Big Data and Cloud Computing

1. Confidentiality If you back up your data to the cloud, your Cloud Service Provider (CSP) shouldn’t be able to see the data you store. “They can’t guarantee that!” you say. “I have to encrypt the data before it leaves my machine.” That’s all well and good, until you are relying on your CSP for this service, like Server Side Encryption available in AWS S3 where they manage your keys. How does one ensure the management of these keys to prevent an administrator from decrypting your data? 2. Integrity How do you know that your CSP didn’t log into your machines when you weren’t looking? Well, unfortunately in most cases, you don’t. Sure, you can check your logs, but the really good hackers (and even the script kiddies with good tools) can remove log entries and modify timestamps. You need a way to verify that you’re the only one logging into your machines. To expand on this, customers typically have the ability to manage their images and snapshots they run in the cloud. How does o...

Today, no CSP can guarantee that your data will be secured “For Your Eyes Only.” Encryption algorithms and compliance policies can only achieve so much. From the CSP perspective, we have to take reasonable measures to ensure customer data is not used in any way by the provider that is unintended by the customer. As a way to mitigate exposure of customer data, some CSPs encrypt data at rest using encrypted hard drives or encrypted file systems. The other part of the equation for risk mitigation is proper device destruction either logically, using an appropriate method of sanitization like DoD 5220.22-M  or physically  DSS Clearing and Sanitization Matrix  and  Special Publication 800-88: Guidelines for Media Sanitization . And then, there are the backups. CSPs manage several copies of data to prevent total failure in both onsite and offsite facilities, and more than likely, the data stored on tape or other hdds is encrypted. Once you have encrypted drives and e...

Amazon Web Services (AWS) has launched a web identity service with support for Google, Facebook and its own AWS Identity and Access Management (IAM).  The service allows developers to grant temporary authorization to people using these three services and simplifies development as all the identity management is done by AWS. All the server-side code is managed without long-term credentials for the app. The service introduces a new AWS Security Token Service (STS) API that allows for temporary security credentials for customers who have been authenticated by Amazon.com, Facebook, or Google. The “app can then use the temporary security credentials to access AWS resources such as Amazon Simple Storage Service (S3) objects, DynamoDB tables, or Amazon Simple Queue Service queues.” This means that an app developer can more easily integrate identity features into an app. AWS uses the example of allowing end users to upload an image file as their personal avatar. In this case, a ...

Amazon Elastic Transcoder with an initial set of features and a promise to iterate quickly based on customer feedback. You've supplied us with plenty of feedback (primarily via the Elastic Transcoder Forum) and have a set of powerful enhancements ready as a result. Here's what's new: Apple HTTP Live Streaming (HLS) Support . Amazon Elastic Transcoder can create HLS-compliant pre-segmented files and playlists for delivery to compatible players on iOS and Android devices, set-top boxes and web browsers. You can use our new system-defined HLS presets to transcode an input file into adaptive-bitrate filesets for targeting multiple devices, resolutions and bitrates.  You can also create your own presets. WebM Output Support . Amazon Elastic Transcoder can now transcode content into VP8 video and Vorbis audio, for playback in browsers, like Firefox, that do not natively support H.264 and AAC. MPEG2-TS Output Container Support . Amazon Elastic Transcoder can...

Amazon RDS monitors the replication status of your Read Replicas and updates the  Replication State  field to  Error  if replication stops for any reason (e.g., running DML queries on your replica that conflict with the updates made on the master database instance could result in a replication error). You can review the details of the associated error thrown by the MySQL engine by viewing the  Replication Error  field and take an appropriate action to recover from it.  If a replication error is fixed, the  Replication State  changes to  Replicating . Amazon RDS Event Notifications  automatically get notified when you encounter a replication error. Separately, you can also  monitor  the  Replication Lag  metric and set up a CloudWatch alarm to receive a notification when the lag crosses a particular threshold tolerable by your application.

A bug that steals cash by racking up charges from sending premium rate text messages has been found in Google Play.  Security researchers have identified 32 apps on Google Play that harbour the bug called BadNews. A security firm Lookout, which uncovered BadNews, said that the malicious program lays dormant on handsets for weeks to escape detection.  The malware targeted Android owners in Russia, Ukraine, Belarus and other countries in eastern Europe. 32 apps were available through four separate developer accounts on Google Play. Google has now suspended those accounts and it has pulled all the affected apps from Google Play, it added. Half of the 32 apps seeded with BadNews are Russian and the version of AlphaSMS it installed is tuned to use premium rate numbers in Russia, Ukraine, Belarus, Armenia and Kazakhstan.

Testing sessions in full swing It was a full day long session and consisted of two groups of 25 youngster 1. Too much guidence When you are moderating a testing session, try to talk about the game or app as little as possible. It is perfectly ok to be mute and not give the player any background information about the game at all.  Let them figure it out themselves. Players need to understand the game mechanics from the moment they install and run it for the first time ever. If they don´t then you have some work to do. 2. Assuming too much Don´t assume that the player always understands your in-game menu. Before testing the game itself, try to get the test subjects to speak about the menus and items in the game. Do the players understand what each setting and button does? How do they think they can move around the different menu items? During the sessions I witnessed teams skipping past the start screen and also the menu options, which is a bad move. You might hav...