Elastic Vulnerability Assessment (EVA) Credentials for AWS EC2 and VPC
One of the major obstacles to Elastic Detector adoption is the step where infrastructure API credentials are asked. Security guys do not easily give their keys to strangers. We fully understand that,...
View ArticleHow to detect side-channel attacks in cloud infrastructures
Cloud Computing is a disruptive technology which brought enormous benefits. However, even if the benefits are countless, there are several security challenges, such as elasticity and multi-tenancy,...
View ArticleArticle on PenTest Magazine
Hi there, we are proud to announce that PenTest Magazine published our article titled “Detecting attacks and threats in elastic cloud infrastructures: the case of side-channel attacks”. You can...
View ArticleApplications of ZMap: weak keys and HTTPS ecosystem
Hi there, in the previous post on ZMap we gave an overview on this new tool for high speed Internet scanning. In this post we will go into detail by showing remarkable findings and results achieved...
View ArticleClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Hi there, in this post I will have the pleasure to introduce our proposed solution for secure block-level deduplication. We presented this work at IEEE CloudCom 2013 (here you can find the slides)....
View ArticleBackup, Deduplication and Encryption: it’s now possible with ClouDedup
Hi there, in my previous post I presented ClouDedup, our solution for deduplication over encrypted data. I’m now gonna talk about how ClouDedup can be successfully deployed in order to address a very...
View ArticleInteresting stuff from CyberTech 2014
Hi there, a couple of weeks ago I’ve attended CyberTech 2014, one of the most exciting industrial conferences for security experts. If you have read this blog before, you probably know that I’m pretty...
View ArticleHow to outsource your data to the Cloud without losing confidentiality and...
Hi there, recently, data leaks and various security incidents have been constantly part of daily news and scandals. From an end-user point of view, it looks like storing confidential data in the cloud...
View ArticleDocker: Best Security Practices
Hi there, let’s start by saying that Docker is great, for many reasons. To mention one, the possibility of using a simple and lightweight tool to manage and deploy apps during all phases of their...
View ArticleA deeper look at Whatsapp End-to-end Encryption
Hi all, a few days ago Whatsapp announced that end-to-end encryption is finally available on iOS and Android (only if you have the latest version of Whatsapp installed). That’s great news! It’s worth...
View Article