Researchers at Microsoft have taken a step toward making something similar possible for cloud computing, so that data sent to an [...]]]>

Imagine getting a friend’s advice on a personal problem and being safe in the knowledge that it would be impossible for your friend to divulge the question, or even his own reply.

Researchers at Microsoft have taken a step toward making something similar possible for cloud computing, so that data sent to an Internet server can be used without ever being revealed. Their prototype can perform statistical analyses on encrypted data despite never decrypting it. The results worked out by the software emerge fully encrypted, too, and can only be interpreted using the key in the possession of the data’s owner.

Cloud services are increasingly being used for every kind of computing, from entertainment to business software. Yet there are justifiable fears over security, as the attacks on Sony’s servers that liberated personal details from 100 million accounts demonstrated.

Kristin Lauter, the Microsoft researcher who collaborated with colleagues Vinod Vaikuntanathanand Michael Naehrig on the new design, says it would ensure that data could only escape in an encrypted form that would be nearly impossible for attackers to decode without possession of a user’s decryption key.

via A Cloud that Can’t Leak

This system handily bested their previous system, demonstrated at Supercomputing 2007, which scanned 1 billion files in three hours.

Key to the increased performance was the [...]]]>

With an eye toward helping tomorrow’s data-deluged organizations, IBM researchers have created a super-fast storage system capable of scanning in 10 billion files in 43 minutes.

This system handily bested their previous system, demonstrated at Supercomputing 2007, which scanned 1 billion files in three hours.

Key to the increased performance was the use of speedy flash memory to store the metadata that the storage system uses to locate requested information. Traditionally, metadata repositories reside on disk, access to which slows operations.

“If we have that data on very fast storage, then we can do those operations much more quickly,” said Bruce Hillsberg, director of storage systems at IBM Research Almaden, where the cluster was built. “Being able to use solid-state storage for metadata operations really allows us to do some of these management tasks more quickly than we could ever do if it was all on disk.”

IBM foresees that its customers will be grappling with a lot more information in the years to come.

via IBM speeds storage with flash: 10B files in 43 minutes

Most people rely on operating system and software updates – including security patches – [...]]]>

People solely relying on patching and upgrades are leading themselves into a false sense of security and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Australian Internet Industry Association.

Most people rely on operating system and software updates – including security patches – to gain a perception of security, but with increasing sophistication of cyber attacks this single-minded approach is no longer sufficient, according to AIIA chief executive Peter Coroneos.

“What is a concern is the capacity of individual users to manage their own security and that time has passed,” Coroneos said.

“Patching and updating software is still necessary but it is not enough.”

Coroneos said vendors need to intervene at the network level and need to provide security tools at a multiple levels to help secure people from the multiple levels of threats that are emerging.

via Days of individual security over, says AIIA chief – TrustDefender, security, Peter Coroneos, AIIA – CEO.

“I work in a small office with just two computers. Both machines run long-term-service releases of Ubuntu, with Gnome, and Evolution for scheduling, contact management and electronic mail. We plan to stick with Linux long-term. For telephone service, we’re using smartphones. In order to keep everything straight, we [...]]]>

A post on Slashdot reads:

“I work in a small office with just two computers. Both machines run long-term-service releases of Ubuntu, with Gnome, and Evolution for scheduling, contact management and electronic mail. We plan to stick with Linux long-term. For telephone service, we’re using smartphones. In order to keep everything straight, we need phones that can synchronize easily with the calendars and contact data on each owner’s desktop machine. We cannot use cloud based services for this function due to ethics rules, and for security reasons. Right now, we do all of this with older Palm phones, but these are a dying breed. What options are out there right now for phones that will sync with Evolution (or another good Linux PIM suite) which do not require data to go through the cloud first?”

via Slashdot Ask Slashdot Story | Open Source-Friendly Smartphones For the Small Office?.

Is this foreshadowing a demand in the market place? And what are the security implications?

For about six hours on Tuesday, a small snippet of JavaScript code ran rampant among Twitter users. The code used a particular class of flaw to execute simple commands, including changing the color of the interface and posting itself to the users’ followers. Victims [...]]]>

Social networking is a major vector for malicious software.

For about six hours on Tuesday, a small snippet of JavaScript code ran rampant among Twitter users. The code used a particular class of flaw to execute simple commands, including changing the color of the interface and posting itself to the users’ followers. Victims only had to hover the mouse pointer over the text.

As social networks become more popular, such threats are becoming more common, taking advantage of the trust between users. No wonder, then, that more than a third of small and midsize businesses (SMBs) already have identified a social network as the entry point for a virus or Trojan horse infecting their corporate networks, according to survey released last week by Panda Security.

via For Small Businesses, Social Networking Poses New Security Risks – social networking security/Security – DarkReading.

Winkler: The Real Problems With Cloud Computing.