News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 20, 2014, 14:39:29
Pages: [1] 2 3 4   Go Down
  Print  
Topic: Cloud computing episodes ...  (Read 19962 times)
0 Members and 1 Guest are viewing this topic.
« on: November 14, 2009, 07:33:21 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

"Cloud" abuse by the dark side...
- http://cloudsecurity.trendmicro.com/paas-and-the-dark-side/
Nov 10, 2009 - "The public cloud holds tremendous possibilities for goodness in lowering computing costs and increasing flexibility, but the dark side of the world is always ready to take advantage of cloud delivery models like Platform-as-a-Service (PaaS). Arbor Networks recently spotted* a Google AppEngine Platform-as-a-Service application being used for Command and Control (CnC) for a botnet... Google promptly took down the application, but the event raises some interesting issues... It does not take a fertile imagination to see bad guys going from using PaaS to manage their malware to applying knowledge to go after IaaS applications..."
* http://asert.arbornetworks.com/2009/11/malicious-google-appengine-used-as-a-cnc/
November 9, 2009 - "... the site hosting the second stage malware has been contacted for takedown, as well.
UPDATE Google has confirmed the malicious AppEngine is now down..."

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: September 23, 2010, 15:11:28 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

- http://www.f-secure.com/weblog/archives/00002036.html
September 23, 2010 - "... it feels quite unpleasant when something like yesterday's attacks happen*. Suddenly a service we've started to rely on is out of order - because of some stupid worm? One moment you're catching up with the latest Tweets, and suddenly you've somehow resent a viral message to all of your followers. And the antivirus program you've bought won't help you. No matter how hard you scan your system, there's nothing there. The worm isn't on your computer: it's on some Twitter server farm in some data center somewhere. This is part of what we call the cloud. Once we start to use cloud services more and more, we also give up the control of our data. If you have your documents on your computer, you can encrypt and secure them. If you store them on a cloud service, you have to hope that someone else does it for you..."
* http://www.f-secure.com/weblog/archives/00002034.html

 Shocked
« Last Edit: October 21, 2010, 05:01:10 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: October 21, 2010, 05:02:23 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Cloud "security challenges"...
- http://www.net-security.org/secworld.php?id=10027
21 October 2010 - "IBM unveiled a new security initiative focused on making cloud computing safer. IBM aims to help both users and providers of cloud computing more easily navigate security challenges* through new cloud security planning and assessment services, managed services to help clients secure their clouds, and the introduction of several technology innovations. According to an IBM study, cloud computing raised serious concerns among respondents about the use, access and control of data: 77 percent of respondents believe that adopting cloud computing makes protecting privacy more difficult; 50 percent are concerned about a data breach or loss; and 23 percent indicate that weakening of corporate network security is a concern. As the study illustrates, businesses see the promise of the cloud model, but security remains an inhibitor to adoption..."
* http://www.net-security.org/article.php?id=1489
___

- https://www.sans.org/newsletters/newsbites/newsbites.php?vol=12&issue=88#sID305
Nov. 3/4, 2010 - "... make sure the SLAs from your cloud or software as a service provider do -not- have DDoS loopholes. Cloud-based services need to be able to mitigate DDoS attacks the same way that they have to have back up power to handle power outages..."
___

- http://technet.microsoft.com/en-us/dd162324.aspx
October 2010 - "... attackers have been creating their own cloud “services” via botnets for some time now..."
___

Cloud computing underwhelms...
- http://www.infoworld.com/d/cloud-computing/cloud-computing-underwhelms-php-developers-082
November 02, 2010

 Neutral
« Last Edit: November 06, 2010, 03:53:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: November 23, 2010, 05:47:30 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Cloud security... -where- is your data?
- http://news.cnet.com/8301-19413_3-20023507-240.html
November 22, 2010 - "... regardless of the technical and organizational realities, there is one element that is completely out of the control of both the customer and cloud provider that makes public cloud an increased risk: the law. Ignoring this means you are not completely evaluating the "security" of potential deployment environments. There are two main forms of "risk" associated with the law and the cloud. The first is explicit legal language that dictates how or where data should be stored, and penalties if those conditions aren't met. The EU's data privacy laws are one such example. The U.K.'s Data Protection Act of 1998 is another. U.S. export control laws... The "risk" here is that the cloud provider may not be able to guarantee that where your data resides, or how it is transported across the network, won't be in violation of one of these laws. In IaaS, the end user typically has most of the responsibility in this respect, but PaaS and SaaS options hide much more of the detail about how data is handled and where it resides. Ultimately, it's up to you to make sure your data usage remains within the bounds of the law; to the extent you don't control of key factors in public clouds, that adds risk..."

