Michael Sutton, VP of security research for cloud security firm Zscaler, said in a blog post that it's trivial to recover the authentication credentials for numerous applications--including "Evernote, Google Docs, Apple's iDisk and any WebDav enabled server"--because their passwords are stored in plain text.
Organizations eager to move their in-house developed applications to the cloud to save money and increase efficiency need to carefully consider how application security changes in a cloud environment, experts say.
Education and government Websites continue to redirect users to malicious Websites months after the hijacked pages were flagged in a report. Major search engines also continue to rank those pages high on search results pages.
Zscaler helped jump start the market for cloud-based Web security gateways by taking several steps to make the technology highly scalable and easy for companies to integrate their users into the system, Firstbrook said. "They're using a lot of industry standards and making it easier to consume the technology than ever before," he said.
Researchers at Zscaler discovered Wednesday that malefactors using the infamous Black Hole Exploit Kit had managed to compromise one of the USPS's. The USPS National Customer Support Center, at ribs.usps.gov, has been taken down temporarily, to clean up the problem. At the moment Google still reports "This site may harm your computer", Firefox calls it a "Reported Attack Page", and other alert systems flag it as dangerous.
According to Zscaler the security company, some ill-intentioned people have randomized the source code of a website so whenever anyone goes to that site, he gets one fraudulent version of malicious software detection along with a hostile binary that pretends to be an anti-virus application suggested for download.