Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016)

While the evolution of ARPANET, to Ethernet and then to Internet happened, enterprises were discovering new ways to compute from mainframes to multi-tier computing. During the early stages of enterprise computing, enterprises were purchasing hardware and software to host internally. Though not in the form that we see today, enterprises had an early version of cloud in the form of networked mainframe systems with dumb terminals. They then slowly began to outsource their information systems to Internet Service Providers (ISPs) and Application Service Providers (ASPs).

The concept of using computing, as a utility was probably first proposed by Professor Noah Prywes of the University of Pennsylvania in the Fall of 1994 at a talk at Bell Labs. “All they need is just to plug in their terminals so that they receive IT services as a utility. They would pay anything to get rid of the headaches and costs of operating their own machines, upgrading software, and what not.” (Faynberg, Lu, & Skuler, 2016). It came to fruition when Amazon launched its limited beta test of Elastic Cloud Compute Cloud (EC2) in 2006. Meanwhile, has already mastered how to deliver an enterprise application using a simple website. Continue reading “Cloud Computing and Data Security”

Microsoft warns of new zero-day hole

According to Microsoft Security Advisory – 973472, a zero-day hole in Office Web Components ActiveX Controls could allow an attacker to execute malicious code remotely. This happens on Internet Explorer that has the ActiveX Control enabled.

The ActiveX is used to display and publish spreadsheets, charts and databases to websites. There is no patch yet issued for this hole. However, Microsoft recommends certain manual steps to prevent the attack.

Microsoft recommends defaults settings of IE in Windows Server 2003 and Windows Server 2008 as it will prevent the an IE user on such servers from downloading such malicious contents.

Users of Microsoft Outlook and Outlook Express are safe if they are operated in the Restricted Sites Zone.

The web based attacked is not possible unless an IE user is forced to use a website infected with the malicious content. So beware of spams and phishing emails.

Once compromised, the IE user machine provides local admin rights to the remote attacker. Users with few local admin rights on the computer will have low impact.