Archivo de la categoría: Google

Elastica, Google, Hacking, News & Analysis

Google Drive vulnerable to undetectable phishing campaign, experts claim

Hackers used Google Drive to mount a barely detectable phishing attack

Hackers used Google Drive to mount a barely detectable phishing attack

Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.

Elastica researchers explained attackers deployed a JavaScript encoding mechanism to obfuscate web page code that could not be easily read, and used fake SSL credentials to gain entry to Google’s services. Attackers were able to reach a wide network of end-users by exploiting Google Drive to host malicious Web pages, where attack victims were directed.

The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.

Although the malicious pages were reported to Google, Elastica said they have yet to be removed.

“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” said Aditya K Sood, architect of Elastica Cloud Threat Labs.

“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.”

Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren’t effective.

Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.

“Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,” Jalil said.

AWS, Financial Results, Google, IBM, Microsoft, News & Analysis

AWS rakes in $1.8bn in Q2 as ‘big four’ corner half the cloud services market

AWS is bringing in nearly $2bn in quarterly revenues

AWS is bringing in nearly $2bn in quarterly revenues

AWS revenue for the second quarter of this year topped $1.82bn, an increase of about 81 per cent year on year. The results come as other major IT service providers revealed strong cloud growth for the quarter.

Last quarter, the first time it pulled the curtain back on its cloud business, Amazon revealed AWS raked in $1.57bn in revenue. Operating income for Q2 increased 407 per cent to $391m.

Commenting on the results Amazon chief executive Jeff Bezos said “[we] continued to double down on our fastest growing geography — India, launched 350 significant AWS features and services so far this year, ahead of last year’s pace, introduced AWS Educate, and entered into agreements for new solar and wind farms — enough to exceed our 2016 goal of 40 per cent renewable energy.”

Speaking to analysts this week Amazon’s chief financial officer Brian Olsavsky said the company is also getting more competitive on cost as it continues to optimise its services.

“We had over 350 significant new features and services and we believe that’s what resonates with customers. While pricing is certainly a factor we don’t believe it’s always the primary factor; in fact what we hear from our customers is that the ability to move faster and more agility is what they value,” he explained.

But he deflected questions about the capital intensity of the AWS business – which represent about 80 per cent of its overall capex.

Synergy Research Q2 Cloud Market Estimates“We do realise it’s a capital-intensive business and we have modelling that shows it’s going to be a very good business for us and that’s what we aim for as long-term return on invested capital and free cash flow. So, we’re certainly cognizant of the capital part of the calculation,” he said.

Amazon revealed the results as other large incumbents pulled back the curtain on their cloud performance. The second quarter saw Microsoft grow its cloud revenues 88 per cent and IBM 60 per cent.

But the results suggest some of the smaller cloud providers are being left in the dust. According to John Dinsdale, chief analyst and research director at Synergy Research Group, quarterly cloud infrastructure service revenues (including IaaS, PaaS and private & hybrid cloud) are now approaching the $6bn, while trailing twelve-month revenues hitting close to $20bn. Synergy estimates AWS, Microsoft, IBM and Google (the ‘big four’) control well over half of the worldwide cloud infrastructure service market.

“The cloud infrastructure services market is quite clearly bifurcating with a widening gap between the big four cloud providers and the rest of the service provider community,” Dinsdale explained. “Developing the necessary global hyperscale datacentre infrastructure along with the required marketing and operations support is simply beyond the reach of all but a very small number of players. This is not going to change.”

The good news for smaller and medium-sized cloud providers, he said, is that there does remain a wealth of opportunity for them to specialise in a particular niche industry or geography. At the moment the firm reckons North America accounts for over half of the worldwide cloud services market, followed by the EMEA and APAC regions.

Android, app development, Content & Applications, Google, News & Analysis, Paul Colton, Pixate, prototype

Google buys Pixate to strengthen mobile app prototyping, design

Google acquired mobile design and prototyping firm Pixate this week

Google acquired mobile design and prototyping firm Pixate this week

Google quietly acquired Pixate for an undisclosed sum this week. The company, which offers a platform that helps developers and design and prototype mobile apps, may help Google bolster the UX of its own apps while helping it expand the range of services already offered to developers.

A post on the Pixate blog written by chief executive Paul Colton confirmed the acquisition.

