Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

Category Archives: Security

Netflix uncages Chaos Monkey DR tester

Netflix has released Chaos Monkey, which it uses internally to test the resiliency of its Amazon Web Services cloud computing architecture, making available for free one of the tools the video streaming company uses to keep its massive cloud computing architecture running.Chaos Monkey is a free download available from GitHub as of today. It works by randomly terminating instances of virtual machines in applications, simulating what would happen during a disaster event.

via Netflix uncages Chaos Monkey disaster testing system.

Cloud storage Terms of Service comparison: Avoid Google Drive | The Verge Forums

Chances are this will never be an issue, but the standard Google terms are particularly egregious in the context of personal cloud storage.

…. and, it seems to me, that one could never use Google Drive in a business context, since Google will have the right even to “publicly display” the information you upload.

via Cloud storage Terms of Service comparison: Avoid Google Drive | The Verge Forums.

IBM bans Siri

IBM has banned Apple’s Siri digital assistant–along with other apps and services–from its networks out of concern for security and privacy. Big Blue realizes the move to enable workers to bring their own devices to work offers both benefits and challenges.

Via CIO Insight

Malware poses updates: Why the FBI is warning travelers

Those “critical update” notices you get, especially while traveling, may not be what you think. Michael Kassner gets the low-down on this serious threat as well as the Evilgrade platform.

via Malware poses as software updates: Why the FBI is warning travelers | TechRepublic.

Blogger: “I fell for the oldest social engineering trick in the book”

I’ve written countless stories about social engineering, with security experts far and wide telling our readers never to open a link from someone we don’t know. We’ve also published advice about making sure a message from a friend is for real before opening. That didn’t stop me from falling for one of the oldest tricks in the book.

Go ahead and have a good laugh at my expense. I deserve it.

via I fell for the oldest social engineering trick in the book | CSO Blogs.

Study finds major flaws in single sign-on systems

The single sign-on protocols that allow users to sign in to a range of websites with their Google or Facebook accounts suffer from security flaws that could allow scammers to log in as somebody else, security researchers have reported.

via Study finds major flaws in single sign-on systems – Computerworld.

Attacked by Anonymous: How to defend

Organizations have to be ready to face possible DoS attacks. Here are some basic strategies that can be used to defend against an attack:

  • Configure your routers and firewalls to stop invalid IP addresses and filter out protocols that are not needed. Some firewalls and routers include features to prevent TCP/UDP floods. Also, make sure that logging is enabled in all your devices and that you can reliably examine them to identify attacks and if needed, turn them over to law enforcement authorities.
  • An intrusion-detection/prevention system (IDS/IPS) can detect the misuse of valid protocols as attack vectors. Depending on the products and your network configuration, it’s possible to automatically block the attack traffic.
  • Get help from your provider. This way, attack traffic can be blocked closer to its source before it can clog your organization’s bandwidth.
  • You should have an incident response plan in place and be ready to activate it. If an attack comes, everyone should know how to respond and who to contact both inside and outside the organization (law enforcement for instance).
  • Ensure that you have means of communicating with your users and/or customers. Be as honest and forthcoming as you can about the incident.

Read the rest at Attacked by Anonymous: How to defend against a denial-of-service | TechRepublic.

You practice safe computing, so why do you still see malware?

…just being connected to the internet and using email or doing some web browsing especially if you do image searches is likely to expose you to this darker side of computing. Second, a number of these pieces of malware point to people becoming exposed to not infected by malware by visiting trusted web sites…

There are a few things you can do to mitigate these risks on any computer:

Read more of this post

Google hacking 2011

An interview with Johnny Long, “regarded as a leading authority on Google hacking. Between his speaking engagements and returning to Uganda, Long found time to straighten out my misperceptions”.

via Google hacking: It’s all about the dorks | TechRepublic.

Microsoft falsely labels Chrome as malware

“Wow, that’s certainly one way to win the browser war,” said Andrew Storms, director of security operations at nCircle Security, over on Network World.

Google has released a new version of Chrome after Microsofts antivirus software flagged the browser as malware and removed it from about 3,000 peoples computers on Friday.

Microsoft apologized for the problem and updated its virus definition file to correct the false-positive problem, according to a post from Ryan Naraine at ZDNet.

“…perhaps Microsoft should have included Google, not just its customers, in its apology”.

via Microsoft falsely labels Chrome as malware | Security – CNET News.