«
Expand/Collapse
74 items tagged "cloud"
Related tags:
whitepaper [+],
video [+],
slides [+],
usa [+],
denial of service [+],
denial [+],
sophos [+],
marco slaviero [+],
hacks [+],
clobbering [+],
barracuda [+],
authors [+],
amazon [+],
wordpress [+],
weapon of mass destruction [+],
storage [+],
steam cloud [+],
steam [+],
service vulnerability [+],
scorm [+],
schlesinger [+],
read [+],
novell [+],
nicholas arvanitis [+],
michael anderson [+],
map [+],
manager [+],
jason schlesinger [+],
david bryan michael anderson tags [+],
darknet [+],
cross [+],
audio [+],
unauthorized data [+],
threat [+],
technical security [+],
storage service [+],
service [+],
security whitepaper [+],
security issues [+],
rapid evolution [+],
protection mechanisms [+],
problems [+],
presentation slides [+],
password [+],
owasp [+],
overview [+],
modeling [+],
michael smith [+],
lifting [+],
level security [+],
jack daniel tags [+],
jack daniel [+],
inner workings [+],
injection [+],
infrastructure [+],
ids [+],
hacking [+],
hackers [+],
grid [+],
grant bugher [+],
fog [+],
don [+],
definitions [+],
ddos [+],
david bryan [+],
cloud model [+],
chamber [+],
boston [+],
assessing [+],
application authors [+],
abu dhabi [+],
zdi [+],
wireless security [+],
weekend [+],
weapon [+],
wash [+],
verizon [+],
utm [+],
user [+],
use [+],
trend micro [+],
tool [+],
thing [+],
tag [+],
survey [+],
storing [+],
storage blocks [+],
standing committee [+],
socially [+],
sleep [+],
signs [+],
showcases [+],
share data [+],
sha [+],
session addresses [+],
see [+],
security suite [+],
security strategy [+],
security risks [+],
security responsibility [+],
security posture [+],
security models [+],
security groups [+],
security community [+],
security alliance [+],
sam [+],
safer use [+],
risk [+],
rich [+],
randolph barr [+],
radioactive particles [+],
pstn [+],
ps3 [+],
provider [+],
peltier coolers [+],
peltier [+],
password hashes [+],
particles [+],
particle [+],
panda [+],
owned [+],
night infomercials [+],
new paradigm [+],
network [+],
natural progression [+],
national [+],
multitouch [+],
mt cumulus [+],
mohammad akif [+],
mobile devices [+],
mobile [+],
mirror [+],
microsoft [+],
miami [+],
managing risk [+],
malaysia [+],
makes [+],
launches [+],
lands [+],
kenneth [+],
jeff [+],
itexpo [+],
internet [+],
information [+],
ibm [+],
hole [+],
high availability [+],
henry ford [+],
hand gestures [+],
hacker [+],
hack in the box [+],
google [+],
georgia institute of technology [+],
gain comfort [+],
flash [+],
firmware [+],
fine [+],
faster horses [+],
enum [+],
dont lose [+],
digital economy [+],
design elements [+],
design decisions [+],
demo [+],
day [+],
dave [+],
daniel burnham [+],
cybercriminals [+],
crypto [+],
cross site scripting [+],
cracking [+],
complete security [+],
commodity hardware [+],
code execution [+],
cloud chamber [+],
chemistry [+],
cdns [+],
bugtraq [+],
bsides [+],
brian donaghy [+],
austin [+],
atx power supply [+],
attackers [+],
atm [+],
arduino [+],
arbitrary code [+],
android [+],
amazon ec2 [+],
alex stamos [+],
addresses issues [+],
Wireless [+],
General [+],
security [+],
computing [+],
vulnerability [+]
-
-
6:01
»
Hack a Day
There’s a fine line between solving problems that don’t exist and solving problems that no one recognizes until a solution is found. The former shows up with housewares peddled on late-night infomercials, while the latter is summed up by [Henry Ford], “If I asked people what they wanted, they would have said faster horses.” [Dave]‘s [...]
