Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Cloud computing - episodes ...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bulletproof cybercrime hosting & the Cloud

    FYI...

    Bulletproof cybercrime hosting & the Cloud
    - http://hostexploit.com/blog/14-repor...the-cloud.html
    20 October 2011 - "... In Q3 2011, there were several changes in the top positions in the Top Bad Hosts table:
    • The title of #1 Bad Host (Overall Category) now goes to AS33626 Oversee.net*, a monetizer of domain names, for high levels of hosting malicious URLs, badware, Zeus botnet servers and infected sites.
    • The US share of the Top 50 has dropped from 23 in Q2 to 16 In Q3 although 5 of the Top 10 are still hosting from the United States including the #1 spot.
    • #1 in the most important category, Exploit Servers, in the analysis of malware, phishing or badness as a whole, is AS47583 Hosting-Media**, hosted in Lithuania....

    Discussed in this quarter report, also, is the rise of GHOSTing, or 'Bulletproof Cybercrime Hosting and the Cloud', which is increasingly being used as a way of serving malicious material and yet remaining under the radar. It gives, by all intents and purposes, the impression of clean and responsible hosting as no obvious sign of criminal activity is detected on the providers’ servers. This is achieved through the legitimate offering of VPN or VPS services to those clients who wish to host illicit or objectionable badness e.g. malware, botnet C&Cs, phishing, spam operations or even images of child sexual abuses. In this way hosts can feign ignorance or turn a blind eye to their customers’ real intentions. Further information on this practice can be found in the Q3 report..."
    > http://hostexploit.com/downloads/viewdownload/7/32.html

    * http://www.google.com/safebrowsing/d...?site=AS:33626
    "... over the past 90 days, 3 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 3 site(s) on this network... that appeared to function as intermediaries for the infection of 4 other site(s)... We found 443 site(s)... that infected 8141 other site(s)..."
    ** http://www.google.com/safebrowsing/d...?site=AS:47583
    "... over the past 90 days, 973 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 99 site(s) on this network... that appeared to function as intermediaries for the infection of 467 other site(s)... We found 99 site(s)... that infected 685 other site(s)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Amazon cloud 'pre-configured images' risk ...

    FYI...

    Amazon cloud 'pre-configured images' risk...
    - http://h-online.com/-1376578
    10 November 2011 - "Amazon cloud customers have access to more than 8,000 pre-configured Amazon Machine Images (AMIs) worldwide... many of these AMIs contain a variety of security holes... more than half of the images that are available worldwide and identified the same vulnerabilities, as well as additional problems. The Windows AMIs, which represented a small proportion of the 5,300 images that were examined, were particularly badly affected. Security issues were found in 246 out of 253 Windows appliances. A bug that allows arbitrary code to be executed when a certain web site is accessed in Internet Explorer was especially common... researchers found authentication data in about one-fifth of the examined AMIs and were able to reconstruct deleted files in 98 per cent of images. Amazon has informed its customers of these problems and has released guidelines* on how to avoid AMI security issues. A tutorial** is provided to help developers create secure AMIs."
    * http://docs.amazonwebservices.com/AW...aringamis.html

    ** http://aws.amazon.com/articles/0155828273219400

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Cloud network abused by trojan

    FYI...

    Cloud network abused by trojan...
    - http://www.securelist.com/en/blog/62...from_the_cloud
    November 17, 2011 - "... we discovered a malicious program called Trojan-Downloader.Win32.MQL5Miner.a which also uses the resources of infected computers, but this time to make money in MQL5 Cloud Network, a distributed computing network... MetaQuotes is a developer of software for financial markets. Several weeks ago, information appeared on the net that the company was offering to pay users to participate in distributed computing. Apparently, this is what attracted malicious users to the new cloud service... There are grounds to believe that the malicious program spreads via email. Having infected a computer, the malicious program first determines if the operating system is 32-bit or 64-bit. It then downloads the appropriate version of the official software from MetaQuotes SoftWare. MQL5Miner then launches the service to participate in the cloud computing network. But the cybercriminals specify their own account data and receive the payments for any distributed computing operations that are performed on an infected machine... When it comes to making money, cybercriminals don’t miss a trick. That includes exploiting the resources of infected computers without their owners’ knowledge or consent. We have notified MetaQuotes about the account being used by cybercriminals."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Cybercriminal attack strategy shifts - 2012 ...

