sorinmustaca.com – Sorin Mustaca – personal blog. Security software, agile development, scrum, programming and more

When Consumers Go To The Cloud, Businesses Should Watch Out
Companies should take a look at what cloud services their employees are using following last week’s authentication bug at Dropbox

Dropbox encrypts data on the servers, but not to individual accounts, notes Sorin Mustaca, a product manager with security firm Avira. Anyone with admin access to the server can read all of its data. In addition, data on the servers of external services have lesser legal protections, Mustaca says.

“I always advise our users to be very, very careful what they put online because if they put anything online, then the data does not belong to them anymore — it belongs to the cloud,” Mustaca says. “This is the most important lesson that needs to be learned by anybody. If you put it online, you lose control of the data.”

Who Watches the Watchmen, Part 3: Flying Headlong Into a Cloud

By Richard Adhikari, TechNewsWorld

“Once you’re in the cloud, information doesn’t belong only to you but also to the provider of the cloud service,” Sorin Mustaca, a data security expert at Avira, told TechNewsWorld.

The risks involved in moving to the cloud include the possibility that the cloud provider could be hacked by external cybercriminals or rogue employees. There’s also the risk of the cloud provider going bankrupt, causing customers to lose their data, Sorin pointed out.

“The cloud is a generic concept which can’t actually be used without personalizing it,” Mustaca said.

Enterprises and government agencies should only move to the cloud after they have identified what they need and expect from the cloud service, and have set security and privacy policies.

“People think that if they move their computers and services to the cloud, they make the problems disappear,” Mustaca remarked. “But the problems don’t vanish; they simply move to the cloud.”

Cloud service providers must guarantee a minimum level of security and privacy, but the differences between vendors’ offerings “are sometimes significant,” Mustaca warned.

Going to a big provider doesn’t necessarily mean you’re any safer than if you went to a smaller one.

“It doesn’t matter how big the provider is; it can still be hacked if the correct security policies aren’t set up,” Mustaca said.

Amazon Cloud Drive is like a hard drive in the cloud available only through the web browser.

You can store your music, videos, photos, and documents on Amazon’s secure servers.

It also accepts malware

Uploading the eicar.com test file produced no warning.

Pity…

More details and a free account can be obtained here: https://www.amazon.com/clouddrive/

I was curious about how the DE-Cleaner of Symantec works, so I downloaded the software and give it a closer look.
I did not dissemble it or anything similar… I simply performed a little black box testing.

So, I started it without any internet connection. The result was: no scanning was possible. DE-Cleaner requires an Internet connection.
This is an indication that the software is an in-the-cloud scanner. After seeing this, I searched on the website botfrei.de more details.
And I found them… yes, indeed the Symantec De-Cleaner needs an Internet connection. This is why the file has the size of only 6 MB – because it contains no signatures.

After allowing it to connect to the Internet through the Avira Firewall, I let it scan a folder.
And the results were: MANY FALSE POSITIVES which should have been easily skipped.

Let’s take one of them, which is the software I bought for preparing myself for the exam CompTIA Project+ which I took in July.

I don’t know how you see it, but I find not enough infos to say that the software is suspicious.

I think that the guys from Symantec have still a lot of work ahead to do with their in the cloud solution based on file reputation.

Another interesting issue I’ve found is the fact that the cleaner scans only executable files. This is normal for a file reputation scanner. Any other solution which scans for signatures will unpack archives and scan inside container files for malware. This tool only searches the signatures.
I wonder how they scan for rootkits

Have a look at the article that Dirk Knopp wrote in the Avira Techblog.

This article was referenced here : http://www.h-online.com/security/Opera-says-Opera-Unite-web-server-is-not-a-security-problem–/news/113719

His concern is that a lot of malware can be now served directly from user’s computer. And he is right.
Even more, if there is a flaw in the Opera and somebody can alter the mini HTTP-Server (why mini, it is a full blown server) then, theoretically, it can access the user’s private files. That’s not good !!!

Here is what the CEO of Opera says:
“Today, we are opening the full potential of the Web for everyone. Technology moves in distinct cycles. PCs decentralized computing away from large mainframes. Opera Unite now decentralizes and democratizes the cloud. With server capability in the browser, Web developers can create Web applications with profound ease. Consumers have the flexibility to choose private and efficient ways of sharing information. We believe Opera Unite is one of our most significant innovations yet, because it changes forever the fundamental fabric of the Web.”

And as reply to our concern in the Blog, he says :
“When you’re hacking a single system, if you have everything that belongs to everyone in one location, you only need to break in once,” he said. “If you have it in different computers it’s a little more complicated. If you get into one Web server and everyone’s data is in there, that’s easier than getting into a million computers.”

Gee…. Mr. Tetzchner , have you ever heard of P2P networks ? What about Botnets ?
Any parallel between the two ?

That’s the whole idea … you have just created probably the biggest botnet that ever existed.
And this with user’s agreement. You have my respect… but I still don’t think that this is a good idea.