http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-01-22 03:07:06 - Chenxi Wang's Blog Cloud security : Microsoft today released an Out-Of-Band OOB security update, MS10-002 http wwwmicrosoftcom technet security bulletin MS10-002mspx , that addresses, among others, the IE vulnerability that was responsible for last week s Google hack This OOB security update addresses 8 vulnerabilities in total, and is considered a critical security update for Internet Explorer Microsoft recommends that IE users take immediate actions as a result of http://www.secuobs.com/revue/news/184282.shtmlhttp://www.secuobs.com/revue/news/184282.shtml Secuobs.com : 2010-01-21 23:17:33 - Chenxi Wang's Blog Cloud security - Google called me again after I posted the latest follow up to the Google hack story Wow, two calls from Google AR in the span of an hour They were uncomfortable about the way I characterized the involvement of the corporate VPN in the Google attack The official on-the-record word from Google is that This http://www.secuobs.com/revue/news/184221.shtmlhttp://www.secuobs.com/revue/news/184221.shtml Secuobs.com : 2010-01-21 21:56:08 - Chenxi Wang's Blog Cloud security - Google called me, five minutes ago, confirmed that the attacker indeed came in via the corporate VPN access On top of that, they told me that the victim machine was a corporate managed machine, not a home computer As to why Google employees were running IE v6, Google s position is that someone might be running IE http://www.secuobs.com/revue/news/184177.shtmlhttp://www.secuobs.com/revue/news/184177.shtml Secuobs.com : 2010-01-21 20:13:12 - Chenxi Wang's Blog Cloud security - By now, much has been written about last week s attack on Google, Yahoo, and more than 30 other companies Google s stark reaction to the attack has put the company at the forefront of this news story At stake is one of the world s largest Internet market as well as the already tenuous relationship between US http://www.secuobs.com/revue/news/184141.shtmlhttp://www.secuobs.com/revue/news/184141.shtml Secuobs.com : 2010-01-06 04:42:30 - Chenxi Wang's Blog Cloud security - On Thursday January 7th 1pm pacific, I will be moderating what promises to be an exciting panel Cloud computing A positive disruption to IT security with panelist Qualys CEO Philippe Courtot and Cisco s Chief Security Officer John Stewart See what Forrester, Cisco, and Qualys have to say about Cloud Computing and IT security, register at http wwwbusinesswirecom portal site home permalink ndmViewId news_view newsId 20100104005080 newsLang en http://www.secuobs.com/revue/news/178632.shtmlhttp://www.secuobs.com/revue/news/178632.shtml Secuobs.com : 2009-12-05 00:50:03 - Chenxi Wang's Blog Cloud security - I just did a Forrester webinar about the compliance risks of cloud computing with the title Cloudy with a chance of non-compliance I ll post more about the content in a bit, but here is how you can access the recording of the free webinar wwwforrestercom cloudsecuritywebinar Registration is required http://www.secuobs.com/revue/news/168806.shtmlhttp://www.secuobs.com/revue/news/168806.shtml Secuobs.com : 2009-12-01 04:27:56 - Chenxi Wang's Blog Cloud security - Barracuda, the networking appliance vendor headquartered in campbell, CA, announced today that they acquired Purewire, Inc, a web security services startup in Atlanta, in a cash stock deal I have to say this announcement came as somewhat a surprise to me Barracuda is a known networking appliance vendor, selling low-cost, on-premise network security appliances from firewalls to anti-spam http://www.secuobs.com/revue/news/167022.shtmlhttp://www.secuobs.com/revue/news/167022.shtml Secuobs.com : 2009-12-01 04:27:56 - Chenxi Wang's Blog Cloud security - Recently Forrester received a flurry of inquiries concerning social network access inside enterprises Many firms are reluctant to deny their employees access to social networking sites but in the same time worried about consequences such as malware threat, data loss, and the loss of productivity More specifically, risks associated with social networking come in three http://www.secuobs.com/revue/news/167021.shtmlhttp://www.secuobs.com/revue/news/167021.shtml Secuobs.com : 2009-11-24 12:54:33 - Chenxi Wang's Blog Cloud security - Since the publication of the last entry on cloud security, I received many emails from clients and colleagues who have an interest in this topic Because of the sensitive nature of the topic, they chose to email me rather than leaving a comment here I have synthesized and sanitized the feedback, and decided to publish the http://www.secuobs.com/revue/news/164495.shtmlhttp://www.secuobs.com/revue/news/164495.shtml Secuobs.com : 2009-11-18 20:23:32 - Chenxi Wang's Blog Cloud security - Today is the first day of dreamforce Due to a scheduling conflict, I am actually not attending, much to my dismay I m writing this post in flight to NYC, using WIFI on a united flight nice My colleagues who are in attendance told me that they are putting on a good show In any case, http://www.secuobs.com/revue/news/162646.shtmlhttp://www.secuobs.com/revue/news/162646.shtml Secuobs.com : 2009-11-18 20:23:32 - Chenxi Wang's Blog Cloud security - Cloud computing is the latest trend that has the industry abuzz Everywhere you go, there are cloud services for every functionality imaginable Many believe that cloud computing can deliver tremendous business and operational efficiencies There is even a movement at the national level Vivek Kundra, the country s recently named federal CIO, is being tasked to push the http://www.secuobs.com/revue/news/162645.shtmlhttp://www.secuobs.com/revue/news/162645.shtml Secuobs.com : 2009-11-04 02:28:43 - Chenxi Wang's Blog Cloud security - Cloud security service is hot, hot, hot My last blog post highlighted the acquisition of Purewire by Barracuda earlier this month Today, Cisco announced the intention to acquire Scansafe, another web security services company Cisco s entering this space shows that web security services are now on the radar screen of enterprises At Forrester we are seeing http://www.secuobs.com/revue/news/156957.shtmlhttp://www.secuobs.com/revue/news/156957.shtml Secuobs.com : 2009-11-04 02:28:43 - Chenxi Wang's Blog Cloud security - Researchers from MIT and UC San Diego recently demonstrated an attack against Amazon s EC2 where an attack virtual machine can launch attacks against a victim virtual machine that is located on the same physical server The paper describing this attack will be presented at ACM s cloud security workshop next week in Chicago This is an attack http://www.secuobs.com/revue/news/156956.shtmlhttp://www.secuobs.com/revue/news/156956.shtml