Amazon explains big AWS outage

Amazon explains big AWS outage (http://www.geekwire.com)

Technology

Amazon explains big AWS outage, says employee error took servers offline, promises changes.

Amazon has released an explanation of the events that caused the big outage of its Simple Storage Service Tuesday, also known as S3, crippling significant portions of the web for several hours.

RELATED: AWS cloud storage back online after outage knocks out popular sites

Amazon said the S3 team was working on an issue that was slowing down its billing system. Here’s what happened, according to Amazon, at 9:37 a.m. Pacific, starting the outage: “an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended.”

Those servers affected other S3 “subsystems,” one of which was responsible for all metadata and location information in the Northern Virginia data centers. Amazon had to restart these systems and complete safety checks, a process that took several hours. In the interim, it became impossible to complete network requests with these servers. Other AWS services that relied on S3 for storage were also affected.

About three hours after the issues began, parts of S3 started to function again. By about 1:50 p.m. Pacific, all S3 systems were back to normal. Amazon said it has not had to fully reboot these S3 systems for several years, and the program has grown extensively since then, causing the restart to take longer than expected.

Amazon said it is making changes as a result of this event, promising to speed up recovery time of S3 systems. The company also created new safeguards to ensure that teams don’t take too much server capacity offline when working on maintenance issues like the S3 billing system slowdown.

Amazon is also making changes to its service health dashboard, which is designed to track AWS issues. The outage knocked out the service health dashboard for several hours, and AWS had to distribute updates via its Twitter account and by programming in text at the top of the page. In the message, Amazon said it made a change to spread that site over multiple AWS regions.

Continue reading at http://www.geekwire.com

My Two Cents:
We were working with the ESRI ArcGIS Web Services API when it went down. I was not aware that ESRI leveraged the Amazon S3 Cloud systems. If you are going to run API Services, make sure you have redundancy. I was surprised. The old saying “do not put all your eggs in one basket” is obviously alive and well with some Tech corporations.

Buying cloud access security brokers with confidence

Buying cloud access security brokers with confidence (http://searchcloudsecurity.techtarget.com)

Technology

IT security professionals buying cloud access security broker services must focus on what the technology now offers and determine precisely what their company IT architecture requires. Here’s how.

With the explosion in cloud service adoption in the last several years, organizations are realizing a disturbing security reality — they don’t know what they don’t know. Data is being stored and accessed in cloud environments that organizations do not see and cannot control, and security capabilities within the cloud provider environments have been slow to reach parity with in-house enterprise security controls. Buying cloud security services that control and monitor the information organizations are sending to the cloud is essential to any organization’s security strategy.

Continue reading at http://searchcloudsecurity.techtarget.com

My Two Cents:
We at Adept Technologies are excited based on our new release of our Secure Cloud “Adept Secure” that protects the Adept Enterprise foundation, its modular platforms and data. Customers who are already on the myadept.com infrastructure will be moved automatically over to the adeptsecure.com infrastructure. No need for our customers to purchase cloud access security broker services. Its included in our offerings.

US Confirms BlackEnergy Malware Used In Ukrainian Power Plant Hack

US Confirms BlackEnergy Malware Used In Ukrainian Power Plant Hack (http://www.ibtimes.com)

Technology – Security

The power outage last December in the Ukraine that put 180,000 people in the dark was the first electricity failure caused by a computer hack, the U.S. Department of Homeland Security has confirmed. Researchers previously suggested that a strain of malicious software known as BlackEnergy, a favorite of Russian hacking groups, was responsible.

The December 23 outage at the Prykarpattyaoblenergo power plant in western Ukraine was a nightmare scenario come true for cybersecurity researchers who have warned it was a question of when, not if, hackers managed to infiltrate a critical infrastructure facility.

DHS issued an advisory Tuesday confirming initial evidence that BlackEnergy malware first infected the plant’s systems after a successful spearphishing email attack, when hackers sent what appears to be a normal message to a high value target. Homeland Security and the FBI are among the international investigators still examining the cyberattack.

DHS’s Industrial Control Systems Cyber Emergency Response Team emailed the advisory to Reuters Tuesday, confirming that malware analysis yielded evidence that BlackEnergy 3 was found lurking on Ukrainian networks. It’s the same method of attack that was used against a number of U.S. critical infrastructure targets in 2014, though it’s not clear if any of those incidents led to a similar electricity failure.

The attack has been blamed on Sandworm, a group Russian government sponsored hackers that have spent years harassing Ukrainian officials and their allies.

“There is a darkening sky,” former U.S. National Security Director Michael Hayden told Tuesday of the Ukraine attack. “This is another data point an arc that we’ve long predicted.”

