Will My Cloud Provider Read My Data?
jun 19, 2012
In my last blog post, I explained how you can verify that Amazon cloud storage is zeroized before being redeployed for the next user. But what about the cloud provider browsing through your data? After all, it’s stored on their hardware in their facility, so they have physical access plus the ability to interact with […]
Social Engineering on Father’s Day
jun 18, 2012
Social engineering is a powerful tool. But, it is tough art to practice. It’s fun and interesting to read about it. But, what if you wanted to experience first-hand how it works? You can’t just waltz into some establishment and run a con game. Sending phishing or spearphishing emails to friends will not endear you […]
Who Can Read My Data in the Cloud?
jun 11, 2012
For the sake of your compliance, you hope that the answer is “nobody”! For most organizations, confidentiality is the greatest concern. The most worrying thing about using cloud technology is storing your data on someone else’s hardware. But how big of a risk is this, really? Stored data should be encrypted. However, how much of […]
LinkedIn Accounts May Have Been Hacked
jun 6, 2012
It is a good time to change your LinkedIn password. Lifehacker reports that up to 6.5 million accounts may have been compromised. Just to be safe change your LinkedIn password now. I did. One report at The Verge notes that part of the issue may be the type of hash used. I will discuss these issues in […]
Bypassing User Activation Controls
maj 22, 2012
My last blog about User Activation Controls suggested that they were of little help, even when they work. After all, user data (your documents, spreadsheets and such) are the most valuable things you have. Now, we’ll just trash UAC by bypassing it. We’ll do this by relying on a flaw: Microsoft loves itself. Remember, UAC […]