Jump to content


Photo

Cloud applications are very vulnerable


  • Please log in to reply
63 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 July 2012 - 11:09 AM

FYI...

Salesforce.com hit with second major outage in two weeks
Seven instances were affected at one time or another
- https://www.computer...ge_in_two_weeks
July 10, 2012 - "Salesforce.com suffered a significant service outage on Tuesday, less than two weeks after another serious set of system problems. The cloud-based CRM (customer relationship management) vendor's systems are divided into many instances around the world, each serving customers in different geographic regions. Seven instances went down at some time or another on Tuesday, starting with NA1, NA5 and NA6 in North America, according to a notice posted at 12:49 a.m. PDT on Salesforce.com's system status page*. Shortly thereafter, the CS0, CS1, CS3 and CS12 regions... Salesforce.com's Application Store also went down because it shares infrastructure with the NA6 instance, the site said in another update... It wasn't immediately clear what caused the problems... "power problems" had been detected and fixed, but the outages persisted. Some Salesforce.com customers may still be reeling from the last system outage, which occurred in late June. Those problems were caused by a fault in Salesforce.com's storage tier, the company said at the time."
* http://trust.salesfo...m/trust/status/

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 July 2012 - 04:01 PM

FYI...

Dropbox Users targeted by spammers
- https://krebsonsecur...-dropbox-users/
July 17, 2012 - "... trouble began earlier today, when users on the Dropbox support forums began complaining of suddenly receiving spam at email addresses they’d created specifically for use with Dropbox. Various users in Germany, the Netherlands and United Kingdom reported receiving junk email touting online gambling sites... At around 3 p.m. ET, the company’s service went down in a rare outage, blocking users from logging into and accessing their files and displaying an error message on dropbox.com*...
Update, 6:37 p.m. ET: Dropbox just issued the following statement about today’s events: 'We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can...'"
* http://status.dropbox.com/
Dropbox client running normally
Dropbox web running normally
... as of date/time of this post.

> https://krebsonsecur...pboxdropped.png

Email-Address leaked from Dropbox
> http://forums.dropbo...page=5&id=64367
17 July 2012 - "... junk mail to the email address registered to Dropbox..."

> http://www.geek.com/...ected-20120717/
July 17, 2012
> http://techcrunch.co...-leak-to-blame/
July 17, 2012 - "... Update 3, 6 PM ET: Dropbox says the downtime was unrelated..."
___

- http://h-online.com/-1646660
18 July 2012 - "... On the Dropbox forums, the company announced that it has asked its security team to investigate the incident, and has also called in outside experts*. At present, it has found no evidence of unauthorised access to Dropbox accounts, but this could change as the investigation moves forward..."
* http://forums.dropbo...110#post-455535

:ph34r: :scratchhead:

Edited by AplusWebMaster, 18 July 2012 - 08:40 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 07 August 2012 - 06:43 AM

FYI...

iCloud attack began with Amazon hack
- http://h-online.com/-1661646
7 August 2012 - "... Mat Honan has detailed how attackers broke into his iCloud account and remotely wiped his iPhone, iPad and MacBook. In an article in Wired*, Honan explains how the attackers used flaws in Amazon's and Apple's customer service lines to expose his iCloud password... Once the account had been breached, Honan notes that the password reset email messages from the services were quickly moved to the trash by the attackers and within forty minutes of the call to Apple they had reset his Twitter password, posted a claim to the hack on his Twitter account, deleted his Google account and sent wipe commands to Honan's iPhone, iPad and MacBook. He has since been contacted by the hackers who say they were only attempting to "grab" his three character Twitter id and that the account deletions and device wiping were collateral damage... Apple told the New York Times** that it made a mistake when resetting the password, and protocols were not completely followed in this case..."

* http://www.wired.com...an-hacking/all/

** http://bits.blogs.ny...an-itunes-hack/
___

- http://www.gfi.com/b...-computing-101/
August 9, 2012 - "... practical tips for users on how to keep their information safe online and in the cloud:
Back up information and files onto multiple hard drives and store them somewhere safe.
• Take advantage of two-factor authentication if this feature is available to your service provider.
Make data security a priority. Secure credentials with authentication devices and never reveal or share them with anyone..."

:grrr: :(

Edited by AplusWebMaster, 09 August 2012 - 08:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#54 john_m

john_m

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 27 August 2012 - 05:45 AM

In my opinion, all these issues might scare people but the core thing is that there is always some danger regardless whether it's cloud solution or not and people should not be scared of them. We could find loads of issues for non-cloud solutions too. But at the moment it is more trendy to write about "how bad cloud applications can be" so we are seeing so much articles and people talking negatively.
Cloud solutions are vulnerable. But what about non-cloud solutions? Are they not vulnerable? Of course they are... that's why I believe this topic might be a little bit misleading for some people. Personally I would name it "Cloud applications are vulnerable too" instead of "Cloud applications are very vulnerable". :)
When life gives You questions, Google has Answers. [No longer true, I know - no more questions, no more answers. :(]
I believe cloud applications are a way to heaven.
There are 10 types of people in the world: those who understand binary, and those who don't.

#55 mikey

mikey

    Advanced Member

  • Expert
  • PipPipPip
  • 104 posts

Posted 27 August 2012 - 09:20 AM

In my opinion, all these issues might scare people but the core thing is that there is always some danger regardless whether it's cloud solution or not and people should not be scared of them. We could find loads of issues for non-cloud solutions too. But at the moment it is more trendy to write about "how bad cloud applications can be" so we are seeing so much articles and people talking negatively.
Cloud solutions are vulnerable. But what about non-cloud solutions? Are they not vulnerable? Of course they are... that's why I believe this topic might be a little bit misleading for some people. Personally I would name it "Cloud applications are vulnerable too" instead of "Cloud applications are very vulnerable". :)


Agreed.

Hosting has always been about managing containers of some sort or another and there have always been lazy admin(the REAL problem). I personally manage several SaaS implementations just like any other provider of IT solutions today does.

Exploitation of ALL services exist and likely always will. Unfortunately, we will have to endure the hype that always follows the current buzz words of the day. Today, the buzz word is 'Cloud'.


EDIT:

BTW As a provider today, you have to love all the flexibilities available now.

Example Ref; http://www.softlayer.../privateclouds?

The hosting arena has forever been changed and folks had best come to terms with it or get left behind.


Edited by mikey, 31 August 2012 - 12:27 PM.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 October 2012 - 04:17 PM

FYI...

CloudStack - critical vulnerability
- http://h-online.com/-1726599
09 Oct 2012 - "Citrix and the Apache Software Foundation have alerted* users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. All versions downloaded from the cloudstack .org site will be vulnerable. CloudStack is also an incubating Apache project but there have been no official releases from Apache of that project. If users have taken the source from the Apache project, that software will be vulnerable. Details of the issue were disclosed on Sunday; it appears that the system had a configuration issue which meant that any use could execute arbitrary CloudStack API calls such as deleting all the VMs in the system. A workaround, detailed in the various announcements, involves logging into the MySQL database that backs the system and setting a random password on the cloud .user account. The Apache CloudStack code has been updated with a fix for the issue and it is believed that the issue should not affect any upcoming releases of the incubating Apache CloudStack project; version 4.0 has currently been frozen and a release candidate is expected soon."
* http://cloudstack.or...discovered.html
08 Oct 2012 - "A configuration vulnerability has been discovered in CloudStack that could allow a malicious user to execute arbitrary CloudStack API calls, such as deleting all VMs being managed by CloudStack... The issue does have a workaround that can be applied immediately... This is considered a critical vulnerability. You should take action to mitigate the issue immediately. Note that this can be mitigated with no downtime..."

:!: :!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 14 November 2012 - 04:36 PM

FYI...

Data in the Cloud: Safer, but more attractive to Attackers
- http://www.gtcyberse...reatsReport.pdf
Nov 14, 2012 - Georgia Tech Information Security Center report - PDF (Pg.3): "Consider data storage in the cloud. As security expertise is increasingly being located within cloud service providers, companies and their customers typically improve the overall security posture of their data. However, while improved virtualization infrastructure means that mass compromises are unlikely, the growing trove of data concentrated in these cloud storage services will attract attackers... In June, attackers compromised DDoS mitigation service CloudFlare by using flaws in AT&T’s voicemail service for its mobile users and in Google’s account-recovery service for its Gmail users. The attack — which aimed to get control over the site of one of CloudFlare’s customers — failed, but only because the company moved quickly when it discovered the incident... 'We will see more of these types of attacks, because a lot of interesting data is being hosted on [these] sites,' Kirda said. Google’s latest approach to two-factor authentication is a good hybrid method, he said. Using a recognized device and a password, a user logs in and authorizes applications on other devices. By providing a different password for each application-device combination, the service provides stronger, yet usable, security... (Pg.6) Cloud infrastructure is not just about data, however. The ability to stand up virtualized computers, if successfully exploited by attackers, can be used to quickly create botnets. Just as large collections of data in the cloud become a siren call to attackers, the ability to create vast computing resources will continue to convince cybercriminals to look for ways to co-opt the infrastructure to their own ends, said Yousef Khalidi, distinguished engineer with Microsoft’s Windows Azure group. “If I’m a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things,” Khalidi said. The most obvious exploit that could lead to the creation of malicious compute clouds is simple credit-card fraud. Most cybercriminals have access to thousands, if not millions, of stolen credit card numbers. Using the stolen accounts to buy cloud computing resources can be a quick way for attackers to create dangerous clusters of virtual systems..."

:blink: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 July 2013 - 10:13 AM

FYI...

Dropbox used by hacks to spread malware
- http://www.nbcnews.c...ware-6C10642402
July 15, 2013 - "... Comment Crew*, the same Chinese cyberespionage team thought to be behind the recent attack on The New York Times, has been using publicly shared Dropbox folders** to spread malware, reports... Cyber Squared. "The attackers have simply registered for a free Dropbox account, uploaded the malicious content and then publicly shared it with their targeted users," a Cyber Squared blog posting***  explained last week. For malicious hackers, Dropbox is an attractive malware distribution platform because it's widely used in the corporate environment and is unlikely to be blocked by IT security teams. In this way, Cyber Squared wrote, "the attackers could mask themselves behind the trusted Dropbox brand, increasing credibility and the likelihood of victim interaction with the malicious file from either personal or corporate Dropbox users"..."
* http://www.technewsd...er-reports.html

** http://www.technewsd...le-syncing.html

*** http://www.cybersqua...-cyber-attacks/
 

:ph34r: :ph34r: :grrr:


Edited by AplusWebMaster, 19 July 2013 - 10:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 January 2014 - 07:43 AM

FYI...

Malware in the cloud - 2014
- https://net-security...ews.php?id=2675
Jan 15, 2014 - "... malware distributors are rapidly and widely adopting cloud computing, either by buying services directly or by compromising legitimate domains. This trend is allowing distributors to quickly and cost-effectively develop sites and bring them online, as well as to avoid geographic blacklisting by hiding behind the reputations of major hosting providers such as Amazon, GoDaddy and Google... The cloud is allowing malware distributors to create, host and remove websites rapidly, and major hosting providers such as Amazon, GoDaddy and Google have made it economical for malicious actors to use their services to infect millions of computers and vast numbers of enterprise systems..."
___

IBM to spend $1.2 billion to expand cloud services
- http://www.reuters.c...EA0G05P20140117
Jan 16, 2014 - "IBM Corp said it will invest more than $1.2 billion to build up to 15 new data centers across five continents to expand its cloud services and reach new clients and markets. The new cloud centers will be in Washington D.C., Mexico City, Dallas, China, Hong Kong, London, Japan, India and Canada, with plans to expand in the Middle East and Africa in 2015... IBM said the global cloud market is estimated to grow to $200 billion by 2020... it will use web hosting technology from SoftLayer for the delivery of its cloud services..."
 

:ph34r: :grrr:


Edited by AplusWebMaster, 17 January 2014 - 07:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 May 2014 - 09:26 AM

FYI...

Creative Cloud crash - no cloud is too big to fail
Adobe's ID services went down for over 24 hours, leaving Creative Cloud users - and a great many others - locked out of their software and accounts
- http://www.infoworld...big-fail-242674
May 16, 2014 - "A problem with Adobe Creative Cloud locked users of Adobe's software out of their programs - and a good deal else on top of that - for more than 24 hours starting Wednesday night. According to a blog post by Adobe*, the failure "happened during database maintenance activity and affected services that require users to log in with an Adobe ID." This includes Adobe's Creative Cloud service, which provides cloud-hosted and -managed versions of Adobe's flagship software, such as Adobe Photoshop and Adobe Premiere... every other Adobe service that used Adobe's ID system was also affected... This isn't the first cloud-related black eye Adobe's suffered, either. Last year Adobe admitted to having 130 million passwords stolen from a backup system that was to have been decommissioned. Many Facebook accounts were also indirectly affected. Adobe's also received sharp criticism for aggressively shepherding its users into cloud subscription, pay-as-you-go plans for its software; in 2013 Adobe stopped selling standalone editions of the Creative Suite altogether... no cloud infrastructure is too big or too important to fail. Dropbox went down for 16 hours in January of 2013, and Google Drive experienced a similar 17-hour meltdown of its own in March. One estimate has put the cost of major-league cloud outages at some $71 million since 2007, but failures like Adobe's - where a single piece of failing infrastructure brings down multiple systems - have most likely driven that estimate far higher..."
* http://blogs.adobe.c...service-outage/
___

- http://www.theinquir...-an-application
May 19 2014 - "IBM HAS LAUNCHED a version of Openstack that can be downloaded directly from its Marketplace like any other application. IBM Cloudmanager with Openstack is based on IBM Cloudentry, and includes full access to Icehouse, the latest version of Openstack. As well as appearing in its own right, it can also be bought as part of a package along with the recently announced IBM Power Systems server range to form the extensively titled IBM Power Systems Solution Edition for Scale Out Cloud..."
 

:ph34r: :ph34r:  :(


Edited by AplusWebMaster, 19 May 2014 - 11:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 July 2014 - 06:14 PM

FYI...

Amazon cloud attackers install DDoS bots ...
Attackers are targeting Amazon EC2 instances with Elasticsearch 1.1.x installed
- https://www.computer...search_weakness
July 28, 2014 - "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Elasticsearch is an increasingly popular open-source search engine server developed in Java that allows applications to perform full-text search for various types of documents through a REST API (representational state transfer application programming interface). Because it has a distributed architecture that allows for multiple nodes, Elasticsearch is commonly used in cloud environments. It can be deployed on Amazon Elastic Compute Cloud (EC2), Microsoft Azure, Google Compute Engine and other cloud platforms. Versions 1.1.x of Elasticsearch have support for active scripting through API calls in their default configuration. This feature poses a security risk because it doesn't require authentication and the script code is -not- sandboxed. Security researchers reported earlier this year that attackers can exploit Elasticsearch's scripting capability to execute arbitrary code on the underlying server, the issue being tracked as CVE-2014-3120* in the Common Vulnerabilities and Exposures (CVE) database. Elasticsearch's developers haven't released a patch for the 1.1.x branch, but starting with version 1.2.0, released on May 22, dynamic scripting is disabled by default. Last week security researchers from Kaspersky Lab** found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused... Users of Elasticsearch 1.1.x should upgrade to a newer version and those who require the scripting functionality should follow the security recommendations made by the software's developers in a blog post*** on July 9."

* https://web.nvd.nist...d=CVE-2014-3120 - 6.8

- https://web.nvd.nist...d=CVE-2014-4326 - 7.5 (HIGH)

- http://www.elasticse...logstash-1-4-2/
Jun 24
Changelog for 1.4.2
- https://github.com/e...aster/CHANGELOG

** https://securelist.c...dos-and-profit/

*** http://www.elasticse...pting-security/

- https://www.found.no...h-elasticsearch

Insecure default in Elasticsearch enables remote code execution
- http://bouk.co/blog/elasticsearch-rce/
May 2014 - "... How to secure against this vulnerability..."
___

>> http://www.rapid7.co...script_mvel_rce
___

- http://atlas.arbor.n...ndex#-961013762
High Severity
31 Jul 2014
 

:ph34r:  :ph34r:


Edited by AplusWebMaster, 01 August 2014 - 08:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 August 2014 - 07:11 AM

FYI...

Azure cloud restored after major outage...
- http://www.theinquir...-a-major-outage
Aug 19 2014 - "Microsofts's Azure Cloud Service has encountered partial, and in some cases complete, outages around the world. Twitter users have reported Azure being slightly wobbly for the past few days, and then last night a number of outage reports were posted on the Azure service status webpage*..."
* https://azure.micros...status/#history

Also see: Sep/Oct 2014 history @ URL above.
___

- http://www.netskope....s-confidential/
Sep 17, 2014 - "84% of European IT and security practitioners report that they don’t believe their cloud service providers would notify them immediately if their intellectual property or business confidential information were breached. This finding is from our most recent report entitled “Data Breach: The Cloud Multiplier Effect in European Countries,” a collaboration with research firm the Ponemon Institute*. It highlights the profound lack of trust that European IT professionals have in the cloud, and the significant hurdle the industry must overcome for those professionals to get comfortable with the massive cloud adoption that is happening in enterprises across the region."
* http://www.ponemon.o...costly-incident

 

- http://www.netskope....tiplier-effect/

"... highlights from the report:
• Increasing use of cloud services can increase the probability of a $20 million data breach by as much as 3x
• 36 percent of business-critical applications are housed in the cloud, yet IT isn’t aware of nearly half of them
• 30 percent of business information is stored in the cloud, yet 35 percent of it isn’t visible to IT ..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 13 October 2014 - 03:48 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 October 2014 - 02:12 PM

FYI...

Dropbox glitch leaves some users with deleted files
- http://www.theinquir...h-deleted-files
Oct 13 2014 - "... a 'glitch' in some versions of the Dropbox app resulted in the deletion of files... The bug occurred when certain versions of the desktop sync app were shutdown prematurely by a program or system crash, and was limited to users of the selective sync feature where only certain folders are replicated on the desktop..."
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 May 2015 - 02:06 PM

FYI...

 

• The 'IoT' time bomb ...

- http://www.networkwo...-time-bomb.html

May 11, 2015 - "IBM’s Andy Thurai didn’t quite put the words into former RSA CTO Deepak Taneja’s mouth, but did prompt him by asking at the start of a TIE Startup Con panel in Cambridge, Mass., earlier this month whether Internet of Things security is a 'time bomb ready to explode'. Taneja responded that technology is advancing at a rate that’s -outstripping- enterprises’ ability to secure internal and -cloud- resources, and then along comes IoT in the form of all sorts of networked sensors and gadgets. 'Organizations aren’t spending that much on security. It’s increasing, but it’s not enough and IoT only makes it worse,’ he said. 'So it is a time bomb. Money will start being spent on IoT security once serious breaches occur...'" (-After- the fact.)

 

- http://www.theinquir...ce-attack-crazy

May 21 2015 - "... Akamai's regular report paints a detailed picture of the threat landscape. The view this year so far was blighted by the DoS attack to an even greater degree than during the previous quarter. The firm said that the number of such attacks increased by around a third during the period and by over 100 percent against the same period last year. The largest distributed DoS (DDoS) attack during the quarter peaked at 170Gbps. Attacks on Simple Service Discovery Protocol systems made up 20 percent of DoS attacks, mainly targeting Internet of Things devices..."

 

- http://blog.trendmic...a-is-it-anyway/

May 26, 2015 - "... All of these devices are generating one thing: data. The smartwatch is keeping track of my health data. The thermostat is keeping track of what’s going on inside my home. The cameras are keeping track of what they see and when they are turned on. A lot of this data is passed on to the providers of these services, which frequently say they are “free”... Service providers can – and already, are – using Big Data to provide 'improved services to their customers'. In a way, they already know you better than you know yourself. Who is in control of all this data? Is it us consumers, or is it the service providers? What happens to the data – is it used just to provide services to the customers, or is it also sold off to other third parties? Businesses may say as part of their terms of service that they won’t -sell- your information, but is that really the case? When the American retailer RadioShack went bankrupt, customers may have -thought- that their personal information would simply vanish into thin air, but that wasn’t the case. RadioShack is actually trying to -sell- this information... This includes your name, address (both physical and e-mail), phone number, and what items you bought. You may not feel this information is particularly secret, but few of us would be happy to see this info sold to the highest bidder. It’s a good thing that several states have expressed concern about this, as ordinary consumers deserve to have their information protected. Consider who could be interested in the data that your smart devices collect. Your health insurance would be very interested; imagine if they -charged- people who didn’t meet their daily steps goal higher premiums... What’s important is consent and opt-in. Users need to be in control of their data – who gets it, and what is it used for... The Internet of Things can be a venue for innovation and new possibilities, but it can also be used to break basic notions of privacy and confidentiality. Companies should endeavor to keep the interests of users in mind, otherwise... government regulations... used to protect consumers. This may have consequences that we cannot predict..."

 

>> https://en.wikipedia...Things#Security

11 Aug 2015

 

> https://en.wikipedia..._Things#History

11 Aug 2015

 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 August 2015 - 10:56 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button