Forgot your password?
typodupeerror

Submission + - AI Data Centers Being Built Faster Than They Can Be Secured (securityweek.com)

wiredmikey writes: AI is reshaping data centers and introducing security risks traditional architectures weren't designed to handle. As AI data centers scale at breakneck speed, security isn't keeping up. Researchers outline the Top 10 AI infrastructure security risks, including hardware integrity, multi-tenant isolation, high-speed network fabrics, supply chain compromise, and patching failures.

Submission + - Physicists create first room-temperature quantum material (phys.org)

alternative_right writes: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magaña-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Comment Fingerprinting (Score 3, Interesting) 55

Its called fingerprinting, and it has been going on a very long time, using techniques that go back decades. This just makes it more persistent and spans attempts to obfuscate fingerprinting in easier ways.

If you want to avoid this, work from a non-persistent VM that is created and destroyed every online session, using no identifiable information (no-logins ever).

Security isn't convenient.

Comment Re: Get off of VMWARE ASAP, but be warned (Score 1) 56

We moved off on-prem VmWare to Azure cloud. VmWare had a workload management function called VmMotion - to automatically pauses and move VMs between hardware blades, supposedly without skipping a beat. But VMotion used to break cluster management software we ran. So our admins turned it off for susceptible VMs - those stayed 'sticky' on the blade they spun up on.

  As we moved to Azure, I asked how we could avoid a similar situation. Turns out Azure has a similar 'feature' called 'Live Migration'. The difference is you cannot turn off 'Live Migration'. Microsoft uses it when it wants to. Thankfully, our cluster management software was fixed/desensitized by the time we moved to Azure.

Despite that, I think the on-prem VmWare was at least a couple times more stable than Azure.

Slashdot Top Deals

On the Internet, nobody knows you're a dog. -- Cartoon caption

Working...