All posts by Ryan

Amazon criticises New York Times’ reporting of open source theft concerns

AWS vice president Andi Gutmans has penned a scathing response to an article highlighting concerns that Amazon is stealing the innovations of startups.

New York Times journalist Daisuke Wakabayashi wrote an article titled Prime Leverage: How Amazon Wields Power in the Technology World in which he highlighted several cases where Amazon is said to have "strip-mined" (as startups have coined it) open source technology.

The main example is of Amsterdam-based startup Elastic that was rapidly expanding and whose product, ElasticSearch, was already available for AWS. In 2015, Amazon said it was going to copy the freely-available ElasticSearch and make it a paid service.

Amazon began making more cash than Elastic by offering deeper integration with its own products. Elastic responded by making premium features which Amazon then reportedly copied and made free.

Elastic is now suing Amazon for violating its trademark by calling their own product ElasticSearch. In the complaint, Elastic stated that Amazon "misleads customers". The court case is still pending.

Wakabayashi goes on to highlight other cases where Amazon is accused of the aforementioned strip-mining. One is MongoDB, which Amazon is said to have copied the “look-and-feel” of an older version. Furthermore, when AWS customers search for "MongoDB" from the management console, they are provided with Amazon's own alternative which states that it's “compatible with MongoDB.”

During a dinner which MongoDB's chief executive Dev Ittycheria had with the heads of six other tech firms, the conversation reportedly switched to whether to publicly accuse Amazon of behaving like a monopoly.

Wakabayashi even sourced comments from people who actively decided against making their products open source due to fear that Amazon would copy them.

"The journalist largely ignores the many positive comments he got from partners because it’s not as salacious copy for him," Gutmans said in a blog post.

However, not all of the cases highlighted by Wakabayashi were negative. Databricks' chief executive Ali Ghodsi said that AWS salespeople lifted the sales of his company's products and that he doesn't "see them using shenanigans to stop us."

Gutmans insisted that Amazon "contributes mightily to open source projects" and that "AWS has not copied anybody’s software or services."

It must be reiterated that Elastic is not suing Amazon for copying its product as it was open source. Executives from MongoDB, on the other hand, suggested to SiliconAngle earlier this year that they believe Amazon's DocumentDB is a copy of their product that's “based on MongoDB code from two years ago.”

Rightly or wrongly, it's clear there are serious concerns within the industry about how Amazon is wielding its power. Reaching out to understand why executives from these companies hold such concerns would be a more productive approach than criticising journalists for reporting them.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

London police using Big Data to tackle small crime

Small criminals are predictable, at least that’s what London’s Metropolitan Police Service (MPS) are hoping. New software, developed by Accenture, pulls large amounts of data in-use by the police service and puts it through an advanced analytics engine to predict when criminals are likely to strike.

By analysing five years’ worth of data, it is hoped that an accurate prediction of when / if a criminal will re-offend can be made. The data was gathered over a four year period of monitoring gang members across 32 boroughs, and was subsequently compared to criminal acts conducted in the fifth year to see whether the software was accurate.

The engine itself looks at aspects of an individual’s record, including; geography, past offenses, and associations. The advanced software will even keep an eye on social media for inflammatory comments such as taunts of other gang members, or the organising of a crime itself.

Privacy campaign group Big Brother Watch is requesting more information to be made public.

Accenture highlights the fact that police forces up and down the country are seeing funding cuts, and therefore experiencing problems with limited resources. The ability to effectively allocate such precious resources is important, and big data analysis helps to save on cost whilst ensuring the vital public service is unaffected.

In terms of public reception, this could be seen as invasive after Edward Snowden’s NSA revelations about mass surveillance. The public is more likely to be acceptant if the potential benefits are clear, but privacy campaign group Big Brother Watch is requesting more information to be made public about the initiative.

Although this is said to be the first time Accenture’s analytics have been used in the UK, the firm’s software has been used for similar reasons in Spain, and in Singapore where the company tested software which monitors the video feeds of crowds, traffic, and other events to alert the authorities to potential risks.

“It is clear that harnessing and analysing vast data sets may simplify the work of the police,” said European human rights group Statewatch earlier this year

“However, this in itself is not a justification for their use. There are all sorts of powers that could be given to law enforcement agencies, but which are not, due to the need to protect individual rights and the rule of law – effectiveness should never be the only yardstick by which law enforcement powers are assessed.

“The ends of crime detection, prevention and reduction cannot in themselves justify the means of indiscriminate data-gathering and processing.”

Should police be using data analytics to predict future offences? Let us know in the comments.

China launches “Great Firewall” attack against iCloud

According to a report by web censorship watchdog Great Fire, China’s infamous state firewall is performing a MITM (Man-in-the-Middle) attack against users of Apple’s Cloud-based services. It is suspected the attack has been launched in response to Apple’s new default encryption methods.

It is possible to circumvent the fake site using a VPN, or one of iCloud’s many other IP addresses.

Since iOS 8, authorities can no longer bypass on-device encryption to gain access. The convenient timing of this attack is arising suspicion that the State-run firewall is attempting to steal as many of iCloud users’ details in order to provide complete access to their accounts; including any photos or text messages stored in the cloud. 

Heading to iCloud.com using China’s most popular web browser, Qihoo, will redirect the user without warning to a dummy-site which imitates Apple’s site. However, using a browser such as Firefox or Chrome will display a warning message such as below:

It is possible to circumvent the fake site using a VPN, or one of iCloud’s many other IP addresses. It is not recommended to enter details on iCloud.com if visiting from China, and you can help reduce the risk through use of one of the browsers mentioned earlier.

Authorities everywhere are concerned about the new lack of access to mobile devices which has – on several occasions – helped with serious prosecutions and/or implementing preventive measures.

FBI Director James Comey told reporters: “I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone,”

He continues: “The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

Of course the argument against compromisable mobile devices is the lack of legal process which is often used. NSA whistleblower, Edward Snowden, unleashed a barrage of damning revelations about the agency’s PRISM program which had unparalleled access to mobile devices and was even reported to have backdoors in some of the biggest technology companies services – including Apple’s.

What do you think about Apple’s new security and China’s alleged MITM attack? Let us know in the comments.