Welcome to the bloggy home of Noah Brier. I'm the co-founder of Percolate and general internet tinkerer. This site is about media, culture, technology, and randomness. It's been around since 2004 (I'm pretty sure). Feel free to get in touch. Get in touch.

You can subscribe to this site via RSS (the humanity!) or .

The Other Side of the Cloud

Most people won’t ever touch Amazon’s cloud computing service. They will, however, touch an application that touches the service (FourSquare, Reddit, Percolate to name a few). What Amazon offers developers is the ability to bring up and down a server in an instant, only paying for the time it was live (for the initialized, this is all thanks to virtualization, which is pretty amazing). The other really neat thing about what Amazon offers is that they have a ton of server images to choose from when you launch your new box. That means in addition to the size and speed you can choose from different operating systems and even very specific configurations with additional software pre-installed (for instance, there’s a WordPress image that comes with all the software one would need to run a blog on Amazon’s cloud).

Anyway, some researchers looked into the security of these images and things didn’t turn out so peachy:

The results, which the team plans to present a paper at the Symposium on Applied Computing next March, aren’t pretty: 22% of the machines were still set up to allow a login by whoever set up the virtual machine’s software–either Amazon or one of the many other third party companies like Turnkey and Jumpbox that sell preset machine images running on Amazon’s cloud. Almost all of the machines ran outdated software with critical security vulnerabilities, and 98% contained data that the company or individual who set up the machine for users had intended to delete but could still be extracted from the machine.

November 8, 2011 // This post is about: , , , ,

Comments

  • candice says:

    There are also a couple of fairly new Remote Desktop worms running around EC2 looking for bad passwords and open ports. The EC2 images (stock windows amazon ones) I have were also set to never run windows update, which is pretty scary.

    On the flip side of that, a lot of malware shuts itself off when it detects being run in a virtual machine. (Because researchers were running malware in VMs long before the average user could get ahold of one.)

    btw, liking the new stream of content you’ve got going here.

  • Leave a Comment

    Your email address will not be published. Don't sweat it.