I came across an interesting article reported by The Register. In a survey, half of companies will still have Windows Server 2003 somewhere in their environment
All about Virtualization and Cloud Security | Recent Articles:
Securing endpoints has always required balancing context and isolation. Context is about knowing what is happening within an endpoint, while isolation is about the security mechanism being separated from the endpoint that it is protection.
While rare, every now and then, major cloud providers such as Amazon must ponder interrupting service to reboot parts of their environments. It is a curious thing, and leads to asking, “Why?”
Not long ago, I presented a webinar on BrightTalk about cloud and BYOD (Bring Your Own Device). In it I discuss how users have myriad options that are outside the control of IT groups – shadow IT. That end-users are using applications powered by public cloud computing isn’t surprising. Most of us, at one point or another, have used web mail to move a file, Evernote to jot-down thoughts, or DropBox to share files.
Anthem, one of the largest health insurers in The United States, has announced they have been breached. The company has created the web site http://www.anthemfacts.com/ giving a brief outline of events. While short on details, the Anthem notes, “Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."
It is no secret virtualization technology is changing the datacenter landscape. The agility, flexibility, and overall operational benefits are myriad, and conversations about the return on investment in virtualization have, for the most part, long-since been concluded. However, as with many wide changes in computing, conversations about security implications tend to lag behind. For security professionals, increasing agility can also mean introducing new areas of concern; agility can create fragility.
A short while ago, Amazon announced a new offering called Aurora. In a nutshell, Aurora is a MySQL database engine wrapped as a service. It’s relatively cheap, and Amazon handles the nitty-gritty of the thing.
It begs the question, why does it matter? As Amazon declares, it’s the fifth SQL database engine that they have made available. So, why the big deal? It is a big deal because it says quite a bit about how Amazon operates.
First, let’s have a look at the product page:
“Amazon Aurora provides up to five times better performance than MySQL at a price point one tenth that of a commercial database while delivering similar performance and availability.”
The National Small Business association published a report, the “2013 Small Business Technology Survey”. While it contains interesting information, one particular quote stood-out for me.
“Not surprising, there was a huge jump in small firms utilizing cloud computing. In 2010, it was just five percent—today, 43 percent are on the cloud.”
1) They understand what they are doing
Herding a botnet isn’t easy these days. The people doing it understand that it is decidedly illegal to run malicious software on computers that are owned by others. They are professionals; where there’s money, there is dedicated will. Over the years, we have observed that the business of malware has gone from creating nuisance software (almost accidental attacks) to stealthy, sophisticated networks of compromised systems.
What this is:
A method to compromise communication encrypted by SSL v3 (meaning: access secure cookies, thereby gaining access to session information)
What this is not:
A direct method of compromising endpoints
What is required:
A node capable of intercepting traffic between two nodes; a “bump on the wire”
The nodes at each end (client and server) are willing to fall-back to SSL v3
If you are running systems that maintain SSL 3.0 compatibility, you are advised to define a Signaling Cipher Suite Value (SCSV) to prevent unintended protocol downgrades between clients and servers when both parties support a higher version of the protocol.
Disabling fallback to lower protocols is different from operating system to operating system. Here are some guidelines for the most frequently used webservers:
If you’ve had a few spare moments to peruse the news, and happen to do so with an eye toward IT, you’ll have heard about Shellshock. As with many a vulnerability, there are many questions, and in this post I hope to answer some.
What is the problem?
Bash (Bourne-again Shell) is a command line interpreter packaged with most Unix variants. It’s quite handy for running commands, especially when invoked from scripts. The vulnerability roughly relates to how Bash parses environment variables (used to set the context of commands). The vulnerability allows someone entering environment variables to insert arbitrary code. Instead of just setting the context of execution, Bash executes the injected commands.