Privacy

Microsoft says NSA spying hit trust in the cloud

Grazed from SCMagazine. Author: Doug Drinkwater.

The firm's principal cyber-security strategist Jeff Jones was presenting at the IP Expo Europe exhibition in London on Thursday, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole.

The firm claims to offer more than 200 cloud service products but has been in the headlines for all the wrong reasons over the last 18 months; first over claims that SkyDrive was continually tapped by the NSA, and then over the US DOJ decision that the government could view information held at its non-US data centres...

Twitter, the FBI, and cloud computing: The disclosure dilemma

Grazed from InfoWorld. Author: David Linthicum.

Twitter filed a lawsuit against the FBI and the Department of Justice on Tuesday to publish a full "transparency report," which documents government requests for user information. Its objective is to gain more information about government surveillance of its users. The published report does not include national security requests -- Twitter has been prohibited from disclosing that information.

But Twitter believes it's entitled under the First Amendment to "respond to our users' concerns and to the statements of U.S. government officials by providing information about the scope of U.S. government surveillance." What’s really happening here? The government is requesting user information from Twitter, but wants Twitter to keep quiet about that fact...

Cloud Computing: Celebrities get phished, but the cloud gets blamed

Grazed from InfoWorld.  Author: David Linthicum.

Once again, I'm made aware of new cloud security issues by the ringing of my cellphone, as reporters look for a quote on a story. This time, the story had a few elements that made the new breach more exciting, including Apple and female celebrities.

It seems that hackers targeted celebrities using research and brute force to figure out how to access information in Apple's iCloud. According to reports circulating on the Web, the hackers managed to access backups on Apple's iCloud servers that occur each night to make sure that your lost or stolen phone does not lead to lost and stolen information...

How cloud computing leaked private celebrity photos

Grazed from CBROnline. Author: Jimmy Nicholis.

Both businesses and consumers are increasingly reliant on services such as Apple's iCloud, which has been implicated in the celebrity picture attack. Companies are now using it to store intellectual property as well as information about its customers, and this makes it a prime target for hackers.

For its part Apple has said it is investigating the issue, with iCloud under severe scrutiny on the basis of speculation from 4chan, the internet board where the story originated. Yet even now clues have surfaced over what has happened, which should also lead us to an appropriate response...

Cloud firms unprepared for EU data protection law overhaul

Grazed from V3.co.uk.  Author: Dave Neal.

Changes to the European data protection landscape could catch cloud computing providers unaware, forcing them on the backfoot if new laws are introduced.  Research by cloud company Skyhigh Networks, of 7,000 cloud services listed in its CloudRegistry directory, found that just one out of every 100 providers is likely to comply with the proposed standards.

This would force them into hasty revisions to their software, or risk falling foul of the new laws and potentially huge fines.  Skyhigh noted the numerous issues that cloud firms face at present, ranging from legislative and data protection rules to the Right to be Forgotten, as Skyhigh Networks' European director Charlie Howe explained...

How free cloud services become free, currency-mining, DDoS-attacking botnets

Grazed from Gigaom. Author: Derrick Harris.

It’s no secret that the cloud has the potential to be a hacker’s paradise, chock-full of all the password-cracking computing power a trove of stolen credit cards can buy. Surely, though, this type of bad behavior can’t be carried out without any direct financial investment. After all, the free tiers on most cloud computing services are pretty minimal — a single core (probably fairly weak) and maybe a few gigabytes of storage. What can anyone do with that? A whole lot, if they’re clever.

At the Black Hat security conference this week, a pair of professional penetration testers, Rob Ragan and Oscar Salazar of Bishop Fox, showed how they built a functional 1,000-node botnet by stringing together resources from a variety of services. They used it to mine some Litecoin and could have done a whole lot more if they weren’t trying to minimize harm to other cloud users (by being noisy neighbors) or cloud providers (by driving up power bills)...

Cloud Computing: Protecting customer email from government eyes

Grazed from TechNet. Author: Brendon Lynch.

At Microsoft, we know that customer trust is essential to our business. People will use technology only if they can trust it, and our commitment to protecting customer data is an important element in building and maintaining that trust. The issue of who owns email is at the center of an important hearing in U.S. federal court in New York this week, at which Microsoft will argue that the U.S. government can't force American tech companies to turn over customer emails stored exclusively in company data centers in other countries – in this case, in Dublin, Ireland.

The government argues that customer emails stored in the cloud become the business records of the cloud provider, and therefore have a lower level of legal protection than an individual’s personal communications. Microsoft believes you own your emails stored in the cloud and that they have the same privacy protection as paper letters sent by mail. You can read more on this case in an op-ed written by Brad Smith, Microsoft’s general counsel and executive vice president for legal and corporate affairs.

A Survey on Privacy Preservation in Cloud Computing

Grazed from IJETAE. Author: Gurudayal Singh Bhandari and Abhishek Chauhan.

By integrating multiple private and public cloud services, hybrid clouds can effectively provide dynamic scalability of service and data migration. Security plays a vital during the transmission of data from the sender to the receiver in any environment. The challenge in privacy preserving Back-Propagation Neural Network Learning is avoiding the attack of personal data privacy.

Due to the enlargement of distributed computing environment. In such distributed scenarios, privacy concerns often become a big concern. Secure computation provides a solution to this problem. With the invention of new technologies, Computing, it has been more convenient than ever for users across the Internet, who may not even know each other, whether it is data mining, in databases or in any networks, resolving privacy problems has become very important...

To read the article from the source, visit http://www.ijetae.com/files/Volume4Issue7/IJETAE_0714_114.pdf

Overcoming the Cloud Forensic Challenge

Grazed from BankInfoSecurity. Author: Eric Chabrow.

A big challenge examiners face in conducting forensic investigations in the cloud is that they don't have access to the servers. That's just one problem the National Institute of Standards and Technology is addressing. "Many of the traditional approaches are going to be more difficult to apply, and in some cases they won't work in the cloud," says Martin Herman, senior adviser for forensics and IT at the National Institute of Standards and Technology.

Herman co-chairs NIST's cloud computing forensic science working group, which has identified scores of challenges forensic experts face in applying their craft in the cloud. NIST has taken 65 of the challenges and published a draft report, NIST Interagency Report 8006: NIST Cloud Computing Forensic Science Challenges. The report aggregates, categorizes and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem...

Threats to the Future of Cloud Computing: Surveillance and Transatlantic Trade

Grazed from The Brookings Institute. Author: Joshua Bleiberg and Darrell M. West.

The first instance of “cloud” computing came in 2006, when Amazon released its Elastic Compute Cloud, a service for consumers to lease space on virtual machines to run software. Now, the cloud enables the transfer and storage of data around the world, in an almost seamless fashion. Using cloud services are a seamless experience from the consumer perspective.

This ease of use obscures significant regulation from governments on both sides of the Atlantic. The Safe Harbor Principles is a framework that ensures that personal consumer data being transferred from the EU to the US is still subject to a level of security in compliance with the EU’s stricter regulation on data protection. US companies must be certified within this framework, in order to transfer consumer data outside the EU...