 Question
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #4 on: December 17, 2010, 10:06:20 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Recent Email Breaches Demonstrate Cloud Breach Ripple Effect
- http://www.darkreading.com/taxonomy/index/printarticle/id/228800672
Dec 15, 2010 - "The recent breach exposing McDonald's customer information was the result of a widespread series of spear-phishing attacks against email service providers that have been under way for about a year and are under investigation by the FBI... The ripple effect on McDonald's and Walgreens' customer data emerged only during the past week. The hacks underline the potential peril and headache to an enterprise when its cloud provider gets hacked... The hack against Gawker that exposed passwords of more than 1 million users also led to other cloud providers, like LinkedIn, to reset any passwords associated with the attack as a precaution... Expect more of these cloud attacks that affect multiple organizations and victims..."

- http://www.scmagazineus.com/exposed-mcdonalds-data-may-be-linked-to-third-party/article/192885/
December 15, 2010 - "The recent theft of customer information belonging to McDonald's is thought to be part of a larger security breach that may affect more than 105 companies that contract with Atlanta-based email marketing services firm Silverpop Systems... The incidents underscore the importance of ensuring all sensitive data — whether stored internally or with a third-party — is secure... fewer than 10 percent of databases contain security controls."

 Shocked
« Last Edit: December 18, 2010, 10:16:44 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #5 on: December 24, 2010, 00:23:09 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

MS BPOS cloud service hit with data breach
- http://www.computerworld.com/s/article/9202078/Microsoft_BPOS_cloud_service_hit_with_data_breach
December 22, 2010 - "Company data belonging to customers of Microsoft's hosted business suite BPOS has been accessed and downloaded by other users of the software. The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite... "We recently became aware that, due to a configuration issue, Offline Address Book information for Business Productivity Online Suite (BPOS) Standard customers could be inadvertently downloaded by other customers of the service, in a very specific circumstance," said Clint Patterson, director of BPOS Communications at Microsoft. The data breach occurred in Microsoft data centers in North America, Europe and Asia. The issue was resolved within two hours of being discovered, Microsoft said in a statement. However, during this time "a very small number" of illegitimate downloads occurred. "We are working with those few customers to remove the files," Patterson said. This Offline Address Book contains an organization's business contact information for employees. It is stored on a server hosted by Microsoft as part of Exchange Online but can be downloaded for offline access. It does not contain Outlook personal contacts, e-mail, documents or other types of information, Microsoft stressed... BPOS includes Exchange Online, SharePoint Online, Office Communications Online and Office Live Meeting. In October, Microsoft outlined the next version of BPOS, called Office 365, intended to be a full-fledged option to Google Apps and other cloud-based suites. Office 365 combines the collaboration and communication elements of BPOS with Office Web Apps and, alternatively, even with Office 2010."

 Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #6 on: December 28, 2010, 13:03:38 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Top 10 Cloud Stories Of 2010
- http://www.informationweek.com/news/galleries/software/soa_webservices/showArticle.jhtml?articleID=228800741&cid=iwk-slide-last-featured
12/24/2010 - "Everybody's head was in the cloud, or so it seemed in 2010. Both well established and startup vendors developed solutions and strategies designed to extend their reach or provide entry into this booming market. After all, IDC estimated the cloud market will be worth $55 billion by 2014; Gartner predicted the cloud world could be valued at $148 billion at that time*..."

