Code Spaces AWS Security Breach: A Sad Reminder of the Importance of Cloud Environment Password Management

POSTED BY
0
Code Spaces AWS Security Breach

cloud-security

In the recently concluded Black Hat USA, 2014, one of the topics that drew much attention was the session on the pitfalls in cloud environment security. Normally, such deliberations at security conferences are perceived as hypothetical or purely academic. However, it was different this year with security professionals becoming quite interested in this topic. The reason for this is quite obvious – just a while ago, CodeSpaces.com, a code-hosting and collaboration platform went out of business for a whole day because hackers gained access to their Amazon EC2 control panel and deleted data of hundreds of their customers.

According to Code Spaces, the worst security breach started off as …

Passwords, King of Authentication: Long Live the King!

0
King of Authentication

This post is a reproduction of an article I wrote that was originally published in Business Computing World.

King of Authentication

“When you play the Game of Thrones, you win or you die”. One thing that we have learnt from the popular TV show and books is that no one is safe on the throne for long before a younger, stronger, and more entitled claimant comes along to throw you off.

In the authentication battle, passwords have been ruling the kingdom for centuries with methods going back as far as 700 BC when the Spartan military used encrypted scytales to send sensitive missives during war. Despite the historical use of passwords, the overthrowing of this form of authentication has been predicted and heralded for some time now.

I…

Why MSPs Should Take Extra Care in Managing Client Passwords

0
Password Manager Pro for MSPs

Passwords on spreadsheets put client networks at risk, along with Managed IT service providers’ credibility and trustworthiness.

Password Manager Pro for MSPs

Managed IT Service Providers (MSPs) deliver a variety of IT and network management services to their clients. In particular, small and medium organizations are increasingly relying on MSPs to manage part or all of their IT services. Why? Because MSPs can help such organizations by saving costs, offering outside expertise, and meeting business demands quickly, among other critical points. Usually, tasks such as software development, network management, IT infrastructure management, customer support, and data center management are outsourced to MSPs.

MSPs t…

Fully Controlled and Closely Monitored Remote Access, a ​Critical Aspect of DCIM

0

Without proper data center remote access management, administrators invite security issues and waste time. 

remote-access

With more organizations adopting cloud computing and virtualization, data center operations have been proliferating across the globe. This trend creates multiple challenges for data center administrators in IT organizations. These admins need to ensure not only performance and resource utilization, but also data security.

Usually, data centers are located in strategic sites due to factors such as physical security, climatic conditions, environmental factors, and availability of telecommunications and networking facilities. Because keeping the IT workforce at the data centers…

​The Heartbleed Bug: How to Mitigate Risks with Better Password Management

0
Heartbleed

- – – – – – – – – – – – -  – – -  – – -  – – – – – – – – – – – – – – – – – – – – – – – – – – – – -  - – – – – – – – – – – – – – – – – -
As the dust begins to settle down on the Heartbleed bug, it is time to critically assess the password management practices in your organization. After all, password management is the foundation for information security, but that security is threatened by the deadly combination of the Heartbleed bug and password reuse. Reinforce the foundation with the tips below for ​meticulously reviewing and revi…

When love is in the air, cyber-criminals are on the prowl

0
Valentine’s Day cyber-attacks

Valentine’s Day cyber-attacks could well be the beginning of an APT for enterprises!

It is that time of the year again. Cupid comes out to play with his arrows, love is in the air, pink takes over everything, roses are everywhere, and people hope to find their soul mate. When excitement is in air, cyber-criminals work overtime, get creative, and launch sophisticated attacks to empty your bank accounts, steal debit and credit card data, deploy spyware and malware, and ultimately, leave people heartbroken.

valentines-day-attacks

This year, cyber-attacks have assumed such grave proportions that the FBI has issued a Valentine’s Day advisory. It explains how cyber-criminals use social media platforms, mobile devices, e…

Will passwords become obsolete soon?

0
passwords-are-dead

Will passwords soon become a thing of the past? Have they already become obsolete? This is perhaps one of the most prominent topics under discussion in the technical media these days.

passwords-are-dead

A couple of weeks ago, Forbes.com published a story about the probable public launch of U2F (Universal Second Factor) – a new form of authentication by Google in alliance with Yubico. Through U2F, Google wantsto help move the web towards easier and stronger authentication, where web users can own a single easy-to-use secure authentication device built on open standards, which works across the entire web. Media reports following the story have fuelled wild speculations that traditional passwords will soon …

PCI-DSS 3.0: The Stress on Password Protection & Security [Part-2]

0

[In the previous post, we briefly discussed the requirements proposed for PCI-DSS 3.0. In this post, we’ll discuss the requirements in depth.]

When a customer presents a payment card to a merchant at the point of sale, a chain of operations is triggered in the background. The request-approval process happens across software applications, wireless devices, firewalls, routers, switches, storage devices, telecommunication systems, and a host of other applications. Therefore, your data’s security is directly dependent upon the security of all these devices and applications.

Although several authentication mechanisms are emerging, passwords are still the most prominent mode of authenticatio…

PCI-DSS 3.0: The ‘Security Path’ to Compliance

0

Security and compliance are often used synonymously, even by techies. You can ensure compliance by remaining secure; but mere compliance with certain rules and regulations does not necessarily mean your network is ‘absolutely’ secure.

Many organizations, including some of the world’s prominent enterprises have faced IT security breaches and compromises despite remaining fully compliant with numerous regulations. As organizations embrace new technologies, new threats emerge as well. So, it’s obvious that security is an ongoing activity that requires constant attention.

PCI DSS 3.0

Among the various compliance regulations the Payment Card Industry (PCI) Data Security Standard (DSS), popu…

5 Top Targets for Today’s Hackers

0

Black Hat USA bills itself as “the show that sets the benchmark for all other security conferences.” While most conferences tend to over-promote themselves, given the activity at this year’s show, that actually might be something of an understatement.

From the defense of government surveillance delivered by NSA Director General Keith Alexander to briefings on the coming “cryptopocalypse” and the risks associated with embedded devices and the Internet of Things, Black Hat reminds us that a little bit of paranoia is warranted in today’s connected world.

Here are my leading candidates for surprising, damaging ways criminal hackers are breaching our online security and val…