All the latest UK technology news, reviews and analysis
|
|
22 Jun 2011
German researchers have discovered major security vulnerabilities in the virtual machines published by customers of Amazon Web Services (AWS) on its infrastructure suggesting that about 30 per cent are insecure.
Scientists from the Darmstadt Research Center for Advanced Security (CASED) found that roughly a third of the 1,100 public Amazon Machine Images on the site are vulnerable, in most cases because customers had failed to heed Amazon's recommendations on security and implementation.
While the news will be bad PR to an extent for AWS, it's more the fault of its customers, and shows the immaturity of the industry.
CASED said that, while much of the industry is concentrating on whether the underlying cloud infrastructure of services provided by the likes of AWS is secure, it seems the threats are often caused by the customers themselves.
Flawed configurations meant that the researchers could harvest critical data such as passwords, cryptographic keys and certificates from the virtual machines. Such data could be used to "operate criminal virtual infrastructures, manipulate web services or circumvent security mechanisms such as Secure Shell", said CASED.
"The problem clearly lies in the customers' unawareness and not in AWS," said CASED professor Ahmad-Reza Sadeghi.
"We believe that customers of other cloud providers endanger themselves and other cloud users similarly by ignoring or underestimating security recommendations."
Mike Smart, European solutions director at SafeNet, argued that user education should be a big priority for the industry.
"As more valuable data is moved to the cloud we also need to embed better security features into cloud services and how they interact with physical infrastructure," he added.
"Solutions that take and adapt proven technologies like strong authentication and encryption to the cloud are critical. But end users should go further and ensure their digital keys are never stored on the cloud but are held and used within hardware security modules in their premises."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Functional Oracle Support Analyst - EBS Financials, Support...
Oracle E-Business Suite Technical Consultant - EBS...
Oracle Applications DBA - East London - All salaries...
Oracle Functional Consultants - Financial - Project Accounting...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
re: What are clouds
Simplest answer is a distant computer that runs the programs you require (such as MS word, or World of Warcraft, Paintshop etc) and stream the data (visual, audio, etc) to your device (public/private, laptop or computer, your mobile etc) where you view and use the program as if it was running on your device and are able to send keystrokes, mouse movements, audio, files etc. .. this allows you to run programs on devices that either don't have the program or don't have the ability to run the programme as non of the computations are actually done from the device but from the distant "cloud" computer/server. File storage is effectively the same as current server models.
Posted by: Dizzee 29 Jun 2011
What are clouds
Heard lots about clouds in relation to computer softwware but can never get anything other than an even more complicated answer. Can someone explain what they are. Numerous friends have looked at me with a blank faces when i mentioned clouds
Posted by: at 26 Jun 2011