-
-
15:00
»
Sophos security news
Aims to assist in developing Cloud services in a drive to encourage a competitive digital economy
-
-
15:00
»
Sophos security news
Businesses can now utilize cloud to store and share data without inherent security risks; users can now access data on the go from any device or location
-
-
15:00
»
Sophos security news
Cloud as a Service, Integrated UTM and Cloud Encryption Among Industry-First Highlights
-
-
9:33
»
Packet Storm Security Recent Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
9:33
»
Packet Storm Security Misc. Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:16
»
Hack a Day
This mirror has a large monitor behind it which can be operated using hand gestures. It’s the result of a team effort from [Daniel Burnham], [Anuj Patel], and [Sam Bell] to build a web-enabled mirror for their ECE 4180 class at the Georgia Institute of Technology. So far they’ve implemented four widget for the system. You [...]
-
-
20:48
»
Wirevolution
I will be moderating a panel on this topic at ITExpo East 2012 in Miami at 3:00pm on Thursday, February 2nd.
The panelists are Brian Donaghy of Appcore, LLC, Jan Lindén of Google, Hugh Goldstein of Voxbone and Danielle Morrill of Twilio.
The pitch for the panel is:
The FCC has proposed a date of 2018 to sunset the Public Service Telephone Network (PSTN) and move the nation to an all IP network for voice services. This session will explore the emerging trends in the Telco Cloud with case studies. Learn how traditional telephone companies are adapting to compete, and new opportunities for service providers, including leveraging cloud computing and Infrastructure as a Service (IaaS) systems that are being deployed with scalable commodity hardware to deliver voice and video services including IVR, IVVR, conferencing plus Video on Demand and local CDNs.
In related news, a group of industry experts is collaborating on a plan for this transition. The draft can be found here. I volunteered as the editor for one of the chapters, so the current outline roughs out some of my opinions on this topic. This is a collaborative project, so please contact me if you can help to write it.
-
-
11:52
»
SecDocs
Authors:
Marco Slaviero Tags:
database cloud computing Event:
Black Hat USA 2010 Abstract: Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for the services, which often lag. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers. In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss the possibility of memcached mining which would be a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering and mining memcached servers.
-
12:30
»
SecDocs
Authors:
Grant Bugher Tags:
cloud computing Event:
Black Hat USA 2010 Abstract: Cloud storage systems like Microsoft's Windows Azure Storage and Amazon's Simple Storage Service allow web sites and services to cheaply store large amounts of data and make it available in a controlled manner. However, as with traditional methods of data storage and retrieval (such as SQL-based relational databases), application authors must take care to use cloud storage systems correctly to avoid unauthorized data access or tampering. This presentation will cover a variety of attacks on applications using cloud storage, such as enumeration and REST/SOAP injection, to show how the same effects as a SQL injection attack may be realized on an application using a cloud storage system, as well as how developers can protect themselves from these attacks.
-
12:29
»
SecDocs
Authors:
Grant Bugher Tags:
cloud computing Event:
Black Hat USA 2010 Abstract: Cloud storage systems like Microsoft's Windows Azure Storage and Amazon's Simple Storage Service allow web sites and services to cheaply store large amounts of data and make it available in a controlled manner. However, as with traditional methods of data storage and retrieval (such as SQL-based relational databases), application authors must take care to use cloud storage systems correctly to avoid unauthorized data access or tampering. This presentation will cover a variety of attacks on applications using cloud storage, such as enumeration and REST/SOAP injection, to show how the same effects as a SQL injection attack may be realized on an application using a cloud storage system, as well as how developers can protect themselves from these attacks.
-
-
14:27
»
SecDocs
Tags:
web cloud computing memcached Event:
Black Hat Abu Dhabi 2010 Abstract: Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for the services, which often lag. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers. In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss the possibility of memcached mining which would be a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering and mining memcached servers.
