Timesdelhi.com

September 21, 2018
Category archive

Microsoft

Why the Pentagon’s $10 billion JEDI deal has cloud companies going nuts

in Amazon/Cloud/Delhi/department of defense/Enterprise/Government/India/Microsoft/military/oracle/Pentagon JEDI contract/Politics/TC by

By now you’ve probably heard of the Defense Department’s massive winner-take-all $10 billion cloud contract dubbed the Joint Enterprise Defense Infrastructure (or JEDI for short).
Star Wars references aside, this contract is huge, even by government standards.The Pentagon would like a single cloud vendor to build out its enterprise cloud, believing rightly or wrongly that this is the best approach to maintain focus and control of their cloud strategy.

Department of Defense (DOD) spokesperson Heather Babb tells TechCrunch the department sees a lot of upside by going this route. “Single award is advantageous because, among other things, it improves security, improves data accessibility and simplifies the Department’s ability to adopt and use cloud services,” she said.

Whatever company they choose to fill this contract, this is about modernizing their computing infrastructure and their combat forces for a world of IoT, artificial intelligence and big data analysis, while consolidating some of their older infrastructure. “The DOD Cloud Initiative is part of a much larger effort to modernize the Department’s information technology enterprise. The foundation of this effort is rationalizing the number of networks, data centers and clouds that currently exist in the Department,” Babb said.

Setting the stage

It’s possible that whoever wins this DOD contract could have a leg up on other similar projects in the government. After all it’s not easy to pass muster around security and reliability with the military and if one company can prove that they are capable in this regard, they could be set up well beyond this one deal.

As Babb explains it though, it’s really about figuring out the cloud long-term. “JEDI Cloud is a pathfinder effort to help DOD learn how to put in place an enterprise cloud solution and a critical first step that enables data-driven decision making and allows DOD to take full advantage of applications and data resources,” she said.

Photo: Mischa Keijser for Getty Images

The single vendor component, however, could explain why the various cloud vendors who are bidding, have lost their minds a bit over it — everyone except Amazon, that is, which has been mostly silent, happy apparently to let the process play out.

The belief amongst the various other players, is that Amazon is in the driver’s seat for this bid, possibly because they delivered a $600 million cloud contract for the government in 2013, standing up a private cloud for the CIA. It was a big deal back in the day on a couple of levels. First of all, it was the first large-scale example of an intelligence agency using a public cloud provider. And of course the amount of money was pretty impressive for the time, not $10 billion impressive, but a nice contract.

For what it’s worth, Babb dismisses such talk, saying that the process is open and no vendor has an advantage. “The JEDI Cloud final RFP reflects the unique and critical needs of DOD, employing the best practices of competitive pricing and security. No vendors have been pre-selected,” she said.

Complaining loudly

As the Pentagon moves toward selecting its primary cloud vendor for the next decade, Oracle in particular has been complaining to anyone who will listen that Amazon has an unfair advantage in the deal, going so far as to file a formal complaint last month, even before bids were in and long before the Pentagon made its choice.

Photo: mrdoomits for Getty Images (cropped)

Somewhat ironically, given their own past business model, Oracle complained among other things that the deal would lock the department into a single platform over the long term. They also questioned whether the bidding process adhered to procurement regulations for this kind of deal, according to a report in the Washington Post. In April, Bloomberg reported that co-CEO Safra Catz complained directly to the president that the deal was tailor made for Amazon.

Microsoft hasn’t been happy about the one-vendor idea either, pointing out that by limiting itself to a single vendor, the Pentagon could be missing out on innovation from the other companies in the back and forth world of the cloud market, especially when we’re talking about a contract that stretches out for so long.

As Microsoft’s Leigh Madden told TechCrunch in April, the company is prepared to compete, but doesn’t necessarily see a single vendor approach as the best way to go. “If the DOD goes with a single award path, we are in it to win, but having said that, it’s counter to what we are seeing across the globe where 80 percent of customers are adopting a multi-cloud solution,” he said at the time.

He has a valid point, but the Pentagon seems hell bent on going forward with the single vendor idea, even though the cloud offers much greater interoperability than proprietary stacks of the 1990s (for which Oracle and Microsoft were prime examples at the time).

Microsoft has its own large DOD contract in place for almost a billion dollars, although this deal from 2016 was for Windows 10 and related hardware for DOD employees, rather than a pure cloud contract like Amazon has with the CIA.

It also recently released Azure Stack for government, a product that lets government customers install a private version of Azure with all the same tools and technologies you find in the public version, and could prove attractive as part of its JEDI bid.

Cloud market dynamics

It’s also possible that the fact that Amazon controls the largest chunk of the cloud infrastructure market, might play here at some level. While Microsoft has been coming fast, it’s still about a third of Amazon in terms of market size, as Synergy Research’s Q42017 data clearly shows.

The market hasn’t shifted dramatically since this data came out. While market share alone wouldn’t be a deciding factor, Amazon came to market first and it is much bigger in terms of market than the next four combined, according to Synergy. That could explain why the other players are lobbying so hard and seeing Amazon as the biggest threat here, because it’s probably the biggest threat in almost every deal where they come up against each other, due to its sheer size.