    FYI...

    Cybercriminal attack strategy shifting to corporate networks
    - http://www.crn.com/232300457/printablearticle.htm
    Dec. 13, 2011 - "... Cisco... made predictions* on the weapons cyber-criminals are most likely to use in 2012, based on the return on investment from cyber-crimes. The weaponry expected to reap the most money included data theft Trojans, spyware, click fraud and web exploits. Targets expected to get lots of attention from criminals based on the potential ROI include mobile devices and cloud infrastructure. Clouds service providers have been growing so fast that they have not had the time or inclination to make security a top priority... three in five of the respondents working for companies believed their employers, not themselves, were responsible for protecting information and devices. In addition, more than half allowed others to use their computers without supervision, including family, friends, coworkers and strangers."
    * http://www.cisco.com/en/US/prod/coll...eport_2011.pdf
    13 Dec 2011 - 5.3MB PDF file

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Migration plans to Cloud apps dropped ...

    FYI...

    Migration plans to Cloud apps dropped...
    - https://www.computerworld.com/s/arti...d_apps_dropped
    December 22, 2011 - "After more than two years of trying, the City of Los Angeles has abandoned plans to migrate its police department to Google's hosted email and office application platform saying the service cannot meet certain FBI security requirements. As a result, close to 13,000 law-enforcement employees will remain indefinitely on the LAPD's existing Novell GroupWise applications, while other city departments will use the Google Apps for Government cloud platform. Council members last week amended a November 2009 contract the city has with systems integrator Computer Science Corp. (CSC) under which CSC was supposed to have replaced LA's GroupWise e-mail system with Google's email and collaboration system. Under the amended contract, the LAPD will no longer move its email applications to Google... Google maintains that the LAPD's security requirements were never part of the original contract..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Cloud patch management issues...

    FYI...

    Cloud patch management issues...
    - http://www.theregister.co.uk/2011/12...ch_management/
    22 December 2011 - "... Cloud-based application vendors update their software regularly without customer input. As an enterprise user, you may be able to stay on an earlier revision for a while by negotiating with the vendor... Other challenges include the consumerisation of IT, which encourages employees and contractors to bring in devices such as tablets and smartphones. Making sure these are adequately patched creates a whole new set of problems, landing us in the sticky area of network access control, network quarantine and policy servers to manage... every so often, a patch appears that takes down a piece of software. For example, Microsoft's recent gaffe, in which it accidentally decided that Google Chrome was a piece of malware*, caused problems for many users."
    * http://www.theregister.co.uk/2011/09...google_chrome/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb New Cloud - New Security - New Year ...

    FYI...

    New Cloud - New Security - New Year ...
    - https://www.computerworld.com/s/arti...About_Security
    Jan. 3, 2012 - "... If I am going to keep gigabytes upon gigabytes of sensitive data stored online, I need some assurances that it is safe. The data needs to be secured, preferably encrypted, so that it is protected even in the event that the storage that contains it is compromised. But, even encrypting data can be tricky when it comes to third party cloud storage providers... They may share my data if compelled by law enforcement, or employees might access and view the files themselves. It is strictly forbidden as a matter of policy, but anyone who would surreptitiously view my data probably also lacks the moral compass to care about the policy... customers can still encrypt their data through other means with their own keys if they prefer. That really seems to be the only viable solution. If I encrypt the data myself, I know that I hold the keys and theoretically only those people I authorize will be able to access my files. But that complicates things, and adds some administrative and processing overhead. For businesses considering a move to the cloud, there are also compliance mandates to consider. Putting data online comes with some risks, and businesses need to take extra precautions to make sure that data is not exposed or compromised..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Spammers in the cloud

    FYI...

