Government of Canada, Data From Canada Mandated To Remain In Canada →
Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).
NTP Reflection DDoS at 400Gbps →
News, via John Dunn at Techworld, of what is being characterized as the most powerful (in terms of throughput) DDoS attack on record; this time, clocked at 400GBps, and identified as last year's NTP Reflection Vulnerability.
ICS-CERT: Remote Code Execution Flaw, Network Time Protocol
Reports of newly discovered targeted attack code harshed our collective holiday mellow late last week, with the notification via the ICS CERT of flaws in the Network Time Protocol (in this case, prior to NTP version 4.2.8). The NTP 4.28 tarball is here, for folks that need to update their NTP deployments.
"NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014) " - via NTP.org
Digital Weaponry, Vectored
Once again, Kim Zetters' superlative prose details the astounding story of Stuxnet; this time, in a new book titled 'Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon' [published by Crown Publishing Group a division of Random House]. Apparently, like many other 'infections' the vector [in this case] is the order-of-the-day... This month's MustRead.
OpenStack Juno, The Release
News, via Renee Yao [with guest writer Mark Voelker, technical lead at Cisco] writing at Cisco Blogs, of the newly released OpenStack 2014.2 (aka Juno). Fundamentally, OpenStack open-source software targets the creation of cloud compute infrastructure, both private and public. Absolutely Outstanding.