65 replies to this topic

[AplusWebMaster]

FYI...

- http://www.f-secure....s/00002036.html
September 23, 2010 - "... it feels quite unpleasant when something like yesterday's attacks happen*. Suddenly a service we've started to rely on is out of order - because of some stupid worm? One moment you're catching up with the latest Tweets, and suddenly you've somehow resent a viral message to all of your followers. And the antivirus program you've bought won't help you. No matter how hard you scan your system, there's nothing there. The worm isn't on your computer: it's on some Twitter server farm in some data center somewhere. This is part of what we call the cloud. Once we start to use cloud services more and more, we also give up the control of our data. If you have your documents on your computer, you can encrypt and secure them. If you store them on a cloud service, you have to hope that someone else does it for you..."
* http://www.f-secure....s/00002034.html

- http://forums.whatth...=...st&p=610610

[AplusWebMaster]

FYI...

Cloud "security challenges"...
- http://www.net-secur...ld.php?id=10027
21 October 2010 - "IBM unveiled a new security initiative focused on making cloud computing safer. IBM aims to help both users and providers of cloud computing more easily navigate security challenges* through new cloud security planning and assessment services, managed services to help clients secure their clouds, and the introduction of several technology innovations. According to an IBM study, cloud computing raised serious concerns among respondents about the use, access and control of data: 77 percent of respondents believe that adopting cloud computing makes protecting privacy more difficult; 50 percent are concerned about a data breach or loss; and 23 percent indicate that weakening of corporate network security is a concern. As the study illustrates, businesses see the promise of the cloud model, but security remains an inhibitor to adoption..."
* http://www.net-secur...cle.php?id=1489

[terry1966]

security remains an inhibitor to adoption

and is why i can't see me ever using it for my data,

[Doug]

security remains an inhibitor to adoption

and is why i can't see me ever using it for my data,

Me too.
But I also dread developments of application software whose publishers may elect to deploy only via cloud.
If it comes to that, I'll revert to whatever old copies I have previously purchased. (even if I only purchased "the use" of them)

To me, my computer tower is a tool that I tend and maintain for best performance of tasks that are important to me.
I do not wish to be reduced to being the owner of a keyboard, mouse, screen and internet subscription though which I am allowed to access tools held and maintained only by others. Nope. Nope. Nope.

[AplusWebMaster]

The reasons for implementation of "cloud computing" are obvious cost reduction factors involved with data storage and handling. 'Looks good to the stockholders.

1a. What if your bank does it with your data?
1b. ... How would you know? Do they need your "authorization"?

2a. What if the IRS/SSA, etc. does it with your data?
2b. ... How would you know? Do they need your "authorization"?
___

- http://technet.micro...s/dd162324.aspx
October 2010 - "... attackers have been creating their own cloud “services” via botnets for some time now..."
___

- https://www.sans.org...issue=88#sID305
Nov. 3/4, 2010 - "... make sure the SLAs from your cloud or software as a service provider do -not- have DDoS loopholes. Cloud-based services need to be able to mitigate DDoS attacks the same way that they have to have back up power to handle power outages..."
___

Cloud computing underwhelms...
- http://www.infoworld...-developers-082
November 02, 2010

.

Edited by AplusWebMaster, 06 November 2010 - 05:51 AM.

[AplusWebMaster]

FYI...

Password cracking in the cloud
- http://www.computerw...ng_in_the_cloud
November 17, 2010 - "On-demand cloud computing is a wonderful tool for companies that need some computing capacity for a short time, but don't want to invest in fixed capital for long term. For the same reasons, cloud computing can be very useful to hackers - a lot of hacking activities involve cracking passwords, keys or other forms of brute force that are computationally expensive but highly parallelizable. For a hacker, there are two great sources for on-demand computing: botnets made of consumer PCs and infrastructure-as-a-service (IaaS) from a service provider. Either one can deliver computing-on-demand for the purpose of brute-force computation. Botnets are unreliable, heterogeneous and will take longer to "provision." But they cost nothing to use and can scale to enormous size; researchers have found botnets composed of hundreds of thousands of PCs. A commercial cloud-computing offering will be faster to provision, have predictable performance and can be billed to a stolen credit card... With the advent of cloud computing, like with any other technology, the bad guys have also found a new tool. When we consider the balance of risk and reward, the cost/benefit evaluation of a security control we have to consider the significantly lower cost of computing for everyone - attackers included. Passwords, wireless encryption keys, at-rest encryption and even old SSL algorithms must be reevaluated in this light. What you thought was "infeasible" may be well within the means of "average" hackers."

[Doug]

What you thought was "infeasible" may be well within the means of "average" hackers."

Uh-Oh!

[AplusWebMaster]

FYI...

Cloud security... -where- is your data?
- http://news.cnet.com...023507-240.html
November 22, 2010 - "... regardless of the technical and organizational realities, there is one element that is completely out of the control of both the customer and cloud provider that makes public cloud an increased risk: the law. Ignoring this means you are not completely evaluating the "security" of potential deployment environments. There are two main forms of "risk" associated with the law and the cloud. The first is explicit legal language that dictates how or where data should be stored, and penalties if those conditions aren't met. The EU's data privacy laws are one such example. The U.K.'s Data Protection Act of 1998 is another. U.S. export control laws... The "risk" here is that the cloud provider may not be able to guarantee that where your data resides, or how it is transported across the network, won't be in violation of one of these laws. In IaaS, the end user typically has most of the responsibility in this respect, but PaaS and SaaS options hide much more of the detail about how data is handled and where it resides. Ultimately, it's up to you to make sure your data usage remains within the bounds of the law; to the extent you don't control of key factors in public clouds, that adds risk..."

[AplusWebMaster]

FYI...

Recent Email Breaches Demonstrate Cloud Breach Ripple Effect
- http://www.darkreadi...le/id/228800672
Dec 15, 2010 - "The recent breach exposing McDonald's customer information was the result of a widespread series of spear-phishing attacks against email service providers that have been under way for about a year and are under investigation by the FBI... The ripple effect on McDonald's and Walgreens' customer data emerged only during the past week. The hacks underline the potential peril and headache to an enterprise when its cloud provider gets hacked... The hack against Gawker that exposed passwords of more than 1 million users also led to other cloud providers, like LinkedIn, to reset any passwords associated with the attack as a precaution... Expect more of these cloud attacks that affect multiple organizations and victims..."

- http://www.scmagazin...article/192885/
December 15, 2010 - "The recent theft of customer information belonging to McDonald's is thought to be part of a larger security breach that may affect more than 105 companies that contract with Atlanta-based email marketing services firm Silverpop Systems... The incidents underscore the importance of ensuring all sensitive data — whether stored internally or with a third-party — is secure... fewer than 10 percent of databases contain security controls."

Edited by AplusWebMaster, 18 December 2010 - 12:15 PM.

[AplusWebMaster]

FYI...

MS BPOS cloud service hit with data breach
- http://www.computerw...ith_data_breach
December 22, 2010 - "Company data belonging to customers of Microsoft's hosted business suite BPOS has been accessed and downloaded by other users of the software. The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite... "We recently became aware that, due to a configuration issue, Offline Address Book information for Business Productivity Online Suite (BPOS) Standard customers could be inadvertently downloaded by other customers of the service, in a very specific circumstance," said Clint Patterson, director of BPOS Communications at Microsoft. The data breach occurred in Microsoft data centers in North America, Europe and Asia. The issue was resolved within two hours of being discovered, Microsoft said in a statement. However, during this time "a very small number" of illegitimate downloads occurred. "We are working with those few customers to remove the files," Patterson said. This Offline Address Book contains an organization's business contact information for employees. It is stored on a server hosted by Microsoft as part of Exchange Online but can be downloaded for offline access. It does not contain Outlook personal contacts, e-mail, documents or other types of information, Microsoft stressed... BPOS includes Exchange Online, SharePoint Online, Office Communications Online and Office Live Meeting. In October, Microsoft outlined the next version of BPOS, called Office 365, intended to be a full-fledged option to Google Apps and other cloud-based suites. Office 365 combines the collaboration and communication elements of BPOS with Office Web Apps and, alternatively, even with Office 2010."

[Lee]

Looking ominous is the upcoming Cloud based W8 desktop "Wind".

http://www.neowin.ne...he-windows-8-ui

Cheers,
Lee

[remixedcat]

I would never trust my data "on the cloud"..... and sometimes cloud hosting isn't what it's cracked up to be either. Some cloud hosting providers are really giving you a glorified VPS and not a true cloud platform. The cloud thing has a lot of type to it.

[AplusWebMaster]

FYI...

Top 10 Cloud Stories Of 2010
- http://www.informati...e-last-featured
12/24/2010 - "Everybody's head was in the cloud, or so it seemed in 2010. Both well established and startup vendors developed solutions and strategies designed to extend their reach or provide entry into this booming market. After all, IDC estimated the cloud market will be worth $55 billion by 2014; Gartner predicted the cloud world could be valued at $148 billion at that time*..."

* http://www.gartner.c....jsp?id=1389313

Windows 8 will be cloud-based...
- http://windows8beta....-cloud-based-os

Edited by AplusWebMaster, 28 December 2010 - 04:57 PM.

[remixedcat]

Yep I heard about the windows 8 thing.

[AplusWebMaster]

FYI...

Criminals host trojans on Cloud Storage Service Rapidshare
- http://www.eweek.com...idshare-339725/
2010-12-30 - "Spammers are using cloud-based storage services to store malware, allowing them to circumvent e-mail spam filters, according to security experts at Kaspersky Lab and MX Lab. Kaspersky Lab detected the click-fraud Trojan, a variant of the Trojan-Dropper.Wind32.Drooptroop family, which has been in circulation since the beginning of December, said Vicente Diaz, a Kaspersky Lab expert. There are over 7,000 variants of this particular family, according to Kaspersky. As with other types of malware that took advantage of the holiday season, the executable file for this Trojan was named gift.exe, Diaz said. The security firm detected more than 1,000 infections using this technique to distribute this variant, according to Diaz. The Trojan is stored on Rapidshare, a cloud-based file-sharing and storage service. The spam messages that users receive in their Inbox have no text, just a single link pointing to a valid Rapidshare URL. These messages get past spam filters because there are no malicious files attached, the domain name is not considered a “bad” one, and executables hosted on Rapidshare aren’t automatically classified as a threat, said Diaz. There was also a recent fake antivirus spam campaign that included a Rapidshare link pointing to surprise.exe, according to security firm MX Lab. The executable file downloads and installs the fake AV Security Shield on the user’s computer, which runs after the computer is rebooted. Once downloaded, there’s no guarantee that authentic antivirus products will detect these Trojans. According to MX Lab, only 16 of the 43 major antivirus products detected surprise.exe as a Trojan or as fake AV..."

- http://www.securelis...re_in_the_cloud

- http://blog.mxlab.eu...e-surprise-exe/

The year of the cloud ...
- http://www.infoworld...r-the-cloud-888
December 30, 2010

Edited by AplusWebMaster, 31 December 2010 - 05:45 AM.