War Drums Are Calling

Probably no one is left without hearing; The USA has been the center of a massive cyberattack affecting many countries for eight or nine months. SolarWind Breach.

Possibly one of the largest and most complex cyberattacks in history, US officials (except Trump; he suspects China) blame Russia. Exact information about the destruction of the incident is not available yet. What is certain is that the actors behind the attack had access to a large number of public and private organizations around the world, especially in the US.

Some of the public institutions mentioned are the US Treasury Department, the Department of Commerce, the Department of Homeland Security, the Department of State, and some departments of the Pentagon. In addition, even the US Department of Energy and its National Nuclear Security Administration (NNSA) were affected. NNSA manages the US nuclear arsenal…

Apart from these, companies on the Fortune 500 list and some kind of software used by The New York Times have been reached.

The story is briefly as follows; While the United States was busy during the presidential elections so that Trump would not steal votes, someone used Solar Winds to easily reach all systems. Until this incident, many people may not have heard of this network monitoring company. This is normal because the company is a major corporate actor that is only involved in the Computer Network operations of large corporate companies.

Let us explain the “supply chain attacks” :

You want to infiltrate all android phones and install an illegal program. You know that almost all phones have Whatsapp software installed.

In such a case, the easiest method is to infiltrate the update servers of the Whatsapp software, download the Whatsapp software, add the software you own on it and upload the new software (Whatsapp + your software) to the update server.

Thus, anyone who updates the whatsapp software on their phone will also install your software.

The event is like this. The pirates who infiltrated Solar Winds were noticed by the cyber security firm Fire Eye only 8 months after the incident.

It is not yet fully understood what data is being collected and which other countries, companies and departments may have been breached. We will see the extent of the damage as it unfolds.

However, voices started to rise in America that this is a Cyber ​​War. How the US will respond to this is being questioned.

Comment:

Contrary to popular belief, using open source solutions for such monitoring software is much safer.

Because of the large number of stakeholders in open source solutions, it is very difficult to encounter such situations. You mostly control what's inside the module you have installed.

As of the next months, we will see that legacy infrastructures will cause a lot of trouble. Therefore, we can predict that security breaches will also be quite high on newly developed platforms.

In the past, before a new software was released, it went through certain security procedures and was tested and then put into live use.

Nowadays, software that should actually be Alpha can be used live around to show their hastily added features due to perception and competition anxiety. Populism and Marketing become the greatest danger for the world.

The Agile and DevOps paradigms have stretched the security principle considerably. Therefore, the term DevSecOps and ShiftLeft approach are now facts that all companies should apply.

If you do not want to experience such problems for your company, I recommend you to read our Cyber ​​Security article series. Cyber ​​Security: Thinking Like a Hacker - Cybersecurity: What Should Companies Do?

US Cyber ​​Attack | BBC

Authorities Find More Hacking Attacks As 'Big Risk' Warning For US Government | NYTimes

Hacked Again | NYTimes

Russia's SolarWind Pilgrimage Is A Historic Confusion | Wired

Giant US Made Widespread Software Compromised From Computer Security Breach | Scientific American


News and Useful Things


What Awaits The World As The Pandemic Continues In 2021?

Forrester CEO George Colony listed the factors he expects to accelerate for 2021.

  1. Technology becoming more widespread,

  2. The popularity of something by customers is correlated with the speed, convenience and remote accessibility it provides,

  3. The fact that the whole sales business is completely digital, no human interaction during the sale,

  4. The transformation of management profiles in companies into "customer-oriented technical persons",

  5. Technology giants have difficulty in the following two issues; 1. Facing serious competition difficulties related to monopolization and 2. The emergence of new companies that will want to make direct sales to their customers (take Amazon out), want to take back control of their own advertising budgets (eliminate Facebook and Google).

  6. Customer confidence will be re-channeled from large and traditional institutions to smaller companies, start-ups, colleagues and friends.

  7. A renewed focus on families, relationships and society. As a first result, employees are expected to focus more on work / life balance rather than career. Another consequence is that people will switch from buying things to purchasing experience.

The first will drive companies to change the way they find and develop talent. Second, it will stimulate the travel industry and potentially hinder retail sales.

Great Acceleration | Forrester


IBM Acquires a Small Finnish Cloud Firm

IBM announced Monday that it has purchased the Finnish cloud consulting services provider Nordcloud for an undisclosed sum. "

It is a development that confirms the 5th and 6th of the Forrester CEO's predictions above. Why would big IBM go after a tiny company?

John Granger, senior vice president and business manager, IBM Global Business Services, said in a statement:

"Nordcloud's cloud native tools, methodologies and capabilities send a strong signal that IBM is committed to delivering a successful cloud journey to our customers."

We know that IBM is trying to gain a foothold in the cloud market as a company providing Hybrid Cloud services and will offer its customers its “Cloud Native” approach.

