AOH :: ISNQ5574.HTM

Amazon downplays report highlighting vulnerabilities in its cloud service

Amazon downplays report highlighting vulnerabilities in its cloud service
Amazon downplays report highlighting vulnerabilities in its cloud service


http://www.computerworld.com/s/article/9140074/Amazon_downplays_report_highlighting_vulnerabilities_in_its_cloud_service?taxonomyId=17 

By Jaikumar Vijayan
October 28, 2009
Computerworld 

Amazon said today that it has taken steps to mitigate a security issue 
in its cloud computing infrastructure that was identified recently by 
researchers from MIT and the University of California at San Diego.

The report described how attackers could search for, locate and attack 
specific targets in Amazon's Elastic Computer Cloud (EC2) because of 
certain underlying vulnerabilities in the infrastructure.

Though the attack described in the report was conducted against Amazons 
infrastructure, the researchers concluded that similar targeted attacks 
could be carried out in other cloud services as well because the 
vulnerabilities were generic.

In response, Amazon spokeswoman Kay Kinton said today that the report 
describes cloud cartography methods that could increase an attacker's 
probability of launching a rogue virtual machine (VM) on the same 
physical server as another specific target VM.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods