The days of having difficulty cracking passwords quickly due to a lack of horse power are firmly in the rear view mirror. Now, just rent what you need.

From Stack Smashing:

As of today, Amazon EC2 is providing what they call “Cluster GPU Instances”: An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs. The exact specifications look like this:

22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)
2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge

GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?

Crazy to think what you could accomplish these days. So, what did he manage to accomplish exactly?

From :

What used to be the stuff of distributed computing projects with worldwide participants that took many months to bear fruit can now be done by a lone individuals in minutes and using rentable resources that cost the same price as a morning coffee to carry out the trick. Roth’s proof-of-concept exercise cost just $2. This was the amount needed to hire a bank of powerful graphics processing units to carry out the required number-crunching using the Cuda-Multiforcer.

Two dollars? Geez.

(Image used under CC from )

Today Amazon announced the release of the “micro” instances.

From Amazon:

We are excited to announce the immediate availability of Micro instances for Amazon EC2, a new, low cost instance type designed for lower throughput applications and web sites.

Micro instances provide 613 MB of memory and support 32-bit and 64-bit platforms on both Linux and Windows. Micro instance pricing for On-Demand instances starts at $0.02 per hour for Linux and $0.03 per hour for Windows.

A very interesting attempt by Amazon to lower the bar for access to smaller companies and organizations. Not much of a security angle here with the minor observation that this would be great for building a DDoS botnet.

Just saying.

(Image used under CC from )

So, after a four month hiatus, due to illness and life in general, we’re back and ready to roll. I hope to keep a consistent pace going forward.

Fingers crossed and stapled. OW!

(Image used under CC from )

Intel raised the bar in the processing game when this Tuesday they announced the release of the first 32nm processors. The big selling point here, according to the vendor, is the security aspects.

From The Taiwan Economic Times:

According to world`s No.1 chipmaker, the new processors are the industry`s first 32nm enterprise-grade devices integrating security capabilities that enhance data integrity and server virtualization as well as first six-core embedded computing processors. New structures enable the processors to deliver up to 60% greater performance than the 45nm Intel Xeon 5500 cousins, allowing data centers to replace 15 single-core servers with only one Xeon 5600-driven server and achieve a return on their investment in as little as five months.

The big selling points here being cloud computing and the financial sector. The real rub here will be how it will stand up against this time. Last time this is (.pdf).

(Image used under CC from )

Originally posted on

Made the trip to RSA 2010 in San Francisco last week. I went a day early with the hopes of attending the meeting.

From Cloud Security Alliance:

If you are attending the RSA Conference 2010 in San Francisco with either a delegate or expo pass, please consider attending the Cloud Security Alliance Summit. The next generation of computing is being delivered as a utility. Cloud Computing is a fundamental shift in information technology utilization, creating a host of security, trust and compliance issues. The Cloud Security Alliance is the world’s leading organization focused on the cloud, and has assembled top experts and industry stakeholders to provide authoritative information about the state of cloud security in the Cloud Security Alliance Summit.

I registered.

Silly me. I figured that would mean that I was going to be permitted entry.

Nope.

When I arrived I discovered that not only were they way over capacity but, the staffers working the door weren’t checking to see if people had registered. So to them I say, bite me.

I had planned a long write up on the summit.

No love.

(Image used under CC from )

With the growing move to cloud computing so to grows the interest of the ne’er do well hackers. Nothing like a juicy target that spin up resources as required and be billed to someone else.

Here is an account of an attack on a cloud instance. This attack took place over the past weekend.

From Cloud Ave:

Over the weekend, my cloud computing infrastructure survived a major hacking attack. Here is what happened and what it took to recover it.

This weekend my servers out in the cloud space fended off a major hacking attack across two of the systems that I have given the public access to use them. The attack started simply on Friday night as a simple series of scans to see if there was anything in the IP space that I am using. This is the fairly standard attack pattern that many information security people see every day. Thinking that this was normal I closed up shop on Friday and went home.

Very interesting article. Read on.

(Image used under CC from )

What is the threat landscape for cloud computing? A survey is being conducted by the Cloud Security Alliance.

Want to participate? Join in.

Link:

There are times where I am amazed at what people will put forward to an unsuspecting (or in this case suspecting) public.

This company, Private Planet, headed by Dr Janko Mrsic-Flagel aspires to lead us down the primrose path.

From UK Technology Live:

“Well both are paramount,” explains Dr. Mrsic-Flagel. “One of the great differences between us and the likes of Amazon and Google is that in our model you actually OWN your own cloud computer. This is a big difference. The telecom operator will host it for you. You will be the telecom operator’s customer, but you will own that computer. The privacy issue goes away, because you own the equipment that holds your data and it is not shared with any others. Unless you want it to be.”

In a datacenter that you have no control over and…and…

I have no words.

Read on.

(Image used under CC from )

There are times when cloud computing must seem like a pretty sweet option. I would imagine that the folks at WordPress were pondering something to that effect today. Earlier today they had an outage that lasted 110 minutes. Their worst outage in 4 years apparently.

From WordPress.com

What Happened: We are still gathering details, but it appears an unscheduled change to a core router by one of our datacenter providers messed up our network in a way we haven’t experienced before, and broke the site. It also broke all the mechanisms for failover between our locations in San Antonio and Chicago. All of your data was safe and secure, we just couldn’t serve it.

I imagine that a LOT of coffee was downed while they scrambled to fix the outage. Change control is there for a reason. Which can only mean that as soon as the dust settles that someone will be looking for a new job. And that single point of failure will surely haunt them.

(Image used under CC from )