Yottabytes: Storage and Disaster Recovery


April 26, 2019  8:36 AM

Remember the USB That Sets Computers on Fire? Somebody Used One. 66 Times.

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Security

Longtime readers may remember a piece from 2015 about a USB drive that could hypothetically set a computer, or whatever else it was plugged into, on fire. At the very least, it could zap it dead. It turns out that there’s now a guy who just did that to 66 devices at his alma mater, which was not someplace in Silicon Valley but an Albany-based former Catholic school for girls.

The alleged culprit is said to be Vishwanath Akuthota, who graduated from the school in 2017 with a master’s in business administration, as well as a certificate in Computer Information Systems.

What’s kind of funny about the whole situation is that the guy was known. The College of St. Rose, where the incident allegedly occurred – on Valentine’s Day – still has an interview with the guy on its Facebook page, dating from 2016, when he was a graduate assistant in the music department.

Needless to say, the comments are interesting.

Akuthota also participated in GitHub starting in September, 2017, and that activity – culminating in 34 commits in January and 16 commits in February – abruptly stopped after that, which isn’t terribly surprising, as he was arrested on February 22.

Akuthota ‘s LinkedIn profile, however, has been taken down, though, as has his Facebook page.

His future goal, Akuthota said on Facebook at the time, was to be an entrepreneur, and one can imagine he’s rather kicked that plan into a cocked hat. But he did have a listing on AngelList, which is sort of a Monster.com for startups, where he said he was an application developer for the New York State Office of Information Technology Services, working on IBM’s Watson artificial intelligence system. “I want to contribute for the 4th industrial revolution with artificial intelligence. let’s make it great,” read his bio. As his achievements, he lists “I’ve lunched world’s first talking interface for the chatbot. I’ve lunched New York states first chatbot with in 4 days.”

Okay. So let’s hear how he lunched 66 devices.

“Akuthota admitted that on February 14, 2019, he inserted a ‘USB Killer’ device into 66 computers, as well as numerous computer monitors and computer-enhanced podiums, owned by the college in Albany,” reports the U.S. Attorney’s Office from the Northern District of New York. “The ‘USB Killer’ device, when inserted into a computer’s USB port, sends a command causing the computer’s on-board capacitors to rapidly charge and then discharge repeatedly, thereby overloading and physically destroying the computer’s USB port and electrical system.

“Akuthota admitted that he intentionally destroyed the computers, and recorded himself doing so using his iPhone, including making statements such as ‘I’m going to kill this guy’ before inserting the USB Killer into a computer’s USB port.  Akuthota also admitted that his actions caused $58,471 in damage, and has agreed to pay restitution in that amount to the College.”

How Akuthota’s going to earn that money isn’t clear. One might imagine that a computer career is not in the cards.

Akuthota pled guilty on a single count of causing damage to computers, and is scheduled to be sentenced on August 12, where he faces up to 10 years in prison, a fine of up to $250,000, and a term of post-imprisonment supervised release of up to 3 years.

There are still a number of remaining questions. The office noted that Akuthota is a citizen of India, residing in the United States on a student visa.  He has been in custody since he was arrested in North Carolina on February 22. Will he be deported? If so, before or after he serves his time and pays restitution? If he graduated in 2017, why was he still in the U.S. on a student visa in the first place? How did he come to be in North Carolina? What led him to do it?

Most notably, how could he do it? “The defendant did not have, and knew he did not have, permission from the College to insert the ‘USB Killer’ device into any of the College’s computer hardware or otherwise ‘kill’ the College’s computer hardware,” notes the plea agreement, just in case that was in question.

Does St. Rose typically let people who haven’t been in the school for two years come in and mess around with the computers unsupervised?

Hopefully they don’t now.

 

 

 

 

 

 

 

April 22, 2019  9:00 AM

Virginia Court Throws Out License Plate Readers Data Collection

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, privacy, Security

As you may recall, police departments and other organizations have been loading up on automated license plate readers that help them track automobile locations, and even selling the data. Now, at least one judge, in Fairfax County, Virginia, has told them they can’t do that.

“The ruling by Fairfax Circuit Court Judge Robert J. Smith is a victory for privacy rights advocates who argued that the police could track a person’s movements by compiling the times and exact locations of a car anytime its plate was captured by a license plate reader,” writes Tom Jackman in the Washington Post. “Police say they can, and have, used license plate location data to find dangerous criminals and missing persons. Privacy advocates don’t oppose the use of the technology during an active investigation, but they say that maintaining a database of license plate locations for months or years provides too much opportunity for abuse by the police.”

