The revelations were made by security expert Brian Krebs in a blog post on Monday, and blow a hole in the wall of silence that followed the attacks.

Krebs listed over 760 organisations which “had networks that were compromised with some of the same resources” that hit RSA, including big tech firms Google, Novell, Qualcomm and Facebook.

He explained that the networks of the organisations on the list had “phoned home” to some of the same command and control infrastructure used in the RSA attack in March, which was initially believed to have been carried out in order to compromise the SecureID system and thus infiltrate US defence contractors.

The attacks may have been occurring as early as November 2010, said Krebs, although he did add that some of the firms on the list were probably not original targets, for example, ISPs.

“It is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims,” Krebs said.

“Finally, some of these organisations (there are several anti-virus firms mentioned) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”

Nevertheless, it’s a fascinating snapshot into the scale of the attack and it may be telling that the vast majority of command and control networks used were located in the Beijing region.

As a metaphor for the Internet, “the cloud” is a familiar cliché, but when combined with “computing,” the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers [1] available over the Internet. Others go very broad, arguing anything you consume outside the firewall is “in the cloud,” including conventional outsourcing.

[ Stay on top of the state of the cloud with InfoWorld's "Cloud Computing Deep Dive [2]” special report. Download it today! | Also check out our “Private Cloud Deep Dive [3],” our “Cloud Security Deep Dive [4],” our “Cloud Storage Deep Dive [5],” and our “Cloud Services Deep Dive [6].” ]

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) [8] providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

InfoWorld talked to dozens of vendors, analysts, and IT customers to tease out the various components of cloud computing. Based on those discussions, here’s a rough breakdown of what cloud computing is all about:

1. SaaS
This type of cloud computing delivers a single application through the browser to thousands of customers using a multitenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday. And who could have predicted the sudden rise of SaaS “desktop” applications [9], such as Google Apps and Zoho Office?

2. Utility computing
The idea is not new, but this form of cloud computing is getting new life from Amazon.com, Sun, IBM, and others who now offer storage and virtual servers that IT can access on demand. Early enterprise adopters mainly use utility computing for supplemental, non-mission-critical needs, but one day, they may replace parts of the datacenter. Other providers offer solutions that help IT create virtual datacenters from commodity servers, such as 3Tera’s AppLogic and Cohesive Flexible Technologies’ Elastic Server on Demand. Liquid Computing’s LiquidQ offers similar capabilities, enabling IT to stitch together memory, I/O, storage, and computational capacity as a virtualized resource pool available over the network.

3. Web services in the cloud
Closely related to SaaS, Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. They range from providers offering discrete business services — such as Strike Iron and Xignite — to the full range of APIs offered by Google Maps, ADP payroll processing, the U.S. Postal Service, Bloomberg, and even conventional credit card processing services.

4. Platform as a service
Another SaaS variation, this form of cloud computing delivers development environments as a service. You build your own applications that run on the provider’s infrastructure and are delivered to your users via the Internet from the provider’s servers. Like Legos, these services are constrained by the vendor’s design and capabilities, so you don’t get complete freedom, but you do get predictability and pre-integration. Prime examples include Salesforce.com’s Force.com [10], Coghead [11] and the new Google App Engine [12]. For extremely lightweight development, cloud-based mashup platforms [13] abound, such as Yahoo Pipes [14] or Dapper.net.

5. MSP (managed service providers)
One of the oldest forms of cloud computing, a managed service is basically an application exposed to IT rather than to end-users, such as a virus scanning service for e-mail or an application monitoring service (which Mercury, among others, provides). Managed security services delivered by SecureWorks, IBM, and Verizon fall into this category, as do such cloud-based anti-spam services as Postini, recently acquired by Google. Other offerings include desktop management services, such as those offered by CenterBeam or Everdream.

6. Service commerce platforms
A hybrid of SaaS and MSP, this cloud computing service offers a service hub that users interact with. They’re most common in trading environments, such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user. Think of it as an automated service bureau. Well-known examples include Rearden Commerce and Ariba.

7. Internet integration
The integration of cloud-based services is in its early days. OpSource, which mainly concerns itself with serving SaaS providers, recently introduced the OpSource Services Bus, which employs in-the-cloud integration technology from a little startup called Boomi. SaaS provider Workday recently acquired another player in this space, CapeClear, an ESB (enterprise service bus) provider that was edging toward b-to-b integration. Way ahead of its time, Grand Central — which wanted to be a universal “bus in the cloud” to connect SaaS providers and provide integrated solutions to customers — flamed out in 2005.

Today, with such cloud-based interconnection seldom in evidence, cloud computing might be more accurately described as “sky computing,” with many isolated clouds of services which IT customers must plug into individually. On the other hand, as virtualization and SOA permeate the enterprise, the idea of loosely coupled services running on an agile, scalable infrastructure should eventually make every enterprise a node in the cloud. It’s a long-running trend with a far-out horizon. But among big metatrends, cloud computing is the hardest one to argue with in the long term.

Let’s face it; our computers are a bigger part of life than ever before. We shop, work and play using computers. They’ve replaced stereos, encyclopedias, even the mailman. They’ve become journals, photo albums and canvases for our art.

But computers aren’t perfect. Files become corrupt, motherboards malfunction, CPUs call it quits taking our precious data with them.

The best defense is data backup software. Backing up data is vital for businesses; lost information can cause a major crisis or worse, lead to business failure. Individuals who don’t backup computer data run the same risk. While this may not cause financial ruin, it can certainly be frustrating and even heartbreaking. So why do so few of us practice data backup?

Here are the common excuses:

“I’m too busy to backup my computer.” We are busy; work, family and friends fill our days and leave us little time for boring things like computer maintenance. But today’s backup software manufacturers make it easy. Through scheduled backups, your system can automatically perform a backup that fits your needs at an interval you choose – without interrupting life.

