Has the Time Come for Cloud Insurance?
In the enterprise market much of the adoption for public cloud IaaS services so far has been driven by innovators and early adopters. One of the defining characteristics of these early adopters is their willingness to accept and manage risk. These risks can come in many forms, including technological, organizational, operational and financial. Financial risk [...]
Hacking Into The Indian Education System Reveals Score Tampering
Debarghya Das has a fascinating story on how he managed to bypass a silly web security layer to get access to the results of 150,000 ISCE (10th grade) and 65,000 ISC (12th grade) students in India. While lack of security and total ignorance to safeguard sensitive information is an interesting topic what is more fascinating [...]
KimDotCom
It’s very rare when an individual raises to the level that they are worth listening to. Steve Jobs was one of those people. Kim Dotcom may be another…I’m watching to see. He is certainly one of the most entertaining individuals of all time. From his hot-tub parties to his paratroopers descending from helicopters in a [...]
We Got Hacked, Now What?
Hopefully you really have a good answer for this. Getting hacked is no longer a distant probability; it’s a harsh reality. The most recent incident was Evernote losing customer information including email addresses and passwords to a hacker. I’m an Evernote customer and I watched the drama unfold from the perspective of an end user. [...]
Will Obama’s Cyber Warfare Policy Backfire?
Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council brings up an interesting thought about how diplomacy is shaping how we view cyber warfare. In an article over on usnews.com Mr. Healey brings up some interesting points about how we are approaching cyber warfare using a two-pronged approach. One approach is to [...]
Public Honeynet Data – Who are the top 20 hacking countries?
Public Honeynet Data – Who are the top 20 hacking countries? I could watch this site all day. In case you were wondering really wondering who the top hacker countries are, the German Alliance for Cyber Security has a dashboard display as to what is happening on 97 honeypots around the internet. It makes for [...]
Google Hacking Critical Infrastructure
This is where things on the internet get interesting. Google hacking critical infrastructure based on data from sites like ShodanHQ and others opens the door to further penetration of support systems. The more interesting part on this is that as these hacks were tested, the systems would only work well in Internet Explorer or relied [...]
Is security that complicated
I recently had to set up an account with a US Government web site. I had a dickens of a time picking a password. They had amazing rules: The first character needed to be a number. The password had to have at least 7 characters, but no more than 12. Only lower-case letters could be [...]
Mandiant and APT1 cyber warfare espionage
Hey wait, if we have screen video of hackers doing their work, doesn’t that mean we penetrated the hackers methods, processes, and other information resources? Sometimes I don’t think we are thinking clearly enough, as the fear mongering escalates for cyber warfare, and how we are all going to go through an electronic pearl harbour, [...]
Executive Order: Improving Critical Infrastructure Cybersecurity
Heck, we wouldn’t be bloggers, and we wouldn’t care about our industry, cloud or information security if we didn’t spend time reading this executive order and seeing what hidden neat treats there are in there. Overall I am impressed with this executive order as it looks like someone actually thought about it in the first [...]
Configuring an Amazon Web Services Security Group
Configuring an Amazon Web Services Security Group Security Groups are just like firewalls, you can set what you want to allow into your system or not on both public and private interfaces. Building out an Amazon Security Group is much like building out a firewall for your systems. You can have as many security groups [...]
More Proof That Shadow IT is a Growing Issue
When talking with organizations about how the cloud can help them, I’m often told that cloud has no place in their organization and they’re not using it in any way, shape or form. They also point to the perceived security risks that cloud brings as their #1 reason for not using any flavor of cloud. [...]
Kim Dot Com’s new Mega site has XSS Security Holes
Any new site, not just Mega is going to have security holes, and reports have surfaced in Twitter, Reddit, and over on ZDNet that Mega has a couple of persistent XSS security holes that are going to make users days a little bit harder. Beyond the crypto issues that you can read on ZDNet, persistent [...]
Sure Dropbox is Potentially Insecure, but Does it Matter?
It’s summertime down in my neck of the woods and that’s a good time to go out on a limb with a statement that might get people a little fired up. Bear with me on this one though… Over on GigaOm Barb Darrow has a good write up about the findings of a survey commissioned [...]
Understanding Shodan HQ for hacking and cyber warfare
Understanding Shodan HQ for hacking and cyber warfare Shodan HQ is probably one of the more interesting web sites that few people know about. Shodan scans the internet looking for devices that people have left unsecured or with default if any login information. Sometimes a web site just makes you happy, and Shodan has shown [...]