This has actually been an ongoing legal case. Originally, Smith had thrown the case out of court, saying that the data didn’t meet the statutory definition of “personal information” under Virginia’s “Data Act.” However, that ruling was overturned last year by the Virginia Supreme Court, which then sent the case back to him because it wasn’t sure whether the database met the statutory definition of “information system” under that same data act. Smith’s ruling is that it does.

Consequently, though the ruling technically applies only to Fairfax County, it’s likely that other Virginia counties also using license plate readers could also be stopped. The Fairfax County police chief has said he will appeal the ruling, and state legislators – who tried to pass a law limiting the collection of such data, which was vetoed by the governor – said bring it on. “Va. Sen. Chap Petersen (D-Fairfax), one of the founders of the privacy caucus and a sponsor of the failed legislation, told Jackman he was “very glad to see this ruling. I hope that Fairfax County appeals it to the Supreme Court so it can become a statewide ruling.”

Fairfax County Police, which had been storing data for up to a year, will be required daily to purge its database of license-plate reader data that isn’t linked to a criminal investigation and stop using license plate readers to passively collect data on people who aren’t suspected of criminal activity, writes the Electronic Frontier Foundation, which with the Brennan Center for Justice wrote an amicus brief to support the case, which was brought by the American Civil Liberties Union of Virginia.

“Often mounted on police vehicles or attached to fixed structures like street lights and bridges, ALPR systems comprise high-speed cameras connected to computers that photograph every license plate that passes,” the EFF writes. “The systems then log, associate, and store the time, date, and location a particular car was encountered. This allows police to identify and record the locations of vehicles in real-time and correlate where those vehicles have been in the past. Using this information, police are able to establish driving patterns for individual cars. Some ALPR systems are capable of scanning up to 1,600 plates per minute, capturing the plate numbers of millions of innocent, law-abiding drivers who aren’t under any kind of investigation and just living their daily lives.”

In fact, the Fairfax County system could scan up to 3,600 plates per minute, according to the Fairfax County Times.

The result was a gigantic database of people’s locations, including information that could be used for political purposes. “The state of Virginia knows the plate number of every vehicle that crossed a Potomac River bridge from Virginia into the District of Columbia on the day of the first Obama inauguration,” writes Clifford Atiyeh in Car and Driver, which isn’t where one often expects to find privacy information. “It also has the plate of every vehicle that showed up at the site of a Sarah Palin rally in a D.C. suburb. In fact, as of 2013, it had eight million license plates scanned and saved in a database. At our last count, there were three billion license-plate data points across the country, in states with little or no data privacy protections for drivers who’ve done no crime but drive.”

Similarly, the ACLU has disclosed that the federal Immigration and Customs Enforcement agency was tapping into a national database of police and private license plate readers, Jackman adds.

While 16 states have some sort of regulation on license plate reader data, the remaining 34 do not, Atiyeh writes.

Fox 5 DC pointed out a variety of cases where license plate readers had helped catch criminals, but that’s not exactly the point. There’s any number of techniques that can be used to help catch criminals, if you don’t care about protecting people’s privacy.


April 16, 2019  9:09 AM

Dear Secret Service: Don’t Poke USB Sticks in Things

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, Security

The Secret Service is scrambling to prove that its agents are, too, competent and know better than to poke USB sticks in things.

As you probably know, a Chinese woman was caught at President Donald Trump’s Mar-a-Lago resort with four cellphones, nine thumb drives, a laptop and an external hard drive, as well as multiple passports and so on. In the initial reportage of this, there was a throwaway line about the Secret Service discovering that the USB stick had malware –not just malware, but “malicious malware,” because that’s worse — by putting it in one of their computers and then yanking it out again.

Because that always works.

“Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing,” wrote the Miami Herald. “He stated that when another agent put Zhang’s thumb drive into his computer, it immediately began to install files, a ‘very out-of-the-ordinary’ event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich testified.”

Predictably, the Internet had kittens about how insecure that was and didn’t the Secret Service know better than to poke strange USB sticks in things?

At this point, the Secret Service started protesting. No, no, no, the Secret Service guy didn’t put the USB stick in his own laptop! He knows better than that! He meant to do that! It was a separate laptop with nothing in it and not hooked up to the Internet!

“A law enforcement source tells me that investigation was conducted according to protocol: A Secret Service agent loaded the drive onto a stand-alone computer that was segregated from government networks and watched as it did what malware is supposed to do — infect files and try to steal information,” writes Joseph Marks in the Washington Post.

Okay, says the security community. If that’s the case, and he did it on purpose, then why did he yank it out again, as if in a panic? Why didn’t he leave it in to finish seeing what the malware would do?

“In a lab, you want that malicious behavior to happen to its full level of badness so you can study how it operates,” Jake Williams, founder of the cybersecurity company Rendition Infosec, told Marks. “If he yanked the USB drive out to prevent further contamination, that’s highly indicative this wasn’t in a lab.”

There hasn’t been an answer to that one. “The Secret Service declined to comment about the disconnect between the agent’s actions and what cybersecurity experts described as standard procedure when investigating malware, citing the ongoing investigation,” Marks writes.

Incidentally, the head of the Secret Service, Randolph Alles, has lost his job, but we’re told that that was happening anyway and wasn’t related to this. “Alles was asked to plan his departure prior to Zhang’s arrest, two people familiar with the matter said,” writes Fortune. Oh, good. That’s reassuring.

It should really go without saying at this point: Don’t poke strange USB sticks in things.


March 31, 2019  10:48 AM

Could This be the End of World Backup Day?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backup, Storage

Could it be? Is World Backup Day actually dead?

I had speculated on this last year, noting that the site’s Facebook and Twitter pages hadn’t been updated in a year, and the text on the site’s web page had no specific dates on it. This year, not only are the Facebook and Twitter pages still not updated, but I got a timeout connection on the page.

Though, at least, it wasn’t a 404, “this site is for sale,” or a porn site using the same address. Thank goodness for small favors.

But on today of all days!

As you may recall, World Backup Day started in 2011 as a way to encourage people to back up their data, with the thought that they would be protected from any sort of problem based on April Fool’s Day. Each year, it was a fairly reliable source of tips and tricks, sales on storage equipment, and somewhat dubious statistics. Not to mention World Backup Day t-shirts. And to think that we’ll never again hear the Backing Up song. Sigh.

What a switch from the heady days of 2017, when the New York Times actually covered the event. This year, at least we have Fox News in St. Louis to help out.

It’s not terribly surprising. In 2012, 4500 people pledged to do backups. By 2013, it was down to 1800 people, though it did spring up to more than 2800 in 2015. But not long after that, it seemed that World Backup Day wasn’t even saying anymore how many people had taken the World Backup Day pledge.

Fortunately, several vendors are filling in the breach, as it were. And they offer a variety of advice, ranging from “Use flash!” to “Use cloud!” to “Use hybrid!”

The operative part is, use *something*. Dubious as the statistics may be, in this day and age of big data, losing data tends to be bad, and expensive, and keeping data tends to be good. And while of course their goal is to encourage you to use *their* products, the basic recommendations they offer are valid for any backup solution.

Backup up data regularly, and making sure that your backups work and can actually be used for recovery, is also important. Backing up your data once a year on World Backup Day probably doesn’t help much. To be particularly safe, have an offsite backup as well.

If you haven’t developed a backup strategy by now, this is a good time to do it, because a number of vendors in the market are having sales, whether it’s on backup services, hard disk drives, or SD cards.

And you can always remember the World Backup Day pledge: “I solemnly swear to backup my important documents and precious memories on March 31st. I will also tell my friends and family about World Backup Day – friends don’t let friends go without a backup.”

Maybe that explains what happened to the site: It got hacked and they didn’t do backups.


March 28, 2019  9:59 AM

Autonomy Civil Lawsuit Against CEO Mike Lynch Starts

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Autonomy, ediscovery

In what is sure to be the most exciting incident involving international accounting you’ll hear about all year, HP is suing Autonomy founder and CEO Mike Lynch for what it says is the way he deceived the U.S. company about the U.K. company’s profitability before its 2011 purchase.

As you may recall, the Autonomy-HP merger – officially the sixth-worst merger and acquisition of all time – HP chairman and CEO Leo Apotheker (who was fired later that year) paid $11.1 billion to acquire Autonomy, a European e-discovery company. By the following year, HP claimed that Autonomy had cooked its books to overvalue itself, wrote down the purchase a a $9 billion loss, and sold off the company’s remaining assets in 2016.