“I don’t know how to backup data.” Like preparing for a natural disaster, most of us understand how important data backup is, but don’t know where to start. A big step is deciding how you are going to store the data you backup.

One option is Removable Backup Media, but this only narrows the field a little. You could buy a million 3.5″ discs or perhaps invest in a larger-capacity external Zip drive. You could take the plunge into writeable CDs or stretch out your legs with the help of an external hard drive.

Another good data backup option is to backup to an FTP location, which allows you to backup a file, a folder or your entire hard drive to a separate location online.

“My computer won’t crash.” You’ve had your computer this long and haven’t had problems so far why worry about computer backup now? Data backup is about protecting your data’s future, but with computers, it isn’t if you crash, it’s when you crash.

In today’s high-tech world of sneaky spyware and venomous viruses, you are in more danger of data loss than ever before. Computer viruses grew by as much as 11% percent during 2003 alone.*

Like tires on your car, the electronic circuits your computer rides on will eventually wear down and blow out. When this happens, you can either grieve at your loss or simply restore your data with data backup software.

So with that said, how does one choose the right backup software? There are many varieties available – some suited to a growing business and others for growing families. Some backup software is for technical experts, other packages for the technically challenged.

Is the web site really secure with SSL?

1. The server is attacked directly.  SSL does not protect you from this.  Rather, you need to have a good IT security policy to protect your server.
2. The user is attacked directly, either by infecting their PC with malware, or by using “phishing” to steal their passwords.  SSL does not protect you from this, either.  To protect your own PC from this, you need to use a good anti-virus program, and use lots of common sense and a small amount of paranoia when on the Internet.  However, it is unrealistic to expect that all the PCs of all of your website visitors will be adequately protected.

In that case, when is SSL important to have?

If you are transmitting sensitive private data over the internet, SSL is an important additional security layer.  Although eavesdropping may be a less common form of attack, there is no reason not to protect against it if the consequences are serious.

What kind of “sensitive private data” needs protection?

Private data is information that should only be known to you (the website owner) and the user.  The most obvious example is credit card numbers.  If you outsource your credit card processing to an external e-commerce gateway, the transactions are protected by your e-commerce provider’s SSL.  Adding SSL on your website is not necessary.

Passwords may also be sensitive if they access private data or functions, such as bank account statements, email inboxes, and so on.  Passwords that merely access a members-only area are less sensitive, because these resources are shared and not truly private.

Note that personal information such as names, email addresses, phone numbers, and mailing addresses are not private.  This is information that is meant to be shared with others.  SSL does not really protect information that is already publicly available in more accessible formats such as the phone book.

(However, you do need a good privacy policy when storing and using people’s personal information, to assure your users why you need their personal information, and what you intend to use it for.  This is mostly because some organizations have a history of selling their databases of personal information against the wishes of their clients.  SSL does not help with this, however.)

There is a grey zone between private data (which should be known only to you and the user), and personal data (which is known and used by many others).  Individual pieces of personal data may not be a big deal, but if you collect enough personal data, identity theft may become a plausible threat.  Special account or identity numbers (SSN, SIN, drivers license, health care, or passport numbers for example), along with birth dates, common security questions (eg. mother’s maiden name, names of family members), and information of that nature may collectively comprise an identity that could be stolen for nefarious purposes.  The more of this sort of information you collect, the more SSL might be a worthwhile addition to your security policy.

I don’t store lots of personal data, my private members’ area is not especially sensitive, and I outsource credit card processing to a secure e-commerce provider.  Is there any other reason why I might want SSL?

Not everybody knows what SSL protects or how it works.  All they know is that the little padlock icon is “good”.  If your users are pestering you because you don’t have the padlock icon, then it may be easier just to get SSL than to try to explain all the security nuances of why it won’t help them in this case.

Web browsers often throw up security dialogs when you move between SSL web pages and regular web pages.  These dialogs are meant to be a more obvious variant of the padlock icon–to advise the user when their communications are encrypted and when they are not.  They may pop up, for instance, when you finish paying at an e-commerce page, and are then redirected back to your website to get your receipt.  However, dialog boxes sometimes seem like error messages to inexperienced users, who may attempt to cancel or reverse the operation they started.  If this causes problems for you on your website, you may want to consider adding SSL just to prevent these dialog boxes from appearing.

In both of these cases, it is important to understand that SSL is not really protecting your website communications.  Rather, it only being used to smooth over user interface and security issues that your users may not adequately understand.

One extra useful thing that SSL allows for is verifying that the website owner is really who they claim to be.  If you are at risk of being spoofed by phishers, or otherwise need to be able to prove to your visitors that you really are who you claim to be, then SSL can help users confirm your identity by clicking on the padlock icon to get more information about you.

I probably don’t need SSL, but it might be best to get it just to be safe.  Is there any downside to using SSL when you don’t need it?

Yes.  SSL is slower because every single byte of information needs to be encrypted and decrypted by both the user and the webserver, and this takes significantly more effort than simply transmitting in the clear.  SSL not only encrypts information typed into forms by users, but also the text of web pages, style sheets, scripts, images, and videos.  Most of this does not need to be encrypted, but it gets encrypted anyway (otherwise the browser will complain that the secure page contains insecure elements).  If you use SSL on a website that doesn’t need it, every user will pay a price in speed, and your website will “max out” on its performance sooner because much of that performance is being diverted to encryption.

SSL also creates an administrative burden, because the certificates cost money, require paperwork and verification by a third party, and need to be renewed, just like domain names.  They also require private IP addresses, which may incur an extra cost if you do not already have a private server.