Welcome!

Microsoft Cloud Authors: Kevin Benedict, Pat Romanski, Liz McMillan, Lori MacVittie, Elizabeth White

Blog Feed Post

CTO Security Report

Anonymous

Anonymous (Photo credit: Schuilr)

3 Million Iranian Bank Accounts Disclosed

Iranian ATM’s are dispensing PIN and Password changes instead of money this week following the public disclosure of three million bank account details by an Iranian security researcher.  While the disclosure of these accounts is unfortunate, what is more troubling is the process that led to this disclosure.  A year ago Khosrow Zarefarid warned the CEO’s of the banks in Iran that a banking flaw could expose their customers.  Even after submitting accounts found using the technique he warned them about, he received no response.  Seeing no other course of action, the researcher disclosed the accounts in a bid to bring the situation to light.  Such “grey-hat” actions often happen when security is not taken seriously at organizations such as banks, and the ensuing fiasco could have easily been avoided with proper communication and effort on behalf of Iranian banks.

Read More: http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577

F1 Racing Sites Attacked by Anonymous

Elements of the Anonymous collective are currently targeting F1 racing Federation websites in an effort to disrupt and publicise a campaign against the F1 race being held in Bahrain.  This effort comes as the F1 race is being held in Bahrain despite well-documented human rights abuses in that country.  At the time of writing, f1-racers.net had been defaced and elements within Anonymous were still planning to increase the level of disruption.  The Formula One federation is aware of the attempts by Anonymous to disrupt its activities.

Defaced Site: http://f1-racers.net/

 

Anonymous Starts Their Own Pastebin Lookalike

Fed up with Pastebin’s promises to moderate and censor posts containing sensitive information such as passwords, bank accounts, and addresses, Anonymous members have struck out on their own.  The result is a pastebin clone which is hosted by an organization sympathetic to Anonymous, the People’s Liberation Front.  This new paste site does not have information on what is contained in the paste because every paste is encrypted with AES 256 and requires a symmetric key to decrypt inside of the browser.  This key is contained with the URL generated for the post when it is uploaded to the server.  The advantage is that posts cannot be read by the hosting provider, since they have stated that they disable all connection logging.  Expect to see more members of Anonymous to switch to this new service, which will make Anonymous movements somewhat harder to track — you need to have the URL with the key in order to read the paste, and cannot track trending posts with the service.

Read More: http://www.peoplesliberationfront.net/anonpaste/index.php?0bb850fa017e85f1#SRccDhThvKyQ5+o4Sm3xineTXfDReG76Q01x2yaWik0

 

15 Year old Boy Hacks >250 Companies

A 15-year-old Austrian boy was discovered to be the culpit behind the web-based attacks on the web presences of over 250 companies.  The boy, using attack software, techniques, and anonymization services and programs he found on the internet, mounted a successful campaign in order to win the favor and attention of his hacker peers and garner points on a hacker scoreboard.  Within a short period of time the young hacker was attacking as much as 3 websites a day on average.  With website/web service security being rather lax in most organizations and applications the news of the age of the attacker is perhaps more of a surprise than the number of targets he successfully breached.

Read More: http://www.zdnet.com/blog/security/15-year-old-arrested-for-hacking-259-companies/11585?tag=mantle_skin;content

 

New Android Hacking Concept Emerges

A side-channel attack on login PINs utilizing the gyroscopic sensors inside of Android phones has been developed by security researchers.  The attack analyses the slight movements and shifts of the phone as its screen is pressed in order to determine where on the screen the user has pressed.  The application runs in the backround and waits for the user to input their pin and unlock the phone for use and does not require any permissions in order to run due to the way sensor permissions are granted in Android platforms.

This attack is unlikely to be very lucrative for normal attackers though — it requires that the user play a game in order for the application to learn how the specific user holds and uses the specific type of phone on which it runs.  The payoff could be significant though:  Besides being able to sniff PIN logins to the phone, the application can sniff phonepad entries and possibly steal credit card numbers and phone numbers through this method.

Read More: http://www.v3.co.uk/v3-uk/news/2168301/taplogger-android-trojan-cracks-touchscreen-passwords-handset-movements

 

Encryption for Google Docs from Cipherdocs

One of the drawbacks to using the Google cloud of internet applications is the lack of proper document confidentiality.  Sure, the service lets you grant or revoke permissions to different users via their email address, but what if that user’s email is compromised?  What if Google Docs were compromised in some way?  Your documents would be open for all to see.  A new startup has been bootstrapped with a way to fill this security gap — Cipherdocs.

Cipherdocs has created a plugin for the popular internet browser Mozilla Firefox which allows users to have encryption on-the-fly for Google documents.  It even has a keyring available for using Encrypted Google Docs across multiple computers, and only requires that Java be installed along with the Firefox browser and the plugin itself.  It is currently free and can be downloaded from http://www.cipherdocs.com/

Read More: http://www.cipherdocs.com/cipherdocsinstallation.pdf

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?