Bitch Board

[VMware - Cloud Foundry service outages]

FYI...

VMware - Cloud Foundry service outages
- http://tech.slashdot.org/story/11/05/02/2231244/VMware-Causes-Second-Outage-While-Recovering-From-First
May 02,2011 - "VMware's new Cloud Foundry service was online for just two weeks when it suffered its first outage, caused by a power failure. Things got really interesting the next day, when a VMware employee accidentally caused a second, more serious outage while a VMware team was writing up a plan of action to recover from future power loss incidents. An inadvertent press of a key on a keyboard led to 'a full outage of the network infrastructure [that] took out all load balancers, routers, and firewalls... and resulted in a complete external loss of connectivity to Cloud Foundry.' Clearly, human error is still a major factor in cloud networks."
- http://support.cloudfoundry.com/entries/20067876-analysis-of-april-25-and-26-2011-downtime

- http://www.informationweek.com/news/security/vulnerabilities/229402618?printer_friendly=this-page
May 02, 2011 - "... 69% of cloud providers think that cloud users are most responsible for security, and only 16% think it's a shared responsibility. But according to a Ponemon study conducted last year, 33% of users see cloud security as a shared responsibility, and 32% think that the provider alone is most responsible. Only 35% of cloud users, meanwhile, think that users should be most responsible for cloud security... Legally speaking, however, cloud providers really aren't responsible for data security, as long as they make some effort, according to their end user license agreements (EULAs)..."

   

[Cloud over cloud computing]

FYI...

Cloud over cloud computing...
- http://blogs.wsj.com/tech-europe/2011/05/09/sony-hack-casts-cloud-over-cloud-computing/
May 9, 2011 - "It isn’t just Sony that has suffered from the hacker breach of their network, the whole cloud computing movement has taken a bit of a knock, or perhaps has had a wake-up call.
We reported the findings of a survey by the Ponemom Institute which, surprisingly, found that cloud service providers do not see security as their main concern. Perhaps Sony’s experience will make them think again. International news agency Reuters reckons it might*... One of the issues with cloud is liability. If there is a breach and data is lost, whose liability is it? At the moment the industry is trying to establish guidelines and working practices; but until that issue is resolved — if it ever is — expect pubic cloud adoption to be slow and cautious."
* http://www.reuters.com/article/2011/05/06/us-sony-cloud-idUSTRE7455C020110506
"Shares of companies that specialize in cloud computing have been some of top-performing stocks over the past year. But the attack on Sony, as well as a massive outage at Amazon.com Inc’s cloud computing center, have caused some businesses to put the brakes on plans to move their operations into the cloud. “Nobody is secure. Sony is just the tip of this thing,” said Eric Johnson, a professor at Dartmouth University who advises large corporations on computer technology strategies. Since news of the Sony breach broke on April 26, shares of companies involved in cloud computing have underperformed the broader market. Salesforce.com Inc, a maker of web-delivered software, has dropped 3 percent. VMware Inc, which sells software for building clouds, has declined 2 percent. The Standard & Poor’s 500 Index has climbed 3.3 percent... the first round of contracts for early adopters are coming to an end after three-year deals and companies are seeking better performance and terms for disasters."

  

[Microsoft BPOS cloud outage]

FYI...

Microsoft BPOS cloud outage...
- http://www.theregister.co.uk/2011/05/13/microsoft_bpos_apology/
13 May 2011 - "... Customers on BPOS in the US and worldwide were kicked off their hosted Exchange email systems, being unable to read, write, or access their messages. All users were affected – from down in the cubicle farm all the way up to the CEO's corner office. The outages started Tuesday and came after weeks of the service slowly degrading. The cause of the problem, Thomson said*, was "malformed email traffic" in BPOS's Exchange Servers... "obscure cases" and "related issues"..."
* http://blogs.technet.com/b/msonline/archive/2011/05/13/update-on-bpos-standard-email-issues.aspx

 

[Amazon cloud used by hacks]

FYI...