“Our small team at Pixate has some really big ideas, and with the help of Google we’ll be able to bring those ideas to the design community at scale. We’ve become an essential part of the workflow for tens of thousands of designers, and are excited about expanding our mission at Google to reach millions of product teams worldwide,” Colton explained.

“Starting today we’re making Pixate Studio free and dramatically reducing the cost of the Pixate cloud service,” he added.

Google said “Pixate adds to our ongoing effort to develop new design and prototyping tools.”

Pixate said it counts companies like Apple, Disney and Amazon as past customers. The company’s services will no doubt complement the cloud-based testing service for Android apps unveiled earlier this year at the I/O conference. The service, based on Appurify’s technology – an acquisition it announced at the conference last year, allows developers to run their applications on simulated versions of thousands of different Android devices.

AT&T, Box, Cisco, Cloud Foundry Foundation, CoreOS, Cycle Computing, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Joyent, Kismatic, Linux containers, Mesosphere, News & Analysis, Open Source, Red Hat, Switch Supernap, Twitter, Univa, VMware

Box, Docker, eBay, Google among newly formed Cloud Native Computing Foundation

The Cloud Native Computing Foundation is putting Linux containers at the core of its definition of 'cloud-native' apps

The Cloud Native Computing Foundation is putting Linux containers at the core of its definition of ‘cloud-native’ apps

The Linux Foundation along with a number of enterprises, cloud service providers , telcos and vendors have banded together to form the Cloud Native Computing Foundation in a bid to standardise and advance Linux containerisation for cloud.

The newly formed open source foundation, a Linux Foundation collaborative project, plans to create and drive adoption of common container technologies at the orchestration level, and integrate hosts and services by defining common APIs and standards.

The organisation also plans to assemble specifications to address a “comprehensive set of container application infrastructure needs.”

The members at launch include AT&T, Box, Cisco, Cloud Foundry Foundation, CoreOS, Cycle Computing, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Joyent, Kismatic, Mesosphere, Red Hat, Switch Supernap, Twitter, Univa, VMware and Weaveworks.

“The Cloud Native Computing Foundation will help facilitate collaboration among developers and operators on common technologies for deploying cloud native applications and services,” said Jim Zemlin, executive director at The Linux Foundation.

“By bringing together the open source community’s very best talent and code in a neutral and collaborative forum, the Cloud Native Computing Foundation aims to advance the state-of-the-art of application development at Internet scale,” Zemlin said.

The central goal of the foundation will be to harmonise container standards and techniques. A big challenge with containers today is there are many, many ways to implement them, with a range of ‘open ecosystems’ and vendor-specific approaches, all creating one heterogeneous, messy pool of technologies that don’t always play well together.

That said, the foundation expects to build on other existing open source container initiatives including Docker’s recently announced Open Container Initiative (OCI), with which it will work on building its container image spec into the standards it develops. Google also announced that the foundation would henceforth govern development of Kubernetes, which reached v.1 this week, over to the foundation.

“Google is committed to advancing the state of computing, and to helping businesses everywhere benefit from the patterns that have proven so effective to us in operating at Internet scale,” said Craig McLuckie, product manager at Google. “We believe that this foundation will help harmonize the broader ecosystem, and are pleased to contribute Kubernetes, the open source cluster scheduler, to the foundation as a seed technology.”

Ben Golub, chief executive of Docker said while the OCI offers a solid foundation for container-based computing many standards and fine details have yet to be agreed.

“At the orchestration layer of the stack, there are many competing solutions and the standard has yet to be defined. Through our participation in the Cloud Native Computing Foundation, we are pleased to be part of a collaborative effort that will establish interoperable reference stacks for container orchestration, enabling greater innovation and flexibility among developers. This is in line with the Docker Swarm integration with Mesos,” Golub said.

Americas, Google, News & Analysis, Policy and Regulation, US Bureau of Industry and Security, US Department of Commerce

Google says trade agreement amendment hinders security vulnerability research

Google says the US DoC amendments would massively hinder its own security research

Google says the US DoC amendments would massively hinder its own security research

Google hit out at the US Department of Commerce and the Bureau of Industry and Security this week over proposed amendments to trade legislation related to the Wassenaar Arrangement, a multilateral export control agreement, arguing they will negatively impact cybersecurity vulnerability research.

The Wassenaar Arrangement is a voluntary multi-national agreement between 41 countries and intended to control the export of some “dual use” technologies – which includes security technologies – and its power depends on each country passing its own legislation to align its trade laws with the agreement. The US is among the agreement’s members.

