Tag Archives Cloud Security

On the 28th of April, Wikileaks released details for Scribbles, also known as “Snowden Stopper”. It is alleged to be the whistleblower tracking tool that was devised by the CIA. It could embed the web beacon tags to the confidential documents, thus allowing the government agency to look into foreign spies as well as whistleblowers. What is a web beacon?…

IDB is a tool to simplify some common tasks for iOS app security assessments and research. It is written in ruby with a Qt GUI front-end and should run on OS X and Linux (with some restrictions). The code is available under the MIT license on GitHub. Salient features Simplified pen-testing setup Setup port forwarding Certificate management iOS log viewer…

When one was hoping there is some sense of security in the cloud, here comes the Rowhammer exploit. Once successful, the Rowhammer attacks virtual machines and takes over complete control with existing encryption solutions unable to stop it. Rowhammer is a highly sophisticated exploit were one virtual machine on the cloud is able to steal the encryption key of another…

The updates provided by OpenSSL to fix the DROWN attack vulnerability as also seven other security holes with varying degrees of critical levels may have solved one problem but opened another one. One of the vulnerabilities marked as low priority by OpenSSL may actually blow a hole through Intel-Based cloud servers. The CacheBleed (CVE-2016-0702) vulnerability uses a simple side-channel attack…

The Hack: "Cyber security is a shared responsibility between the cloud provider and the enterprise," Jeff Margolies, principal of Deloitte's Cyber Risk Services, said. What this means is that a cloud security provider can on their own guarantee security or privacy of their data if the enterprise does not adopt security measures themselves. This is no different from depending on network…

Close