IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cloud-computing]

Cloud computing is about hardware-based services involving computing, network and storage capacities. These services are provided on-demand, hosted by the cloud provider and can easily scale up and down.

306 questions
10
votes
5 answers

Can secrets be made safe in memory?

Say, I am running an application on a cloud server such as AWS. Suppose I supply a key at run-time (so its not stored anywhere alongside/inside code), is there a way to secure this key in memory? So if an attacker gets access to the remote server at…
Jus12
  • 1,315
  • 2
  • 11
  • 16
10
votes
2 answers

Cloud-specific standards and regulations

Not specific to any particular industry or requirements, but in general - are there currently commonly accepted standards regarding cloud-based applications? I* am developing a system that will be deployed in the "cloud" (i.e. hosted by an…
AviD
  • 72,138
  • 22
  • 136
  • 218
10
votes
1 answer

Benefits of cloud based full disk encryption

Microsoft announced in May that it supported full disk encryption for VMs. They have recently merged a github branch into the Azure Powershell tools to enable this. The basic theory is that you store encryption keys in an Azure Key Vault HSM, point…
Michael B
  • 436
  • 4
  • 13
9
votes
7 answers

GPU powered Password cracking machine - buy metal or cloud?

As a IS consulting firm, we would like to have our very own password cracking machine. Great. Now, after some sketching and brain storming we concluded that GPU is the best way to go (contrary to CPU or rainbow tables). And the questions that we…
dalimama
  • 1,065
  • 1
  • 11
  • 21
9
votes
2 answers

can I trust Boxcryptor closed source software? Encryption of files for cloud hoster

Boxcryptor https://www.boxcryptor.com is not Open Source. Can I trust this? Is it secure? No government backdoor? Because there is no alternative for OS X and iOS.
Sybil
  • 1,435
  • 2
  • 15
  • 29
9
votes
1 answer

How to operate a honeypot in the cloud?

Just finished reading "Honeypot on home network to help me learn", and the top-voted/selected answer that suggest deploying a honeypot to the cloud, but the answer does not say how to do it; also, read all the other answers too, and none appear to…
blunders
  • 5,052
  • 4
  • 28
  • 45
9
votes
4 answers

What Partial Homomorphic Encryption implementations exist and how do I leverage them?

It appears that only Partial Homomorphic Encryption(P.H.E.) is practical for modern day (2011) use. However I'm having difficulty locating libraries (FOSS or otherwise) that enable me to leverage this technology. El Gamal is an example of an…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
1 answer

How do I learn Cryptographic/Mathematical notation

I asked a question earlier where it was recommended that I describe my issue using standard cryptography notation. How do I learn this notation and how to convey my approach? How can I annotate this notation to indicate implementation specific…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
3 answers

Can cloud based password managing services be trusted?

I'm a big time user of cloud based password managing services like LastPass. But in the light of recent revelations like various government backdoors in popular sites, programs like prism, etc. I'm beginning to wonder if services like Lastpass can…
irenicus09
  • 233
  • 2
  • 5
9
votes
2 answers

Storing password in Java application

What is best secure way to store passwords in Java web application? I am not talking about password to the DB, so it must be stored in de-cryptable way. It’s cloud environment and I need to protect DB credentials even if my VM with web application…
AaronS
  • 2,575
  • 5
  • 22
  • 26
9
votes
1 answer

What does Spectre mean for public cloud computing?

From a tweetstorm by security journalist Nicole Perlroth: The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon/Google/Microsoft cloud server and steals data from other customers renting space on that same…
Anders
  • 64,406
  • 24
  • 178
  • 215
8
votes
3 answers

Is SpiderOak truly “zero-knowledge”?

I've recently changed SpiderOak password on computer A. Because I have SpiderOak installed on computer B as well, I thought I will have to update the password on it so the application can connect to the server. I was quite surprised when I found out…
Viridis
  • 83
  • 1
  • 3
8
votes
2 answers

Security of Microsoft OneDrive

A friend asked about putting some of his data on Microsoft's OneDrive. I did some research, and what I learned seems very surprising. It appears that all the user data on MS OneDrive is store completely unencrypted (it is only temporarily encrypted…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
8
votes
7 answers

Is this set-up PCI-Compliant?

Question: Is there a way to store credit card information on a shared hosting server AND be PCI compliant? Here is the setup: 1) SSL is being implemented for the whole checkout process and for the client's site's admin section. 2) The credit card…
user1750
  • 183
  • 3
8
votes
1 answer

What is the best practice for storing a secret on the cloud?

This post on Securing Java Application Data for Cloud Computing offers a good introduction to using a Java KeyStore for securing encrypted data in the cloud. It neglects, however, to answer the fundamental question, as noted in one of the comments:…
Richard
  • 181
  • 1
  • 2
1 2
3
20 21