Amazon cloud used by hacks...
- http://www.bloomberg.com/news/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.html
2011-05-13 - "Amazon’s Web Services cloud-computing unit was used by hackers in last month’s attack against Sony's online entertainment systems, according to a person with knowledge of the matter. Hackers using an alias signed up to rent a server through Amazon’s EC2 service and launched the attack from there, said the person, who requested anonymity because the information is confidential. The account has been shut down, the person said. The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date... The hackers didn’t break into the Amazon servers, the person said. Rather, they signed up for the service just as a legitimate company would, using fake information... The Federal Bureau of Investigation will likely subpoena Amazon as part of its investigation process..."

  

[Eucalyptus cloud - critical vuln]

FYI...

Eucalyptus cloud - critical vuln...
- http://www.h-online.com/security/news/item/Critical-vulnerability-in-open-source-Eucalyptus-clouds-1252593.html
30 May 2011 - "... critical vulnerability in Eucalyptus, an open source implementation of the Amazon EC2 cloud APIs. An attacker can, with access to the network traffic, intercept Eucalyptus SOAP commands and either modify them or issue their own arbitrary commands. To achieve this, the attacker needs only to copy the signature from one of the XML packets sent by Eucalyptus to the user. As Eucalyptus did not properly validate SOAP requests, the attacker could use the copy in their own commands sent to the SOAP interface and have them executed as the authenticated user. All versions up to and including 2.0.2 are vulnerable; a fixed version, 2.0.3*, is available to download. Ubuntu's Eucalyptus-based Ubuntu Enterprise Cloud (UEC) is also vulnerable; updates for Ubuntu 10.04 LTS, 10.10 and 11.04 are already available in Canonical's repositories. Eucalyptus does note** that the changes made to close the holes may lead to some existing tools failing to work as the system will interpret them as a replay attack if they issue commands too rapidly."
* http://open.eucalyptus.com/downloads

** http://open.eucalyptus.com/news/2011-05-25-eucalyptus-203

 

[Attackers use Amazon Cloud to host malware]

FYI...

Attackers use Amazon Cloud to host malware
- http://threatpost.com/en_us/blogs/attackers-using-amazon-cloud-host-malware-060611
June 6, 2011 - "Attackers are beginning to host their malicious domains and drive-by download sites, and most recently researchers have discovered a number of domains on Amazon's cloud platform that are being used to install malware as part of a spam and phishing campaign designed to steal banking credentials and other sensitive data... attack sites are installing a variety of malicious files on victims' machines, including a component that acts as a rootkit and attempts to disable installed anti-malware applications. Other components that are downloaded during the attack include one that tries to steal login information from a list of nine banks in Brazil and two other international banks, another that steals digital certificates from eTokens stored on the machine and one that collects unique data about the PC itself, which is used by some banks as part of an authentication routine. Researchers say that the attacks likely originated in Brazil and are targeting users in Brazil, specifically. The domains that are being used in this attack have now been removed by Amazon, according to Kaspersky Lab researcher Dmitry Bestuzhev, who discovered the malicious domains*... The advent of commodity cloud computing platforms gives attackers one more venue in which to host their attack domains, but the attacks themselves are quite similar to what users have been seeing for years."
* http://www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud
___

- http://www.information-management.com/news/cloud_security_sony_amazon_RSA-10020489-1.html?zkPrintable=true
June 6, 2011

- https://www.computerworld.com/s/article/356811/Cloud_Storage_Gets_the_Ax
June 6, 2011

 

[Amazon cloud users reveal confidential data]

FYI...

