It's Not A Con
Online Security and Safety by Con Mallon at Norton from Symantec.

• Home
• About
• RSS

• Recently Written

  • When Butterflies and Worms come to Smartphones
  • Now ‘Music’ wades into the fight against cybercrime
  • Public BETA: Norton SafeWeb Lite
  • Did the job of security software just get bigger?
  • The Google ‘hack’
  • Is connecting to the ‘net becoming faster?
  • What is ‘private’ any longer?
  • Is there a funny side to cross site scripting?
  • File scanning – a game of hide and seek?
  • Don’t do the crime if you are not prepared to do the time!

• Categories

  • Announcements
  • Backup and restore
  • Customer service
  • Data loss
  • Events
  • Family Online Safety
  • Identity theft
  • Latest Gadget
  • Market trends
  • Miscellaneous
  • Regulation
  • Security
  • Spam
  • Technology
  • Uncategorized

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008

• Blogroll

  • And Finally
  • Ask Marian – Symantec Internet Safety Advocate
  • BBC dot.life
  • Blog Storm
  • Charles Arthur
  • Claudine Beaumont : Telegraph Blogs
  • Computing.co.uk
  • Connected Internet
  • Crave
  • Davey Winder
  • David Lacey
  • Future Stuff
  • Guy Bunker’s Security Blog
  • Guy Clapperton
  • Guy Cocker
  • Ian Douglas : Telegraph Blogs
  • Imran Ali
  • Jason Bradbury
  • Katie Lee : Telegraph Blogs
  • Light Blue Touch Paper
  • Mac.broadband
  • Mark Prigg
  • Mary to Many
  • Neville Hobson
  • Nigel Kendall : The Times Online
  • Norton Protection Blog
  • Security Watch
  • Shane Richmond : Telegraph Blogs
  • Shiny Shiny
  • Tech Digest
  • Tech Radar
  • Technology, Books and Other Neat Stuff
  • The Digital Lifestyle
  • The Guardian Technology Blog
  • The Long Climb
  • The Tech News Blog
  • Will Head
  • Wired Blog Network

• Polls

  • How Is My Site?

    • Good
    • Excellent
    • Bad
    • Can Be Improved
    • No Comments

    View Results

     Loading ...
  • Polls Archive

A gathering storm in the clouds?

This past week saw news that the ‘Cloud’ had fallen victim to the bot-herders. Use this link to see the coverage of it on CNET.  Security researchers found that a variant of the infamous password stealing Zeus Trojan had found its way onto a server, hosted on Amazon’s Elastic Computing Cloud (EC2) and they had used as their command and control point.

This news, I am sure, helped provoke a severe case of ‘I told you so’ from the cloud ‘nay-sayers’. However, whether the server site was in the cloud, or on plain boring terra firma, the cause of the hack, was not something new or revelatory. It was in all probability, something more prosaic. A hole in a particular application may have opened the door, or other instances of Zeus could have captured log-in credentials, which were then used to access the necessary services hosted on EC2.

It requires site owners to ensure that they lock-down access to the server and that they update and patch the software used to mitigate any vulnerabilities. The rush to cloud based services and infrastructure is gathering pace. What this incident should remind us is that the same rules, controls and requirements need to be applied to sites hosted in the cloud, as anywhere else.

comments

• Subscribe

  Enter your email address:

  Delivered by FeedBurner

  
  

  Subscribe to It's Not A Con

• Links, downloads and other resources

  Norton Today
  Norton Family Online Safety site
  Symantec Podcast Directory