The companies have seemingly been in court ever since. They started with a shareholder lawsuit, which HP settled in 2015 for $100 million. Former Autonomy CFO, Sushovan Hussain, was found guilty in May on 16 counts of wire and securities fraud. HP also had a $5 billion civil suit scheduled to go to trial in London in 2019, a countersuit by former Autonomy CFO for $160 million, and an appeal by Hussain. Most recently, in November, actual criminal fraud charges were filed against Lynch, and were added to last week.

It’s the $5 billion civil suit that’s going on now. Basically, the arguments are the same as they ever were: HP says Autonomy pumped up its value, and Autonomy says that HP doesn’t understand British accounting and is trying to overcome its own incompetence at not successfully integrating the company.

But oh, the details.

“Robert Miles QC, representing Lynch, told the court that the US firm HP had taken an ‘aggressive approach designed to protect Meg Whitman [who took over as CEO after Apotheker] and others in HP.’ The case is an attempt to find someone to blame for HP’s business struggles,” writes Jasper Jolly in the Guardian.

That included contact with then prime minister, David Cameron, and letters to multiple coalition government cabinet members of the time, including chancellor George Osborne, business secretary Vince Cable and defense minister Philip Hammond, Jolly writes.

For its part, HP’s attorney Laurence Rabinowitz said that “Autonomy had engaged in “revenue-pumping” by encouraging customers to buy its products in exchange for buying goods from them that it did not need, restructuring deals to produce upfront license fees, and covertly selling pure hardware not even programmed with its software at a loss,” write Georgina Prodhan and Paul Sandle for Reuters.

Lynch’s lawyer countered that Lynch wouldn’t have done that because he had an executive position within HP. “The case that we’re now hearing being advanced entails that Dr Lynch must have been monumentally dim and, as you’ll see, there’s no chance that he is,” Prodhan and Sandle quote Miles as saying.

Professional soccer is even involved, because Autonomy sponsored the Tottenham Spurs and allegedly involved it in fraud. “Autonomy who sold software to Spurs for internal usage allegedly included a clause allowing the club to assign or share licence rights in the purchase order even though the firm knew that Spurs were not going to become a software licensor,” writes a website that follows the team. “The claimants further allege that Autonomy backdated a £3.9m-plus-VAT fee for providing Tottenham with software licences to June 2010, and that Spurs had ‘had no comprehension as to what they had purchased,’ with an agenda for a meeting in July 2010 between Autonomy and the club including ‘a look at/understanding of what we have purchased.’”

Other customers allegedly used in that way included the UK Ministry of Defense and the UK Serious Fraud Office – presumably the reason for the letters to UK government officials — Bank of America, and the BBC, according to the Irish Times.

And his emails. “On the first day of a civil trial in London, HP cited an email from Lynch to his senior management team about a contract with the U.S. Department of Veteran Affairs. He said: ‘If there is any problem I WANT TO KNOW ABOUT IT IN A F—ING MILLISECOND from all of you,’” writes Jonathan Browning in Bloomberg.

“Rabinowitz also referred to another email sent by Lynch to a sales representative in August 2010, which read: ‘You ever send me an email like this again AFTER the event and you are f****** toast, I swear if I could squeeze down a telephone line to California you would get to know directly how the f*** I feel about this,’” writes Stefan Boscia for the Daily Mail.

In another email, when Hussain was attempting to take leave, Lynch wrote to his finance chief: ‘Thank you for your threat to take five weeks off between now and the [year end]. Please do that and you will see the consequences … Sushovan I am sick of dealing with this shit from people … do what the fuck you like,’” writes Simon Goodley in the Guardian, which is brave enough to spell out the f-word.

Expect a lot more of this. The case is expected to last until the end of the year, and Lynch himself isn’t expected to testify until July, Prodhan and Sandle write. Not only that, but court hearings may last until 8 pm to accommodate the testimony of people in the U.S., such as former Autonomy CFO Sushovan Hussain, who was convicted of fraud associated with the case.


March 24, 2019  5:07 PM

Fun Hacking Salvaged Data Storage

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security, Storage

Every few years, someone hits the papers—or, in this day and age, the Internet – by going out to eBay or Craigslist, buying a bunch of old computers, and checking out what data is still available on them.

This year, it was Josh Frantz, a senior security consultant for Rapid7, a security firm, and who writes a blog post every couple of months for them.

Instead of hitting up eBay and Craigslist, Frantz did it by simply going around to all the refurbished computer dealers in his Wisconsin town – 31 of them, he reports – and buying up whatever equipment they had that included storage. That consisted of 41 computers, 27 removable storage media, 11 hard disks, and 6 cell phones, for a total of $600.

Then Frantz developed or obtained software that systematically went through each one – helpfully providing the links so other people wishing to duplicate his feat could do the same.

“Whenever I brought a computer back, I booted it up to see whether it was bootable and whether it required a password to log in,” Frantz writes. ”I wrote a script in PowerShell that would run through and index all the images, documents, saved emails, and conversation histories through instant messengers. It would then zip it up nice and organized on the desktop, and I would pull it off with a USB drive (I know, you were expecting something much fancier).”

(Frantz is a funny guy. According to his LinkedIn profile, he just recently was promoted to senior security consultant, from security consultant. “I do the same thing as before, but this title makes me feel older,” his profile notes.)

Finally, Frantz wrote up the results. Altogether, the process took him six months.

Frantz’  operative point was to demonstrate that such companies, despite their promises, don’t always wipe storage the way that some of them claim. In fact, of the 85 devices, only two of them were properly wiped, and only three were encrypted, he writes. He did end up having to spring for $50 in chargers from eBay to charge the old cell phones, he notes.

(Interestingly, his blog post was apparently originally called “Exfiltrating Remaining Private Information from Donated Devices,” but as published, it was called “Buy One Device, Get Data Free: Private Information Remains on Donated Tech.”)

For the flash drives and other memory cards, Frantz plugged them in. It would have been ironic if one of them had been infested with malware, which could turn this into another treatise on “Don’t Poke USB Sticks in Things,” but if that happened, he didn’t say so.

Having downloaded the data, Frantz then wrote other programs to look for useful kinds of data. “I used pyocr to try to identify Social Security numbers, dates of birth, credit card numbers, and phone numbers on images and PDFs,” he writes. “I then used PowerShell to go through all documents, emails, and text files for the same information. You can find the regular expressions I used to identify the personal information here. Despite the fact that OCR is not 100% accurate and there could have been data I couldn’t extract from images by themselves or within PDFs, I can verify that the regular expressions used for Social Security numbers, credit cards, dates of birth, and driver’s license numbers were fairly comprehensive.”

Altogether, Frantz found more than 200,000 images, 3,000 documents, and almost 150,000 email messages on the storage devices. That included 611 email addresses, 50 dates of birth, 41 Social Security numbers, 19 credit card numbers, 6 driver’s license numbers, and 2 passport numbers, he writes.

Frantz didn’t report on whether he found any bitcoin or other cryptocurrency on the storage devices, so the guy who accidentally threw out $7.5 million on bitcoin on his hard drive is apparently still safe.

This isn’t just a U.S. problem. Last year, researchers in the U.K. performed similar tests, writes Anna Tobin in Forbes. “Two-thirds of second-hand memory cards left in mobile phones and tablets sold on the second-hand market in the UK still retained personal data from their former owners,” she writes. “Over a four-month period, the research team purchased one hundred used SD and micro SD memory cards from eBay, traditional auctions, second-hand shops and other sources. Most of the cards were found in resold smartphones and tablets and some came from second-hand cameras, SatNav devices and drones.”

Using freely available software, researchers were able to recover scans of passports, intimate photos, pornography, contacts lists and identification numbers, Tobin writes.

“Of the 100 cards assessed it was found that 36 percent had not been wiped at all,” Tobin writes. “29 percent had been formatted in an attempt to erase, but the data could still be recovered with the right know-how; 2 percent had had their data deleted, but it was found to be recoverable; 25 percent had been properly wiped using a data erasing tool that overwrote the entire storage area so that nothing could be recovered; 4 percent could not be accessed as they were damaged; and, 4 percent had no data present, but the reason for this could not be ascertained.”

The good news, sort of, is that for most criminal hackers, the expense and work that Frantz went through wouldn’t be worth it for most of them. “Researching further, I realized just how cheap it is to buy people’s information on the Darknet,” he writes. “Social Security numbers only fetch around $1 apiece, while full documents (dox) fetch around $3 each. Data leakage/extraction is so common that it has driven down the cost of the data itself. I saw several dumps of Social Security numbers on the Darknet for even less than $1 each. No matter how we calculate the value of the data gathered, we would never recoup our initial investment of around $600.”

