Amateur attackers can steal data from thousands of files in an IaaS cloud

We demonstrate how a relatively unskilled attacker could gain access to data from more than 11,000 files in unsecured IaaS cloud environments.

続きを読む

We demonstrate how a relatively unskilled attacker could gain access to data from more than 11,000 files in unsecured IaaS cloud environments.

続きを読む

User Ignorance of Cloud Services Poses a Data Leak Challenge

Cloud-based online services are useful tools for many enterprises, allowing them to coordinate their teams, share information and enable discussions within groups. However, companies should be sharply aware of how they manage their privacy settings for…

Cloud-based online services are useful tools for many enterprises, allowing them to coordinate their teams, share information and enable discussions within groups. However, companies should be sharply aware of how they manage their privacy settings for these services before discussing business critical matters or uploading sensitive data. 
 
It seems that many Japanese organizations have learned this the hard way. A Japanese newspaper found more than 6,000 cases where public and private organizations exposed internal communications by using the default Google Groups privacy settings. Keeping the default settings allowed for public access to discussion threads rather than making them only accessible to pre-approved members. The newspaper found that hospitals and schools posted records on their patients and students and at least one political party exposed a list of its supporters. In fact, the newspaper itself admitted that its journalists made the same mistake, potentially revealing draft news reports and interview transcripts to the world. 
 
The Japanese government was also involved in this and admitted that officials accidently posted internal memos publicly simply because they used the wrong privacy settings for Google Groups online discussions. This included details on planned negotiations on an international mercury trade treaty along with discussions about this between Swiss and Norwegian environmental ministries. The Japanese environmental ministry’s spokesperson said that while the internal documents were not confidential, it has since taken corrective steps to protect its data. 
 
There have been cases in the past where, even if the cloud service provider has set its default settings to private, users seemingly inadvertently set them to public and exposed data. As a result, more than 12 thousand data buckets were uncovered and almost 2 thousand were visible to the public. The buckets included 126 billion files which included data from social networks, sales records, video game source code and unencrypted database backups. 
 
These cases show how easily sensitive data can be exposed simply by human error as opposed to  malicious attack. The fact that this error was so widespread is worrying and suggests that many simply assumed that their communications were private, rather than checking to see for themselves. Before using any communications tool, always check the privacy settings to ensure that everything is protected. 

Report: 94% of US hospitals suffered data breaches, and 45% had quintuplets

Competent healthcare providers are great at medical things.

Securing electronic devices or health records? Not so much, the Ponemon Institute finds.

Competent healthcare providers are great at medical things.

Securing electronic devices or health records? Not so much, the Ponemon Institute finds.

Monday review – the hot 18 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).