Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data server. Show all posts
social media platforms
Critical Infrastructure Cyber Security Data server Decentralised Platform Decentralization Digital Ocean Personal Data social media platforms

Bluesky’s Growth Spurs Scaling Challenges Amid Decentralization Goals

 

The new social media platform, Bluesky, received a huge number of new users over the past few weeks. This mass influx represents an alternative social networking experience, which is in demand. However, it also introduced notable technical challenges to the growth of the platforms, testing the current infrastructure and the vision for decentralization. Bluesky recently hit the servers hard, making most parts of the platform slow or unavailable. Users were affected by slow notifications, delayed updates in the timeline, and "Invalid Handle" errors. The platform was put into read-only mode as its stabilization was left to the technical team to take care of. This was worse when connectivity went down because of a severed fiber cable from one of the main bandwidth providers. 

Although it restored connectivity after an hour, the platform continued to experience increased traffic and record-breaking signups. Over 1.2 million new users had registered within the first day-an indication that the program held a great deal of promise and needed better infrastructure. Issues at Bluesky are reflected from the early times of Twitter, when server overloads were categorized by the "fabled Fail Whale." In a playful nod to history, users on Bluesky revived the Fail Whale images, taking the humor out of frustration. These instances of levity, again, prove the resilience of the community but indicate and highlight the urgency needed for adequate technical solutions. D ecentralized design is at the heart of Bluesky's identity, cutting reliance on a single server. In theory, users should be hosting their data on Personal Data Servers (PDS), thereby distributing the load across networks of independent, self-sufficient servers. That in its way is in line with creating a resilient and user-owned type of space. 

As things stand today, though, most of the users remain connected to the primary infrastructure, causing bottlenecks as the user base expands. The fully decentralized approach would be rather difficult to implement. Yes, building a PDS is relatively simple using current tools from providers like DigitalOcean; however, replicating the whole Bluesky infrastructure will be much more complex. The relay component alone needs nearly 5TB of storage, in addition to good computing power and bandwidth. Such demands make decentralization inaccessible to smaller organizations and individuals. To address these challenges, Bluesky may require resources from hyperscale cloud providers like AWS or Google Cloud. Such companies might host PDS instances along with support infrastructure. This will make it easy to scale Bluesky. It will also eliminate the current single points of failures in place and make sure that the growth of the platform is ensured. 

The path that Bluesky takes appears to represent two challenges: meeting short-term demand and building a decentralized future. With the right investment and infrastructure, the platform may well redefine the social media scenario it so plans, with a scalable and resilient network faithful to its vision of user ownership.
Read more »
TTP
Cloud Cloud Servers Cyber Security Data Safety data security Data server Microsoft New Zealand TTP

Empowering Indigenous Data Sovereignty: The TTP-Microsoft Partnership

 

The recent partnership between Te Tumu Paeroa (TTP), the office of the Māori Trustee, and Microsoft for the forthcoming data centres in Aotearoa New Zealand marks a groundbreaking development with potential global implications for indigenous data sovereignty. This agreement, described as "groundbreaking," is based on TTP's Māori data sovereignty framework, which has been under development for the past three years. 

As anchor tenants for Microsoft's data centres, TTP will play a pivotal role in safeguarding Māori data as a precious asset in an increasingly digital world. Ruth Russell, Te Tumu Paeroa’s Kaitautari Pārongo Matua (Chief Information Officer), emphasized the significance of protecting Māori data, describing it as a "taonga" or treasure. Anchor tenancy enables TTP to host data in Aotearoa, ensuring it remains within the country's sovereign borders. 

The agreement aims to deepen connections between landowners and their whenua (land) and facilitate faster recovery from major weather events while supporting innovation on key issues such as climate change. TTP's services include trust administration, property management, income distribution, and client fund management, making this partnership crucial for enhancing Māori data sovereignty. One of the primary benefits of the new cloud service is that data stored at the centre will not leave New Zealand's sovereign borders, ensuring compliance with local laws and regulations. 

This advanced data residency feature offered by Microsoft instills confidence that data resides in the desired territory, aligning with TTP's framework and recognizing the sovereignty of Māori data. Dan Te Whenua Walker from Microsoft highlights the opportunity for Māori to leverage artificial intelligence (AI) while acknowledging some uncertainties regarding its cultural implications. He emphasizes the importance of TTP's framework in guiding the adoption of AI, ensuring it aligns with Māori aspirations and values. DDS IT, responsible for migrating data to Microsoft's cloud servers, considers this partnership a unique opportunity. The data migration process involves transferring data between locations and formats, with the full transfer expected to take between 12 to 24 months. 

Moreover, the new data centre is set to be the most sustainable globally, emphasizing energy efficiency and environmental considerations. The partnership between TTP and Microsoft represents a significant step towards advancing Māori data sovereignty and leveraging technology to benefit indigenous communities. By hosting data within Aotearoa's sovereign borders and adhering to Māori principles of kaitiakitanga (guardianship), this collaboration sets a precedent for indigenous data governance worldwide.
Read more »
Vulnerabilities and Exploits
data security threats Data server e-government technologies Government Database Vulnerabilities and Exploits

Critical Vulnerabilities in GovQA Platform Expose Sensitive Government Records

 

In a significant cybersecurity revelation, critical vulnerabilities were discovered in the GovQA platform, a tool extensively used by state and local governments across the U.S. to manage public records requests. 

