Consumer Security on the web, information to assist you in practicing safe computing
ZDNet
With all the cloud hype, it’s sometimes easy to forget that “clouds” are just a bunch of servers located in datacenters — whether they be customers’ own, hosters’, or tech vendors’ datacenters.
On January 17, Microsoft will highlight that fact by positioning its new System Center 2012 system-management bundle as key to managing both private and public clouds.
{ 0 comments }
May 11, 2011
REQUEST FOR INVESTIGATION AND COMPLAINT FOR INJUNCTIVE RELIEF
SUMMARY
1. Dropbox has prominently advertised the security of its “cloud” backup, sync
and file sharing service, which is now used by more than 25 million
consumers, many of whom “rely on Dropbox to take care of their most
important information.”12. Dropbox does not employ industry best practices regarding the use of
encryption technology. Specifically, Dropbox’s employees have the ability to
access its customers’ unencrypted files.3. Dropbox has and continues to make deceptive statements to consumers
regarding the extent to which it protects and encrypts their data.4. Dropbox’s customers face an increased risk of data breach and identity theft
because their data is not encrypted according to industry best practices.5. If Dropbox disclosed the full details regarding its data security practices,
some of its customers might switch to competing cloud based services that
do deploy industry best practices regarding encryption, protect their own
data with 3rd party encryption tools, or decide against cloud based backups
completely.6. Dropbox’s misrepresentations are a Deceptive Trade Practice, subject to
review by the Federal Trade Commission (the “Commission”) under section 5
of The Federal Trade Commission Act.
http://www.wired.com/images_blogs/threatlevel/2011/05/dropbox-ftc-complaint-final.pdf [PDF]
The Dropbox Blog
Updated 5/16/2011: added new section 7 (Talking about security). No other text was changed.
Hi Dropboxers,
Like many of you, we’ve been reading the reports about a change we made to our Terms of Service, and more generally about Dropbox’s approach to privacy and security.
Everyone who works at Dropbox knows our most important asset is the trust of our users. Dropbox is used by millions of people every day, including our own friends and families, and we promise them — and all of you — that we work hard to keep your most important data safe, secure, and private.
In this post, we’d like to go through each of the concerns that has been raised, and provide you with answers that we hope you feel are complete, transparent, and straightforward. We also provide detail on specific technical concerns. We look forward to your feedback, and will continue to strive to make our policies as easy to understand as Dropbox is to use. Our goal is to have an open and honest relationship with you so that we can address all of these issues quickly and effectively.
PCWorld: Dropbox Speaks Out on Data Security Controversy
{ 0 comments }
Microsoft Malware Protection Center
The Microsoft Malware Protection Center has been tracking a recent threat that attacks cloud-based antivirus technology provided by popular major antivirus software vendors in China. The malware is named Win32/Bohu (TrojanDropper:Win32/Bohu.A).
The Bohu malware is native to the China region. Bohu attracts user installation by social engineering techniques, for example, using attractive file names and dropping a fake video player named “Bohu high-definition video player”. The more interesting part of Bohu is that the malware blocks cloud-based services now commonly featured in major Chinese antivirus products. Specifically, Bohu uses a number of different techniques in order to attempt to thwart Cloud-based AV technologies.
Cloud-based virus detection generally works by client sending important threat data to the server for backend analysis, and subsequently acquiring further detection and removal instruction. The process can take seconds to minutes, and is designed to remove malware not handled by the traditional on-the-box signature approach.
Bohu tries to sever the communication between cloud client and server, and constantly modify file content of its components, in order to evade detection from cloud-based scanning. Bohu is part of the first wave of malware that specifically targets cloud-based antivirus technology.
Jingli Li, Zhitao Zhou
http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx
http://www.networkworld.com/news/2011/011811-study-cloud-breaches-show-need.html
{ 0 comments }
Researchers with HCL Technologies, a contractor performing security research for CA, spotted the password stealer Zeus (Zbot) using a hacked server on Amazon’s Elastic Compute Cloud (EC2) services to run a botnet command and control center.
The hacked website was contacted and the Zeus malware removed.
CA Security Advisor Research Blog:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
Hat tip: Sunbelt Blog
{ 0 comments }
This work by http://certifiedbug.com/blog/ is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License
Quoted material is © of original author
