Weekly Industry Round-up, Week of 4/12
Posted by hyperguard on April 16, 2010
Apache.org Hit by Targeted XSS Attack
The open-source Apache Software Foundation recently suffered a cross-site scripting (XSS) attack against its infrastructure—resulting in users’ passwords being compromised. The targeted attack allowed hackers to break into the server hosting Apache.org’s software and steal encrypted passwords. Hackers also launched a brute force attack and gained administrator privileges on an account, allowing them to browse and copy the file system. As we discussed last week, new types of XSS attacks are being discovered—this once again stresses the importance of using strong passwords and using a distributed web application firewall (dWAF) to protect applications from these attacks.
Cloud Security in the U.S.
A recent study by Symantec and the Ponemon Institute looks at the procedures, policies and tools that U.S. companies currently have in place to ensure data security in the cloud. It found that only 27 percent of respondents had any procedures in place for approving cloud applications that use sensitive information. Check out the full report here.
Virtualization and cloud security modeled on NAC
Andreas M. Antonopoulos discusses how virtualization and cloud computing have impacted the security industry and that network access control (NAC) can help coordinate cloud security. According to Andreas, NAC can not only show us a good architectural approach to virtualization and cloud security, but the resulting technologies can be applied directly at the heart of data centers.
OWASP Top 10 List Revised
In this podcast, Rob Westervelt speaks with Jeff Williams, a co-author of the OWASP Top 10 List. Jeff explains some of the changes incorporated into the latest version due out next week. This is the first time the list has been updated in 3 years.