Cloud computing providers came under fire today from security experts who blamed them for giving cyber-criminals the tools to launch attacks more easily, efficiently and anonymously than ever before. Speaking at the fourth InfoSecurity Summit in Hong Kong on Tuesday, SC Leung - a senior consultant at the city-state's Computer …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 24th April 2012 19:24 GMT frank ly

Criminals are using the internet ?!

Pass a law against it, now!

3 0
1. Wednesday 25th April 2012 15:55 GMT Ken Hagan
  
  Re: Criminals are using the internet ?!
  
  And whilst you're at it, let's crack down on those wicked manufacturers who produce GPUs and FPGAs, and software vendors who provide the tools to use them.
  
  0 0
Tuesday 24th April 2012 21:30 GMT Anonymous Coward

Time to think different

FFS, this is not news. I've worked on alternative approaches since 2005, and the upshot is that it's more fun as well. The primary problem is that too strict processes kill off the creativity - you as a target become predictable, aka a sitting duck that can be repeatedly shot at. Case in point: anti-virus. The absolute first thing that happens with a zero day is that it is tested on virustotal.com.

At present, most people in IT security are either researchers, or glorified administrators. No surprises there..

0 0
Wednesday 25th April 2012 06:49 GMT Joe Montana

Yes, think different...

As someone else said, think different... The traditional corporate mentality just doesn't work, you become slow and cumbersome while the hackers are not so constrained.

Also cloud isn't the problem, buying services from amazon is not what hackers do anyway because it leaves a paper trail... Instead they will hack boxes, and some of them happen to be hosted at cloud providers. Hackers have always compromised boxes and used them to launch further attacks, the only "cloud" connection is that providers like amazon are prominent and fashionable enough that lots of people with no server management experience want to try it out, so they leave insecure boxes on the internet waiting to be hacked.

3 0
1. Wednesday 25th April 2012 07:28 GMT stanimir
  
  Re: Yes, think different...
  
  ...and that is exactly the case.
  
  No self-respecting hackers would buy a service leaving credit card number just so squeeze some CPU power.
  
  I'd say buying en masse cheap hardware and building your own cluster is easier than renting services. Virtually any brute force alike algorithm is embarrassingly parallel, hence it can run on commodity hardware connected via standard LAN.
  
  1 1
  1. Wednesday 25th April 2012 08:42 GMT g e
    
    Re: Yes, think different...
    
    Ah but they don't have the bandwidth of a hacked box in an ISP/datacentre, which is likely why they don't.
    
    0 1
  2. Wednesday 25th April 2012 12:46 GMT Anonymous Coward
    
    Re: Yes, think different...
    
    Eh?
    
    No self-respecting hackers would buy a service leaving credit card number just so squeeze some CPU power.
    
    Cybercrooks, i.e. those stealing money via stolen credit card & bank details, would almost certainly use a credit card in their own name...Riiiggghhhhhtttt.
    
    0 0
    1. Thursday 26th April 2012 10:43 GMT stanimir
      
      Re: Yes, think different...
      
      Cybercrooks, i.e. those stealing money via stolen credit card & bank details, would almost certainly use a credit card in their own name..
      
      Credit card blocked - service blocked, it's not a single time purchase. You need it running for extended period of time.
      
      0 0
Wednesday 25th April 2012 08:40 GMT g e

Whining about other people causing the problem

Is not a substitute for addressing it.

Otherwise I could do my whole damned job powered solely by email and righteous indignation and charge 4x the rate.

1 1
Thursday 26th April 2012 10:18 GMT Anonymous Coward

speed vs. liability

the developers who work in industry aren't any slower that those that write exploits, its just that those in industry have to worry about whether the 'fix' will break anything. the virus writer doesn't have to care. this doesn't mean that they don't, simply that they don't have to.

0 0