UPDATE – With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they’re making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in.
Browsing Category: Cloud Security
Less than a day after Apple announced a new two-factor authentication to better protect Apple ID and iCloud accounts, the company was scrambling to fix another major security hole with its own password reset tool.
Apple has introduced a new two-factor authentication system designed to help protect users’ iTunes and App Store accounts and prevent attackers or unauthorized users from taking over users’ accounts. The system is similar to the one that Google has implemented for Gmail, utilizing verification codes sent via SMS.
The Web browser is the primary portal through which the vast majority of connected users access and interact with the Internet. Each browser has its own security and privacy settings and those settings have an enormous impact on the nature of the relationship between users’ data and the services they encounter online. Google’s Chrome browser has extensive, easy to navigate privacy settings that let users manage everything from digital certificates to location tracking to “Do Not Track” requests.
SAN JUAN, Puerto Rico – Dan Hubbard has lately been a regular face at a lot of big data meet-ups. He’s also often been the lone security face at these meet-ups, which are dominated by analytics, search, social media and advertising professionals. That may change soon for the CTO of DNS and security service provider OpenDNS, who announced today at the Kaspersky Security Analyst Summit that security researchers will have free access to a new tool called Umbrella Security Graph.
Of all the problems that entrepreneur Kim Dotcom has faced in the last decade, including several arrests, insider trading charges and even a raid on his New Zealand home involving black helicopters and dozens of agents in body armor, the criticism of the cryptography employed by his new Mega cloud-storage service would seem to be fairly low on the list. However, Dotcom is taking that criticism rather personally, if the €10,000 reward he’s offering to anyone who can break the service’s crypto is any indication.
Researchers from two U.S. universities have created a way to anonymously use cloud-based Web browsers to perform large-scale computing tasks – a feat that also demonstrates how hackers might secretly harness massive computing power to launch attacks.
Information systems and algorithms designed to personalize online search results will give attackers the ability to influence the information available to their victims in the coming years. Researchers, in turn, must seek ways to fortify these systems against malicious manipulation, according to the Emerging Cyber Threats Report 2013 [PDF], a report released ahead of yesterday’s Georgia Tech Cyber Security Summit 2012.
The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service (SecaaS) specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy off-premise Security Information and Event Management systems as they grow in popularity.
The Apache Software Foundation is warning users about a configuration problem in the open-source CloudStack platform that could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system.