Natasha Hellberg, Senior Threat Researcher FTR With assistance from William Gamazo Sanchez, DSLabs Within the last few days a new player has been introduced into the distribute denial of service (DDoS) amplification attack world and with it brings the potential for much larger DDoS attacks than what we have seen in the past. While most…Read More
This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud.
This case raises some very important new questions around ambient clouds.
Cloud Security Alliance Congress 2010 Summary – Part 4 of 4 The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days. For those who were not in attendance at…Read More
As I read different blogs, IT industry analysts and media, I see contradictions galore. Some articles position cloud computing as more secure (like this one) while other journalists highlight new security challenges (here, here, here and here). The concept of the cloud is still emerging and fallacies around cloud computing abound. Below are the five…Read More
2009 has been a notable year for malware and malicious online activity for a number of reasons and several of them relate to what is known as botnets. A zombie, or a bot, is a PC infected by malware that brings it under the remote control of a criminal. Criminals run networks that can range…Read More
Recently, there have been some high profile failures of cloud computing, including the Sidekick outage, the DDos attack on Amazon’s EC2 and disruption to Google’s hosted email. Following these debacles, some people have expressed scepticism about the cloud computing model. For example, a response to a CNET article was: “Putting all your beans in a…Read More
Trend Micro has been talking to many data center security folks and Infrastructure-as-a-Service (IaaS) providers to understand the dynamics of cloud security. Something that strikes me is their frequent (mis)perception that the Infrastructure-as-a-Service provider will take care of security in the public cloud. IaaS providers are doing a decent job of baseline security (physical security,…Read More
Hypervisors bring new capabilities to us, but they also bring new computing risks. Understanding this new environment is important. As virtualization becomes mainstream, we need to find ways to identify risks and protect these new infrastructures. Hypervisors, while central to all virtualization methods, are a core risk area. Hypervisors are a “meta” operating system in…Read More