Cloud passwords, web site security and smartphones easily compromised by hacks
Concerns over cloud security could well be justified after researchers at the Black Hat data security briefings in Las Vegas showed they could unpick with relative ease the password reset systems used on Amazon’s EC2 and Microsoft’s Online Office services.
‘Password resetting and other security mechanisms in the cloud are always going to be a weak link’ said one industry insider, Andy Cordial, managing director at Origin Storage.
‘Secure cloud computing will definitely be the norm for most users in about 10 years time. Until then, encrypted local storage will meet user needs,’ he said.
Researchers have also cautioned industry about its reliance on Secure Socket Layer (SSL) certificates that are used to guarantee privacy on many commercial and e-commerce web sites.
Seemingly with some tweaks made to the URL, a hacker might be able to trick a browser into thinking that an unprotected site is secure and redirect the traffic to a bogus site to siphon off any personal information entered.
Reports filed by Associated Press said that experts maintain the Firefox browser is not susceptible to the problem, and that Microsoft is looking into the problem.
Meanwhile the Internet infrastructure services provider VeriSign Inc, which has issued more than 4 million SSL certificates since becoming a Certificate Authority in 1995, reckons its certificates are not vulnerable.
The security of the Apple iPhone also came under scrutiny of hackers at the event. After the ease with which iPhone passwords and encryption can be bypassed by hackers was revelaled in CBR reports last week, hackers went on to highlight another major glitch.
They showed how the iPhone’s software can be used to send attacks via SMS text messages.
Hackers pointed out a memory corruption bug that could be exploited by someone wanting to hijack the smartphone.