Amazon cloud users reveal confidential data...
- http://www.h-online.com/security/news/item/Many-Amazon-cloud-users-reveal-confidential-data-1263704.html
20 June 2011 - "Sharing Amazon Machine Images (AMIs) to run on Amazon's Web Services (AWS) can open the door to attackers when users do not follow appropriate safety advice. The AMIs may contain private cryptographic keys, certificates and passwords, as researchers at the Darmstadt Research Center's CASED (Center for Advanced Security Research Darmstadt) found. In a report** [German language], they say that they examined 1100 public AMIs for cloud services and found that 30 per cent were vulnerable to manipulation that could allow attackers to partially or completely take over virtual web service infrastructure or other resources... Amazon Web Services have also been informed which customers are affected."
* http://aws.amazon.com/amis
** http://www.sit.fraunhofer.de/presse/20110620-sicherheitsbedrohung-durch-cloud-nutzung.jsp

- http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
20 June 2011 - "... As many people use the same password in multiple places, criminals can use the passwords to obtain unauthorised access to further services... Cloud, CUDA and multi-core computer technologies are both a blessing and a curse: they can greatly accelerate the processing of data and make even complex simulations available to end users. Unfortunately, crackers use the same high-speed computing power to reconstruct plain-text data from an encrypted password, and then they use the password to log into a system as administrators. In this context, password crackers can take advantage of the fact that the harvested hashes were probably created using the MD5 algorithm, which is optimised for fast processing..."

 

['We can hand over Office 365 data without your permission']

FYI...

'We can hand over Office 365 data without your permission'...
- http://www.zdnet.com/blog/igeneration/microsoft-we-can-hand-over-office-365-data-without-your-permission/11041
June 23, 2011 - "... Hidden within a whitepaper*, detailing the security features in the upcoming Office 365 suite, it reveals links to the Trust Center; a treasure trove of data protection policies and legalities of how Microsoft will handle your data in its cloud datacenters. Next week, Microsoft will announce the launch of Office 365 in both New York and London... In light of the Patriot Act furore, customers of cloud services are naturally becoming more aware of the limitations to cloud security and privacy; with legalities and powerful acts of law taking precedent. In short, Microsoft states:
    “In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service).”
This covers all users and data of Microsoft Online Services, including the current offering of BPOS (Business Productivity Online Suite), currently in migration to Office 365. Current Live@edu users are also affected by this — mostly schools and colleges — which are also upgrading to Office 365... a personal and heartfelt congratulations to Microsoft — in full sincerity — for being as open, honest and transparent in their documentation..."
(More detail at the URL above.)
* http://www.microsoft.com/download/en/details.aspx?id=26552
Security in Office 365 Whitepaper.docx    5.0 MB

Data Use Limits
- http://www.microsoft.com/online/legal/v2/?docid=23
"... FAQ: ... Question: Can Microsoft Online Services use or disclose my data without my permission? In a limited number of circumstances, Microsoft may need to disclose data without your prior consent..."

 

[When consumers go to the Cloud]

FYI...

When consumers go to the Cloud...
- http://www.darkreading.com/taxonomy/index/printarticle/id/231000837
June 30, 2011 - "For four hours last week, a flawed authentication update allowed anyone the ability to access the data of any user of the cloud storage service Dropbox. The error could have caused a massive privacy breach. As it turned out, the company was notified and fixed the error before widespread knowledge allowed the vulnerability to be exploited by malicious actors. "According to our records, there were fewer than a hundred affected users, and neither account settings nor files were modified in any of these accounts," the company wrote in a blog post last Friday*... Dropbox encrypts data on the servers, but not to individual accounts, notes Sorin Mustaca, a product manager with security firm Avira. Anyone with admin access to the server can read all of its data. In addition, data on the servers of external services have lesser legal protections, Mustaca says. "I always advise our users to be very, very careful what they put online because if they put anything online, then the data does not belong to them anymore - it belongs to the cloud," Mustaca says. "This is the most important lesson that needs to be learned by anybody. If you put it online, you lose control of the data"... Dropbox is not the only consumer cloud service that has been the focus of security concerns. Evernote, Apple's MobileMe, iCloud, and cloud offerings from Google and Amazon all have generated security concerns in recent months. Barring employees from using cloud services usually does not work, Chaudhry says. Companies attempted to bar the use of social networks, but employees found ways of using the services anyway..."
* http://blog.dropbox.com/?p=821

 

[Lawyers in the Cloud]

FYI...

