"What started as a small issue affecting some instances of Amazon’s Elastic Cloud Compute (EC2) in North Virginia became a full-blown outage of AWS in North Virginia. Major services, such as Reddit, Foursquare, Minecraft and Heroku, are down. GitHub, imgur, Pocket, HipChat, Coursera and others are affected"
In brief, the usual short-term whoops that happens with all large computer systems. But what c|net added was interesting:
"Amazon isn't saying what happened, but a spokesperson said the problem isn't due to an attack, as some have speculated. A member of hacker group Anonymous claimed responsibility for the outage via a tweet, but the Amazon spokesperson said that's not accurate and that no attack occurred."
While the claim is likely an Anonymous wannabe or puffery, the hackability of some Amazon services is not fictional.
It was almost a year ago when this article appeared:
“Effectively, a successful attack on a cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included,” researchers at Germany’s Ruhr University wrote in a paper.
"We had full access to all customer data, including data authentication, tokens, and even passwords in clear text," researcher Mario Heiderich said.
The article had this warning at the end:
"Critical infrastructure and services are making ever more use of cloud computing," he said. "It is therefore an urgent need to identify the security gaps in cloud computing". Juraj Somorovsky
Don't comfort yourself believing this is theoretical. As we noted in May 2011, there was this incident:
For three pennies an hour, hackers can rent Amazon.com Inc. (AMZN)’s servers to wage cyber attacks such as the one that crippled Sony Corp. (6758)’s PlayStation Network and led to the second-largest online data breach in U.S. history.
A hacker used Amazon’s Elastic Computer Cloud, or EC2, service to attack Sony’s online entertainment systems last month, a person with knowledge of the matter said May 13.
This article had this warning at the end:
The episode will cause individuals and companies to rethink what data to put on the cloud and force companies to potentially double what they spend on application security, said Murray Jennex, an associate professor at San Diego State University who specializes in computer systems security. In the long run, it will be cheaper than being hacked, he said. “This puts cloud computing into proper perspective,” Jennex said. “Everybody’s been thinking it’s chic and ignoring the security aspect. I think this reminds companies that things that make them great need to stay under their control.”
Our point is not that Amazon's Cloud is more vulnerable that other systems. It isn't; ask Sony about THEIR data security. Our point is that we see far too many people buy into the hype of the safety and security of Cloud Computing. And when they** move to Cloud Computing, do the computer equivalent of leaving their house keys under the door mat.*
* Then too, we do see people** getting a web site and putting the keys under the mat. ** Yes, this article is partially directed to 'you know who you are'.
In security matters, treat Cloud Computing no differently from other computer services.
Now we do have a small bone to pick with Amazon AWS Services - Cloudfront.
Previous emails to Amazon Cloud customer service about their problem users have always resulted in mixed results. Translation: No Response.
Here's our public comment about the Amazon Cloud user from IP 46.137.248.139, who is using the Amazon AWS Services - Cloudfront - FRA. This is what he did recently to an associated site.
46.137.248.139 /MyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /myadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /pma/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /phpmyadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /phpMyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /w00tw00t.at.blackhats.romanian.anti-sec:) 10/26/12 1:03 PM 0 404 GET ZmEu
We do realize Amazon, that this had no effect on that site. And virtually all web sites are immune to this not ready for amateur hour attack. But maybe he'll learn and try something else, on someone bigger.
Could you have a talk with this Amazon Cloud customer?
Pretty please.
/*
"Captain Gideon, 'security' happens to be my middle name." Captain Elizabeth Lochley "That's all well and good, but just in case your last name is 'breach' it won't hurt for me to double-check." Captain Matthew Gideon Crusade (1999)
"What started as a small issue affecting some instances of Amazon’s Elastic Cloud Compute (EC2) in North Virginia became a full-blown outage of AWS in North Virginia. Major services, such as Reddit, Foursquare, Minecraft and Heroku, are down. GitHub, imgur, Pocket, HipChat, Coursera and others are affected"
In brief, the usual short-term whoops that happens with all large computer systems. But what c|net added was interesting:
"Amazon isn't saying what happened, but a spokesperson said the problem isn't due to an attack, as some have speculated. A member of hacker group Anonymous claimed responsibility for the outage via a tweet, but the Amazon spokesperson said that's not accurate and that no attack occurred."
While the claim is likely an Anonymous wannabe or puffery, the hackability of some Amazon services is not fictional.
It was almost a year ago when this article appeared:
“Effectively, a successful attack on a cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included,” researchers at Germany’s Ruhr University wrote in a paper.
"We had full access to all customer data, including data authentication, tokens, and even passwords in clear text," researcher Mario Heiderich said.
The article had this warning at the end:
"Critical infrastructure and services are making ever more use of cloud computing," he said. "It is therefore an urgent need to identify the security gaps in cloud computing". Juraj Somorovsky
Don't comfort yourself believing this is theoretical. As we noted in May 2011, there was this incident:
For three pennies an hour, hackers can rent Amazon.com Inc. (AMZN)’s servers to wage cyber attacks such as the one that crippled Sony Corp. (6758)’s PlayStation Network and led to the second-largest online data breach in U.S. history.
A hacker used Amazon’s Elastic Computer Cloud, or EC2, service to attack Sony’s online entertainment systems last month, a person with knowledge of the matter said May 13.
