Patching the Cloud
Vulnerability CVE-2012-0056 is a nasty one if you’re running a Linux kernel release 2.6.39 through 3.2.1. The exploit is a privilege escalation attack, meaning that the attacker has to get a foothold on your system. But once the attack has an unprivileged process on your system, its privileges can be elevated to root. Game over. […]
Move to The Cloud and Forget Your Passwords!
Wait, what? That isn’t like moving to Minnesota and then losing your mittens. Instead, move to Miami and never need mittens! Face it, passwords are pretty useless. If a human selected it, another human has a good chance of guessing what it is. If a computer generated a password that a human can’t guess, then […]
Migrating to the Cloud: Do You Need Assistance?
Cloud technology intimidates many organizations. The mechanics of setting it up are very different from the traditional model. Several companies offer services establishing and maintaining cloud architectures for their customers. Many people call these providers “cloud brokers.” To me, the term “cloud concierge” or “cloud butler” is far more descriptive. I guess I’m thinking of […]
Why Must We Still Fear the BEAST, and What Can We Do?
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]
Nothing New Under the Sun (or in the Cloud)
I see a lot of misguided talk about cloud computing and its security as the New Big Thing. I was reminded of this the other evening when the local brewpub hosted a talk by Gene Spafford, the director of Purdue University’s CERIAS, the Center for Education and Research in Information Assurance and Security. Spaf spoke […]