Consider also that Oracle, which seems to be complaining the loudest, was rather late to the cloud after years of dismissing it. They could see JEDI as a chance to establish a foothold in government that they could use to build out their cloud business in the private sector too.

10 years might not be 10 years

It’s worth pointing out that the actual deal has the complexity and opt-out clauses of a sports contract with just an initial two-year deal guaranteed. A couple of three-year options follow, with a final two-year option closing things out. The idea being, that if this turns out to be a bad idea, the Pentagon has various points where they can back out.

Photo: Henrik Sorensen for Getty Images (cropped)

In spite of the winner-take-all approach of JEDI, Babb indicated that the agency will continue to work with multiple cloud vendors no matter what happens. “DOD has and will continue to operate multiple clouds and the JEDI Cloud will be a key component of the department’s overall cloud strategy. The scale of our missions will require DOD to have multiple clouds from multiple vendors,” she said.

The DOD accepted final bids in August, then extended the deadline for Requests for Proposal to October 9th. Unless the deadline gets extended again, we’re probably going to finally hear who the lucky company is sometime in the coming weeks, and chances are there is going to be lot of whining and continued maneuvering from the losers when that happens.

News Source = techcrunch.com

Cryptocurrency mining attacks using leaked NSA hacking tools are still highly active a year later

in cryptocurrency/Cybereason/Delhi/India/Microsoft/mining/National Security Agency/petya/Politics/ransomware/Security by

It’s been over a year since highly classified exploits built by the National Security Agency were stolen and published online.

One of the tools, dubbed EternalBlue, can covertly break into almost any Windows machine around the world. It didn’t take long for hackers to start using the exploits to run ransomware on thousands of computers, grinding hospitals and businesses to a halt. Two separate attacks in as many months used WannaCry and NotPetya ransomware, which spread like wildfire. Once a single computer in a network was infected, the malware would also target other devices on the network. The recovery was slow and cost companies hundreds of millions in damages.

Yet, more than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack.

Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.

Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.

“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.

“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.

Cryptomining attacks have been around for a while. It’s more common for hackers to inject cryptocurrency mining code into vulnerable websites, but the payoffs are low. Some news sites are now installing their own mining code as an alternative to running ads.

But WannaMine works differently, Cybereason said in its post-mortem of the infection. By using those leaked NSA exploits to gain a single foothold into a network, the malware tries to infect any computer within. It’s persistent so the malware can survive a reboot. After it’s implanted, the malware uses the computer’s processor to mine cryptocurrency. On dozens, hundreds, or even thousands of computers, the malware can mine cryptocurrency far faster and more efficiently. Though it’s a drain on energy and computer resources, it can often go unnoticed.

After the malware spreads within the network, it modifies the power management settings to prevent the infected computer from going to sleep. Not only that, the malware tries to detect other cryptomining scripts running on the computer and terminates them — likely to squeeze every bit of energy out of the processor, maximizing its mining effort.

At least 300,000 computers or networks are still vulnerable to the NSA’s EternalBlue hacking tools.

Based on up-to-date statistics from Shodan, a search engine for open ports and databases, at least 919,000 servers are still vulnerable to EternalBlue, with some 300,000 machines in the US alone. And that’s just the tip of the iceberg — that figure can represent either individual vulnerable computers or a vulnerable network server capable of infecting hundreds or thousands more machines.

Cybereason said companies are still severely impacted because their systems aren’t protected.

“There’s no reason why these exploits should remain unpatched,” the blog post said. “Organizations need to install security patches and update machines.”

If not ransomware yesterday, it’s cryptomining malware today. Given how versatile the EternalBlue exploit is, tomorrow it could be something far worse — like data theft or destruction.

In other words: if you haven’t patched already, what are you waiting for?

News Source = techcrunch.com

Microsoft acquires Lobe, a drag-and-drop AI tool

in Artificial Intelligence/Delhi/Developer/Exit/India/lobe/machine learning/Microsoft/mike matas/Politics/Startups/TC by

Microsoft today announced that is has acquired Lobe, a startup that lets you build machine learning models with the help of a simple drag and drop interface. Microsoft plans to use Lobe, which only launched into beta earlier this year, to build upon its own efforts to make building AI models easier, though, for the time being, Lobe will operate as before.

“As part of Microsoft, Lobe will be able to leverage world-class AI research, global infrastructure, and decades of experience building developer tools,” the team writes. “We plan to continue developing Lobe as a standalone service, supporting open source standards and multiple platforms.”

Lobe was co-founded by Mike Matas, who previously worked on the iPhone and iPad, as well as Facebook’s Paper and Instant Articles products. The other co-founders are Adam Menges and Markus Beissinger.

In addition to Lobe, Microsoft also recently bought Bonsai.ai, a deep reinforcement learning platform, and Semantic Machines, a conversational AI platform. Last year, it acquired Disrupt Battlefield participant Maluuba. It’s no secret that machine learning talent is hard to come by, so it’s no surprise that all of the major tech firms are acquiring as much talent and technology as they can.

