Data Storage Today

Yahoo, Apple Disclose Government Data Requests

Tue, 18 Jun 2013 11:14:36 -0500

Following disclosures from Microsoft and Facebook last Friday, Yahoo and Apple are releasing information on thousands of requests they have received for user data related to criminal and security investigations from law enforcement and the U.S. National Security Agency.

Requests for user data that investigative agencies in the U.S. made to Yahoo from Dec. 1, 2012, to May 31 numbered between 12,000 and 13,000, including both criminal requests and those under the Foreign Intelligence Surveillance Act (FISA), which is the authority the NSA uses to seek information. Yahoo said the most common requests for user data concerned fraud, homicides, kidnappings and other criminal investigations. Yahoo did not specify how many user accounts were involved in the requests.

"Democracy demands accountability," Yahoo said in a statement authored by CEO Marissa Mayer and General Counsel Ron Bell. "Recognizing the important role that Yahoo can play in ensuring accountability, we will issue later this summer our first global law enforcement transparency report, which will cover the first half of the year. We will refresh this report with current statistics twice a year.

"As always, we will continually evaluate whether further actions can be taken to protect the privacy of our users and our ability to defend it. We appreciate -- and do not take for granted -- the trust you place in us."

Apple Data Requests

For Apple, from Dec. 1, 2012, to May 31 the company received between 4,000 and 5,000 requests from U.S. investigative agencies for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. Apple said the most common form of request came from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease,...

Texting Spammers Correlate Phone Users to Local Banks

Wed, 19 Jun 2013 09:55:57 -0500

If you use an Internet-connected smartphone, touch tablet, e-reader, notebook, laptop or desktop computer you ought to care about cybersecurity and online privacy. Here you'll find information you can use to live your digital life more securely -- and on terms of your choosing.

So let's drill down on a particularly nasty form of fraudulent spam that's on the rise: SMS text-messaging spam.

Spam is most familiar as obnoxious pitches for dubious products that most of us are used to ignoring. But cybercriminals have figured out that they can trigger any number of lucrative scams if they can get us, via a text message, to do something, such as click on a link, send a text or make a phone call.

The immersive Internet cloud and our love affair with mobile devices combine to make a perfect platform for clever spammers. Text messages are cheap, anonymous and scalable. And we haven't learned to be as wary as we should be of messages that arrive on our phone screens.

So spam gangs are increasingly supplementing their e-mail campaigns with SMS spam. Their singular goal is to get more of us to click on more of their messages.

The elite spam gangs are making high use of tracking techniques, pioneered by the likes of Google and Facebook, to infuse more efficiency into their scam campaigns. Each time you type your phone number into a Web form, such as your Facebook profile page or a Web survey, that data get compiled, stored and sold to marketers, including spammers.

The best-and-brightest spammers are obtaining and using these lists of active numbers. Anyone can go online and buy lists of 100,000 numbers, broken down by carrier, for as little as $400.

One particular gang has begun sending messages to active numbers in certain area codes -- after first correlating smaller local banks...

Samsung Offers Tiny, Superfast PCIe SSDs for Ultrabooks

Mon, 17 Jun 2013 12:30:55 -0500

Solid-state drives are continuing their march forward. On Monday, Samsung Electronics announced it has started to mass produce the first PCI-Express 3.0 SSDs for the new wave of Ultrabooks.

The thin Samsung XP941, available in 512 GB, 256 GB, and 128 GB sizes, will be provided to manufacturers for the next generation of slim notebooks. The new model provides a sequential read of 1,400 megabytes/second, which Samsung noted is the highest performance available using a PCIe 2.0 interface. The PCIe connection offers faster transfer speeds than SSDs using the SATA, or Serial ATA, interface.

This level of transfer speed, the company said, allows a drive to read half a terabyte of data -- or 10 HD movies as large as 5 GB each -- in only 36 seconds. Samsung said that is seven times faster than a hard drive, which would require more than 40 minutes for the same tasks, and it's more than 2.5 times faster than the fastest SSD using an SATA interface.

Six Grams

The new drive is available in an 80mm x 22mm form factor, weighing 6 grams, or about one-ninth the weight of an SATA-based 2.5-inch SSD. In volume, the XP941 is about one-seventh the size of a 2.5-inch SSD drive, allowing more room in a mobile device for, say, a larger battery.

Young-Hyun Jun, Samsung Electronic executive vice president for memory sales and marketing, said in a statement that the company's shipment of the XP941 makes it "the first to provide the highest performance PCIe SSD to global PC makers so that they can launch leading-edge ultra-slim notebook PCs this year."

Avi Greengart, an analyst with industry research firm Current Analysis, said SSDs have been coming from SanDisk, Intel, Kingston and others in addition to Samsung, which is the "largest flash memory vendor in the world."

Classic Technology Adoption

He...

Secret to Prism Program: Even Bigger Data Seizure

Tue, 18 Jun 2013 09:23:45 -0500

In the months and early years after the Sept. 11, 2001, terrorist attacks, FBI agents began showing up at Microsoft Corp. more frequently than before, armed with court orders demanding information on customers.

Around the world, government spies and eavesdroppers were tracking the email and Internet addresses used by suspected terrorists. Often, those trails led to the world's largest software company and, at the time, largest email provider.

The agents wanted email archives, account information, practically everything, and quickly. Engineers compiled the data, sometimes by hand, and delivered it to the government.

Often there was no easy way to tell if the information belonged to foreigners or Americans. So much data was changing hands that one former Microsoft employee recalls that the engineers were anxious about whether the company should cooperate.

Inside Microsoft, some called it "Hoovering" -- not after the vacuum cleaner, but after J. Edgar Hoover, the first FBI director, who gathered dirt on countless Americans.

This frenetic, manual process was the forerunner to Prism, the recently revealed highly classified National Security Agency program that seizes records from Internet companies. As laws changed and technology improved, the government and industry moved toward a streamlined, electronic process, which required less time from the companies and provided the government data in a more standard format.

The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the U.S. safe.

But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort.

Americans who disapprove of the government...

Microsoft, Facebook Tell of Thousands of Security Requests

Mon, 17 Jun 2013 10:27:41 -0500

Thousands of law enforcement and U.S. national security requests were received by Microsoft and Facebook in the second half of 2012, the two companies disclosed late Friday. The companies noted, however, that the requests represented a tiny fraction of their user bases.

John Frank, vice president and deputy general counsel at Microsoft, said his company was permitted, for the first time, to disclose the total volume of national security orders but was still not allowed to confirm whether it had received any Foreign Intelligence Surveillance Act (FISA) orders. Frank is still convinced, however, that what the company is permitted to publish falls short of what is needed to help the community understand and debate the issues.

Microsoft Escapes Verizon's Fate

With that said, Microsoft revealed that for the six months ended Dec. 31, 2012, it received a total of 6,000 to 7,000 criminal and national security warrants, subpoenas and orders from local, state and federal U.S. governmental entities, affecting more than 31,000 consumer accounts. Frank said that amounted to only a tiny fraction of Microsoft's global customer base.

"Microsoft has not received any national security orders of the type that Verizon was reported to have received that required the wireless carrier to provide business records about U.S. customers," Frank confirmed. That's good for Microsoft, since the debate over Verizon releasing customer information to the U.S. government and the National Security Agency is still raging.

"Verizon and Verizon Wireless are in the center of the storm, but they are keeping quiet and the storm has not ravaged them yet. That's the good news," Jeff Kagan, a wireless industry analyst, told us. "To date, they have not lost customers or investors. I hope they can continue to stay away from the chaos. However, things can change quickly.

"So far I would give Verizon an 'A' in the way...

New Facebook Data Center Uses All Home-Grown Servers

Fri, 14 Jun 2013 14:03:07 -0500

Facebook has opened the doors, so to speak, to its new data center in Lulea, Sweden. The data center marks a first for the social networking giant in two ways: It's the first in Europe and it's the first to be equipped with all Facebook-designed servers. The servers are handling live traffic from around the world.

The data center debut is the first full fruits of the company's Open Compute Project. Facebook started the project nearly two years ago with a goal to build one of the most efficient computing infrastructures at the lowest possible cost. By releasing the Open Compute Project technologies as open hardware, Facebook's goal is to develop servers and data centers following the model traditionally associated with open source software projects.

"All the equipment inside is powered by locally generated hydro-electric energy. Not only is it 100 percent renewable, but the supply is also so reliable that we have been able to reduce the number of backup generators required at the site by more than 70 percent," the company said in a news release. "In addition to harnessing the power of water, we are using the chilly Nordic air to cool the thousands of servers that store your photos, videos, comments, and Likes. Any excess heat that is produced is used to keep our office warm."

Cutting Out the Middle Man

Facebook said its commitment to energy efficiency is also evident inside Lulea's giant data halls. Nearly all the technology in the facility, from the servers to the power distribution systems, is based on Open Compute Project designs. The designs are highly efficient and leave out unnecessary bits of metal and plastic. These designs are then shared with the broader community, so anyone can use or improve them.

According to Facebook, all this adds-up to a pretty impressive power usage efficiency...

Microsoft Study Finds Gap in SMB Cloud Perception, Reality

Fri, 14 Jun 2013 10:29:34 -0500

Small- and medium-size businesses have been wary of cloud services because of security, privacy and reliability issues. But a new Microsoft report, released this week, found that perceptions of clouds contrast with actual experiences.

Adrienne Hall, general manager of Trustworthy Computing at Microsoft, said in a statement that "there's a big gap between perception and reality when it comes to the cloud." She said SMBs that have adopted cloud services have "found security, privacy and reliability advantages" that were unexpected.

The Microsoft study did not inquire about specific products, vendors or services, but asked non-cloud-using SMBs why they weren't leveraging cloud technology.

Data Security

For 60 percent of respondents in the study, a key concern has been data security, and 45 percent were concerned that they could lose control of their data. Forty-two percent doubted the cloud's reliability.

But, for SMBs that are actually using cloud services, the study found a different picture. Ninety-four percent reported they now have security benefits they didn't previously with on-premises technology, including up-to-date systems, up-to-date antivirus and spam e-mail management. Sixty-two percent said they experienced increased levels of privacy protection, while 75 percent noted improved service availability.

The study also pointed to the cost savings from cloud services, with 70 percent of respondents saying the savings allowed them to invest money and time into other areas and half saying they were "pursuing new opportunities" because of the time saved through cloud-based security management.

For some SMBs, cloud services also could pose an issue for regulatory compliance. But in announcing the study, Microsoft pointed to the DHCU Community Credit Union, a nonprofit financial co-op based in Illinois. The Union utilizes cloud-based Microsoft Office 365, and President/COO Matt McCombs is quoted as saying that 365 "gives us peace of mind that these things are being handled, and handled well."

Public, Private, Hybrid

The credit...

HP Offers OpenStack-Based Cloud OS, New Cloud Services

Thu, 13 Jun 2013 10:25:50 -0500

It's getting cloudier over at Hewlett-Packard. On Wednesday, HP announced new additions to its Converged Cloud portfolio that deepen its position in the OpenStack camp and position the company as a facilitator for hybrid clouds in the enterprise.

HP's announcements focused on its next phase of OpenStack-based architecture for its private, managed and public cloud offerings, as well as new software and services for cloud implementations. In its announcements, HP noted research it had commissioned, which found that "it is expected to be a hybrid world," with 75 percent of enterprise IT to be "delivered across private, managed and public clouds" within three years.

The HP Cloud OS is a platform that utilizes OpenStack and is designed for management across hybrid clouds. CloudSystem, its private cloud software, currently uses HP Cloud OS, and a new CloudSystem Enterprise Starter Suite is now being offered. The suite provides a bundled solution for rapidly providing cloud services, and the company said it reduces up-front costs by as much as 20 percent.

HP Cloud OS

HP Cloud OS will also be offered on HP Moonshot servers and used in HP Cloud Services. While based on the open source Open Stack software, the HP Cloud OS offers such enhanced features as a streamlined installation process, automatic upgrading, and the ability to move workloads between an on-premises cloud and an HP cloud service. The company said the enhancements were being added through plug-ins, not through a modification of OpenStack. A Cloud OS Sandbox will be offered to customers for trying things out, at no cost.

The company is also now offering its Converged Cloud Professional Services Suite, which include support, design and networking services, Proactive Care for CloudSystem, security risk consulting and an enhanced HP Applications Transformation to Cloud Services.

Meanwhile, HP Enterprise Services has upped its game for cloud services, especially...

Coalition Aims To Thwart Phone Thefts

Fri, 14 Jun 2013 09:40:15 -0500

The top prosecutors in San Francisco and New York planned Thursday to announce the formation of a nationwide initiative and coalition of police, prosecutors and other officials in an attempt to thwart a surge in smartphone thefts.

Officials said San Francisco District Attorney George Gascon and New York Attorney General Eric Schneiderman were set to launch what they call the Secure Our Smartphones Initiative at a New York news conference on Thursday.

The coalition includes prosecutors, police and political officials and consumer advocates from more than a dozen states and intends to put pressure on smartphone companies and their shareholders to help dry up the secondary market in stolen phones.

The announcement comes on the same day Gascon and Schneiderman are scheduled to co-host a "Smartphone Summit" with representatives from major smartphone makers Apple Inc., Samsung Electronics Co., Google Inc. and Microsoft Corp.

Among the moves the prosecutors seek is the industry-wide introduction of a "kill switch" that would render stolen phones worthless.

Apple said at a conference of web developers this week that such a feature would be part of its iOS7 smartphone software to be released in the fall. Gascon and Schneiderman said in a statement they were "appreciative of the gesture" but would reserve judgment until they could "understand its actual functionality."

Almost 1 in 3 robberies nationwide involves the theft of a mobile phone, according to the Federal Communications Commission.

"The epidemic of violent street crime involving the theft and resale of mobile devices is a very real and growing threat in communities all across America," Schneiderman said in a statement. "According to reports, roughly 113 smartphones are stolen or lost each minute in the United states, with too many of those thefts turning violent."

In New York, police have coined the term "Apple-picking" to describe...

NSA's New Mega-Warehouse Data Center To Open

Fri, 14 Jun 2013 09:39:17 -0500

The nation's new billion-dollar epicenter for fighting global cyberthreats sits just south of Salt Lake City, tucked away on a National Guard base at the foot of snow-capped mountains. The long, squat buildings span 1.5 million square feet, and are filled with super-powered computers designed to store massive amounts of information gathered secretly from phone calls and emails.

Two small, weathered signs in the sagebrush greet interlopers to this place with a stark warning: "Military reservation. No trespassing." But there is no visible marker bearing the facility's name and operator: The Utah Data Center, brought to you courtesy of the National Security Agency.

When it opens this fall, the facility will be the NSA's largest data storage center in the U.S. Just don't ask Utah officials, and certainly not the residents of tiny Bluffdale, just north of the new center, to tell you exactly what will go on inside. They either don't know, or aren't saying. And the NSA is famously tight-lipped.

"We know it's a spy center. But who are they spying on?" said Connie Robbins, an upholstery shop owner who lives in Bluffdale, a community of 8,000 some 25 miles south of Salt Lake City that is known for its rodeo and annual Old West Days.

The dearth of information has perpetuated a mystery that has spawned dozens of theories and a spoof Web site that even includes a phony code name for the facility: "Bumblehive," a play on Utah's nickname of the "Beehive State."

Last week's revelation that the NSA is collecting millions of U.S. phone records along with digital communications stored by nine major Internet providers illustrates how aggressively personal information is being congregated and analyzed -- and shines a brighter light on what will be going on in secret at the Utah facility, scheduled to open in October.

NSA officials say...