top cloud threats v2.0 cloud security alliance michael sutton, vp research, zscaler dan hubbard,...
TRANSCRIPT
![Page 1: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/1.jpg)
Top Cloud Threats v2.0Cloud Security Alliance
Michael Sutton, VP Research, ZscalerDan Hubbard, CTO, Websense
![Page 2: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/2.jpg)
Project
![Page 3: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/3.jpg)
Contributing Organizations
![Page 4: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/4.jpg)
Top Threats for Cloud Computing v1
![Page 5: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/5.jpg)
Shared Technology Vulnerabilities
![Page 6: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/6.jpg)
Cloudbust
![Page 7: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/7.jpg)
Cloudburst
Kostya Kortchinsky, Immunity (Blackhat 2009)
![Page 8: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/8.jpg)
Cloudburst
Kostya Kortchinsky, Immunity (Blackhat 2009)
#define SVGA_CMD_RECT_COPY /* FIFO layout: Source X, Source Y, Dest, X, Dest Y, Width, Height */
![Page 9: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/9.jpg)
Account / Service Hijacking
![Page 10: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/10.jpg)
MobileMe – Enumerating Accounts
![Page 11: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/11.jpg)
MobileMe – Enumerating Accounts
![Page 12: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/12.jpg)
MobileMe – Enumerating Accounts
![Page 13: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/13.jpg)
MobileMe – Enumerating Accounts
48%
44%
8%
Girl Names
56%
18%
26%
Boy Names
Exists Does not existExists (password protected)
69% of accounts verified
![Page 14: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/14.jpg)
MobileMe – Password Reset
![Page 15: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/15.jpg)
MobileMe – Password Reset
![Page 16: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/16.jpg)
MobileMe – Password Reset
![Page 17: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/17.jpg)
MobileMe – Password Reset
![Page 18: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/18.jpg)
Data Loss / Data Leakage
![Page 19: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/19.jpg)
MediaMax – Inactive Accounts
MediaMax / The Linkup: When the cloud failsBy Michael Krigsman | August 27, 2008, 9:55am PDT
Online storage service MediaMax, also called The Linkup, went out of business following a system administration error that deleted active customer data. The defunct company leaves behind unhappy users and raises questions about the reliability of cloud computing.
…
As with most failures, this story is fraught with complications and contradictions. Besides finger pointing and back-biting, which I suppose is to be expected, confusing corporate relationships coupled with a seemingly bizarre level of process and technical carelessness lend a weird flavor to the whole mess.
![Page 20: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/20.jpg)
MediaMax Failures
![Page 21: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/21.jpg)
Microsoft – Lost Sidekick Data
Microsoft Recovers Lost Sidekick DataOCTOBER 15, 2009, 5:07 P.M. ETBy ROGER CHENG
Microsoft Corp. said Thursday that it has been able to recover the personal customer data lost from many of T-Mobile USA's Sidekick devices.
The Redmond, Wash., software giant said that most, if not all, customer data was recovered, and that the company would begin restoring data as soon as it has validated it. The company said it will start with personal contacts, and move on to the lost calendar, notes, tasks and pictures as quickly as possible.
![Page 22: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/22.jpg)
Malicious Insiders
![Page 23: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/23.jpg)
Google Fires Email Snooper
Google fires employee for snooping on usersSeptember 16, 2010|By Jessica Guynn, Los Angeles Times
The Internet search giant says the software engineer broke its 'strict internal privacy policies.' He allegedly accessed information about four teenagers.
Reporting from San Francisco — Google Inc. fired a software engineer for snooping on its users' private information, the Internet search giant confirmed Wednesday.
The 27-year-old employee, David Barksdale, allegedly accessed information about four teenagers he met through a Seattle technology group, according to gossip website Gawker, which reported the incident Tuesday.
![Page 24: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/24.jpg)
Google Response
“We dismissed David Barksdale for breaking
Google’s strict internal privacy policies. We
carefully control the number of employees who
have access to our systems, and we regularly
upgrade our security controls–for example, we
are significantly increasing the amount of time
we spend auditing our logs to ensure those
controls are effective. That said, a limited
number of people will always need to access
these systems if we are to operate them
properly–which is why we take any breach so
seriously.”
Bill CoughranSenior VP of Engineering
![Page 25: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/25.jpg)
Facebook Master Password
Purported Interview With Facebook Employee Details Use Of 'Master Password'Jason KincaidJan 11, 2010
Earlier today, The Rumpus published a very revealing interview with someone claiming to be a Facebook employee. The interview covers a variety of subjects, including privacy restrictions at the world’s largest social network and some of the technological hurdles the site has to deal with. The biggest revelations? That Facebook collects more data about your habits than you may realize, and that there was once a ‘master password’ that would grant employees access to anyone’s Facebook profile — a password that some employees abused.
![Page 26: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/26.jpg)
Interception or Hijacking of Traffic
![Page 27: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/27.jpg)
Twitter DNS Redirection
Internal Twitter Credentials Used in DNS Hack, Redirect
By David Kravets December 18, 2009 | 1:04 pm
Twitter’s website went offline for about an hour Thursday, with many tweeters redirected to a defacement page boasting “This site has been hacked by Iranian Cyber Army.”
Twitter acknowledged the 10 p.m. takeover, one in a series of security lapses to hit the popular microblogging service. Twitter said its DNS records “were temporarily compromised.”
Tom Daly, chief technology officer at Dyn, a New Hampshire-based DNS company that services Twitter, said somebody using a “set of valid Twitter credentials” redirected the site.
![Page 28: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/28.jpg)
Insecure APIs
![Page 29: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/29.jpg)
Insecure API’s
![Page 30: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/30.jpg)
Insecure API’s
![Page 31: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/31.jpg)
Insecure API’s
The programmable web is run in the cloud &
The cloud is programmed by the web
![Page 32: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/32.jpg)
Insecure API’s
We analyzed a dozen popular Twitter APPS, Gadgets, Facebook APPS, and Mashups and
>80% are NOT utilizing the security provided via auth and encryption !!!
![Page 33: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/33.jpg)
Insecure API’s
• Programmable web is…
– Straightforward to develop solutions to– Often anonymous or “frictionless”– Can be done from anywhere– Can be done usually from anyone– Can be done on anything (it’s the web after all)
![Page 34: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/34.jpg)
Insecure API’s
• Threats to programmable web:
– Man in the middle attack (MITM)– Message replay attacks– Identity spoofing– Message Alterations– Confidentially and Privacy Leaking / Issues
![Page 35: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/35.jpg)
Insecure API’s
• Example of Open graph being compromised and redirecting users
![Page 36: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/36.jpg)
Abuse and Nefarious Use
![Page 37: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/37.jpg)
Abuse and Nefarious Use
Hosting attacker toolkits for user infections, updating code, and control and statistics portal
![Page 38: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/38.jpg)
Twitter and other web services have been used for command and control of BOT’s
Abuse and Nefarious Use
![Page 39: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/39.jpg)
Abuse and Nefarious Use
• Using Google’s search platform for poisoning search results
~15% of searches for hot trends end up at malicious Websites
Attackers use web api’s like hot trends,topics, tweets, and mining
![Page 40: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/40.jpg)
Keep in mind that this is essentially a DoS attack. Launch it against a site that isn’t yours and very bad things will happen to you. But for testing your own site’s performance, Bees with Machine Guns is awesome — all you need is an EC2 account and the script.
Abuse and Nefarious Use
![Page 41: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/41.jpg)
Abuse and Nefarious Use
![Page 42: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/42.jpg)
Abuse and Nefarious Use
• Other examples of potential abuse:
– Password and encryption cracking– Data warehousing of large amounts of data, identities– DDOS (we talk about that later)– Hosting malicious files, phishing pages– Hiding behind services for data mining– Breaking CAPTCHA’s or other security checks
![Page 43: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/43.jpg)
Top Threats for Cloud Computing v2
![Page 44: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/44.jpg)
Distributed Denial of Service
![Page 45: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/45.jpg)
Distributed Denial of Service
![Page 46: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/46.jpg)
Distributed Denial of Service
• Attacks could be launched from different zone’s, geo’s, and services to help thwart takedowns
• Attacker could be shutdown but damage could be done, IP space now blacklisted
Another version is a financial DDOS that goes against a service user of IaaS that is paying per drink. Much harder to stop and detect
![Page 47: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/47.jpg)
Future Candidates to Think About
• All things Cloudy: Mobile / Tablets – Application Hacking– Location based service hacking– Eavesdropping
• Social Hacking – Location based service hijacking– “meatspace” attacks– Hacking the social graph– Hacking social trust – Vendor miss-use or abuse
![Page 48: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/48.jpg)
Co-operation is the new control
![Page 49: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/49.jpg)
CSA TOP THREATS SURVEYFeedback from the masses
![Page 50: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/50.jpg)
Survey Overview
• Solicited feedback from cloud providers and consumers
• Survey promoted through technical blogs and on CSA website and at RSA CSA Cloud Security Summit
• Received more than 300 responses to the survey
• Survey opened from Jan – March, 2010
![Page 51: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/51.jpg)
Survey Highlights: Demographics
24.12%
44.84%
31.03%
Cloud Response Usage
Cloud Vendor
Cloud Consumer
Other
22.90%33.50%
21.00%
4.40%
18.20%
Organization Breakdown*
Small Business Medium and Enterprise
Large Enterprise GovernementOther
* # of employees: Small Business < 100, Medium 100-10,000, Large > 10,000
![Page 52: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/52.jpg)
Top Survey Statistics: Data Leakage
82 % of respondents believe that the likelihood of Data Leakage in the cloud is possible, likely, or frequent.
6.15%12.31%
34.56%31.49%
15.49%
Likelihood of Data Leakage Occurring
Very UnlikelyUnlikelyPossibleLikelyFrequently
![Page 53: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/53.jpg)
Top Survey Statistics: Malicious Insiders
76 % of respondents believe that the likelihood of Malicious Insiders in the cloud is possible, likely, or frequent.
6.11%
19.04%
44.20%
25.15%
5.50%
Likelihood of Malicious Insider
Very Unlikely
Unlikely
Possible
Likely
Frequently
![Page 54: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/54.jpg)
Survey Results
Rank Threat Percentage
1 Data Loss/Leakage 26.5%
2 Abuse and Nefarious use of Cloud Computing 19.4%
3 Insecure API’s 14.2%
4 Malicious Insiders 12.9%
5 Account/Service and Traffic Hijacking 12.3%
6 Unknown Risk Profile 8.4%
7 Shared Technology Vulnerabilities 6.5%
![Page 55: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/55.jpg)
Status
![Page 56: Top Cloud Threats v2.0 Cloud Security Alliance Michael Sutton, VP Research, Zscaler Dan Hubbard, CTO, Websense](https://reader038.vdocuments.mx/reader038/viewer/2022110319/56649c745503460f949278c8/html5/thumbnails/56.jpg)
Participation
http://cloudsecurityalliance.org/topthreats_form.html