“In many ways though, we’re only just beginning to tap into the full potential AI can provide,” Microsoft’s EVP and CTO Kevin Scott writes in today’s announcement. “This in large part is because AI development and building deep learning models are slow and complex processes even for experienced data scientists and developers. To date, many people have been at a disadvantage when it comes to accessing AI, and we’re committed to changing that.”

It’s worth noting that Lobe’s approach complements Microsoft’s existing Azure ML Studio platform, which also offers a drag-and-drop interface for building machine learning models, though with a more utilitarian design than the slick interface that the Lobe team built. Both Lobe and Azure ML Studio aim to make machine learning easy to use for anybody, without having to know the ins and outs of TensorFlow, Keras or PyTorch. Those approaches always come with some limitations, but just like low-code tools, they do serve a purpose and work well enough for many use cases.

News Source = techcrunch.com

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

in Apple/cryptography/Delhi/encryption/f-secure/filevault/India/Intel/Microsoft/microsoft windows/Politics/privacy/Security by

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says.

In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft.

F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk.

The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

Both Microsoft and Apple downplayed the risk.

Acknowledging that an attacker needs physical access to a device, Microsoft said it encourages customers to “practice good security habits, including preventing unauthorized physical access to their device.” Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.

When reached, Intel would not to comment on the record.

In any case, the researchers say, there’s not much hope that affected computer makers can fix their fleet of existing devices.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Companies, and users, are “on their own,” said Segerdahl.

“Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” he said.

News Source = techcrunch.com

BMW launches a personal voice assistant for its cars

in Amazon/Artificial Intelligence/Assistant/Automotive/automotive industry/BMW/Cars/Delhi/disrupt sf 2018/India/Microsoft/Politics/transport by

At TechCrunch Disrupt SF 2018, BMW today premiered its digital personal assistant for its cars, the aptly named BMW Intelligent Personal Assistant. But you won’t have to say “Hey, BMW Intelligent Personal Assistant” to wake it up. You can give it any name you want.

The announcement comes only a few weeks after BMW also launched its integration with Amazon’s Alexa, but it’s worth stressing that these are complementary technologies. BMW’s own assistant is all about your car, while its partnerships with Amazon and also Microsoft enables other functions that aren’t directly related to your driving experience.

“BMW’s Personal Assistant gets to know you over time with each of your voice commands and by using your car,” BMW’s senior vice president Digital Products and Services, Dieter May, said. “It gets better and better every single day.”

Sticking with the precedents of Microsoft’s, Google’s and Amazon’s assistants, the voice of BMW’s assistant is female (though BMW often uses male names and pronouns in its press materials). Over time, it’ll surely get more voices.

So what can the BMW assistant do? Once you are in a compatible car, you’ll be able to control all of the standard in-car features by voice. Think navigation and climate control (“Hey John, I’m cold”), or check the tire pressure, oil level and other engine settings.

You also can have some more casual conversations (“Hey Charlie, what’s the meaning of life?”), but what’s maybe more important is that the assistant will continuously learn more about you. Right now, the assistant can remember your preferred settings, but over time, it’ll learn more and even proactively suggest changes. “For example, driving outside the city at night, the personal assistant could suggest you the BMW High Beam Assist,” May noted.

In addition, you’ll also be able to use the assistant to learn more about your car’s features, something that’s getting increasingly hard as cars become computers on wheels with ever-increasing complexity.

BMW built the assistant on top of Microsoft’s Azure cloud and conversational technologies. Azure has long been BMW’s preferred public cloud and the two companies have had a close relationship for years now. BMW has, after all, also integrated some support for accessing Office 365 files and using Skype for Business in its cars, with support for Cortana likely coming soon, too.

That all sounds a bit confusing, though. Why have three assistants in the car, after all. All that “Hey Alexa,” “Hey Charlie,” “Hey Cortana” is going to get a bit confusing after all. But BMW argues that each one has a specialty. For Alexa that may be shopping while Cortana is all about getting work done and the BMW is all about your car. And if everything else fails, BMW’s existing concierge service is still there and lets you talk to a human.

The assistant feature will be available in a basic version with support for 23 languages and markets, starting March 2019. In the U.S., Germany, U.K., Italy, France, Spain, Switzerland, Austria, Brazil and Japan, the service will feature more features like support for weather search, point of interest search and access to music in March 2019. In those markets, the assistant will also feature a more natural voice. In China, this expanded version will go live a bit later and is currently scheduled for May 2019. In those markets, it’ll roll out to cars that support the BMW Operating System 7.0 as part of the company’s Live Cockpit Professional program.

If you order a BMW 3 Series, starting in November, the assistant will be available to you right away and included for the first three years of your ownership. For new X5, Z4 and 8 Series models, BMW Assistant support will arrive in the form of an over-the-air software upgrade starting in March 2019.

News Source = techcrunch.com

1 2 3 27
Go to Top