This article had this warning at the end:
The episode will cause individuals and companies to rethink what data to put on the cloud and force companies to potentially double what they spend on application security, said Murray Jennex, an associate professor at San Diego State University who specializes in computer systems security. In the long run, it will be cheaper than being hacked, he said. “This puts cloud computing into proper perspective,” Jennex said. “Everybody’s been thinking it’s chic and ignoring the security aspect. I think this reminds companies that things that make them great need to stay under their control.”
Our point is not that Amazon's Cloud is more vulnerable that other systems. It isn't; ask Sony about THEIR data security. Our point is that we see far too many people buy into the hype of the safety and security of Cloud Computing. And when they** move to Cloud Computing, do the computer equivalent of leaving their house keys under the door mat.*
* Then too, we do see people** getting a web site and putting the keys under the mat. ** Yes, this article is partially directed to 'you know who you are'.
In security matters, treat Cloud Computing no differently from other computer services.
Now we do have a small bone to pick with Amazon AWS Services - Cloudfront.
Previous emails to Amazon Cloud customer service about their problem users have always resulted in mixed results. Translation: No Response.
Here's our public comment about the Amazon Cloud user from IP 46.137.248.139, who is using the Amazon AWS Services - Cloudfront - FRA. This is what he did recently to an associated site.
46.137.248.139 /MyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /myadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /pma/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /phpmyadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /phpMyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu 46.137.248.139 /w00tw00t.at.blackhats.romanian.anti-sec:) 10/26/12 1:03 PM 0 404 GET ZmEu
We do realize Amazon, that this had no effect on that site. And virtually all web sites are immune to this not ready for amateur hour attack. But maybe he'll learn and try something else, on someone bigger.
Could you have a talk with this Amazon Cloud customer?
Pretty please.
/*
"Captain Gideon, 'security' happens to be my middle name." Captain Elizabeth Lochley "That's all well and good, but just in case your last name is 'breach' it won't hurt for me to double-check." Captain Matthew Gideon Crusade (1999)
Do You Know What Your Amazon Cloud Is Up To?
Do You Know What Your Amazon Cloud Is Up To?
EventHorizon1984
26 October 2012
The Amazon Web Service (AWS) had an East Coast service outage on October 22nd. The interruption of service lasted several hours.
According to TechCrunch:
In brief, the usual short-term whoops that happens with all large computer systems. But what c|net added was interesting:
While the claim is likely an Anonymous wannabe or puffery, the hackability of some Amazon services is not fictional.
It was almost a year ago when this article appeared:
Amazon's EC2, Eucalyptus hacked
SC Magazine
Darren Pauli, 28 October 2011
The article had this warning at the end:
Juraj Somorovsky
Don't comfort yourself believing this is theoretical. As we noted in May 2011, there was this incident:
Sony Network Breach Shows Amazon Cloud's Appeal for Hackers
Bloomberg
Joseph Galante, Olga Kharif, Pavel Alpeyev, 16 May 2011
This article had this warning at the end:
“This puts cloud computing into proper perspective,” Jennex said. “Everybody’s been thinking it’s chic and ignoring the security aspect. I think this reminds companies that things that make them great need to stay under their control.”
Our point is not that Amazon's Cloud is more vulnerable that other systems. It isn't; ask Sony about THEIR data security. Our point is that we see far too many people buy into the hype of the safety and security of Cloud Computing. And when they** move to Cloud Computing, do the computer equivalent of leaving their house keys under the door mat.*
* Then too, we do see people** getting a web site and putting the keys under the mat.
** Yes, this article is partially directed to 'you know who you are'.
In security matters, treat Cloud Computing no differently from other computer services.
"No boom today. Boom tomorrow. There's always a boom tomorrow."
Susan Ivanova
Now we do have a small bone to pick with Amazon AWS Services - Cloudfront.
Previous emails to Amazon Cloud customer service about their problem users have always resulted in mixed results. Translation: No Response.
Here's our public comment about the Amazon Cloud user from IP 46.137.248.139, who is using the Amazon AWS Services - Cloudfront - FRA. This is what he did recently to an associated site.
46.137.248.139 /MyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
46.137.248.139 /myadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
46.137.248.139 /pma/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
46.137.248.139 /phpmyadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
46.137.248.139 /phpMyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
46.137.248.139 /w00tw00t.at.blackhats.romanian.anti-sec:) 10/26/12 1:03 PM 0 404 GET ZmEu
We do realize Amazon, that this had no effect on that site. And virtually all web sites are immune to this not ready for amateur hour attack. But maybe he'll learn and try something else, on someone bigger.
Could you have a talk with this Amazon Cloud customer?
Pretty please.
/*
"Captain Gideon, 'security' happens to be my middle name." Captain Elizabeth Lochley
"That's all well and good, but just in case your last name is 'breach' it won't hurt for me to double-check." Captain Matthew Gideon
Crusade (1999)
/*
Technorati Profile
EventHorizon1984 Log
//
Posted at 15:30 in Amazon, Business, Commentary, Web/Tech | Permalink
Tags: 46.137.248.139, Amazon, Amazon Elastic Computer Cloud, Amazon Web Services, Anonymous, AWS, Cloud, Cloudfront, EC2, Eucalyptus, hacker, Juraj Somorovsky, phpmyadmin, PlayStation Network, Sony, w00tw00t, ZmEu
| Reblog (0)