Frantz went on to list a number of ways to fairly reliably destroy hard disk drives, ranging from hammers to thermite. And lest you think he was kidding about the thermite, he included a video of it as well.


March 17, 2019  9:55 PM

‘Lunar Library’ is the Ultimate Backup

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backup

No doubt you’ve heard the advice to keep at least one of your backups off-site. One company is taking that advice really seriously: It’s planning to store one on the moon.

The Israeli spacecraft Beresheet took off recently, and its cargo includes a 30-million page archive of human knowledge, etched onto a nickel disc the size of a DVD, writes Corey Powell for NBC News. The lunar lander – its name is Hebrew for “in a beginning” or “genesis” – is also the first-ever non-government-owned moon lander. If it is successful, Israel will become just the fourth country to land something on the moon.

“The Lunar Library, as the archive is known, constitutes a ‘civilization backup’ to help ensure that our distant descendants never lose humanity’s collective wisdom,” Powell writes. The project was spawned by the Arch Mission Foundation, a Los Angeles-based nonprofit. “The foundation is building a space-based archive designed to survive for 6 billion years or more — a million times longer than the oldest written records in existence today.”

Previous efforts included the Isaac Asimov Foundation trilogy in the glove compartment of an Elon Musk Tesla in solar orbit, and a digital copy of the English Wikipedia in earth orbit, both last year. And, not to put too fine a point on it, Arch is pronounced “Ark.” Get it?

So what sort of knowledge did the foundation think was worth preserving? “Included in the Lunar Library’s more than 200 gigabytes of data are the entire English-language version of Wikipedia; tens of thousands of fiction and nonfiction books; a collection of textbooks; and a guide to 5,000 languages along with 1.5 billion sample translations between them,” Powell writes.

Oddly, they didn’t specify which books, other than the ones included in Project Gutenberg and the Internet Archive at the time. “The matter of who exactly gets to be humanity’s representative to the stars has become a hot matter of debate in recent years, as advanced communication technologies have made it possible to beam all sorts of information including electronic dance music and Doritos commercials, into space,” writes Peter Hess in Inverse, adding that “while the Library is ostensibly a comprehensive accounting of human history and knowledge, it admittedly comes from a particular perspective,” noting that it includes the culture and history of Israel, songs, and drawings by children. “SpaceIL also included a photo of Ilan Ramon, an Israeli fighter pilot and the first and only Israeli astronaut, who died in the 2003 Space Shuttle Columbia disaster,” added Sebastian Kettley in the Express.

History used to be written by the victors. Now it’s written by the people who send up spacecraft.

That said, how does the technology work? It was created by a company called Nanoarchival. “All of that information is etched onto 25 stacked nickel disks, each just 40 microns (about 1/600th of an inch) thick,” Powell writes. The top part of the Lunar Library’s disc, which can be read with a 100-power microscope, is engraved with tiny images of books and other documents explaining human linguistics, along with instructions about how to build a player to read the library beneath, he explains. The remaining documents require a 1000-power microscope.

Admittedly, this has some limitations, noted Arch Mission Foundation co-founder Nova Spivack in an interview in Scientific American. ”It must be a lifeform that’s at least as intelligent as we are and that has eyes and can see in the visible spectrum,” he said. “If it’s a microbial civilization that’s so small that these things look like planets to them, that’s obviously not going to work.”

A library on the moon is just the start, Powell writes. “The goal is to flood the solar system with other versions of the Lunar Library: in caves and mountains on Earth, on other locations on the moon, on Mars and in deep space,” he writes. Just in case we lose the backup on the moon, or it doesn’t make it there safely; there were some early glitches. It’s scheduled to land April 11.

 

 


February 28, 2019  11:55 PM

Ready for the 1TB SD Card?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
SD card, Storage

It wasn’t that long ago that I first heard about being able to get a terabyte on a laptop – which, of course, made me immediately want one – and it was even less time ago that I actually got one: 2013, to be exact. Not long after, in 2014, SanDisk announced an SD card that could hold half a terabyte.

You can probably see where this is going.

Yes, it’s true. Now, suddenly everyone is announcing one-terabyte SD cards.

At the risk of dating myself, I remember when getting a 10 MB hard disk drive cost as much and was the same size as the PC itself.

