A press release from a company that calls itself a “leader in real-time traffic analysis” lists ten of their cyber threat predictions for 2011 and beyond.

Way down on the list at number 8 is “Cloud computing concerns”. They do not go into much more detail. Just general concerns, like this:

The incredible cost savings and flexibility cloud computing affords also opens up a superhighway for cyber crime. As cloud use increases, so, too, will the number of opportunities for data infection or theft.

Less cost and more flexibility is like a superhighway, right? And just like more lanes means you have the opportunity for a faster drive time…

Just look at all the opportunities

Oops, well, you know what they mean. I bet they do analysis for a different kind of traffic. More is more, so more opportunity for data infection or theft means more data infection or theft?

Maybe not. What if I told you there are instances of cloud computing that reduce opportunities for data infection or theft? They grow faster and larger yet remain easier to secure than non-cloud; provisioning tools may be setup to deliver a new service or security patch more quickly, remotely and widely in the cloud.

Perhaps they should have used high-speed trains as an analogy instead, especially in reference to software as a service (SaaS). It seems more fitting as a service-mode of transportation that delivers scalable and managed throughput with lower risk.* Even infrastructure as a service (IaaS) providers are more buttoned-up than the typical personal car and highway transportation model.

I too, however, sometimes use driving as an analogy when I give presentations about security. In fact I think there’s a video of me now floating around somewhere talking about how Interstate traffic controls work. My point is that there is not much preventing you from driving the wrong way, for example, but how often does it happen?

As tempting as it may be to say that there will be greater opportunities to commit crimes (four lanes open on the other side instead of one) there are a set of security principles that suggest the cloud (or any large enterprise IT environment) is not predisposed to become a superhighway of Cyber crime. Take a look around the next time you drive on a highway (quickly, though, and keep your hands on the wheel) and you will probably see what I’m talking about.

* Deaths per billion passenger miles: Train 0.88 versus Car 11.7

Apparently the old game gets played better when you pit bloodhounds against man instead of foxes.

Hunting foxes can be a dangerous pastime, and not just for the fox. That’s because foxes show so little concern for the welfare of their pursuers: They’ll dart across major roads and leap over train tracks, with unwitting members of the pack following doggedly along behind. Sometimes to their doom.

Which is why some 30 years ago the veteran fox hunter and co-founder of the Coakham, Nigel Budd, decided to develop a sport that “would combine all the arts of venery together with a controllable quarry.” A human being.

Men, Budd argued, can be instructed to stay away from roads and railway tracks. They also avoid disturbing farmers’ livestock. And they can choose to lead the hounds and horsemen on a challenging chase over the highest hedges and the triangular wooden fences known as tiger traps.

Another risk to be avoided is getting shot by a fox.

A wounded fox shot its would be killer in Belarus by pulling the trigger on the hunter’s gun as the pair scuffled after the man tried to finish the animal off with the butt of the rifle, media said Thursday.

On second thought, there is risk that a human witness would tell a different story than a fox — a man accidentally shot himself in the leg and then made up a story about a scuffle to avoid embarrassment. In that case playing the game with humans might actually be worse.

Is it still Cyberwar if the battles are between a government and its own citizens? Would it be Civil Cyberwar or Cyber Civilwar?

The EFF “calls for immediate action to defend activists”. Tunisian authorities are reported to have blocked HTTPS access to Facebook, Google and Yahoo! in order to attack or track down dissenters and compromise their on-line identities.

…last week the Tunisian government turned up the heat on bloggers, activists, and dissidents by launching a JavaScript injection attack that siphoned off the usernames and passwords of Tunsians logging in to Google, Yahoo, and Facebook. The Tunisian government has used these stolen credentials to log in to Tunisians’ email and Facebook accounts, presumably downloading their messages, emails, and social graphs for further analysis, and then deleting the accounts entirely.

The EFF gives the following recommendations, which are a good idea all the time and not just when in Tunisia:

* If HTTPS is available, use HTTPS to login to Facebook, Google, and Yahoo. If you are using Firefox, EFF’s HTTPS Everywhere plug-in will do this for you automatically.
* EFF has received reports that the Tunisian government is periodically blocking HTTPS access to Facebook, Google, and Yahoo. If that is the case and you must login over HTTP, install the following Greasemonkey script to strip out the JavaScript which the Tunisian government has inserted to steal your login credentials.
* If you have logged in to Facebook, Google, or Yahoo recently over HTTP, login using HTTPS and change your password.