Security is one of the main obstacles to greater cloud adoption. When it gets right down to it: companies that own sensitive data are reluctant to release control of it to a third party without ample reassurance that it won’t be lost or stolen. Given that’s the case, the results from an analysis of Amazon’s cloud-based Simple Storage Service (S3) by the security firm Rapid7 won’t ease privacy and security fears surrounding cloud-based storage and applications. In that study, Rapid7 researchers surveyed 12,328 Amazon S3 “buckets” – virtual containers for stored data. The results: 1,951 of those buckets were publicly accessible – around 1 of every 6. Within those 2,000-odd public buckets were 126 billion (with a “B”) files. That’s right – 126 billion. The sheer amount of data was too large for Rapid7 to audit each file individually, so the company sampled 40,000 publicly visible files and found that […]
Search Results for "cloud"
The online storage and productivity service Evernote said that it does not believe that the hack of its network that exposed information on 50 million users relied on an exploit of a Java vulnerability, as did recent attacks on Twitter and Facebook. In an e-mail response to questions from The Security Ledger about the hack, Ronda Scott, an Evernote spokeswoman, said that the firm does not believe that the hack used the Java exploit attributed to the other attacks, but said it was still investigating the incident. “It’s premature for us to comment on the methods used, the specific systems affected and/or origin and motivation,” she wrote. She said the company first became aware of the “unusual and potentially malicious” activity within its online service on February 28 and began notifying Evernote users of the need to reset their password the next day, March 1st. Scott maintained that Evernote hasn’t […]
SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]
Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes. A post on the French-language web site Malekal.com on Thursday described what may be a nascent trend towards ‘plus size’ malware executables. In at least two cases in recent days, the forum has seen evidence of Trojan Dropper programs that deposit very large files – between 16 megabytes and 200 megabytes – on infected systems. In one case, the author discovered an exploit kit that deposited a very large file – around 16 megabytes- on infected systems. In a separate incident, he […]
Editor’s Note: Updated to include comment from Dawson CS Professor Simonelis. – PFR 1/22/2013 The expulsion of a 20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the ‘real world’ of application development. In the wake of news stories that have drawn attention to the case, Dawson’s faculty and administration have stood by their decision, saying that “hacking” of the type Ahmed Al-Khabaz was engaged in was an example of “unprofessional conduct” by a computer sciences engineer. This, even as private sector firms – including the company whose software Al-Khabaz exposed – have come forward with job offers and scholarships. Al-Khabaz was expelled in November by a school administration that looked askance at his security audits of a student portal web site dubbed “Omnivox,” accusing him of launching “SQL injection” attacks […]