Shipping dates vary, with Lexar’s orderable – though not shippable until March 9 – for $399. Lexar was also the first to announce, in January.

Other companies that have announced them include SanDisk – now owned by Western Digital – and Micron – now run by the founder of SanDisk, and who helped arrange SanDisk’s merger with Western Digital. SanDisk’s will be released in April for $449.99, and Micron’s will be “priced competitively” and released during the second quarter.

Incidentally, someone has already gone to the trouble of calculating the bandwidth of a pigeon carrying these SD cards. As you may recall, there is a time-honored tradition of using carrier pigeons to carry data from one place to another, dating all the way back to teeny-weeny microfilm cameras during World War II. And whenever a major new storage medium comes out, people like to figure out what the new bandwidth number would be, whether the device is being carried in a station wagon or by a pigeon.

What it boils down to is that in the time it takes for a terabyte to be transferred over a 1GB Internet connection, a pigeon could fly almost 36,000 kilometers – further if you had a racing pigeon. “Because the distance is more than half of Earths circumference, sending 150 TB of bulk data between any two points is now faster than a gigabit connection,” writes the person who did the calculation.”If you use the competitive 160 Km/h speed, you can go around the globe once before the gigabit completes.”

This is, of course, making certain assumptions, such as:

  • Ignoring the time it takes to write/read SD cards
  • Instantaneous pigeon swap
  • Each pigeon operates at peak performance from start to end
  • No packet drop (actually literally in this case)
  • The 1GBit/s connection we compare this against is perfect (no delay, no packet drop, full speed)

As the poster himself admits, “I’ve got way too much time and not enough pigeons.”

Before you get too excited and start popping 1TB SD cards  into every SD slot you have, make sure the device you’re using knows how to handle them. A few years ago, I got a new state-of-the-art gigundo SD card—probably 64 GB or so by then – and while my camera pretended to play nicely with it, it lost all the pictures I took on it. A terabyte of pictures would be an awful lot to lose


February 27, 2019  6:50 PM

Watch Out, Storage — State Legislatures are in Session

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
cellphones, Database, privacy, Security, Storage

For the states that don’t have year-around legislatures, this is typically the time of year when their legislatures are in session. And that makes it silly season, when legislators propose laws that sound good to them without thinking through all the ramifications.

Interestingly, a number of them this year have to do with storage.

In Texas, the Legislature is trying to figure out whether the state’s data should be stored on-site in its own data centers, or in the cloud. Running the data centers used to cost $278 million every two years; now, it costs $489 million, according to Edgar Walters of the Texas Tribune.

Now, like many big companies facing the same situation, the state is considering moving to the cloud, Walters writes. “Proponents say hiring such a firm to be the official keeper of much of the state’s data could save millions of dollars and modernize vulnerable government tech infrastructure,” he writes. ”But detractors say the current setup is working fine and that any kind of structural change would be laborious, expensive and potentially risky.”

On the other hand, so is sticking with the current system, Walters writes. The data center contract could eventually increase to $1.5 billion. Plus some of the systems are out of date. “The state keeps roughly 70 servers running on a Windows 2003 operating system that is no longer supported by Microsoft,” he writes. “Because those servers host ‘mission critical’ information, they must be housed at the state’s data center but kept isolated from other servers — and Microsoft charges a ‘bounty’ to provide basic support.”

Part of the issue is that some legislators want to ensure that the data stays in Texas, while others are concerned that the company that currently runs the data centers is French. In addition, “the state has sunk massive amounts of money to build and maintain its facilities in Austin and San Angelo,” he writes. (See sunk-cost fallacy.)

Politicians are not always experts, and sometimes when they are, it can be worse. In North Carolina, a legislator who’s a retired police chief wants to expand the use of license plate readers throughout the state.

The purpose of the bill, which would allow electronic license tag readers to be placed along and operated from the right of way of state-maintained roadways.  is to give law enforcement a network of license plate readers across the state in situations such as the search for missing children or kidnapping victims, writes Paul Johnson in the High Point Enterprise. “The license plate readers wouldn’t be used for traffic enforcement purposes, such as monitoring for speeding,” he writes.

Because in that case, people would totally be okay with law enforcement having a record of everywhere they drove along state highways, right?

Needless to say, the N.C. chapter of the American Civil Liberties Union has raised concerns about the bill – a previous version of which had already passed the House but not the Senate, Johnson writes.

