iCloud breach highlights Wozniack's cloud security concerns
By InfoWorld Tech Watch | Aug 8, 2012
This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield "horrible problems" in coming years. By extraordinary coincidence, Wired reporter Mat Honan experienced firsthand a series of horrible, cloud-related problems, all of which reportedly started when an unnamed Apple employee reset his iCloud password at the request of a hacker posing as Honan.
This marks the second high-profile cloud-related snafu in the past week, the first being the the Dropbox fiasco where hackers pulled a list of Dropbox customer email addresses from a Dropbox employee's Dropbox account. The incidents almost render moot the raging debate over on Sophos' Naked Security blog as to whether Microsoft's newly rebooted Outlook.com should support more than a 16-character limit on passwords. Evidently even the strongest, most complex password is no match for the formidable combination of hacker perseverance and resourcefulness and end user naiveté (or ignorance) about best security practices.
Let's start with what happened to Wired's Honan. By his account a malicious hacker gained entry to his iCloud account and used it to remote wipe all of his devices, including his iPhone, iPad, and MacBook Air. The initial mystery: How did the hacker get his or her hands on Honan's password? "My password was a 7-digit alphanumeric that I didn't use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time," Honan wrote.
Honan's first guess was that hacker employed brute force techniques to crack the password. While that might have been feasible, it wasn't the case. "They got in via Apple tech support and some clever social engineering that let them bypass security questions," Honan wrote in an update.
Once the hacker got into Honan's iCloud account, it was matter of time before he or she was able to wipe Honan's iDevices, as well as wreaking other havoc, such as changing his Gmail account password and purging that account.
Was this the kind of nightmare Wozniak was contemplating this past weekend when he told an audience that he "really worries about everything going into the cloud"?
Testing the Cloud – Definitions, Requirements, and Solutions
The widespread availability of high-speed broadband networks has seen applications and web sites move into the Cloud. This use of a cloud-based infrastructure means there is no local infrastructure to purchase, manage, secure, or upgrade. The virtualized data center, whether within the enterprise or located at a cloud service provider, must be properly provisioned in order to provide the necessary functions and performanceof cloud-based applications.
Integrating the physical and the virtual
It’s not just a question of dealing with a proliferation of virtual machines. With convergence, fewer hardware resources deliver multiple capabilities and host multiple workloads.Monitoring these “anytime-anyplace” workloads creates a resource challenge, as there are a limited number of network access points.
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.