Thursday, August 28

Computer forensics & cloud computing

By now, if you're active enough of an online user to be reading this blog, you've surely heard of "cloud computing." You may even have heard of Amazon Web Services (AWS) and their Elastic Compute Cloud, more commonly referred to as EC2.

Cloud computing offers a lot of possibilities and potential. Let's not forget, it "levels the playing field," and all that other corporate jargon that hopefully translates into delivering Fortune 100 computing capabilities to those of us technical sorts who don't, or who no longer, work for the 800 pound gorillas of the industry.

Clouds also unfortunately seem to offer a lot of surface area for abuse and crime. Email spammers have been loving EC2 -- it didn't take long for most of AWS' IP range to get blacklisted by all the major spam watchlists.

What about something a little more sinister? What if an evil foreign spy or terrorist or hacker needs a place to host a bot command & control server, or a temporary shell account for accessing a more meaningful target, or needs a private place to host a "sensitive" IRC conversation or dead drop some blueprints?

When you shut down an AMI instance on EC2, that image resets to its stored state -- all session data is lost. All typical system & service logs, gone. Sure, I know you still have logging at the boundary of the cloud, but with the huge amount of potential data flowing in and out of a cloud, how do you identify individual users of individual services provided by a transient host image, particularly when they make expert efforts to cover their tracks? And what if the owner of the image decides to engage in malicious behavior, through the host server image, from a third IP address, and then claim someone must have stolen their password or keypair to the image?

Now I'm no security expert, perhaps this isn't as big a potential issue as I make it out to be. I'd love to be contradicted here!

Of course, none of that is as scary as the thought of this guy as our Commander in Chief.

Edit: It was noted on #freehackersunion that Tor, and for that matter other such services, offer you an ability to put an anonymous host on the Internet already. Sure, but Tor's bandwidth typically sucks, and the guy sitting on the exit owns you. EC2 basically commoditizes anonymous hosts, all you need is a stolen ID and credit card number.

Monday, August 25


I know it's been said before, but I was shocked when I took a look at former-employer Gannett's stock price this morning -- a paltry $17.xx!

They were treading near or around 80 when I started in November of 2002. They were in the low 50s I believe when I bailed in December 2005. The site I was at, the Rochester Democrat & Chronicle, was doing about 8 million hits a month with over a quarter million unique visitors ... but just didn't "get it" when it came to technology. They became followers rather than innovators, led by the nose by page views and ad campaigns, mimicking their socially-successful neighboring markets of Buffalo and Syracuse, but only years after their lead tech guy (me) had tried to encourage forums and article comments. Rather pathetic -- so much wasted potential and lead time.

They were starting to push the "hyperlocal reporting" and "local data machine" campaigns in a very drone-like fashion in my waning time there. I had some hope for them when they made the token effort of changing their "newsrooms" to "information centers," but unfortunately I think that corporation is too filled with stodgy, curmudgeonly personalities and mindsets to make the transition to the 21st century anytime this decade. No dancing elephants there -- no Lou Gerstner either, for sure. Over the past five years all their sites have, through corporate edict and ad-driven mania, become cookie cutter, ad-noisy copies of one another. Gross. AdBlock Plus is your friend.

Recently, an editor at the Glens Falls Post-Star haughtily insisted to me, via a poorly-designed article commenting system, that the newspaper wasn't dying -- "just look at all the hits this site gets!" Tell that to your parent corp's stock price:

Just for comparison, let's see how the innovation-friendly (ish) big-budget New York Times has been doing over the same 5-year period:

Only slightly better than the corporately-retarded Gannett Co, Inc.

Say it with me now: "Newspapers are environmentally-disastrous dinosaurs, please quit wasting time, money and resources, liquidate your assets and finish laying off your underpaid workforce already."