•
Haartez reported today that the Israeli government has banned the iPad. "(T)he Communications Ministry has blocked the import of iPads to Israel, and the customs authority has been directed to confiscate them," wrote Bar Ben Ari and Zohar Blumenkrantz. The ban appears not so much to be the result of a coherent technical decision as a nutcluster of bureaucratic infighting. Sponsor The Communications Ministry engineers apparently refused to pass the device, since its WiFi operates to different standards than Israeli WiFi, which are similar to European standards. However, the instruction to ban the device was made without the approval of Communications Minister Moshe Kahlon. "The head of customs at Ben-Gurion International Airport said yesterday they have confiscated 10 iPads, including those their owners declared," Haaretz reported. The owners are being charged a fee for every day their iPads are held in a government warehouse and the government is refusing to say whether the iPads will be approved or how they will need to be altered to conform with Israeli law. "Paging Captain Yossarian. Paging Captain John Yossarian to the customs authority, please." Discuss
The rest is here:
Israel Vs. iPads
Tags:
Communications,
customs,
european,
government,
ipads,
Israel,
minister-moshe,
paging-captain
•
At 1:00 a.m. on Sunday morning I was doing routine maintenance on my personal Amazon Web Services account and instead found myself looking at something I had no right to be seeing: A database with 800,000 user accounts to the e-card site CardMaster.com . Along with that were the database passwords and back end of a major U.S. Public Broadcasting Service news show website ( Gwen Ifill's Washington Week ), including daily updates from panelists on the stories they cover. I wish I wasn't the person to find this. I founded one of Amazon's earliest dashboards. My consultancy is on Amazon's European Customer Advisory Board. But this highlights a significant issue in the cloud today: There is a whole new user profile acting as developer and administrator. We are becoming empowered with amazing tools - and being given enough rope to really hang ourselves. Sponsor Guest author Jonathan Siegel is a serial entrepreneur and founder of the cloud applications consultancy ELCTech.com as well as a handful of cloud startups. Jonathan's book, Electric Connections , is due out in June of this year. I am an early adopter, business builder and owner of a cloud consultancy. On Sunday morning I went to clear out my personal Amazon Web Services account of excess files after seeing huge usage numbers from a report by CloudSplit. For those technically inclined, I was clearing out my S3 buckets and moving the few files that I wanted to save into an EBS disk instead. My EBS disk ran out of space and I went to use a feature called EBS Snapshots. Snapshots are like a tape backup of your EBS disk drive. That's when I noticed something odd: My EBS Snapshot account was filled with hundreds of snapshots, when I knew I had only made a handful. I wondered, Why do I have access to these backups? Were these backups made by my teammates? Shared snapshots from Amazon? Or something else... What I saw were backups of Enron emails, a genomics database and then two made my stomach turn - a database for 800,000 user accounts to CardMaster.com and the database and site files for the Washington Week website. Yeah, the Enron emails are a non sequitur and the genomics database was likely meant to be public. But the other two, there's no way they were intended for the public, yet here they were - marked as public and available to me or any other Amazon cloud user. How Did This Happen? Amazon is the largest and longest running public cloud computing platform. It has pushed the boundaries of technology infrastructure for us users. In fact, it has given us tools that are more powerful than anything we previously had available in our own small datacenters. This is great, because before we needed to hire trained Cisco or NetApp administrators in order to do basic tasks as our websites scaled. This was expensive and added another step - a delay - to our deployments. Amazon's infrastructure commoditizes much of this technology into simple Web calls; paste some XML to Amazon and your website gets a full incremental backup to live-networked NAS. But as Stan Lee has warned us: With great power comes great responsibility. By giving programmers control of the network and storage, we've empowered developers to take on system administration chores. This power has come too quickly or is being digested too lightly - as my discovery has shown. In the case of PBS's Washington Week there was quick acceptance of the issue. "It was human error and nothing personal was exposed," said Kevin Dando, PBS's Director of Digital Communications. "Although we weren't aware of the issue initially, it was easily corrected. Because of Amazon's strong audit capabilities we could pinpoint the error and fix it quickly." Despite numerous attempts we were unable to reach CardMaster.com. This highlights a deeper issue in the cloud today: Despite what you may think, cloud security is not sexy. We are seeing products that address the baseline needs of cloud functionality, like Amazon's dashboard and the support sites for the cloud. They focus on the sexy: deploying mobile apps, auto-scaling, grid processing and other buzz-word-friendly features. But the dirty truth is that the cloud has a whole new user profile acting as administrator and needs a new set of tools and expectation management to ensure that little mistakes make little