Lawyers in the Cloud ...
- http://blogs.csoonline.com/1616/lawyers_in_the_cloud_and_their_data
2011-07-27 - "Even state bar associations, the entities that regulate lawyers, are struggling with the cloud. Specifically, the “big” question is “if a lawyer stores attorney-client privileged information in the cloud, will that result in a waiver of that privilege.” Remarkably, only a very few bar associations have directly addressed this issue. Arizona, New Jersey, and New York bar associations have all issued guidances for lawyers regarding cloud storage of sensitive attorney-client information. In general, they find the practice is permissible if reasonable care is used to vet and monitor the cloud provider’s security measures. For example, the New York bar stated, “[A] lawyer may use an online ‘cloud’ computer data backup system to store client files provided that the lawyer takes reasonable care to ensure that the system is secure and that client confidentiality will be maintained.” New York State Ethics Op. 842. The question, of course, is “what constitutes reasonable care?” For example, if a cloud provider has a good record of security and has a great SAS 70 Type II audit report, but specifically disclaims any liability for security breaches and offers only minimal confidentiality protection, is this good enough to satisfy the “reasonable care” requirement? No one knows. What is clear is that, just like all other businesses, lawyers must be cautious in this area and thoroughly vet their cloud providers."

 

[SpyEye in the Amazon cloud]

FYI...

SpyEye in the Amazon cloud ...
- http://www.securelist.com/en/blog/208193064/Amazon_S3_exploiting_through_SpyEye
July 28, 2011 - "... According to our research, cybercriminals have been running SpyEye activities and from Amazon for the past couple of weeks... One hurdle for these cybercriminals to abusing Amazon S3 is the creation of an Amazon Web Services (AWS) account. These accounts require a legitimate identity and method of payment, so it is evident that criminals are using stolen data to overcome this challenge. Data shows that Amazon cloud services were abused heavily this month to spread malware. The following graph shows the domains used for this campaign from the second half of July 2011...
> http://www.securelist.com/en/images/pictures/klblog/208193067.png
... there are isolated cases, but the tendency to exploit services like cloud storage is in full expansion. This trend clearly represents a critical point for online storage services and requires special treatment. We have reported these domains to the appropriate security teams..."
___

>> http://google.com/safebrowsing/diagnostic?site=AS:16509
___

- http://blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/
Aug 1, 2011 - "... collected approximately 22Mb of malware for analysis & detection that was hosted on AWS... advice is to avoid clicking on any suspicious link either in an unsolicited e-mail, or an apparently benign link embedded in a webpage hosted on AWS (e.g. zx1udonut.s3.amazon .com, et al.) until this problem is resolved. We have recently seen about 30-50 various subdomains and specific URLs created on AWS which appear to harbor malicious content. We have reported this to Amazon Security..."
___

SpyEye Tracker
- https://spyeyetracker.abuse.ch/
"... quick statistics about the SpyEye Trojan:
SpyEye C&C servers tracked: 381
SpyEye C&C servers online: 184
SpyEye C&C server with files online: 38
• Average SpyEye binary Antivirus detection: 26.14% ..."

ZeuS Tracker
- https://zeustracker.abuse.ch/
"... quick statistics about the ZeuS crimeware:
ZeuS C&C servers tracked: 659
ZeuS C&C servers online: 223
ZeuS C&C servers with files online: 53
ZeuS FakeURLs tracked: 19
ZeuS FakeURLs online: 6
• Average ZeuS binary Antivirus detection rate: 38.67% ..."

(... as of 2011.08.04)

 

[MS CRM Online, Office365 outage]

FYI...

MS CRM Online, Office365 outage ...
- http://www.zdnet.com/blog/microsoft/outage-hits-microsoft-crm-online-office-365-customers/10359?tag=nl.e539
August 17, 2011 - "Microsoft CRM Online and Office 365 users were hit with outages to their cloud services on August 17. Microsoft has yet to respond as to what’s going on. A number of customers using the Microsoft-hosted Dynamics CRM Online and its Office 365 cloud service were reporting performance problems aon August 17... On the CRM Online front, “performance is slow for most users, to the point that some can’t use CRM at all,” one Microsoft CRM user said. His company is based in the U.S., he said, but international users of the system were affected, as well..."