My Two Cents:
The DOE, and FERC need to address cyber security problems as a national security clear and present danger issue (TLP) RED level. I personally feel that the DOE and FERC are NOT the type of government agencies that mission statements are for this type of national security challenge (Protecting the USA Power Grid(s)). The DHS, US-CERT and FBI need to take control and get some move on in this power industry…

Web Based Mapping/ Water Quality Index Application is the Water Quality Index Calculator

Web Based Mapping/ Water Quality Index Application is the Water Quality Index Calculator (http://www.water-research.net – Written by Mr. Brian Oram, PG)

Technology – Software

Mr. Oram has conducted research and consulting projects related to acid mine drainage ( AMD ), mine drainage, lake and stream monitoring programs, wetland creation and monitoring, filtration plant performance evaluations, testing new point of use water treatment devices and systems, hydrogeological evaluations, geological investigations, soils testing, soil morphological evaluations, water well drilling and construction, drinking water testing, mail order water testing kit program, private well water testing programs, and land reclamation. Mr. Oram has also been involved with Citizen Monitoring and other Environmental Training Programs for groups within the United States, Europe, and even the former Soviet Union.

The main reason is that most private wells and small water systems are not regulated by the EPA or the DEP in a given state and in Pennsylvania about 50% of private wells produce water that does not meet a primary health standard, i.e., Could Make the Well Owner Sick. Therefore, it is up to the individual private well owner to ensure that the water is safe. This website has been up and running for over 25 years with the primary mission of providing free information on this topic to well owners. We have had over 1,400,000 + unique visitors and many private well owners from throughout the world use this portal.

In Pennsylvania, we have found that typically at least 10 % of private well have one or more of these problems:
a. Low pH / corrosive water
b. Elevated Iron and/or Manganese
c. Elevated Bacteria (Actually it is 40 % to 50% for this parameter)

Less than 5 % of private wells have problems with methane gas, barium, alpha/beta, and other contaminants that would suggest a saline water source. In the middle, we have found about 5 to 10% may have problems with copper, lead, arsenic, and plasticizers.

Note- There are over 1 million private wells in Pennsylvania. Assume 3 citizens per household and 50 % of households having contaminated water, this means that 1.5 million citizens of the Commonwealth are Drinking Water that could make them SICK – This is a Health Crisis!
It is time to ACT. We know this information because of the hundreds of private well owners that have released their information to the Citizen Groundwater Database.
To Act, we recommend the following:

1. Get Educated and Informed.
2. Get Your Water Tested
3. Work as a Community to Develop Local and State Solutions

Using the book Field Manual for Water Quality Monitoring, the National Sanitation Foundation surveyed 142 people representing a wide range of positions at the local, state, and national level about 35 water quality tests for possible inclusion in an index. Nine factors were chosen and some were judged more important than others, so a weighted mean is used to combine the values.

(Continue reading at http://www.water-research.net – Written by Mr. Brian Oram, PG)

My Two Cents: Web Based Mapping/ Water Quality Index Application is the Water Quality Index Calculator, is an extremely valuable tool needed for homeowners to test their drinking water wells, share their information with other homeowners and locate problems and have them fixed. Mr. Brian Oram, PG is an extremely valuable asset in achieving this. I look forward in seeing this application expand providing more features that will help protect our water, and save lives. Read more about Brian Oram at B.F Environmental Consultants Inc. www.bfenvironmental.com

Windows 10 Issues

Why Windows 10 Sucks or
Everything Wrong with Windows 10
(http://itvision.altervista.org – Artem S. Tashkinov)

Technology – Software

It’s funny and equally sad that year 2015 marks the end of the Windows OS for a lot of people. There are several issues with Windows which, at present, make Windows 10 inappropriate and even outright dangerous for a lot of people. The most egregious, of course, is a total abandonment of any form of privacy and control.

Firstly, Microsoft openly stated that pervasive data Microsoft: ‘We finally fixed everything in Windows 10’ View this page source code to find the source of this picture collection will be present in any Windows version starting from Windows 10 and as a host of research on the Internet shows, this data collection cannot be disabled using official means. If you decide to disable total tracking (including keyboard scanning and voice recording) you’ll have to disable over a hundred different Internet addresses and then no one guarantees that a new Windows update doesn’t add new hosts because Microsoft surely is not interested in losing such a lucrative feature meant for Big Brother agencies. Read the rest of the article for official Microsoft statements and for various information on how Windows breaches you privacy and how you might try to control it (it’s almost futile btw).

Secondly, Microsoft has stripped us of controlling Windows updates. It was ostensibly done to improve the user experience by keeping the system up to date and perhaps malware free, but the truth is that a built-in antimalware protection in Windows is simply horrible (according to various AV comparisons Microsoft Essentials misses over 20% of in the wild malware) and said updates mean nothing for security because over 90% of infections happen due to the user actions (like downloading and installing dubious applications). No Windows update can prevent such a behaviour.

Thirdly, as Microsoft has stated multiple times, Windows 10 will not have any service packs, Windows 10 is the final version of Windows, because Windows 10 has become a service, it will be updated over time to bring new features and remove the old ones. Windows 10 you might have updated to in July 2015 will be a different OS than Windows 10 plus all its updates a year later.

(Continue reading at http://itvision.altervista.org Artem S. Tashkinov)

My Two Cents: Windows 10 is another disappointment…I agree with Artem S. Tashkinov.