Tag Archives: computing

[ISN] How to secure containers and microservices

www.infoworld.com/article/3029772/cloud-computing/how-to-secure-containers-and-microservices.html By Jim Reno InfoWorld.com Feb 4, 2016 A few weeks ago on a Saturday morning I tried to pay a medical bill online and received the following message: Sorry! In order to serve you better, our website will be down for scheduled maintenance from Friday 6:00 PM to Sunday 6:00 PM. OK, I get it. Stuff happens. However, the following week I was greeted with the same message. Two weekends in a row means 48 hours of downtime over two weeks. Even if that’s the only downtime for the year, that means an availability of 98.9 percent




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cloud security roadmap essential for healthcare as off-site threats persist, experts say

www.healthcareitnews.com/news/cloud-security-roadmap-essential-healthcare-site-threats-persist-experts-say By Jack McCarthy Health IT News January 28, 2016 The onset of cloud computing brought with it an information technology revolution, allowing organizations to have their IT resources hosted off site, reducing their costs and simplifying operations. Unfortunately, the move to the cloud did not mean organizations could forget about requirements for a successful security profile. Healthcare organizations making the move to a cloud-centric strategy can’t lower their guard on security defenses, said Chris Bowen, founder and chief privacy and security officer of ClearDATA, a healthcare cloud computing company. “People may think that by offloading security responsibility to the cloud, they won’t have to worry, but that’s not the case,” Bowen said. “We know that threats exist in the cloud.” Bowen will discuss this issue at HIMSS16 along with J. Gary Seay, senior vice president and CIO of Community Health Systems, Bowen will give a presentation entitled, “Developing a Cloud Security Roadmap.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] U.S. government wants in on the public cloud, but needs more transparency

www.computerworld.com/article/3006360/security/us-government-wants-in-on-the-public-cloud-but-needs-more-transparency.html By Blair Hanley Frank IDG News Service Nov 18, 2015 The federal government is trying to move more into the cloud, but service providers’ lack of transparency is harming adoption, according to Arlette Hart, the FBI’s chief information security officer. “There’s a big piece of cloud that’s the ‘trust me’ model of cloud computing,” she said during an on-stage interview at the Structure conference in San Francisco on Wednesday. That’s a tough sell for organizations like the federal government that have to worry about protecting important data. While Hart said that the federal government wants to get at the “enormous value” in public cloud infrastructure, its interest in moving to public cloud infrastructure is also tied to a need for greater security. While major providers like Amazon and Microsoft offer tools that meet the U.S. government’s regulations, not every cloud provider is set up along those lines. In Hart’s view, cloud providers need to be more transparent about what they do with security so the government and other customers can verify that their practices are sufficient for protecting data. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ProtonMail taken down by ‘extremely powerful DDoS attack’

www.computing.co.uk/ctg/news/2433469/protonmail-taken-down-by-extremely-powerful-ddos-attack By John Leonard computing.co.uk 05 Nov 2015 ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday November 3rd by what the company describes as an “extrememly powerful DDoS attack”. At time of writing the service was still offline. Writing in a blog, CEO Andy Yen says: “The attackers began by flooding our IP addresses. That quickly expanded to the datacenter in Switzerland where we have our servers. In the process of attacking us, several other tech companies and even some banks were knocked offline temporarily.” Yen continues: “Despite our best efforts, we have been unable to stop the attack but we are working non-stop to get back online.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?

arstechnica.com/security/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/ By Dan Goodin Ars Technica Oct 20, 2015 The cost and time required to break 512-bit RSA encryption keys has plummeted to an all-time low of just $75 and four hours using a recently published recipe that even computing novices can follow. But despite the ease and low cost, reliance on the weak keys to secure e-mails, secure-shell transactions, and other sensitive communications remains alarmingly high. The technique, which uses Amazon’s EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service. It’s the latest in a 16-year progression of attacks that have grown ever faster and cheaper. When 512-bit RSA keys were first factored in 1999, it took a supercomputer and hundreds of other computers seven months to carry out. Thanks to the edicts of Moore’s Law—which holds that computing power doubles every 18 months or so—the factorization attack required just seven hours and $100 in March, when “FREAK,” a then newly disclosed attack on HTTPS-protected websites with 512-bit keys, came to light. In the seven months since FREAK’s debut, websites have largely jettisoned the 1990s era cipher suite that made them susceptible to the factorization attack. And that was a good thing since the factorization attack made it easy to obtain the secret key needed to cryptographically impersonate the webserver or to decipher encrypted traffic passing between the server and end users. But e-mail servers, by contrast, remain woefully less protected. According to the authors of last week’s paper, the RSA_EXPORT cipher suite is used by an estimated 30.8 percent of e-mail services using the SMTP protocol, 13 percent of POP3S servers. and 12.6 percent of IMAP-based e-mail services. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers give up when they go up against this cybersecurity company

http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ By Robert Hackett @rhhackett Fortune.com July 29, 2015 It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year. CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled. CrowdStrike’s reputation precedes it. The company, founded in 2011 and based in Irvine, Calif., has gone toe-to-toe with some of the world’s most sophisticated state-sponsored hacking groups. The firm analyzed the data behind the breaches of millions of sensitive records at the Office of Personnel Management, the federal agency responsible for human resources, in what may have been the biggest act of cyberespionage the U.S. has ever seen. It has published threat reports on many of the more than 50 adversaries it tracks, which include the likes of Ghost Jackal (the Syrian Electronic Army), Viceroy Tiger (an Indian intruder), and Andromeda Spider (a criminal coterie). Between 2013 and 2014 its revenue grew 142% and its customer base more than tripled, two reasons Google Capital GOOG 0.63% , the tech giant’s growth equity arm, led a $100 million investment in CrowdStrike in July, its first ever for a computer security company. Kurtz used to travel hundreds of thousands of miles a year as CTO of McAfee, now called Intel Security INTC 0.17% , to meet with beleaguered customers. It struck him that they did not need more anti-malware and antivirus products, the traditional realm of information security, so much as software oriented toward tradecraft and technique, the domain of cyberspies. Co-founder and CTO Dmitri Alperovitch, then McAfee’s head of threat intelligence, agreed. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Security Experts Hack Teleoperated Surgical Robot

http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot/ MIT Technology Review Emerging Technology From the arXiv April 24, 2015 A crucial bottleneck that prevents life-saving surgery being performed in many parts of the world is the lack of trained surgeons. One way to get around this is to make better use of the ones that are available. Sending them over great distances to perform operations is clearly inefficient because of the time that has to be spent travelling. So an increasingly important alternative is the possibility of telesurgery with an expert in one place controlling a robot in another that physically performs the necessary cutting and dicing. Indeed, the sale of medical robots is increasing at a rate of 20 percent per year. But while the advantages are clear, the disadvantages have been less well explored. Telesurgery relies on cutting edge technologies in fields as diverse as computing, robotics, communications, ergonomics, and so on. And anybody familiar with these areas will tell you that they are far from failsafe. Today, Tamara Bonaci and pals at the University of Washington in Seattle examine the special pitfalls associated with the communications technology involved in telesurgery. In particular, they show how a malicious attacker can disrupt the behavior of a telerobot during surgery and even take over such a robot, the first time a medical robot has been hacked in this way. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail