BreachExchange mailing list archives
Many Amazon cloud users reveal confidential data
From: security curmudgeon <jericho () attrition org>
Date: Tue, 21 Jun 2011 03:58:38 -0500 (CDT)
http://www.h-online.com/security/news/item/Many-Amazon-cloud-users-reveal-confidential-data-1263704.html 20 June 2011, 14:02 Many Amazon cloud users reveal confidential data Sharing Amazon Machine Images (AMIs) to run on Amazon's Web Services (AWS) can open the door to attackers when users do not follow appropriate safety advice. The AMIs may contain private cryptographic keys, certificates and passwords, as researchers at the Darmstadt Research Center's CASED (Center for Advanced Security Research Darmstadt) found. In a reportGerman language, they say that they examined 1100 public AMIs for cloud services and found that 30 per cent were vulnerable to manipulation that could allow attackers to partially or completely take over virtual web service infrastructure or other resources. The published AMIs are provided as a service from the community of developers for other developers. Instead of creating a virtual environment from scratch . with a Linux system, Apache, a database and other services - to deploy an application, it is possible to find a preconfigured shared AMI over the web front end of AMS. But, if the publisher has left confidential information in the system or, for example, if the Bash shell history had not been deleted prior to publication, that data can be extracted and used. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Many Amazon cloud users reveal confidential data security curmudgeon (Jun 21)