night Dragon could have been the name of a Chinese pirate ship. In the early 21st century, it's the name that security firm McAfee has given to a group of hackers from that country who have penetrated energy companies' networks and confiscated internal documents for at least two years, and possibly up to four. On Friday, McAfee Vice President Dmitri Alperovitch described the attacks to news media as "unsophisticated," but noted that they were still effective in stealing a wide variety of documents over a sustained period of time. He added that they were "incredibly sloppy, made mistakes, and left lots of evidence."
Night Dragon's Techniques
According to Alperovitch, the Night Dragon hackers attacked at least five Western oil, gas and petrochemical companies, although he didn't provide names. Some are clients of McAfee, which is how the company became involved.
In a report on the attacks released Thursday, McAfee said they involved "social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating system vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools."
Basic activities of the hackers, the report said, included compromising company extranet web servers through SQL-injection techniques that allowed remote command execution. Commonly available hacker tools were uploaded to compromised servers, providing
into the company's intranet, and then to internal desktops and servers. Additional usernames and passwords were obtained, using "password-cracking and pass-the-hash tools." Compromised web servers were used as "command and control" servers, from which the attackers disabled Microsoft Internet Explorer proxy settings -- thus acquiring direct communication from infected machines to the Internet.
SCADA Systems
The purloined information included contracts, data about field operations, and information about monitoring systems. The monitoring operations were managed by supervisory control and data acquisition (SCADA) systems, which were also the target of the infamous Stuxnet worm that may have disrupted Iran's uranium-enrichment effort. However, disruption doesn't seem to have been the objective, but corporate espionage was.
The country of origin was deduced because the hackers used Chinese-language software tools, by originating IP addresses from the Chinese mainland, and because the attacks took place during business hours -- Beijing time.
McAfee noted that attacks on Google and WikiLeaks document disclosures, both in 2010, "have highlighted the fact that external and internal threats are nearly impossible to prevent." In light of that, the company said, it decided to share the Night Dragon attacks with the public.
McAfee said these kinds of sustained attacks have now "moved beyond the defense industrial base, government and military computers to include global corporate and commercial targets." Night Dragon focused on the energy sector, but, the report said, the same techniques can be used on any industry, and the target has increasingly become intellectual property.
WikiLeaks Hackers Attack Security Site Working with FBI
The hacker group Anonymous has claimed credit for breaking into the web site of a security firm working with the FBI to identify its members. The Anonymous group, which attacked companies pulling services from WikiLeaks, also hijacked HBGary Federal CEO Aaron Barr's Twitter account and claimed to have caused additional damage.Anonymous, the hacker group that attacked companies after they pulled their services from WikiLeaks, has struck again. On Sunday, the group broke into the web site of a security firm that has been working with the FBI to discover the names of key people in the group. On Saturday, Aaron Barr, president and CEO of HBGary Federal, told the Financial Times that he had discovered the identities of two U.S.-based key members, in addition to senior members abroad.
Besides penetrating the company's web site, Anonymous also hijacked Barr's Twitter account and posted racial and sexual insults, and such personal information as what are alleged to be his cell-phone and Social Security numbers. The group also broke into the LinkedIn account of the company's chief operating officer, Ted Versa.
'Teach You a Lesson'
Barr also told the Times that he did not intend to reveal the info to authorities unless compelled, although he did plan to provide the information at a security conference in San Francisco later this month.
In the web-site attack, a posting said "you brought this upon yourself." It added: "Let us teach you a lesson you'll never forget: Don't mess with Anonymous." The group also claimed to have taken control of the company's e-mail, erased files, brought the phone system down, and posted online a variety of internal documents.
Anonymous prides itself on being without leaders, and its attacks are often distributed among widely dispersed participants. The loose-knit organization has become known for its running public feud against the Church of Scientology, attacks on government sites in support of demonstrators in Tunisia and Egypt, and hacks against MasterCard and other companies that withdrew services from WikiLeaks, following that site's unauthorized release of thousands of U.S. diplomatic cables.
'Anonymous' Arrests
Following publication of the leaked cables, WikiLeaks had its accounts shut down by Amazon.com, PayPal, Visa and MasterCard, and founder Julian Assange was arrested in the U.K. on an unrelated charge, which he has said is politically motivated.
Late last month, five people -- aged 15 to 26 -- were arrested in London for the online attacks in support of WikiLeaks. The five, three of them teenagers, are suspected members of Anonymous. The arrests were related to denial-of-service attacks on PayPal, MasterCard, Visa and Moneybookers. Anonymous called the attacks Operation Payback.
In December, police in Holland said they had arrested two teenagers also suspected of being involved in Operation Payback. Observers suspect the raids were made in cooperation with the U.S. Department of Justice. U.S. Attorney General Eric Holder has said his agency was investigating the attacks on the companies.
A key technique apparently used by Anonymous, in both the corporate and government attacks, is to make available software, via chat rooms and other venues, that can be utilized by many users to jam servers in a distributed denial-of-service attack.
Bahasa Pemrograman dan Penggolongannya
•Low Level Language
à Bahasa mesin
•Middle Level Language
à agak dimengerti oleh manusia
•High Level Language
à sudah dimengerti oleh manusia dan komputer
Langganan:
Postingan (Atom)
