Science News

Science News We will meet any your needs.

By Joseph Menn(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp (NASD...
29/08/2021

By Joseph Menn

(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp (NASDAQ:MSFT)'s Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

"Our investigation shows no unauthorized access other than the researcher activity," Microsoft wrote. "Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.

"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it said.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key," the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.

Experts at Wiz, founded by four veterans of Azure's in-house security team, agreed.

"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before," said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past," said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

"It's terrifying. I really hope than no one besides us found this bug," said one of the lead researchers on the project at Wiz, Sagi Tzadik.

By Marc Frank and Anett RiosHAVANA (Reuters) - Cuban entrepreneurs, running businesses ranging from selling dried fruit ...
28/08/2021

By Marc Frank and Anett Rios

HAVANA (Reuters) - Cuban entrepreneurs, running businesses ranging from selling dried fruit to repairing bikes and developing software, are scrambling to understand the opportunities and challenges ahead after a landmark change in the rules governing the Communist-run economy.

Earlier this month, the government released regulations about a reform https://www.reuters.com/world/americas/cuba-dips-toe-market-economy-with-legalization-small-businesses-2021-08-13 that would allow small- and medium-sized ventures to formally incorporate as businesses and access state financing, ending decades of classifying them as 'self-employed'.

The measure is seen by many analysts as one of the most important reforms undertaken since all businesses - down to shoe-shine boys - were nationalized in 1968 by former leader Fidel Castro.

Omar Everleny, one of Cuba's best-known economists, described the reform as a very positive one, long-sought by many Cubans.

It does have important limits - for instance, people can own no more than one business and cannot contract foreign partners or carry out direct foreign trade.

"Given the economic situation and remaining restrictions, it will not mean a big economic improvement in the short term," cautioned Everleny.

For Nayvis Diaz, founder of Velo Cuba, a bicycle repair and rental company with 17 employees in Havana, it marks a significant change, however.

"What is important is we are now fully part of the economy and no longer marginalized," she said.

"Many people with a lot of social and business responsibilities in the city, and many others in the private sector, were waiting for this."

The measure forms part of a package of market-oriented reforms undertaken by Cuban President Miguel Diaz-Canel over the last year, as the coronavirus pandemic and tougher U.S. sanctions tipped the shaky economy into a tailspin and led to shortages of food, medicine and other basic goods.

Cuba's economy contracted by 10.9% in 2020 and shrank another 2% this year through June, compared with the same period in 2020. It remains reliant on tourism and imports.

The Fernandez brothers, who own Deshidratados Habana, Cuba's only company processing and selling dried fruits, were nevertheless enthusiastic.

"A bad economy can present opportunity," Oscar Fernandez said, standing amid makeshift ovens and other equipment in his basement. The company began when the pandemic forced their cafeteria to close, he explained.

THE HORIZON HAS OPENED

Hundreds of small businesses have found niches in a state-dominated economy short on imagination and initiative: from gourmet restaurants and 3D-parts manufacture to software development, home delivery, landscaping and construction contracting.

The private sector, excluding farmers, has expanded since the 1990s to encompass more than 600,000 self-employed license holders. It includes small-business owners, non-agriculture cooperatives, their employees and members, tradespeople and taxi drivers.

The Fernandez family business sells dried fruit online and has placed their product at three upscale private food shops in Havana.

"The horizon has opened," said Oscar, who holds a doctorate in economics. "Once incorporated we can establish relations with state and private supply chains and market our product to whomever - from state-run stores to hotels, as well as export and seek financing from local banks or abroad."

Diaz, in her workshop crowded with bicycles, was also enthusiastic about the prospects for growth, adding that she would be cautious and consult her lawyer and accountant every step of the way.

"We have to analyze the economic context closely because we will have an increasing responsibility with all the people that we are going to hire in our companies," she said.

The Fernandez brothers have drawn up plans for a small factory that would process a ton of fruit daily, including for export. They dream of owning a store that sells their products.

"We have the land and suppliers lined up. We just need about $100,000 in financing," Oscar said.

But one major worry remains - one shared by many Cubans on social media.

"We still have to see what happens in practice: how far the government really allows us to develop," Ricardo Fernandez said.

Adresse

Bollwerk 41
Bern
3011

Webseite

Benachrichtigungen

Lassen Sie sich von uns eine E-Mail senden und seien Sie der erste der Neuigkeiten und Aktionen von Science News erfährt. Ihre E-Mail-Adresse wird nicht für andere Zwecke verwendet und Sie können sich jederzeit abmelden.

Verknüpfungen

Teilen

Kategorie