As of 2013 software specifically designed or modified to avoid being found by monitoring tools has been included on that list of technologies. And, a recent proposal put forward by the US DoC and BIS to align national legislation with the agreement suggests adding “systems, equipment, components and software specially designed for the generation, operation or delivery of, or communication with, intrusion software include network penetration testing products that use intrusion software to identify vulnerabilities of computers and network-capable devices” to the list of potentially regulated technologies, as well as “technology for the development of intrusion software includes proprietary research on the vulnerabilities and exploitation of computers and network-capable devices.”

Google said the US DoC amendments would effectively force it to issue thousands of export licenses just to be able to research and develop potential security vulnerabilities, as companies like Google depend on a massive global pool of talent (hackers) that experiment with or use many of the same technologies the US proposes to regulate.

“We believe that these proposed rules, as currently written, would have a significant negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users, and make the web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure,” explained Neil Martin, export compliance counsel, Google Legal and Tim Willis, hacker philanthropist, Chrome security team in a recent blog post.

“Since Google operates in many different countries, the controls could cover our communications about software vulnerabilities, including: emails, code review systems, bug tracking systems, instant messages – even some in-person conversations! BIS’ own FAQ states that information about a vulnerability, including its causes, wouldn’t be controlled, but we believe that it sometimes actually could be controlled information,” the company said.

Google also said the way the proposed amendment is worded is far too vague and proposed clarifying the DoC-proposed amendments as well as the Wassenaar Arrangement itself.

“The time and effort it takes to uncover bugs is significant, and the marketplace for these vulnerabilities is competitive. That’s why we provide cash rewards for quality security research that identifies problems in our own products or proactive improvements to open-source products. We’ve paid more than $4 million to researchers from all around the world.”

“If we have information about intrusion software, we should be able to share that with our engineers, no matter where they physically sit,” it said.

Azure, Enterprise IT, Features, Google, HP, hybrid cloud, Interviews, Microsoft, News & Analysis, ovum, Rackspace, Roy Illsley

Hybrid cloud issues are cultural first, technical second – Ovum

CIOs are still struggling with their hybrid cloud strategies

CIOs are still struggling with their hybrid cloud strategies

This week has seen a number of hybrid cloud deals which would suggest the industry is making significant progress delivering the platforms, services and tools necessary to make hybrid cloud practical. But if anything they also serve as a reminder that IT will forever be multimodal which creates challenges that begin with people, not technology, explains Ovum’s principle analyst of infrastructure solutions Roy Illsley.

There has been no shortage of hybrid cloud deals this week.

Rackspace and Microsoft announced a deal that would see the hosting and cloud provider expand its Fanatical Support to Microsoft Azure-based hybrid cloud platforms.

Google both announced it would support Windows technologies on its cloud platform, and that it would formally sponsor the OpenStack foundation – a move aimed at supporting container portability between multiple cloud platforms.

HP announced it would expand its cloud partner programme to include CenturyLink, which runs much of its cloud platform on HP technology, in a move aimed at bolstering HP’s hybrid cloud business and CenturyLink’s customer reach.

But one of the more interesting hybrid cloud stories this week came from the enterprise side of the industry. Copper and gold producer Freeport-McMoRan announced it is embarking on a massive overhaul of its IT systems. In a bid to become more agile the firm said it would deploy its entire application estate on a combination of private and public cloud platforms – though, and somewhat ironically, the company said the entire project would wrap up in five years (which, being pragmatic about IT overhauls, could mean far later).

“The biggest challenge with hybrid cloud isn’t the technology per se – okay, so you need to be able to have one version of the truth, one place where you can manage most the platforms and applications, one place where to the best of your abilities you can orchestrate resources, and so forth,” Illsley explains.

Of course you need all of those things, he says. There will be some systems that won’t fit into that technology model, that will likely be left out (i.e. mainframes). But there are tools out there to fit current hybrid use cases.

“When most organisations ‘do’ hybrid cloud, they tend to choose where their workloads will sit depending on their performance needs, scaling needs, cost and application architecture – and then the workloads sit there, with very little live migration of VMs or containers. Managing them while they sit there isn’t the major pain point. It’s about the business processes; it’s the organisational and cultural shifts in the IT department that are required in order to manage IT in a multimodal world.”

“What’s happening in hybrid cloud isn’t terribly different from what’s happening with DevOps. You have developers and you have operations, and sandwiching them together in one unit doesn’t change the fact that they look at the world – and the day-to-day issues they need to manage or solve – in their own developer or operations-centric ways. In effect they’re still siloed.”

The way IT is financed can also create headaches for CIOs intent on delivering a hybrid cloud strategy. Typically IT is funded in an ‘everyone pitches into the pot’ sort of way, but one of the things that led to the rise of cloud in the first place is line of businesses allocating their own budgets and going out to procure their own services.

“This can cause both a systems challenge – shadow IT and the security, visibility and management issues that come with that – and a cultural challenge, one where LOB heads see little need to fund a central organisation that is deemed too slow or inflexible to respond to customer needs. So as a result, the central pot doesn’t grow.”

While vendors continue to ease hybrid cloud headaches on the technology front with resource and financial (i.e. chargeback) management tools, app stores or catalogues, and standardised platforms that bridge the on-prem and public cloud divide, it’s less likely the cultural challenges associated with hybrid cloud will find any straightforward solutions in the short term.

“It will be like this for the next ten or fifteen years at least. And the way CIOs work with the rest of the business as well as the IT department will define how successful that hybrid strategy will be, and if you don’t do this well then whatever technologies you put in place will be totally redundant,” Illsley says.

Cloud Services, Google, News

Google Becomes Corporate Sponsor of OpenStack Foundation

Google has become the newest corporate sponsor of the OpenStack Foundation and will provide engineering resources to the project, with their main focus on Linux containers and integrating container management technologies like Kubernetes with projects such as OpenStack Magnum. OpenStack is a free and open-source cloud-computing software platform. Users primarily deploy it as an infrastructure-as-a-service (IaaS). It is used to build infrastructure supporting VMs, bare metal and containers under a single control plane. Users may utilize OpenStack for a multitude of tasks, including the acceleration of software development and the simplification of managing legacy workloads. Google has already collaborated with the OpenStack community on a myriad of projects.

OpenStack-logo

Craig McLuckie, Product Manager at Google, has said “We are excited about becoming active participants in the OpenStack community. We look forward to sharing what we’ve learned and hearing how OpenStack users are thinking about containers and other technologies to support cloud-native apps.” McLuckie will present on container management technologies at OpenStack Silicon Valley.

Mark Collier, COO of the OpenStack Foundation, has also stated, “OpenStack is a platform that frees users to run proven technologies like VMs as well as new technologies like containers. With Google committing unequaled container and container management engineering expertise to our community, the deployment of containers via proven orchestration engines like Kubernetes will accelerate rapidly. OpenStack continues to set itself apart as the single open source cloud platform for the widest diversity of workloads, all supported by one environment with one control plane, one API, one dashboard”

The post Google Becomes Corporate Sponsor of OpenStack Foundation appeared first on Cloud News Daily.

Craig McLuckie, Google, Kubernetes, Laurent Lachal, Mark Collier, News & Analysis, Open Source, OpenStack, ovum

Google joins OpenStack to build bridges between public and private clouds

Google has joined the OpenStack Foundation, a big sign of support for the open source software organisation

Google has joined the OpenStack Foundation, a big sign of support for the open source software organisation

Google has officially signed up to sponsor the OpenStack Foundation, the first of the big three – Google, Microsoft and AWS – to formally throw its weight behind the open source cloud orchestration software. Analysts believe the move will improve support for Linux containers across public and private cloud environments.

Google has already set to work integrating Kubernetes with OpenStack with pure-play OpenStack software vendor Mirantis, a move the company said would help bolster its hybrid cloud capabilities.

While the company has had some engineers partnering with the Foundation on Magnum and Murano, container-focused toolsets baked into the open source platform, Google said it plans to significantly bolster the engineering resource it devotes to getting Linux containers – and particularly its open source scheduling and deployment platform Kubernetes – integrated with OpenStack.

The formal sign of support from such a big incumbent in the cloud space is a big win for OpenStack.

“We are excited about becoming active participants in the OpenStack community,” said Craig McLuckie, product manager at Google. “We look forward to sharing what we’ve learned and hearing how OpenStack users are thinking about containers and other technologies to support cloud-native apps.”

Mark Collier, chief operating officer of the OpenStack Foundation said: “OpenStack is a platform that frees users to run proven technologies like VMs as well as new technologies like containers. With Google committing unequaled container and container management engineering expertise to our community, the deployment of containers via proven orchestration engines like Kubernetes will accelerate rapidly.”

Although Google has a long history of open sourcing some of the tools it uses to stand up its own cloud and digital services like search it hasn’t always participated with many open source forums per se.

In a sense Kubernetes marked a departure from its previous trajectory, and as Ovum’s lead software analyst Laurent Lachal explained to BCN, it seems to be focusing on containers as a means of building a bridge between private and public clouds.

“Google knows that it needs to play nice with cloud platforms like OpenStack and VMware, two platforms that are primarily private cloud-centric, if it wants to get workloads onto its public cloud,” he explained.

“Joining OpenStack is exactly that – a means to building a bridge between private and public clouds, and supporting containers within the context of OpenStack may be both a means of doing that and generating consensus around how best to support containers in OpenStack, something that could also work in its favour.”

“There’s also a big need for that kind of consensus. Currently, everyone wants to join the containers initiatives in the open source project but there isn’t much backing for one particular way of delivering the container-related features users need,” he added.

Google, Infrastructure as a Service, News & Analysis, SQL, Windows

Google Cloud adds Microsoft support as Windows Server 2003 reaches EOL

Google made Windows Server support generally available this week

Google made Windows Server support generally available this week

Making good on commitments the cloud provider made in December last year Google has announced general availability of Windows Server on the Google Cloud Platform. The move comes the same week Windows Server 2003 reached its end of life.

“Making sure Google Cloud Platform is the best place to run your workloads is our top priority, so we’re happy that today Windows Server on Google Compute Engine graduates to General Availability, joining the growing list OSes we support. We’re also introducing several enhancements for Windows Server users,” the company said in a statement on its cloud blog.

“With its graduation to General Availability, Windows Server instances are now covered by the Compute Engine SLA. Windows Server users can now easily deploy a server running Active Directory or ASP.NET using the Cloud Launcher, and can securely extend their existing infrastructure into Google Cloud Platform using VPN.”

Google also said customers the purchase GCP support packages can get architectural and operational support for their Windows Server deployments on its cloud platform. And with Microsoft ceasing support for Windows Server 2003 Google is looking to lure in Microsoft developers by committing to support migration to more current Microsoft Server releases (2008, 2012).

In December last year the company announced it would begin offering Microsoft license mobility for the Google Cloud Platform, enabling existing Microsoft server application users to bring their own licenses and apps – SQL Server, SharePoint, Exchange – from on-premise to the cloud, without incurring any additional fees.

As before the move to expand support for the Microsoft ecosystem is likely to come as welcome news to the .NET crowd, which is fairly sizeable. Microsoft commands a 32.8 per cent share of all public web server infrastructure according to W3Techs.

Crowdstrike, Funding, Google, News & Analysis, Rackspace

Security as a service firm Crowdstrike bags $100 from Google, Rackspace

CrowdStrike secured $100m in funding this week from Rackspace, Google among others

CrowdStrike secured $100m in funding this week from Rackspace, Google among others

Security SaaS provider CrowdStrike completed a $100m round of funding led by Google and Rackspace this week, which the company said would be used to bolster its international expansion.

The funding round, in which Accel and Warburg Pincus also participated, brings the total investment secured by the firm to $156m.

CrowdStrike offers a range of threat intelligence, endpoint protections and cybersecurity services including a cloud-based software offering and a security operations centre -as-a-service.

The company, of which Rackspace is a customer, claims to have trebled billings revenue and employees year on year.

“It’s extremely gratifying to bring in a high-caliber investor like Google Capital which shares our passion for innovation and sees the opportunity to completely transform the security industry,” said George Kurtz, CrowdStrike’s co-founder and chief executive officer.

“As we continue to experience hyper-growth, this capital injection will help us firmly establish our SaaS-based endpoint protection platform as the leading solution to address today’s sophisticated attacks and will allow CrowdStrike to further accelerate our domestic and international expansion.”

The cloud-based security services market is growing along with enterprise adoption of cloud services in part because they can be deployed more quickly and flexibly than on-premise solutions, and because the architectures tend to be quite complimentary. Large cloud providers also see value in funding them because security services are quite capitally and operationally expensive – they require huge investments in code, infrastructure, monitoring and support staff – which means it’s challenging for these large IaaS providers to offer these services themselves. According to MarketsandMarkets the cloud security market is forecast to grow nearly 16 per cent CAGR from $4.2bn in 2014 to $8.7bn in 2019.