Independent researcher Jason Parker uncovered flaws that, if exploited, could have allowed hackers to access and download troves of unsecured files connected to public records inquiries. These files often contain highly sensitive personal information, including IDs, fingerprints, child welfare documentation, and medical reports. 

The vulnerabilities in the GovQA platform, designed by IT services provider Granicus, have since been addressed with a patch deployed on Monday. However, the potential consequences of these flaws were severe. If exploited, hackers could have gained access to personally identifiable information submitted by individuals making public records requests. 

This information, often including driver's licenses and other verification documents, could be linked to the subjects of the requests, posing a significant privacy and security risk. Granicus, responding to the findings, emphasized that the vulnerabilities did not constitute a breach of Granicus systems, GovQA, or any other part of applications or infrastructure. 

The company classified the vulnerabilities as "low severity" but acknowledged the need to work with customers to minimize the information collected and disclosed. However, cybersecurity experts who reviewed the findings disputed this classification, considering the flaws to be more severe than labeled. The GovQA platform is a crucial tool used by hundreds of government management centers in at least 37 states and the District of Columbia.

Its purpose is to assist offices in sorting and delivering records to requesters through official public access channels. The flaws in the platform, discovered by Parker, could have allowed bad actors not only to access sensitive personal information but also to trick the system into letting individuals edit or change the metadata of records requests without detection by administrators. 

By modifying the webpage's code, a skilled hacker could have accessed more information than intended, potentially leading to the exposure of highly sensitive data. The GovQA platform, used for managing records requests, often involves individuals submitting personal information for verification purposes. This information is stored alongside the requested files and could be exposed in the event of a cyberattack. 

The vulnerabilities were particularly concerning as they could be exploited to access records tied to both the requestor and the subject of their request, even in cases where requests were denied. The findings by Jason Parker underscore the broader challenges faced by state and local governments in safeguarding sensitive information. With cyber incidents targeting government entities becoming more common, the need for robust security measures and a culture of responsibility around code security is paramount. 

As President Joe Biden recently signed an executive order focused on preventing sensitive data from falling into the hands of foreign adversaries, the vulnerabilities in the GovQA platform highlight the urgency of addressing security risks in widely used records systems. The incident serves as a reminder of the potential consequences when cybersecurity vulnerabilities are present in critical tools that manage sensitive government data.
Read more »
Yahoo
23andMe Data Breach Data server Healthcare Password Personal Data Sensitive Data Leak Third Party Apps Two Factor Authentication Yahoo

DNA Data Breaches: A Growing Cybersecurity Concern

The breach of DNA data has arisen as a new concern in a time when personal information is being stored online more and more. Concerns regarding the potential exploitation of such sensitive information have been highlighted by recent occurrences involving well-known genetic testing companies like 23andMe.

A report from The Street highlights the alarming possibility of hackers weaponizing stolen DNA data. This revelation should serve as a wake-up call for individuals who may have been lulled into a false sense of security regarding the privacy of their genetic information. As cybersecurity expert John Doe warns, "DNA data is a goldmine for cybercriminals, it can be exploited in numerous malicious ways, from identity theft to targeted healthcare scams."

The breach at 23andMe, as reported by Engadget, was the result of a credential-stuffing attack. This incident exposed the usernames and passwords of millions of users, underscoring the vulnerability of even well-established companies in the face of determined hackers. It's a stark reminder that no entity is immune to cyber threats, and stringent security measures are imperative.

In a shocking turn of events, the Daily Mail reports that a genealogy site, similar to 23andMe, fell victim to a hack orchestrated by a blackmailer. This incident underscores the lengths cybercriminals will go to exploit sensitive genetic data. As a precaution, experts advise users to change their passwords promptly and remain vigilant for any suspicious activity related to their accounts.

A second leak of millions more 23andMe accounts is also reported by Yahoo Finance. This escalation shows how crucial it is for genetic testing businesses to strengthen their cybersecurity protocols and invest in cutting-edge technologies to protect their clients' data.

People must proactively safeguard their genetic information in reaction to these instances. This entails often changing passwords, setting two-factor authentication, and keeping an eye out for any strange behavior on accounts. Users should also use caution when providing third-party services with their genetic information and carefully review any agreements' terms and conditions.

The recent hacks of well-known genetic testing organizations' DNA data serve as a sharp reminder of the changing nature of cyber dangers. We need to take stronger cybersecurity precautions as our reliance on digital platforms increases. Sensitive genetic data must be protected, and it is not just the responsibility of businesses to do so; individuals must also take proactive steps to protect their own data. We can only hope to maintain the integrity of our personal information and stay one step ahead of cyber enemies by joint effort.