- http://rcpmag.com/articles/2011/08/17/microsoft-office-365-skydrive-crm-online-outages.aspx
August 17, 2011 - "... UPDATE: Microsoft said as of late Wednesday afternoon, all systems are back up. The company is still investigating the root cause of the network failure."

- http://www.neowin.net/news/microsoft-office-365-currently-experiencing-an-outage
17 August 2011

 

[Hotmail, Skydrive and Office365 knocked offline]

FYI...

Hotmail, Skydrive and Office365 knocked offline...
- http://www.theinquirer.net/inquirer/news/2108080/microsoft-s-hotmail-windows-live-knocked-offline
Sep 09 2011

- http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/09/08/current-hotmail-and-skydrive-issues.aspx#comments
Sep. 08, 2011 - UPDATE 9:45 PM PT, UPDATE 11:02 PM PT, UPDATE 11:49 PM PT...

 

[AWS C&C malware]

FYI...

AWS C&C malware...
- https://blogs.technet.com/b/mmpc/archive/2011/09/13/bamm-bamm-rubble.aspx
13 Sep 2011 - "The family selected for addition to MSRT this month is Win32/Bamital*. Win32/Bamital was first discovered in September 2009 and was able to intercept and modify queries performed by search engines such as AltaVista, Bing, Google and Yahoo... authors of Win32/Bamital are employing the use of Amazon Web Services as part of their command and control infrastructure. We notified Amazon of the abuse and received confirmation that it is being investigated."
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Bamital
___

- http://www.infosecurity-magazine.com/blog/2011/9/14/the-dont-trust-model-of-cloud-computing/406.aspx
14/09/2011

 

[Bulletproof cybercrime hosting & the Cloud]

FYI...

Bulletproof cybercrime hosting & the Cloud
- http://hostexploit.com/blog/14-reports/3535-bulletproof-cybercrime-hosting-a-the-cloud.html
20 October 2011 - "... In Q3 2011, there were several changes in the top positions in the Top Bad Hosts table:
• The title of #1 Bad Host (Overall Category) now goes to AS33626 Oversee.net*, a monetizer of domain names, for high levels of hosting malicious URLs, badware, Zeus botnet servers and infected sites.
• The US share of the Top 50 has dropped from 23 in Q2 to 16 In Q3 although 5 of the Top 10 are still hosting from the United States including the #1 spot.
• #1 in the most important category, Exploit Servers, in the analysis of malware, phishing or badness as a whole, is AS47583 Hosting-Media**, hosted in Lithuania....

Discussed in this quarter report, also, is the rise of GHOSTing, or 'Bulletproof Cybercrime Hosting and the Cloud', which is increasingly being used as a way of serving malicious material and yet remaining under the radar. It gives, by all intents and purposes, the impression of clean and responsible hosting as no obvious sign of criminal activity is detected on the providers’ servers. This is achieved through the legitimate offering of VPN or VPS services to those clients who wish to host illicit or objectionable badness e.g. malware, botnet C&Cs, phishing, spam operations or even images of child sexual abuses. In this way hosts can feign ignorance or turn a blind eye to their customers’ real intentions. Further information on this practice can be found in the Q3 report..."
> http://hostexploit.com/downloads/viewdownload/7/32.html

* http://www.google.com/safebrowsing/diagnostic?site=AS:33626
"... over the past 90 days, 3 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 3 site(s) on this network... that appeared to function as intermediaries for the infection of 4 other site(s)... We found 443 site(s)... that infected 8141 other site(s)..."
** http://www.google.com/safebrowsing/diagnostic?site=AS:47583
"... over the past 90 days, 973 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 99 site(s) on this network... that appeared to function as intermediaries for the infection of 467 other site(s)... We found 99 site(s)... that infected 685 other site(s)..."