-
-
21:25
»
SecDocs
Authors:
Christofer Hoff Tags:
cloud computing Event:
Black Hat Abu Dhabi 2010 Abstract: Mass-market, low-cost, commodity infrastructure-as-a-Service Cloud Computing providers abstract away compute, network and storage and deliver hyper-scaleable capabilities. This "abstraction distraction" has brought us to the point where the sanctity and security of the applications and information transiting them are dependent upon security models and expertise rooted in survivable distributed systems, at layers where many security professionals have no visibility. The fundamental re-architecture of the infostructure, metastructure and infrastructure constructs in this new world forces us back to the design elements of building survivable systems focusing on information centricity -- protecting the stuff that matters most in the first place. The problem is that we're unprepared for what this means and most practitioners and vendors focused on the walled garden, perimeterized models of typical DMZ architecture are at a loss as to how to apply security in a disintermediated and distributed sets of automated, loosely-coupled resources. We're going to cover the most salient points relating to how IaaS Cloud architecture shifts how, where and who architects, deploys and manages security in this "new world order" and what your options are in making sustainable security design decisions.
-
-
16:32
»
Packet Storm Security Recent Files
Whitepaper called Assessing Cloud Node Security. It is the result of research undertaken by Context into the technical risks associated with Cloud computing infrastructure nodes. Context rented a range of Cloud nodes currently offered by the major providers and performed a review of their security, including the limitations imposed by providers on the types of technical security testing allowed to be performed.
-
16:32
»
Packet Storm Security Misc. Files
Whitepaper called Assessing Cloud Node Security. It is the result of research undertaken by Context into the technical risks associated with Cloud computing infrastructure nodes. Context rented a range of Cloud nodes currently offered by the major providers and performed a review of their security, including the limitations imposed by providers on the types of technical security testing allowed to be performed.
-
-
11:21
»
Hack a Day
[Kenneth] and [Jeff] spent a weekend building a cloud chamber. This is a detection device for radiation particles that are constantly bombarding the earth. It works by creating an environment of supersaturated alcohol vapor which condenses when struck by a particle travelling through the container, leaving a wispy trail behind. This was done on the cheap, [...]
-
-
21:03
»
SecDocs
Authors:
Randolph Barr Tags:
cloud computing Event:
Source Conference Boston 2010 Abstract: Cloud solutions are entering mainstream with vendors of all sizes flocking to build and dliver services in the cloud due to the economic and technical advantages of this model gained at all levels. This new paradigm, however, requires a new thinking in security, auditing and compliance. Cloud Providers are required to protect their customer data due to regulatory and customer requirements. Implementing those controls required by customers can lead towards a competitive advantage, which both providers and users of the cloud benefit from. Every company has their own practice in evaluating the security posture of a cloud provider. In each case, there are opportunities for a cloud provider to share information that will eventually reduce the scope or eliminate the requirement for an onsite review. The goal is to work with the provider to be more transparent about their security practice and develop a relationship that would allow the SaaS provider to act as an extension to the customer's security team.
-
-
1:29
»
SecDocs
Authors:
Alex Stamos Tags:
cloud computing Event:
Source Conference Boston 2010 Abstract: Cloud computing has become an irresistible force in the IT industry, due to the unbeatable efficiencies of warehouse-scale computing infrastructures and the desire of businesses to reduce their CapEx on IT hardware. The most pressing concerns still holding back companies from moving into a public or semi-private cloud environment are security and compliance, and corporate security groups are under pressure to provide solutions that allow their enterprises to benefit from cloud computing technologies while appropriately managing risk. In this talk, we will review several different cloud computing models and discuss the breakdown of security responsibility in each. We will then deconstruct the currently accepted models of enterprise IT and identify which security controls truly matter for most organizations and which are leftovers from an earlier era of computing. The speaker will then propose several architectures that are implementable in current public cloud providers that provide equivalent or better assurance than traditional IT stacks, and discuss which risks can and should be accepted as part of the new computing paradigm. The talk will be aimed at the system architecture, risk management and CIO levels of organizations, and will be best absorbed by attendees with enterprise architecture experience.
-
-
6:13
»
Hack a Day
[Rich] shares with us his build of a Peltier cooler based cloud chamber. This nifty little tool allows him to see the paths that radioactive particles take through alcohol vapor. The system he has come up with is fairly cheap at roughly $100. He’s using Peltier coolers from computers and a cheap ATX power supply. [...]
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant