Lessons in cloud security learned from a data breach
Welcome to Cyber Security Today. It’s Monday July 27th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Unlike my usual podcast of news highlights, today’s program is aimed at IT professionals and one of their stickiest problems: Security of applications and data stored in the cloud. For those of you who don’t know, a cloud application is one hosted not on a company’s internal servers but by an outside company like Microsoft, IBM or Amazon. Cloud storage saves money for organizations. But it can increase the risk of applications being hacked over the Internet unless IT administrators keep a close eye on things. Unfortunately slip-ups in storage configuration can allow hackers into a system.
That’s what happened earlier this month to a company called Twilio. You may not have heard of Twilio, but many of you use its capabilities. Companies buy its products to add voice and text capabilities to their applications. For example, Airbnb uses Twilio to automate text messages to confirm room or home reservations. Netflix, Twitter, Uber and Shopify are among the customers. So if someone can get into Twilio servers, they can access the apps of a lot of companies.
Last week Twilio admitted that’s what happened. On July 19th its system sent an alert that someone had modified the code that customers download from an Amazon S3 storage server. The result was that for 24 hours organizations could have downloaded bad code onto their systems. It appears the hacker wanted to force malicious ads to appear on people’s browsers.
Twilio quickly fixed the problem, but there are a couple of things that came to light on investigation after the incident. First, it took eight hours between the time the hacker changed Twilio’s code and the company was alerted. Second, the reason the hacker could modify the Twilio code was someone had made a configuration mistake in setting up the Amazon storage. For those of you with technical knowledge, it allowed the hacker to read and write to the application. But Twilio should have limited people who had access to only read the code. That mistake was made five years ago and had gone undetected until now. Twilio has now restricted direct access to its Amazon storage and improved IT monitoring to faster detect any unsafe code changes.
Configuration mistakes in protecting data stored in the cloud by IT staff or other employees is a common security problem. In preparing this podcast I interviewed Casey Kraus, president of a cloud security company called Senserva. He noted that one research firm estimates that 99 per cent of security problems in the cloud are caused by human errors including misconfigurations and improper access. Organizations have to double-check who has access to important data, he said. They also have to ensure configuration changes don’t reduce security and increase risk.
By the way Twilio doesn’t think it was targeted. It believes this incident was part of a series of attacks by a gang looking for weak access controls for poorly-secured data stored on Amazon S3 buckets.
That’s it for Cyber Security Today. Links to details about this story can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.
Related Download 
Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now
A Calgary woman who abused her sick, 77-year-old father was “overwhelmed” at the task of caring for him, a judge heard Wednesday at a sentencing hearing.
In January, Tara Picard, 52, pleaded guilty to charges of assault and failing to provide the necessaries of life after her father (whom CBC News is not naming) was found injured on a basement floor, where he’d been lying for two days.
On Wednesday, prosecutor Donna Spaner and defence lawyer Shaun Leochko asked the judge to allow Picard to serve her sentence in the community under conditions as part of a conditional sentence order.
Justice Indra Maharaj agreed to a two-year conditional sentence for Picard followed by a year of probation.
“There is no doubt she became overwhelmed,” said Spaner in her submissions. “There is no question Ms. Picard has remorse.”
Leochko told the judge that caring for her father “was really more than [Picard] could handle.”
Maharaj heard that Picard is Indigenous and was the victim of abuse growing up. She lives in a sober dorm-style facility and is working with a mental health and addictions navigator, according to Leochko.
As part of the sentence, Picard must complete 300 hours of community service.
Justice Maharaj commended Picard for “taking that on.”
“That shows me Ms. Picard sincerely does recognize what has happened here,” said the judge.
“What I interpret from that is Ms. Picard’s willingness to give back to her community.”
During Picard’s plea, court heard that in November 2021, Picard and her father fought over his drinking.
The victim suffers from a number of medical issues, including diabetes, heart disease, dementia and alcoholism.
At the time, home-care registered nurses were assigned to help provide supplementary care.
Nurses found the victim wearing a soiled adult diaper and suffering from two black eyes with blood on his head.
He told the nurses who discovered him that he’d been there for two days.
Picard admitted she knew her father had fallen and she had “administered a number of physical blows.”
|
|
Leaving her elderly father on a basement floor for two days in a soiled adult diaper won’t mean jail for a Calgary woman.
Justice Indra Maharaj accepted a joint Crown and defence submission on Wednesday for a two-year-less-a-day conditional sentence order for Tara Picard to be followed by 12 months of probation.
Prosecutor Donna Spaner and defence counsel Shaun Leochko proposed a community-based term which will include eight months of 24-hour house arrest followed by a nightly curfew for the second eight months.
Maharaj also agreed with the lawyers to order Picard to commit 300 hours of community service over the length of the three-year sentence.
The Calgary Court of Justice noted that amount of community-service hours was “a lot” to commit to.
But Maharaj said it showed Picard, 52, was truly remorseful for her conduct towards her father, whom Postmedia is not identifying because of the embarrassing nature of the facts of the case.
“What that shows me is Ms. Picard does sincerely recognize what has happened here,” the judge said of her willingness to complete community service.
“What I interpret from that is Ms. Picard’s willingness to give back to the community.”
Picard pleaded guilty in January to charges of assault and failing to provide the necessaries of life to her 77-year-old father.
Court heard caregivers found the elderly Calgary man on the basement floor of his daughter’s southeast home wearing a soiled adult diaper.
At the time, Picard was responsible for her father’s day-to-day care after he was moved to her residence, Spaner, reading from a statement of agreed facts, told court at the time.
“He had a number of medical ailments, including non-insulin dependent diabetes, coronary artery disease, some early onset dementia-like symptoms and chronic alcoholism,” Spaner said.
“(He) had been living independently in a Calgary apartment building. Family members became concerned that he was not caring for himself safely.”
With the help of Alberta Health Services he was moved to a home where Picard resided.
A registered nurse assigned to his care attended the 38 Street S.E. home on Nov. 15, 2021, to drop off food bank supplies for him and was told he was sleeping downstairs.
When the nurse called about an hour and a half later and spoke to the man on the phone he said he was lying on the floor, had fallen and was unable to get up.
When she returned to the home with a co-worker she found the victim lying on his back on the floor.
“(He) said that he had been lying on the floor for two days,” Spaner said.
Leochko said Picard was overwhelmed by the situation she was thrust into.
“It really was more than she could handle,” he said.
|
|
@juanhall: I gotta say, this was the most interesting bike in this post….love that Intense is experimenting with gearboxes…I can see it have a huge effect on DH bikes….thank god there’s still people pushing things. Now, they need to make an Enduro bike with the Pinion MGU!
Amid concerns over ‘collateral damage’ Trudeau, Freeland defend capital gains tax change
The unmissable events taking place during London’s Digital Art Week
How Michael Cohen and Trump went from friends to foes
Blending Function and Style: The Best Garage Door Designs for Contemporary Homes
NASA hears from Voyager 1, the most distant spacecraft from Earth, after months of quiet
Vaughn Palmer: B.C. premier gives social media giants another chance
U.K. tabloids abuzz with Canadian’s ‘Loch Ness monster’ photo
Interior Health delivers nearly 800K immunization doses in 2023
