"iBrute" questions iCloud Security

Even Apple a heretofore breech-less vendor has recently been found responsible for a security breach. It appears that on Sunday August 31, 2014 a number of photos were taken from Apple iCloud.  The vulnerability created the exposure known as “iBrute” and allowed access to the compromising photos, rather than locking the iCloud entry way after numerous attempts left it open.
The vulnerability has been closed by Apple which after five missed attempts has now locked the entry way preventing any further attempts.
There apparently is a python based script, (which was available at GitHub) allowed the would-be attacker  to brute force their way into the “Find My iPhone” service.  The Find My iPhone” service did not lock the gateway after repeated attempts to guess the users password.
The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password had been matched, the attacker can then use it to access other iCloud functions freely.
Although the Apple breach is the most recent Cloud breach, there have been many others. In April 2011 E-mail services firm Epsilon had a cloud based breach which cost them up to $225 million in total costs as a result of its data breach, a massive event that indicated the often overlooked risk of cloud-based computing systems. In early April Epsilon, the world’s largest permission-based email marketing services company that serves over 40 billion emails annually reported a breach in its security.
Also in 2011 Amazon experienced a disruption to its services to popular sites like Foursquare and Quora. It is another example of a cloud failure that could prove extremely costly in the long run – and a hint of more troubles on the horizon.
With the transition of more and more services to the cloud, it’s imperative that your company secure its cloud infrastructure. There is no one, “right” way to do so. Consult with business experts to ensure that your data is being secured and a sensitive breech like this does not happen to you.
The average cost to a company of a large scale security breech is $3.5 million. If your company is a mid-market size organization, this cost is enough to shut down operations completely. And more and more, hackers are targeting mid-market companies purely because they are aware of the lack of intense focus on cloud security.
Contact your IT experts before this cripples your business entirely. Anytime your company is handling sensitive personal data, whether it’s social security numbers or credit card numbers, it’s imperative that you have a safe security space. Because as you can see, if even the behemoth companies are susceptible, why would your company be any different?
If you have questions about your security infrastructure, contact [email protected] for a consultation. Your first conversation is a free discovery call to assess what your needs may be.
Image Provided by Flickr: dekuwa  https://www.flickr.com/photos/dekuwa/
Statistics provided by: Ponemon Institute

WNY CIO Summit: Register Today!

WNY CIO Summit – Enterprise Data Breach
When: Wednesday, February 12, 2014, 8:00 a.m.
Where: University at Buffalo – Center For Tomorrow
Register Now

How much could an enterprise data breach cost you? Are you prepared to handle the repercussions, potential lawsuits and class action suits that may be included in the fall out?
Join TxMQ selected WNY area CIO’s for a candid conversation about how how you can protect your business from an Enterprise Data Breach.
Have questions about CIO Summit: Enterprise Data Breach? Contact Tom Grimm – TxMQ, Inc

IBM discusses DB2 for z/OS security best practices

Security is a main issue for companies and there’s no such thing as too much of it. DB2 for z/OS just released version 10 and it’s one of the most exciting releases in 20 years.
Roger Larson, DB2 for z/OS Technical Evangelist at IBM states that for some situations your basic security is adequate. However, in other instances, you’ll need the absolute best security practices offered.
The tools IBM offer range from very tight system controls to fairly basic techniques applicable even with public information on the web. There are choices when it comes to security and understanding your options is very important.
IBM proposes that enterprises that want to succeed in such a challenging business climate focus on four key areas to ensure that their information infrastructure can support the business goals.
Those key areas include:
– Information availability
– Information security
– Information retention
– Information compliance
IBM information infrastructure will help businesses get the right information to the right people when they need it in a safe and secure manner.
DB2 for z/OS has a very solid reputation for world class security and world class business resiliency, and they have been building stronger encryption solutions on an ongoing basis.
Read more about IBM’s security techniques here.