ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
"The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com."
Standard stuff -- why sweat over trying to brreak in through the front door when there is always someone leaving a window open somewhere for you. 'I only had a fag in the bathroom -I was sure I shut the window'.
I really hope they don't make machines to behave like humans -- we're buggered if they do.
Then it's not your data.
In this case it seams to be use the cloud and kiss any policies you have set for your companies computers good by.
Any sensible admin would have set up the corporate network to have blocked this users laptop from connecting due to the expired virus scanner. How are you supposed to do the same for your cloud service?
>How are you supposed to do the same for your cloud service?
In some cases SaaS can be treated like an internal service so users have to go through your security checks; although not all SaaS providers will limit access to your user accounts to connections via your IP-sec connection.
The real challenge is where companies (typically smaller businesses) have swallowed the cloud model and permit full direct access to SaaS from uncontrolled client systems. So whilst this isn't strictly an exploit of a Salesforce.com vulnerability, it is an exploit of Salesforce.com and other SaaS providers current approach to access security.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
