http://online.wsj.com/articles/google-renews-its-cloud-efforts-1415062792

Google Renews Its Cloud Efforts: Company Adapts Offerings as It Tries to Catch Up to Amazon

Though Google is on top when it comes to it’s powerful networks of data centers, able to handle more than 3 billion search queries a day, they fall short to Amazon when it comes to renting out computing, though Google is making an attempt to change this by highlighting new offerings that will make it easier for customers to set up   cloud services more quickly. It seems that five years ago Google’s service didn’t really exist leaving Amazon kind of the only option, but now more recently speaking, there seems to be a little more competition.

Reading – SQL Injection Tutorial
———————————-
It is very important when creating a website available for public use, to test for vulnerabilities which let users modify the URL in such a way they can malicously connect to the database and extract/modify and even
delete data all from a common browser. It is very easy to check for this vulnerability as noted in the reading.  WebCruiser, a common Web vulnerability tool which will aid in the audit process.

Weekly Article
—————–
http://www.theregister.co.uk/2014/10/16/drupal_megavuln_sql_injection/

Drupal SQL injection nasty leaves sites ‘wide open’ to attack

Drupal before coming up with a patch for Version 7 (7.3), those not on the new version were vulnerable to SQL Injection attacks. Since many people create their sites in Drupal mostly (in my opinion) because their lack of programming knowledge, many if not all of these sites running version  7 and before share the same vulnerability, since their code is set up in almost the same fashion and from what I am told, it is not difficult to find sites using these version simply by using a simple Google search. A German Security Firm discovered the flaw and it has be stated that a malicious user can exploit these vulnerabilities without any kind of authentication. The make matters worse, the vulnerability was sitting in the public domain in Drupal’s public bug tracking database since November 2013 (this article was written in October 2014).

This weeks posted article “Social Engineering: A means to violate a computer system” talks about how people can be a weakness in to a system for hackers. Such individuals without knowledge and training can be a target because they can be coaxed into revealing confidential information to someone if they think that someone is possibly an employee and/or upper level manager.  Such information may include but not limited to logins, passwords and datacenter administrator personal information. Hackers can also use emails as a form of Social Engineering to spread viruses, malware and worms in the form of scams, chain mail and other hoaxes.  Employees not educated in the effects of opening non-authorized email or even visiting unauthorized websites can be crucial to any system, due to the damage these emails and sites can have especially if they contain attachments which can allow the hacker(s) into the network and possibly get something to spread to other systems.  Employees need to know exactly what Social Engineering is and how people from the outside (sometimes making their way to the inside) can use the weakness of people to infiltrate a system simply because an employee is unaware that such activity is being used in today’s day and age and the means of how it’s done.

———————————————————————————————–

http://www.techrepublic.com/article/social-engineering-audits-on-the-rise-what-this-means-for-cios-and-csos/

This article titled “Social engineering audits on the rise: means CIO and CSO’s” discusses importance of having regular “social engineering audits” in place in the same way physical IT systems need regular audits (depending on the type of business – of course). A company needs to know how strong their employees are and if they are following the designated policies and procedures in place which should explain the what they should and should not do as well as how to “be on the look” for suspicious activity like social engineering.  Regular automated tests can be put into place to test the behavior of these employees and if they are following the proper protocol.