* http://www.gartner.com/it/page.jsp?id=1389313

Windows 8 will be cloud-based...
- http://windows8beta.com/2010/03/windows-8-will-be-a-cloud-based-os

 Shocked
« Last Edit: December 28, 2010, 14:58:32 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #7 on: December 31, 2010, 03:17:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Criminals host trojans on Cloud Storage Service Rapidshare
- http://www.eweek.com/c/a/Security/Criminals-Host-Trojans-on-Cloud-Storage-Service-Rapidshare-339725/
2010-12-30 - "Spammers are using cloud-based storage services to store malware, allowing them to circumvent e-mail spam filters, according to security experts at Kaspersky Lab and MX Lab. Kaspersky Lab detected the click-fraud Trojan, a variant of the Trojan-Dropper.Wind32.Drooptroop family, which has been in circulation since the beginning of December, said Vicente Diaz, a Kaspersky Lab expert. There are over 7,000 variants of this particular family, according to Kaspersky. As with other types of malware that took advantage of the holiday season, the executable file for this Trojan was named gift.exe, Diaz said. The security firm detected more than 1,000 infections using this technique to distribute this variant, according to Diaz. The Trojan is stored on Rapidshare, a cloud-based file-sharing and storage service. The spam messages that users receive in their Inbox have no text, just a single link pointing to a valid Rapidshare URL. These messages get past spam filters because there are no malicious files attached, the domain name is not considered a “bad” one, and executables hosted on Rapidshare aren’t automatically classified as a threat, said Diaz. There was also a recent fake antivirus spam campaign that included a Rapidshare link pointing to surprise.exe, according to security firm MX Lab. The executable file downloads and installs the fake AV Security Shield on the user’s computer, which runs after the computer is rebooted. Once downloaded, there’s no guarantee that authentic antivirus products will detect these Trojans. According to MX Lab, only 16 of the 43 major antivirus products detected surprise.exe as a Trojan or as fake AV..."

- http://www.securelist.com/en/blog/11103/Malware_in_the_cloud

- http://blog.mxlab.eu/2010/12/14/malware-distrubution-on-rapidshare-surprise-exe/

The year of the cloud ...
- http://www.infoworld.com/d/cloud-computing/what-you-need-know-about-the-year-the-cloud-888
December 30, 2010

 Evil or Very Mad
« Last Edit: December 31, 2010, 03:46:25 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #8 on: January 09, 2011, 09:42:46 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Top 5 Cloud Computing Predictions For 2011
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=228801016
Jan. 8, 2011 - "In the coming year, the cloud will reach milestones that critics said it never would: it will be certifiably secure for credit card transactions; able to host multiple virtual machine types in the same infrastructure; and easier to manage..."

 Question
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #9 on: January 12, 2011, 06:40:00 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Has Big Brother gone Global?
- http://isc.sans.edu/diary.html?storyid=10261
Last Updated: 2011-01-12 13:45:46 UTC - "... the Tunsinian Government may be harvesting or hacking information from Gmail accounts and or Facebook accounts. This goes to show the moment it is in the “cloud” it is no longer private. If you want something private, encrypt it. Most of us at the ISC follow the “front page” rule. If you write it, treat it like the information is on the front page of your national newspaper.
http://www.fastcompany.com/1715575/tunisian-government-hacking-facebook-gmail-anonymous
Going back to last year, the US National Security Agency considers their network untrustworthy.
http://www.net-security.org/secworld.php?id=10333 ..."

- http://dilbert.com/strips/comic/2011-01-07/

 Shocked
« Last Edit: January 16, 2011, 01:37:45 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #10 on: January 16, 2011, 10:41:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Dilbert, Dogbert, and "Cloud Computing"...
- http://dilbert.com/strips/comic/2011-01-07/?Page=2
"... You say "Cloud Computing" to an executive and their eyes glaze and they sign whatever PO you put in front of them. They have no idea what it is, but they have been told that they want it..."

