Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.
Welcome to the third issue of our Cloud Technology and Security Alert News Digest. This week we’ve got a mix of security and deployment problems… along with some nice solutions! And there’s also a vulnerability you would never have guessed should be a cause of worry. Let’s see all the details about that.
No more Linux server reboots!
There are few tasks in computing that cause more anxiety than rebooting a production server after a critical patch. Linux admins have long had Oracle’s Ksplice to help avoid the need to reboot, but it’s covered by some patents not everyone’s happy with and it hasn’t been updated since 2011. Now, according to ZDNet, SUSE has released its fully open-source kGraft to guarantee you’ll never have to reboot again! KGraft is apparently being pushed upstream, so all Linux distributions should soon have it.
Some password policy suffering unnecessarily?
Security Week reports that, with the advent of off-line password attacks, a Microsoft study of passwords suggests we’re placing too heavy a load on users’ shoulders for relatively small improvements in security.
Since off-line attacks aren’t restricted by any time or frequency limitations, they can persist long enough to crack passwords of a far higher level of complexity. Therefore, since adding upper-case and non-alpha-numeric characters doesn’t add the security that we once thought, it makes little sense to burden users with policies requiring difficult-to-remember passwords. Rather, Microsoft advises, we’re better off protecting the password files stored on the server.
Cloud security: impressions count for a great deal
Security concerns are holding a lot of enterprise administrators back from moving their data to the cloud. And, while there is no single argument that can convince them their fears are misplaced, David Maman at Security Week has a great guide to migrating data while mitigating some of the risks.
USB: nothing is safe.
International Business Times reports that the fully patched and protected PC belonging to an unnamed executive at a “large corporation” was hit by malicious software embedded in the USB charger of an e-cigarette. You’re probably better off with nicotine gum.