    Spammers in the cloud
    - http://www.f-secure.com/weblog/archives/00002304.html
    January 26, 2012 - "Facebook is recently doing a decent job at keeping survey spam posts at bay (all things considered). So, what's an entrepreneurial Facebook spammer to do? Well, some have tweaked their master plan, and have expanded their use of "cloud" services. Using Amazon's S3 file hosting service solves quite a few problems for these perpetrators. Number 1, Amazon's S3 web service is pretty inexpensive to set up, therefore they can still earn from the surveys. Number 2, because Facebook has been pretty successful at blocking suspicious URLs linked to spam, hosting their scam's code in a safe and popular domain such as amazonaws.com gives them a better chance to sneak through Facebook's protections... All browsers other than Chrome and Firefox are served with a survey page, thereby ending in actual monetization if the spammer's surveys are filled out and submitted. This monetization happens within the Cost Per Action (CPA) marketing model, which is behind most social media spam. Geo-location techniques are used in an attempt to broaden the spammer's survey completion rate. Depending on the location, the fake Facebook page issues a survey that -redirects- to a specific affiliate marketer... Firefox and Chrome are used as avenues to further spread the scam via Facebook by use of a fraudulent YouTube browser plugin. A fake Facebook page displays a plugin installation if visited from either of those two browsers. Spammers recently began using plugins as part of their cat and mouse battle with Facebook... Upon installing the plugin, a redirector URL is generated by randomly selecting from the usernames, mo1tor to mo15tor, in the Amazon web service. Then, the link generated is shortened through bitly.com via the use of any of the 5 hardcoded userID and API key-pairs. These key-pars gives a spammer the ability to auto-generate bit.ly URLs for the Amazon web service link. This ultimately leads to a redirection to the fake Facebook page. Perhaps, in an attempt to confuse defenses, it also produces a random non-existent domain using the format wowvideo [random number] .com. However, only the Amazon S3 web service and bit.ly URLs are working links..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Azure cloud outages ...

    FYI...

    MS Azure cloud outages ...
    - http://www.theregister.co.uk/2012/02..._azure_outage/
    Feb 29, 2012 - "Microsoft's cloud platform, Windows Azure, is experiencing a major outage: at the time of writing, its service management system had been down for about seven hours worldwide... Microsoft has been keeping them updated via the platform's online service page* at least every hour... The service management system first began to have problems at 1.45am GMT (5.45pm PST), according to the page... Microsoft tested the hotfix, before starting the rollout at 9am GMT this morning..."
    * http://www.windowsazure.com/en-us/su...ice-dashboard/

    - http://www.informationweek.com/news/...ndly=this-page
    Feb 29, 2012 - "... Microsoft later said in a statement the service management problems were caused by "a cert issue triggered on 2/29/2012," or a security certificate issue activated once every four years. It said access to services and management functions were "restored for the majority of customers" by 1:30 p.m. GMT in Northern Europe or 7:30 a.m. in the U.S..."
    ___

    - https://blogs.msdn.com/b/windowsazur...edirected=true
    29 Feb 2012 - "... final root cause analysis is in progress, this issue appears to be due to a time calculation that was incorrect for the leap year... The fix was successfully deployed to most of the Windows Azure sub-regions and we restored Windows Azure service availability to the majority of our customers and services by 2:57AM PST, Feb 29th. However, some sub-regions and customers are still experiencing issues and as a result of these issues they may be experiencing a loss of application functionality... Customers should refer to the Windows Azure Service Dashboard* for latest status..."

    - https://blogs.msdn.com/b/windowsazur...edirected=true
    1 Mar 2012 - "... resolved and all regions and related services are now healthy..."

    Last edited by AplusWebMaster; 2012-03-03 at 00:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Cloud svc Linode hacked - Bitcoin accounts emptied

    FYI...

    Cloud svc Linode hacked - Bitcoin accounts emptied
    - https://threatpost.com/en_us/blogs/l...emptied-030212
    Mar 2, 2012 - "A security compromise at Linode, the New Jersey-based Linux cloud provider, has warned customers that hackers breached a Web-based customer service portal used by the company and emptied the Bitcoin accounts of eight Linode customers. One Linode customer reports the theft of Bitcoins totalling around $14,000. In a post on the company blog* Friday, Linode acknowledged the incident, which occurred early Wednesday, and said it had isolated the compromised support account, and that no customer credit card information or credentials were taken. However, the attackers appeared to have targeted a handful of Linode customers who used the service to host Bitcoin wallets, allowing them to pilfer thousands in virtual currency..."
    * http://status.linode.com/2012/03/man...-incident.html
    Mar 2, 2012 - "... Here are the facts:
    This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following:
    All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin". The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected.
    The portal does not have access to credit card information or Linode Manager user passwords. Only those eight accounts were viewed or manipulated - no other accounts were viewed or accessed..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •