Security and cloud computing

Posted on February 25, 2009 by wunderbarb

RSA recently published a white paper entitled The role of Security in Trustworthy Cloud Computing. The document is extremely interesting.

It presents the different security challenges that enterprise will face when switching to public or even private cloud computing. With cloud computing, IT departments will loose control. This loss of control needs to be balanced by more trust and confidence in external providers (cloud infrastructure provider such as Amazon’s E2C, service provider in case of SaaS…).

For instance, the document some requirements for secure data

It will require
* Data isolation
* More granular data security
* Consistent data security
* Effective data classification
* Information Rights Management
* Governance and Compliance

We could argue that all these requirements already exist in the non cloud world. Nevertheless, they become MANDATORY in cloud computing! They will be more complex to implement and to monitor.

The document seems to lack one important threat. The insider threat was already a member of the cloud provider who illegally access private data. I believe there is another threat, another user of the cloud that attempts to access your data if isolation is not perfect.

There is already a rush towards cloud computing. But clearly, security of cloud computing is not yet mature. There is no integrated secure available solution.

Light sentence for French pirates

Posted on February 24, 2009 by wunderbarb

In February 2006, the French blockbuster “Les Bronzés 3” was released on P2P in DVD quality at the same time than the theatrical release. The audience still reached 10 millions of entries.

Unfortunately, forensics allowed to trace back the leakage. It incriminated three employees of French broadcaster (and the producer of the movie) TF1.

They were sued in court together with three persons, using pseudos Darkpingoo, H2o and Vb2n who posted the movie on Freenet, by the producers and some actors. They asked several millions € in damages. The main argument was that the sales of DVDs did not reach the million. Usually, such blockbuster is expected to reach 2 millions of sold DVDs.

The judge showed clemency. The infringers will have to pay 27,000€ in damages and have been given a one-month suspended prison sentence.

New look

Posted on February 23, 2009 by wunderbarb

Welcome to the new look & Feel of the blog. In fact, I changed the engine of the blog. I use now FlatPress. The reason is simple. simplePHPBlog was not anymore maintained and active for two years. FlatPress is active and some developers are even writing new plug ins.

The second reason to change the look and feel was to be more consistent with my personal site.

For a few weeks, there may be some minor adjustments. Do not hesitate to report to me some eventual bugs.

Security Newsletter #12

Posted on February 18, 2009 by wunderbarb

It is available. The topics are:

the news of the quarter
Latest attack on WPA
Attacks on Intel TXT
Attacks on BGP
Forging illegal certificated

Good reading

Veoh versus Universal Music Group (2)

Posted on February 18, 2009 by wunderbarb

Last month, a US court ruled that Veoh could not be sued by Universal Music Group (UMG) under DMCA safe harbor. This month, the same court ruled in favor of Veoh, more precisely in favor of its investors. In the Napster case, the investor Bertelsman was sued for copyright infringement. Thus, UMG attorneys expected to do the same to Veoh’s investors.

The Los Angeles judge, A. Howard Matz, reminded that Veoh was not (yet?) yet guilty. Thus, it was impossible to sue the investors for an infringement that is not qualified. In the case of Napster, Bertelsman continued to support Napster once it was condemned. This is not the case.

Some Venture Capitalists will feel better. In these hard time to find money to invest, this may be a good news for VCs. They may take some calculated risks when investing in the Grey area of copyright.

The story of Veoh versus UMG continues.

Security and its unforeseen consequences

Posted on February 10, 2009 by wunderbarb

First of all, view first this comic.
It is extremely true. How many times did we end up with such things? We may even apply it to AACS. In the right box, put we will let poor developers implement it.

Nevertheless, I would like to highlight another issue with security. Sometimes security as collateral damages. Modern high price cars have sophisticated anti theft system. It may have reduced the number of car theft. Nevertheless, it has also created a new type of crimes: carjacking. The best way to steal this type of car is to wait for his owner to arrive in front of his/her garage or entry door. While he/she waits, violently eject him/her and drive away with the car. These sophisticated anti-theft system have replaced non violent theft by a violent theft. Many car owners have been injured.

Lessons: security may have collateral effects. They need to be analyzed. One more trade-offs to play with.

IFPI report 2009

Posted on February 4, 2009 by wunderbarb

The annual report of IFPI is always interesting. The 2009 edition has just been released. Its title is exciting: New business models for a changing environment. This year, IFPI put the focus on the new ways to monetize musics. They highlight mainly three main trends:
– Music access, through a subscription, or a package people have free access to a catalog. Nokia offered such service. French ISP Neuf Cegetel runs such service since 2007. For no additional cost, they offer legitimate access to a catalog of nine music genres. For a monthly fee of 5€ (7US$), they provide legitimate access to all universal Music tracks.
– Ad supported services, the deal of mySpace music is important. UGC sites are the new distribution channels of music. Half the most popular streams on YouTube are copyrighted music videos.
– Games, branding and merchandising. The huge success of Guitar Hero is an example. The report provides some example of combined launching of games featuring band music and corresponding release of album.

Thus, music industry is clearly exploring new business models. They have to. DRM free music puts the pressure.

Of course, there is a section on piracy. This year teh focus is on the role of ISP to thwart piracy. France is showcased for its graduated response (known as HADOPI). Our friend Olivier BOMSEL is interviewed. Olivier was member of the French “commission Olivennes” that suggested the graduated response (and many other things)

Nice to read document

The blog of content protection

A site managed by Eric Diehl

Author Archives: wunderbarb