July 2, 2012 at 11:20 am
Brandie Tarvin (7/2/2012)
Chad Crawford (7/2/2012)
Brandie Tarvin (7/2/2012)
Ouch!Is this another reason not to use cloud technology?
http://redmondmag.com/articles/2012/06/20/malware-targeting-banking.aspx
http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf
Help me out - I recognize that security is a concern when hardware is remote, but I didn't see anything in the article that would be different in a cloud vs. traditional infrastructure. What did I miss about the obviously obvious connection?
Because it's all happening in the cloud, user interaction is not needed by the hackers. They can automate the whole thing and not be as traceable. Not to mention the fact that with cloud data they can get that whole transaction poisoning thing (altering amounts & balances) going on.
When the data is held down in a WAN / LAN "local" setup, there's a lot more accountability (hence more security) which requires a more manual touch on the systems.
At least, that seemed to be the point in the documentation I read. I am not enough of a security expert to dispute this claim:
Article (first link)
...malware that uses automation in its operation would not be possible without the spread of cloud-based technology.
The problem isn't users in the cloud, the problem is malware in the cloud. The fraud isn't made possible because of users or banks using cloud-based tech, it's possible because of criminals using cloud-based tech.
Not using the cloud because of this would be like avoiding cars, because bank-robbers often make their getaway in a car. Hence, it's not safe for you to drive. See the disconnect there? Same disconnect here.
You can't prevent this kind of thing by avoiding the cloud. You prevent it by not falling for phishing e-mails, and not ending up with DNS poisoning. Avoid those two things, and you should be fine.
But ask yourself, do you know how to prevent DNS poisoning? Very few do.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
July 2, 2012 at 11:27 am
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.
I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 2, 2012 at 11:29 am
GSquared (7/2/2012)
But ask yourself, do you know how to prevent DNS poisoning? Very few do.
Darnit, Gus, will you stop making me look things up!
I was a happy ignorant soul merrily minding my own business (which is to know absolute nothing of worth) and now you have me scurrying about to actually ... learn stuff.
<shudder>
My reputation will never be the same again.
July 2, 2012 at 11:32 am
Jeff Moden (7/2/2012)
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
A friend of mine was unable to check in his code for days because his company kept it in "the cloud" and when Amazon services went down because of the loss of power in DC, their code repository went with it. He and his company are based in NYC, but thanks to a power outage hundreds of miles away, he couldn't check in, test or do much of anything.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
July 2, 2012 at 11:32 am
Jeff Moden (7/2/2012)
I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
That is pretty much my feeling.
It's one thing if my employer (for example) creates a corporate wide cloud and puts all its stuff there. Then we IT people know we're responsible for this, even though it's floating above us.
But to go to an outside source, who may have contracts stating they are responsible, and trusting them with my data, my security, and the idea that they will be there (with my data intact) when the sun rises tomorrow morning?
Yeah. Not confident enough yet in the technology to go there. Maybe once it's matured a little and people have figured out how to tell the fly-by-night-golddiggers from the solid-always-be-there-companies, it'll be a different story.
July 2, 2012 at 11:33 am
Stefan Krzywicki (7/2/2012)
Jeff Moden (7/2/2012)
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
A friend of mine was unable to check in his code for days because his company kept it in "the cloud" and when Amazon services went down because of the loss of power in DC, their code repository went with it. He and his company are based in NYC, but thanks to a power outage hundreds of miles away, he couldn't check in, test or do much of anything.
One day, we will all be on the matrix (Shadowrun style) and technomancers will make a mint from people like us.
July 2, 2012 at 11:35 am
Jeff Moden (7/2/2012)
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
Do you happen to know the operators at your closest power plant? Sewage treatment facility? Air traffic control tower? Your local emergency room trauma surgeons? Every local EMT? Those are people who are much more likely to be dangerous to you than the driver of a car you happen to be in. At some point, you have to trust your fellow human beings, or go all Ted Kazynski (or however you spell his name), and live in a 6' (2m) cabin deep in the woods. And even he trusted people at the local post office, enough to entrust his packages to them.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
July 2, 2012 at 11:53 am
Brandie Tarvin (7/2/2012)
Stefan Krzywicki (7/2/2012)
Jeff Moden (7/2/2012)
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
A friend of mine was unable to check in his code for days because his company kept it in "the cloud" and when Amazon services went down because of the loss of power in DC, their code repository went with it. He and his company are based in NYC, but thanks to a power outage hundreds of miles away, he couldn't check in, test or do much of anything.
One day, we will all be on the matrix (Shadowrun style) and technomancers will make a mint from people like us.
That or we'll have to continue to do the dreaded "learning of stuff" and become the technomancers.
I'm dealing with an Oracle database that is "in the cloud" and the throughput is so slow it drives me mad. Don't know if it is Oracle to SQL that is the problem or if it is our connection, but either way it seems a bad idea.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
July 2, 2012 at 3:08 pm
Chad Crawford (7/2/2012)
I guess I don't see how the cloud facilitates automation. I would think that whatever you automate in the cloud could have been automated non-cloud as well.
You can do the same thing outside the cloud as in, or most of it. Azure has some unreleased stuff, but I think you could duplicate everything AWS has.
However because you can't have a guy sitting there running installs of Windows in the cloud, it does pressure you to use more automation. It also builds better habits, since you have to expect a particular host to go bye-bye at any time. So any restarts/rebuilds of the machine need to be automated.
July 2, 2012 at 3:11 pm
Jeff Moden (7/2/2012)
To continue the analogy, this is why I don't like to be a passenger in a car. There's no control over what's happening. You have to trust the driver which isn't something I do well.I have the same ill feelings towards the cloud. I don't know who the driver really is or whether or not they even know which side of the road to drive on when it comes to security, etc.
I'm not sure I think this is a fair analogy. I think it's more like you have a leased car, where they force you to do maintenance or change cars when they want that one back. You can't do a lot of the stuff you might do with your car. It's not yours, they handle maintenance, etc.
July 2, 2012 at 3:13 pm
Stefan Krzywicki (7/2/2012)
A friend of mine was unable to check in his code for days because his company kept it in "the cloud" and when Amazon services went down because of the loss of power in DC, their code repository went with it. He and his company are based in NYC, but thanks to a power outage hundreds of miles away, he couldn't check in, test or do much of anything.
Crappy design by him. Use a distributed VCS so that you can continue to work when service goes down.
I've had the same thing happen in companies when the VCS server went down. Whether it comes back quicker than the cloud depends on what happened, the quality of your sysadmin, and how quickly it gets prioritized. The AWS outage wasn't worse than I've seen in a few companies.
July 3, 2012 at 5:28 am
You know it's going to be a bad day when you mix up the order of your HAVING and GROUP BY statements and spend 10 minutes trying to figure out why SSMS is complaining about a syntax error that you can't find.
<headdesk>
Anyone got a fresh brain I could borrow? I promise to return it with only a slight bit of wear.
July 3, 2012 at 6:14 am
Brandie Tarvin (7/3/2012)
Anyone got a fresh brain I could borrow? I promise to return it with only a slight bit of wear.
Sure. Will you finish off my article and config review for me?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
July 3, 2012 at 7:19 am
Steve Jones - SSC Editor (7/2/2012)
Stefan Krzywicki (7/2/2012)
A friend of mine was unable to check in his code for days because his company kept it in "the cloud" and when Amazon services went down because of the loss of power in DC, their code repository went with it. He and his company are based in NYC, but thanks to a power outage hundreds of miles away, he couldn't check in, test or do much of anything.
Crappy design by him. Use a distributed VCS so that you can continue to work when service goes down.
I've had the same thing happen in companies when the VCS server went down. Whether it comes back quicker than the cloud depends on what happened, the quality of your sysadmin, and how quickly it gets prioritized. The AWS outage wasn't worse than I've seen in a few companies.
Not his design, it is what the company decided on.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
Viewing 15 posts - 36,751 through 36,765 (of 66,815 total)
You must be logged in to reply to this topic. Login to reply