It is an indisputable fact that the European customer in particular predicts that they will rely on local resources and is preparing to swallow medium and small companies providing cloud services.

Let's see how market leader AWS and other players will respond to this.

IBM caught Finnish cloud firm Nordcloud in battle with AWS, Microsoft and Google | CNBCe


Liar's candle burns until nightfall (Turkish proverb)

Oracle's founder Larry Ellison announced last week that several key ERP customers of SAP will join Oracle's Fusion ERP in the coming months.

Ellison's statement is unfounded and it is not the first time that he makes such baseless claims.

He had voiced a similar nonsense exactly a year ago during Oracle's December 12, 2019 earnings call and said in March 2020 that SAP's first major customer would announce that it was replacing the SAP ERP system and Oracle's ERP system.

Of course, nothing like this happened. It's ridiculous that Larry Ellison embarrassed his company in this way, because what you do is inherent in high competition.

It is just as natural for SAP's customers to switch to Oracle, as well as Oracle's customers to SAP. Unless customers are provided with value that makes a fundamental difference, it is unlikely for companies to make large migrations.

Oracle-SAP Showdown: Is Larry Ellison Crying Wolf over Snatching SAP Customers?| cloudwars


Technology Update


PostgreSQL active/active cluster solution

"Allows you to build an Active/Active PostgreSQL database using Crunchy Postgres Operator and Kubernetes"

Until now, there were already synchronous PostgreSQL cluster installations working with Active/Passive or log shipping. We know that we can run PostgreSQL cluster setups on Kubernetes with CitusData.

In the link below, a cluster structure similar to Crunchy Data is suggested. An alternative that can be tried out.

Active-Active PostgreSQL Federation in Kubernetes | Crunchy Data


A new alternative for edge solutions: K0S

Mirantis, an open cloud company, recently announced K0S, a new open source Kubernetes distribution. The current version is 0.8 and it can work with Kubernetes 1.19.

The K0S reduces the complexity of setting up and running a Kubernetes distribution that works with all its functions, and is easily scaled from use for local development to use in edge computing.

Adam Parco, vice president of engineering at Mirantis, made this announcement in a blog post.

Parco defined "zero" in the K0S deployment as the company's desire to provide a Kubernetes deployment with zero friction, zero dependency, zero overhead, zero cost, and zero downtime.

In the next few years, I think everyone will come up with a solution on this issue (Edge Computing). K3S and K0S are two interesting alternatives right now. But the problematic part is that there is no operating system that these Kubernetes versions can run on.

For now, the K3S seems one step ahead.

K0S kubernetes solutions | Mirantis

k0s | The Kubernetes Distribution (k0sproject.io)


What About Life?


Mckinsey & Financial Times Chooses Business Book of the Year

“No Filter: The Inside Story of Instagram, by Sarah Frier, was recently named 2020 Business Book of the Year by the Financial Times and McKinsey.

Frier, an award-winning journalist, examines the transformation of a photo sharing app into a global force by changing the way we eat, care, travel, socialize and communicate which affected our daily lives.

No Filter is a good story, detailing the rise of Instagram and its acquisition by Facebook.

But it also tackles two vital issues of our age: how tech giants treat smaller competitors and how social media companies shape the lives of the new generation. “

No Filter: The Inside Story of Instagram | Amazon


A Suggestion for Winter nights

Winter is at the door and the nights are long. Most of us think that the best thing to do at home during these long closure nights is to watch movies or TV series. Yes, that's right, but we want to suggest you a different experience this week.

First of all, let's talk about the website called mynoise.net, which many of you already know. This site only broadcasts audio. It offers you all kinds of sounds in the world, from the sound of spring rain, brain waves, calm cafe sound, traffic noise, around the dam.

The good thing is that you can create an environment that suits your taste with the control buttons.

Our recommendation for this week is:

Preferably on a Friday or Saturday evening

  1. Make a drink you love

  2. Turn off the lights of your room and turn on only a reading lamp,

  3. Put on your headphones.

  4. Turn on My Noise's "Windy Mansion" broadcast and you can see the force of wind, rain, squeaking, roaring etc. according to yourself. adjust their sounds.

  5. Start a high-tension book.

It can be easily said that it is more effective than most horror/thriller movies or TV series. You can also change this mix of audio and book as you wish, specific to the book you are reading, the feeling you want to enter and the environment you want to feel. Give a try.

Windy Mansion | My Noise

and for example books like;

Psychic (Stephen King) | Amazon.de

or Rebecca (Daphne Du Maurier) | Amazon.de

Share


That's all this week, we won't be sending out newsletters next week as it's New Year's Eve. We wish all of us a healthy and happy year in advance.

If you like our weekly bulletin, please share this mail with your friends. You can also follow Independent Technical Review on Linkedin.

See you

Independent Technical Review

Share Independent Technology Review