Compromise in the Cloud
Columbus, OH—The Central Ohio Information Systems Security Association (ISSA) welcomes computer science expert and Interhack Founder Matt Curtin to speak at the association’s monthly chapter meeting on April 18, 2012. Curtin presents Compromise in the Cloud, a case study in responding to compromise of financial data in the cloud.
An organization looking to gain scalability, without bearing the massive expense of running the entirety of its e-commerce environment on in-house data centers, outsourced to a cloud provider. The organization’s compliance officer noticed that their site had “offshore pharmacy” links to it and that following them in turn bounced to another site. Internal attempts to remediate did not last.
Expert analysis ultimately determined that the content management system used for the store had a vulnerability in it that had been exploited, allowing the attackers to achieve root access to the cloud provider’s systems underneath the application. The software used to compromise the system was made up of heavily obfuscated code to search for, stage, and deliver payment card numbers back to the attacker in Moscow. Root cause analysis ultimately identified mismatches between the expectations of the organization and the cloud provider about responsibility for software management.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security assessments, provide incident response programs and services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients nationwide. Additional information about Interhack is available at web.interhack.com.