 Sassified
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #11 on: January 19, 2011, 16:28:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Trojan built to disable cloud AV...
- http://www.itnews.com.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Jan 20, 2011 - "Microsoft has discovered a Trojan that aims to sever the connection between a device and the cloud antivirus (AV) service that is meant to protect it. The Bohu Trojan, which targets Windows machines, contains three main functions: evade detection, install a filter that blocks traffic between the device and service provider, and prevent the local installation from uploading data to the server. The attack appears to aim to knock out the additional layer of security that many antivirus companies have added to bolster defences and reduce the processing burden of ever-expanding signature databases. "Cloud-based virus detection generally works by client sending important threat data to the server for backend analysis, and subsequently acquiring further detection and removal instruction," Jingli Li and Zhitao Zhou of Microsoft Malware Protection Center wrote on the company's blog..."
* http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx

- http://www.theregister.co.uk/2011/01/20/chinese_cloud_busting_trojan/
20 January 2011

 Shocked
« Last Edit: January 21, 2011, 04:22:17 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #12 on: February 28, 2011, 09:10:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402




FYI...

Google wipes out Gmail settings and msgs...
- http://www.theinquirer.net/inquirer/news/2029271/google-wipes-gmail-accounts-messages
Feb 28 2011 - "COMPLAINTS ARE FLOODING IN to Google after some Gmail users woke up to find that their inboxes had been wiped clean of messages. A number of Gmail forum posters report that their messages, labels and settings have all been set back to default. The consensus is that it is a problem on Google's end, with many people deeply concerned because many of them use Gmail as their main email account... Google confirmed that there is a problem on the Google Apps dashboard. Engineers are busy working on the issue, with the affected accounts disabled... Already a major glitch for Google's cloud technology, this will be a horrendous public relations disaster if there is no backup system in place. The company is trying to sort this out quickly."

 Sad Questioning or Suspicious
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #13 on: March 01, 2011, 05:13:39 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Google: "software update" triggered loss...
- http://www.theinquirer.net/inquirer/news/2029569/google-update-triggered-gmail-loss
Mar 01 2011 - "... Google has confirmed that a storage software update was responsible for causing some Gmail users to lose access to their e-mail. Some Gmail users complained of losing e-mails, contacts, and folders. Google claimed that 0.29 per cent of the user base was affected by the problem but has since revised that figure to less than 0.02 per cent, or about 40,000 of the service's 200 million accounts. Ben Treynor, Google VP of engineering and site reliability czar, said sorry for the mess and said he expects to have the lost data restored soon. He said that the data was not completely lost and Google had restored most of it already... Users might be wondering how safe all this cloud computing lark really is if, as Google promises, all the data was backed up in different locations with the keys owned by people who have never met each other. Treynor said this is because in some rare instances software bugs can affect several copies of the data..."

 Shocked Neutral
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #14 on: April 30, 2011, 08:10:24 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Some Customer Data Permanently Destroyed in Amazon Cloud Crash
- https://www.sans.org/newsletters/newsbites/newsbites.php?vol=13&issue=34#sID200
April 29, 2011 - "... You can put your data in the cloud - it's getting it back that's the hard part..."
 
... Lessons to other cloud-based businesses.
- http://www.informationweek.com/news/cloud-computing/infrastructure/229402385?printer_friendly=this-page
April 28, 2011 - "... A note posted to the Amazon Services Health Dashboard April 24 said the three-day service outage will be fully explained in "a detailed post mortem." On April 27, AWS CTO Werner Vogels posted to his blog a 2010 letter that Amazon CEO Jeff Bezos wrote to shareholders, extolling AWS' technology innovation and commitment to customers..."
___

Amazon Web Services » Service Health Dashboard
Current Status: http://status.aws.amazon.com/
(Scroll down for 'Status History')
___

- https://www.computerworld.com/s/article/9216303/Amazon_cloud_outage_was_triggered_by_configuration_error
April 29, 2011 - "... Amazon posted updates, short and bulletin-like, throughout the outage, but what it offered in its postmortem* is entirely different. This nearly 5,700-word document includes a detailed look at what happened, an apology, a credit to affected customers, as well a commitment to improve its customer communications. Amazon didn't say explicitly whether it was human error that touched off the event, but hints at that possibility when it wrote that "we will audit our change process and increase the automation to prevent this mistake from happening in the future." The initial mistake, followed by the subsequent increase in network load, exposed a cascading series of issues, including a "re-mirroring storm" with systems continuously searching for a storage space..."
* http://aws.amazon.com/message/65648/

 Sad Frustrated
« Last Edit: April 30, 2011, 20:27:09 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1] 2 3 4   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.394 seconds with 19 queries.