Read more »
US Cyber Security
Cyber Security Data Privacy Laws Data server database E-Commerce Phishing Attacks UK US Cyber Security

Tech Giants Threaten UK Exit Over Privacy Bill Concerns

As US tech giants threaten to sever their links with the UK, a significant fear has emerged among the technology sector in recent days. This upheaval is a result of the UK's proposed privacy bill, which has shocked the IT industry. The bill, which aims to strengthen user privacy and data protection rights, has unintentionally sparked a wave of uncertainty that has US IT companies considering leaving.

The UK's plans to enact strict privacy laws, which according to business executives, could obstruct the free movement of information across borders, are at the core of the issue. Users would be able to request that their personal data be removed from company databases thanks to the unprecedented power over their data that the new privacy regulation would give them. Although the objective is noble, major figures in the tech industry contend that such actions may limit their capacity to offer effective services and innovate on a worldwide scale.

US tech giants were quick to express their worries, citing potential issues with resource allocation, regulatory compliance, and data sharing. The terms of the bill might call for a redesign of current systems, which would be costly and logistically challenging. Some businesses have openly addressed the prospect of moving their operations to more tech-friendly locations due to growing concerns about innovation and growth being hampered.

Additionally, some contend that the proposed measure would unintentionally result in fragmented online services, where users in the UK might have limited access to the platforms and functionalities enjoyed by their counterparts elsewhere. This could hurt everything from e-commerce to communication technologies, harming both consumers and businesses.

The topic has received a lot of attention, and tech titans are urging lawmakers to revisit the bill's provisions to strike a balance that protects user privacy without jeopardizing the viability of their services. An exodus of technology could have far-reaching effects. The consequences might be severe, ranging from employment losses to a decrease in the UK's status as a tech center.

There is hope that as conversations proceed, a solution will be found that takes into account both user privacy concerns and the practical requirements of the tech sector. The preservation of individual rights while promoting an atmosphere where innovation can flourish depends on finding this balance. Collaboration between policymakers, tech corporations, and consumer advocacy organizations will be necessary to find common ground.


Read more »
Vulnerabilities
Cyber Security Cyberattack Cyberthreats data security Data server Server Supply-chain attacks Vulnerabilities

Can you escape Cybersecurity? Maybe No


Suppose you are part of an organization that has any form of an online presence. In that case, you will ultimately have to take initiative to look after the security of the systems, devices, and data. And if driven criminals, who frequently use cyber weaponry initially created by nation-states, do not make you care about your organization’s cybersecurity, regulators will. 

You Are Only as Safe as Your Suppliers 

In today’s interconnected world, many organizations still do not realize how they are intertwined with their suppliers. 

Almost all the software that organisations employ have its storage elsewhere, which is to say they are no longer in their system. These software are either in other servers, data centers, or cloud storages. 

Moreover, as organization’s security is taking a swift shift to the software-as-a-service (SaaS) model, one’s data becomes more vulnerable to unauthorized foreign access, with the endpoint device – that is apparently located in a place, no one possesses control over, posing as a terminal for the access. 

In the wake of the recent trend of supply-chain attacks, or cyberattacks in general, organizations must realize the seriousness of engaging in efficient cybersecurity. 

We are listing below some of the measures an organization can seek, in order to alleviate the risk of malicious cyber activities in their systems: 

1. Recognize The Impact of a Cyberattack on Your Organization 

These are some of the questions an organization must acknowledge answers to.  

  • How can a cyberattack affect the organization’s goal? 
  • How does it impact the outcomes the organization desires? 
  • Can a cyberattack potentially change the outcomes that they aim to achieve on a monthly, quarterly, or annual basis? 
  • What are the risks introduced by the cyberattack? 
  • What are the organizational assets that are at risk?
If the organization does not acknowledge the impact of a cyberattack, it may assume that ticking only a few boxes of “Ways to boost cybersecurity” would be sufficient in keeping the organization safe. It is until some cybercriminal comes to know about the “crown jewel,” which is critical to your organization but is somehow left vulnerable since the organization ignored its security. 

2. Establish A Cybersecurity Training Process 

An organization can be kept secure by design if cybersecurity is included as early as possible in all business processes. Although, cybersecurity training should not be conducted only once. Security awareness training must be integrated into daily work activities for cybersecurity to become ingrained in the employees' mindsets. 

3. Identify The Potential Misuse of Your System 

In the development roadmap of a company, one may include its customers’ needs. While the organization’s own software are taken no notice of. This way, organizations may not realize how their software could in fact be misused. 

The company can further commence the process of eradicating or minimising possible abuses, once it is recognized. Even at the earliest stages of design, threat modeling can be an effective approach for identifying potential misuse. 

4. Prioritize Cyber Security 

While the buzzword is “shift left,” prioritizing cybersecurity in the initial stage of a product’s life cycle would eventually aid in saving an organization’s time and money. 

While the developers are still adding code into their continuous integration/continuous deployment (CI/CD) platforms, analysis of the issues produced by the code and the third-party libraries used can assist in uncovering issues before they are baked in. 

The remaining vulnerabilities will be eliminated by dynamic inspections of security holes in the finished product. Additionally, having a DevSecOps team that is responsible for cybersecurity is essential when issues are found. 

The organizations thus should be in charge of not only establishing and maintaining code but also resolving any problems with cyber security.  

Read more »
Subscribe to: Posts (Atom)