Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.
Welcome to issue #7 of the Cloud Technology and Security Alert News Digest. If you thought last week’s security alerts were scary, you should definitely put your coffee down before reading further. But it’s not all bad news: at least one of our current crop of warnings has absolutely nothing to do with cloud deployment vulnerabilities. Sort of.
The (really dangerous) ties that BIND
Once again, by far the biggest deployment news of the week concerns a DNS vulnerability. I’m sure that, by now, many of you think I’m overdoing it just a bit in the network security bad news department. Turns out, according to another post by Steven J. Vaughan-Nichols at ZDNet, that I’ve actually been understating things. This time the web site behind the critical DNS provider BIND has been exposed to malware. If you’re responsible for Internet-facing servers, you CAN’T ignore this one.
Microsoft server security
And speaking of Internet security, while I’m not sure why this is news just now, nevertheless, ZDNet reports on a recent Microsoft claim that more and more “security researchers and engineers” are running MS EMET (Enhanced Mitigation Experience Toolkit) on all the systems under their control. Managing a Windows-based deployment? Think seriously about EMET.
Did you leave the back door of your house open again?
Well, even if everything in the cloud seems chaotic, we can still go home and enjoy the simplicity and safety of our connected devices. Not so fast. Ars Technica reports that at least twelve million home and business routers are vulnerable to hijack attacks. Which means, of course, that every time you log in to your super-secure cloud deployment from home, you might be exposing the whole system to whoever happens to be running your router right now.
The good news? My own home router model is not listed among those compromised.
Is privacy still possible?
The flip side of anti-malware security efforts is anti-intrusion defence. Whether you’re worried about hackers, commercial competitors, or government agencies gaining access to your data, the odds are that your sense of privacy has lately been badly eroded. Zack Whittaker at ZDNet lists some excellent free and open source privacy tools (like Gnu Privacy Guard and Off-the-Record) that are still available, and still effective.