In Nevada, where drivers aren’t supposed to use their cellphones while driving, a proposed bill would let police ask for the cellphone after a crash if they believed the driver was using the cellphone when the accident happened. And if the driver says no? They lose their license for 90 days, writes Jared Gilmour in the News Tribune.

“The legislation would only allow officers to scan phones for data indicating ‘evidence of use’ and would bar police officers from ‘intentionally accessing or viewing any other content,’” Gilmour writes.

Because, again, in that case everyone would totally be fine with that.

That bill is being considered on Friday, March 1.

Finally, in Arizona, a bill was submitted that would have required anyone who needs to be fingerprinted for a job to submit a sample of their DNA – and, to add insult to injury, pay a $250 processing fee. The bill would have included people such as teachers, police officers, and child day care workers, as well as parent school volunteers, real estate agents, and foster parents, writes Bree Burkitt for the Arizona Republic.

“The Department of Public Safety would maintain the collected DNA alongside the person’s name, Social Security number, date of birth and last known address,” Burkitt writes. ”Any DNA in the database could be accessed and used by law enforcement in a criminal investigation. It could also be shared with other government agencies across the country for licensing, death registration, to identify a missing person or to determine someone’s real name. It could also be provided to someone conducting ’legitimate research.’”

Fortunately, the bill has since been amended to cover only people who work with the disabled. As you may recall, Arizona is the state where a woman in a coma recently gave birth to a baby, which turned out to have been fathered by an attendant.

Hopefully, state legislative sessions should be over soon.

 


February 19, 2019  10:54 AM

Backup Lessons Learned From the VFEmail.net Hack

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
backups, Hacking, privacy, Security

Note to self: When you’re doing your backups, make sure you have them on a different place than your production network.

That’s a lesson learned the hard way by VFEmail.net, a worldwide email service provider, which recently lost not only its subscribers’ email messages, but also all its backups, because they were all on the same network.

“We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9,” noted the VFEmail.net website. “This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.”

The exact details are sketchy, because the people running VFEmail.net are, naturally, kind of busy trying to put it back together. Thus far they’ve found a single offline backup dating from August 2016, so, hurray, VFEmail.net users are now only missing their last two-and-a-half years of email messages.

But apparently someone hacked into the system and zapped not only the primary mail servers, but the backups as well. Speculation, and there’s plenty, is that it was either an inside job or someone – perhaps even a foreign government – thinking there was something incriminating on the server and deleting everything on it, just in case.

And the deletions were reportedly very thorough, in a way that couldn’t be recovered. “At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost.. Strangely, not all VMs shared the same authentication, but all were destroyed,” noted the VFEmail.net Twitter handle. “This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”

Ironically, VFEmail.net was originally set up in response to an email virus. “VFEmail started in 2001 by Rick Romero in direct response to the ‘ILOVEYOU’virus,” notes the company’s website. “At the time, anti-virus was not integrated into email systems. After writing a set of batch files to integrate Norton AntiVirus Corporate Edition A/V scanning into Mercury/32 on Windows, Rick turned his attention to helping regular users and local small businesses avoid email-based viruses. VFEmail started with a single FreeBSD server, and thanks to Rick’s broad and extensive IT experience, frugal purchasing, and long-term planning, VFEmail has grown into the site you see today. While other services have shut down, or been exposed as not delivering on their promises, VFEmail keeps chugging along.”

The few numbers of servers may have been part of the problem. The company offered free as well as paid email accounts, and consequently wanted to save money. “We strive to build an economical and redundant system, to provide our users with as much uptime as possible,” the website continues. “As mentioned, VFEmail started with a single machine, but over time we’ve built out, adding systems for load balancing/failover and separating services. Most recently we’ve made use of Virtual Machines in order to keep hardware acquisitions at a minimum, in those cases where it would not impact performance. By separating vital functions, upgrades, updates, and system problems can quickly and easily be isolated from the rest of the system and provide you with uninterrupted accessibility.”

Yeah, well, not so much.

It all just goes to show that simply making a single backup is not enough. The rule of thumb some people use is 3-2-1: three copies of the data, two of them onsite but one of them offline, and one of them offsite. (Not to mention, checking the backups periodically to make sure you can actually recover from them.)  While that requires a lot of hard disk drives and coordination, it at least protects against the majority of problems.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: