Cloud Security Authors: Pat Romanski, Elizabeth White, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security

Cloud Security: Blog Feed Post

CTO Security Round-Up

Round-up of recent developments in the security space

Round-up of recent developments in the security space.

600,000+ Mac Computers Infected

While this kind of activity wouldn’t rouse much attention from those esconced in WinTel (Windows and Intel) architechures, it is much less common for Mac users to be impacted by infections on this scale so quickly.  The infection, called Flashback, is installed via a Java vulnerability (CVE 2012-0507) which was patched in February by Oracle.

Apple purportedly denied Oracle the ability to directly patch it’s Macs and only recently released the Java update this week, meaning that the window of infection for Mac users was about 50 days.  This is a long gap for those defending against the infection, which has now spread to over 600,000 users with what looks like an intent to create a botnet.

Read More
How to Remove

Facebook Mobile Security Vulnerability:

When you authenticate against a service, you are typically provided something called a token.  A token is typically a long, hard-to-guess string of letter and numbers which uniquely identifies you to the system, and prevents you from having to submit your username and password every time you want to interact with the system.  It is a convenience.  Tokens become a security vulnerability, however, when they are stolen in order to allow someone to masquerade as you (for a period of time until you logout).  Tokens should not be stored in plain text if possible.

Unfortunately, this is exactly what Facebook mobile does for it’s mobile application on iOS and Android — it stores the token in plaintext and the permissions of the file are such that they allow other applications to read from it.  More concerning is that even if this is fixed, the way that the token is used by games that leverage facebook means that specific game applications could be leaving the token in plain sight as well.

Facebook is reportedly working on a fix that will secure the token from rouge applications or USB downloading (the finder of the vulnerability has written code to steal tokens automatically from iOS devices) but hasn’t yet released a fix for this.  It may only be a matter of time before we see some Android malware varients geared to take advantage of this to threaten Facebook users and applications which use its services for authentication.

Read more

Anonymous Strikes Chinese Government:

Anonymous has targeted the Government of the Peoples Republic of China and successfully defaced ~500 websites this week as part of a campagine to educate Chinese users on how to subvert goverment censorship of the internet.  Anonymous has often targeted NGO and Governmental organizations alike for censorship, and it is likely that we will see this campagin continue and expand.  China, like the United States, has many governmental organizations with web presences that are likely untested, soft targets for hackers.

Read More

Anonymous #OPGLOBO Begins

This week Brazilian hackers affiliated with Anonymous began hammering Brazilian media empire Globo for its history of and current censorship and strong governmental ties.  Hackers quickly enumerated the many domains and subdomains owned by the company and launched a variety of attacks against them including scripting injection fuzzing and distributed denial of service.  At the time of writing, several sites owned by Globo are so slow as to be unusable and attacks are still occurring.

Read More

New Cybersecurity Bill Working Through Congress:

The Cyber Intelligence Sharing and Protection Act or CISPA for short is a bill introduced to Congress which is designed to make computer security laws easier to enforce by allowing ISP’s and security companies to more easily collect information on and share information about computer security both with each other and especially with Uncle Sam.

Already portions of Internet communities are in unrest about this bill because of its ability to indemnify information collection and sharing by and to private companies and the subversion of many privacy laws.  Proponents of the bill argue that this information is needed to slow the flood of stolen intellectual property flowing out of the United States on a daily basis.

Some proponents of this bill include companies such as IBM, Intel, and Facebook, but we saw similar corporate sponsorship of other wildly unpopular bills in their early days as well, so that really doesn’t mean much.

You can read the full text of the bill here
And a fairly impartial presentation of the bill here

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Where many organizations get into trouble, however, is that they try to have a broad and deep knowledge in each of these areas. This is a huge blow to an organization's productivity. By automating or outsourcing some of these pieces, such as databases, infrastructure, and networks, your team can instead focus on development, testing, and deployment. Further, organizations that focus their attention on these areas can eventually move to a test-driven development structure that condenses several l...
The graph represents a network of 1,329 Twitter users whose recent tweets contained "#DevOps", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18,000 tweets. The network was obtained from Twitter on Thursday, 10 January 2019 at 23:50 UTC. The tweets in the network were tweeted over the 7-hour, 6-minute period from Thursday, 10 January 2019 at 16:29 UTC to Thursday, 10 January 2019 at 23:36 UTC. Additional tweets that were mentioned in this...
Over the course of two days, in addition to insightful conversations and presentations delving into the industry's current pressing challenges, there was considerable buzz about digital transformation and how it is enabling global enterprises to accelerate business growth. Blockchain has been a term that people hear but don't quite understand. The most common myths about blockchain include the assumption that it is private, or that there is only one blockchain, and the idea that blockchain is...
Never mind that we might not know what the future holds for cryptocurrencies and how much values will fluctuate or even how the process of mining a coin could cost as much as the value of the coin itself - cryptocurrency mining is a hot industry and shows no signs of slowing down. However, energy consumption to mine cryptocurrency is one of the biggest issues facing this industry. Burning huge amounts of electricity isn't incidental to cryptocurrency, it's basically embedded in the core of "mini...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...