problems and not big ones. Remember: This is not something that Amazon did wrong. This is an intentional switch thrown by Amazon's users that allowed their data to be public to any other Amazon user. The users did not mean to hit that switch and it's unclear whether those users would have found this issue without my notification. This is the switch in Amazon's Web Console. It can be more subtle when packaged deep within cloud-assisting tools: And Why Me? A spokesperson for Amazon pointed out that snapshots were private by default and users must choose to share them. According to Amazon, "users understand this feature very well as this is no different than users explicitly choosing to share their data by any means." However, as we've seen, users are obviously making their data inadvertently public. Amazon said they were updating their documentation "to provide more explicit guidance on this feature," and that they would be "reaching out to the few who may be unknowingly sharing their snapshots." The question, though, is: Is it too easy to accidentally make your data public - and whose role is it to play data cop? This leads to me, at 1 a.m., and finding security leakage with Amazon's cloud customers while doing unrelated housekeeping. Look, I'm anything but an IT Security guy; I've got enough on my plate to worry about. For god's sakes, I have 6 kids! Moreover, I'm an outspoken supporter for moving companies to the cloud - and I exclusively recommend Amazon's cloud because of its reliability and features. Why is it me that finds this security issue - one that has been open since January of this year if the Snapshot dates are accurate. This tells me that there is a pattern about to be replayed: That the users on the cloud today are a motley crew. That we need more supervision and hand-holding - whether we like it or not. That powerful services like CloudKick and CloudSplit need to be encouraged to add security as a top-priority feature. And we need to budget for their services and embrace their boring, yet hyper-important role as perimeter guard and security inspector. If I were to try to keep this security problem in the bag - and avoid alerting the community - I would be fostering a sense of complacency that is antithetical to the marketplace needs. The cloud is so young that when we find a problem we need to admit it and find real, workable solutions. Since the cloud represents new ways of doing things, it gives us new ways of getting in trouble, and we need a lively forum for nipping these issues in the bud and laying a framework for ongoing success. What Now? If you are on Amazon's cloud, I can't stress enough that you need to immediately go to your AWS Management Console. Check at a minimum that your Snapshots, for every Region, are marked PUBLIC only if you mean them to be available to ALL other Amazon Web Services users. I've already checked mine. If you find data that you did not intend to make public, you need to engage your security team to remove the snapshots from the public and mitigate any data exposure. Hopefully this gets chalked on the wall as a lesson learned - and we continue our march to the cloud with a deeper appreciation of our security support needs. This isn't about calling people out. I work in the cloud and am passionate about its development. These mistakes could very well have been ones I made - or any other cloud user. To move the cloud forward we need to encourage a dialog about our new found power, new paradigms and new needs in the cloud. Discuss
Read the original here:
User Ignorance Causes Cloud Security Leak; Accounts, Passwords Revealed
Tags:
amazon web,
Cisco,
cloud,
data,
database,
digital,
director,
european,
Jonathan Siegel,
network,
person,
personal,
public broadcasting service,
security,
snapshots,
technology
•
It seems like in the past few months Google has relentlessly released new applications, some of which perhaps could have used some more baking in the oven before they were unleashed on the general public. To some it's becoming a tiresome exercise simply to try to keep up with everything that Google is doing week in and week out. But there is a method to the madness, and it has a lot more to do with Google's bottom line than you may think. We all know that the way the search engine giant makes money is through advertising - over $23 billion in 2009 - but what may surprise you is that its advertising-based revenue comes almost exclusively from sites that are owned by Google. Sponsor Guest author Daniel Cawrey is a freelance writer and tech enthusiast, among other things. You can check out his latest musings in blog form at thechromesource , where he writes about Chrome browser, Chrome OS and just plain Google in general. Take a look at this graph from the Silicon Valley Insider that depicts the location of advertising and the dollars associated with it: Ever increasingly, Google is relying on itself to make money through its own real estate - places where it can position the ads that advertisers purchase. This is a concern for publishers that rely on Google for revenue through Adsense because there has to be a point at which this is no longer a profitable exercise for the company. If it reaches that point, Google will essentially be subsidizing publishers. And it may not have a choice but to keep doing so. Because without fresh content creation, what is there for users to search for on the Internet that is of value? The main tenet of the search business is to provide quality results, and while that may be the case now, if publisher's Adsense revenues were affected, one can wonder what kind of effect that would have on content. So although Google may have made some mistakes with applications like Buzz, along with the half-hearted emergence and now slow death of features like Gears, expect them to continue to increasing space for content to grow, even if that means one of several strategies: Become an ISP An experimental program has been announced whereby Google will provide gigabit service via fiber directly to homes in select markets. Interested municipalities and community organizations are encouraged to submit a proposal for this right . At the World Mobile Congress, CEO Eric Schmidt talked about the goal of this program being purely experimental, which means showing infrastructure operators such as cable companies that this is possible, rather than Google becoming a full fledged ISP. But once the fiber has been rolled out, it doesn't roll back in, does it? How long does the "experiment" last? Trounce the Competition in the Browser Wars Google's Chrome browser is getting a lucky break over the next few weeks. That's because Windows users in Europe who use Internet Explorer will be getting an update to their machines notifying them about browser choices that they have . This is in response to the European Union's ruling that Microsoft's practice of bundling Internet Explorer with Windows restricts competition. While the update offers many browser choices, the result will be a boost to market share for Chrome. It has steadily grown in popularity and already has roughly 5% of the market since emerging in 2008. Offer Computing Architecture to Device Manufacturers Completely Free We've seen this already with Android, and it appears that the no-cost operating system has basically saved Motorola from a fall to obscurity with its release of the Droid. Expect to see more of these developments as 2010 unfolds with Chrome OS attempting to break into not only the netbook market, but also tablets and smartbooks, which fill the gap between a high end mobile phone and a netbook. So when you hear these new announcements of applications and services that Google rolls out, think of content. Think of how they can better deliver information to users. They want it to be as easy and as seamless as possible. While sometimes these initiatives don't always work out, they aren't going to stop trying. Discuss
Read more here:
Why Google Releases New Apps: They're Desperate for Content
Tags:
browser,
Business,
Chrome,
congress,
Europe,
european,
european-union,
internet,
location,
Microsoft,
offer-computing,
search,
search-engine,
windows
•
A ReadWriteWeb Guide For all of our startup friends from coast to coast and around the world, we look forward to seeing you at SXSW Interactive! More and more, we're seeing good folks creating great products outside the SF Bay Area, and we love highlighting and showcasing vibrant startup communities in unexpected areas. As it turns out, we're not the only ones who have a penchant for non-Valley startups! While you're in Austin, check out these ten panels, parties and events focusing on entrepreneurialism outside Silicon Valley. Sponsor This is part of a series of ReadWriteWeb guides to SXSW Interactive 2010. If this guide isn't your cup of tea, be sure to check back for more information soon!
See the rest here:
Never Mind the Valley: Here's SXSW 2010
Tags:
beach,
Business,
City,
european,
funny,
internet,
live,
party,
philadelphia,
recipes,
south-africa,
spain,
startup,
tech
•
According to German law, Germany's ISPs and phone services had to retain data about every citizen's phone calls and emails for six months. Today, however, Germany's Federal Constitution Court suspended this law and ordered that all the data stored to date must be deleted immediately. According to German news magazine Der Spiegel , the court said that it wasn't sufficiently clear that the data storage was secure enough and what exactly the data would be used for. Sponsor Suspended, But Not Dead It's important to note that this isn't necessarily the end of this law and that the court hasn't ruled the law unconstitutional - the court only ruled that the implementation of the law was severely flawed. The German constitution, according to the judges, doesn't disallow saving this information. The European Union issued guidelines for data retention in 2006 that requires all E.U. member states to implement national data retention laws. According to the guidelines, all ISPs and phone carriers have to keep a record of all their customers' phone calls and emails on a rolling six-month basis. The actual implementation of these guidelines remains up to the E.U. members, however. For now, the court has suspended the law until it has been amended and its scope has been limited by the German government. The court recommends that the data will be stored by the ISPs and phone companies, but argues that there shouldn't be a central, government-controlled repository for this data. In addition, the court also recommends that the data should be encrypted. For ISPs, keeping all these records is a significant burden and many ISPs and phone companies had hoped that the court would rule the law unconstitutional so that they wouldn't have to store this data anymore. The next stop for the opponents of this law is the E.U., though it remains to be seen if there is enough support among E.U. countries to fight these guidelines. Discuss
See the article here:
Germany's Supreme Court Suspends Controversial Data Retention Law
Tags:
Court,
data,
disallow-saving,
european,
european-union,
german,
guidelines,
implementation,
news,
opponents,
ruled-the-law,
the-court