Archive for the ‘Cloud Computing’ Category

Amazon EC2 cloud service hit by botnet, outage | Security – CNET News

December 26, 2009

Amazon EC2 cloud service hit by botnet, outage | Security – CNET News: ”

December 11, 2009 2:07 PM PST
Amazon EC2 cloud service hit by botnet, outage
by Lance Whitney
Font size
Print
E-mail
Share
15 comments

Share
5
The folks who run Amazon’s EC2 cloud service must be happy the week is nearly over.

The cloud-based EC2 (Elastic Compute Cloud) was kept jumping this past week by two incidents: a compromised internal service that triggered a botnet, and a data center power failure in Virginia.
On Wednesday, security researchers for CA found that a variant of the infamous password-stealing Zeus banking Trojan had infected client computers after hackers were able to compromise a site on EC2 and use it as their own C&C (command and control) operation.
Don DeBolt, Director of Threat Research for CA Internet “

(Via .)

Advertisements

Zeus bot found using Amazon’s EC2 as C&C server

December 9, 2009

Zeus bot found using Amazon’s EC2 as C&C server: “

Clouds on Mount Olympus

Add Amazon’s EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs.…

(Via The Register – Security.)

Service cracks wireless passwords from the cloud

December 7, 2009

Service cracks wireless passwords from the cloud: “

135 million words in 20 minutes

A security researcher has unveiled a low-cost service for penetration testers that tests the security of wireless networks by running passwords against a 135-million-word dictionary.…

What is your recession sales strategy?

(Via The Register.)

Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

November 27, 2009

Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR: ”
ELECTRIC ALCHEMY
INFORMATION SECURITY

FRIDAY, OCTOBER 30, 2009

Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
Cloud Computing has enabled some interesting projects:  undertakings that wouldn’t have been attempted without the cheap, flexible, easy to provision and simple to release computing power that ‘cloud’ delivers.

The New York Times used Amazon EC2 and S3 to create PDF’s of 15M scanned news articles.  NASDAQ  uses Amazon S3 to deliver historical stock information.  We recently tapped into the power of the cloud to perform brute force password cracking attacks which simply aren’t feasible using traditional IT infrastructure.

We at EA are ‘pro-cloud’ and have been assessing the security of various incarnations of cloud for some time now.  However, until recently we had not had an opportunity to leverage the massive scalability that cloud promises.  That changed a few months ago when we were approached by a client who needed several PGP ZIP archives decrypted thr”

(Via .)

Cloud Computing Risk Assessment — ENISA

November 23, 2009

Cloud Computing Risk Assessment — ENISA

Cloud Computing Risk Assessment

ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Futur”

Google shares malware samples with hacked site admins

October 13, 2009

Google shares malware samples with hacked site admins: “

Seeing is believing

Google has rolled out a feature that provides webmasters of compromised sites with samples of malicious code and other detailed information to help them clean up.…

Offloading malware protection to the cloud

(Via The Register – Security.)

Bitbucket’s Amazon DDoS – what went wrong

October 12, 2009

Bitbucket’s Amazon DDoS – what went wrong: “Bitbucket’s Amazon DDoS – what went wrong”

(Via The Register.)

University Research Exposes Potential Vulnerabilities In Cloud Computing

September 30, 2009

University Research Exposes Potential Vulnerabilities In Cloud Computing: “‘Cross-VM attacks’ could threaten sensitive data in cloud computing environments, researchers say”

(Via Dark Reading – The Business of IT Security.)

Security challenges with cloud computing services

September 30, 2009

Security challenges with cloud computing services: “Panel discusses cloud computing security issues including encryption and user authentication.

(Via SearchSecurity: Security Wire Daily News.)

The U.S. Patriot Act has an impact on cloud security

September 30, 2009

The U.S. Patriot Act has an impact on cloud security: “Cloud security includes the obligation to meet regulations about where data is actually stored, something that is having unforeseen consequences for U.S. firms trying to do business in Canada.”

(Via Network World Security Feed.)