Don't wash your hands! The famous hacker Kevin Mitnick talk about cloud security

Kevin Mitnick, one of the leading hackers and now a security advisor, describes his online life as a big game. "I am like the king of the mountains," said Mitnick, "and everyone wants to pull me off the throne." "To this end, he found a knight--cloud computing provider Firehost. (Kevin Mitnick = Kevin Mitnick)

The famous hacker, Kevin Mitnick, is now "out of the Wash".

It's easy to understand. Mitnick, one of the earliest notorious criminals, had "hacked" several important systems and spent five years in federal prisons. Now, as a bestselling author and a security advisor, he is trying to protect customer information, which is clearly quite different from his experience. So if someone knocks down the Mitnick (the system that breached their protection), then the meaning behind it is clearly beyond the event itself.

Ironically, Mitnick, once a cloud-safe skeptic, was eventually rescued by the cloud.

Who doesn't like freedom?

Before that, he used a less successful virtual host to curry favor with his girlfriend, but in many places it violated the rules. Because of his lack of administrative authority to enter the server, he could do nothing. But in 2009, a cloud supplier,--firehost, took the initiative to come to Mitnick and offered him a free hosting service on his website to help ward off the invasion.

Kevin Mitnick's business card is a real personality.

For the next three years, Mitnick's corporate web site has been running in Firehost's cloud. So far, he says everything is fine. For example, distributed Denial-of-service attacks-including earlier this week-proved to be just some harassment; one months ago some people placed a cross-site scripting vulnerability, but were already processed before it could be compromised.

Safety is always the first

Of course, Mitnick will not give opponents any opportunity. Even before the hosting service provider, he said: "I didn't leave anything of value (on the Web server), as in Firehost." Its web site is a dynamic page that is only used to contact email, (and also the point at which this vulnerability is placed), and to expose its server information as little as possible, such as only 80 ports. When he accesses his virtual server, he often uses VPNs to make changes through SSH.

Mitnick is also a user of Amazon EC2, but he is more cautious, perhaps because of cost awareness. Mitnick presided over a hacking demonstration on the EC2, but only for a short time before, during and after his speech. This helped him stay away from the attack.

For cloud computing security, Mitnick said: "If I run a business, I will choose to put the data locally and apply it to the cloud." "In his view, third party proprietary data and cloud service providers who cannot test and verify themselves are untrustworthy." Mitnick trusts Firehost and allows the latter to enter his resource pool. But for Amazon, he admits he hasn't done his homework, so he can't determine if his site is safe.

You've never heard of cloud security

It is not only Mitnick said that internationally renowned companies such as Johnson & Johnson,3m,farmers Ping and Johns Hopkins University are clients of Firehost. One big factor that firehost attracts them is its willingness to provide customers with the security, performance, and usability tests they need.

Firehost's location is different.

Firehost founder and CEO Chris Drake said: "Consumption patterns are not only technology but also humanities." Firehost does not have a salesperson, but when customers think they can get first-class security and performance-even when testing technical validation tests-and as easy to manage as EC2, ' the fish jumps on the boat '. ”

Technical security, Firehost is also operating various types of virtual HOA. But it will not rent out space to games, gambling and pornography sites. Because these sites tend to cause congestion and thus affect the virtual neighborhood, and repulsive. Of course, Firehost also lost some opportunities to make money easily.

Mitnick's Advice

Mitnick recommends all companies that are ready to adopt the cloud: Select the cloud vendor service they want to choose, and make sure their applications are secure. Recently, there is a cloud desktop service providers want to Mitnick to do the endorsement (to explain the safety of their products), but Mitnick insisted that the first Test in order to agree.

It's a less lucrative decision. Within 1 hours, he implemented virtual machine access in the virtual table name, and within 8 hours he got control and cracked multiple sets of passwords. "Unfortunately," Mitnick said, "It will take me more than a few hours to explain how I did it." "(Guo Shemei/compiling)

(Responsible editor: The good of the Legacy)