Archive for January 15, 2021

Guest Post: OVHcloud Cloud Predictions For 2021

Posted in Commentary with tags on January 15, 2021 by itnerd

Here are four cloud related predictions for 2021 from OVHCloud that might interest you:

Data sovereignty becomes central to secure innovation

Data localization – and data sovereignty – is a major strategic factor, as there is an increasing demand for a European, trusted, and sovereign cloud. More and more companies question where their data is localized, and under which jurisdiction? The European DNA is very strong on data protection and individual rights. GDPR, invalidation of the EU-U.S. Privacy Shield, or the GAIA-X initiative for example, send out a strong signal that in Europe we want to have an open IT ecosystem, where we control the location of data but also its portability and interoperability. At a European scale, there is strong push towards local innovation to avoid being dependent on external actors for the most sensitive data.

A growing need for data storage

As worldwide data usage is expected to reach 175 zettabytes by 2025 (according to IDC), data storage has become critical for companies mostly with regard to business imperatives, costs, and compliance related risks. Data is the new goldmine, as it allows organizations to improve operations with predictive analytics, to build new added value services or products, etc. and this is why standard – yet comprehensive, affordable and reliable – cloud storage solutions are key to cloud adoption and to answer business needs.

Major growth in AI and Machine Learning

The constant flow of data represents enormous value from which to extract insights with AI and Machine Learning. However, despite the huge investments made by corporations, it’s still very challenging to utilize this value, as data science resources are limited and finding the right data system engineering skills is often difficult. Costs can also easily spiral out of control and are very unpredictable. Companies will have to turn to cloud providers who provide complete portfolios of easy-to-use and powerful AI solutions, with full control over budget.

A growing need for edge or hybrid technology

Alongside the development of the conversations on data sovereignty, is a need for the cloud industry to develop a multi-local approach. The recent partnership between OVHcloud and German operator T-systems is a good example of this: OVHcloud brings its own infrastructure and technological stack within the T-Sytems datacentre. This partnership responds to various legal issues: compliance with the General Data Protection Regulation (GDPR) first of all, but also to prevent exposure to the U.S. Cloud Act.

A Bug In Microsoft’s NTFS Filesystem Can Corrupt Your Hard Drive In Epic Fashion

Posted in Commentary with tags on January 15, 2021 by itnerd

Well, this isn’t good. An unpatched zero-day that was originally found in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command:

In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records. The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version. What’s worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems. […] It is unclear why accessing this attribute corrupts the drive, and Jonas told BleepingComputer that a Registry key that would help diagnose the issue doesn’t work. 

One striking finding shared by Jonas with us was that a crafted Windows shortcut file (.url) that had its icon location set to C:\:$i30:$bitmap would trigger the vulnerability even if the user never opened the file! As observed by BleepingComputer, as soon as this shortcut file is downloaded on a Windows 10 PC, and the user views the folder it is present in, Windows Explorer will attempt to display the file’s icon. To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process. Next, “restart to repair hard drive” notifications start popping up on the Windows PC — all this without the user even having opened or double-clicked on the shortcut file.

This has been tested onWindows XP and the issue has been found there as well. Thus it appears to be an NTFS based issue as opposed to a Windows 10 issue. Microsoft is investigating this, but they need to have a rapid fix for this as a threat actor is going to be able to exploit this to cause chaos.