What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

SilverHawk

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern companies have with moving to a public cloud model. Amazon is such a huge player and has a pretty decent security history. Are these concerns about AMI well founded or bogus?

Answer this Question

Answers

2 total
jimlynch
Vote Up (14)

Hi SilverHawk,

GigaOm had an article about and seemed to feel it was overblown, according to certain experts.

Amazon AMI vulnerabilities overblown, experts say
http://gigaom.com/cloud/amazon-ami-vulnerabilities-overblown-experts-say/

"Stories about potential security vulnerabilities strike a chord as more companies consider moving more of their IT workloads to public cloud infrastructure run by Amazon, Rackspace and others.

Security experts said this is more of a people problem than a technology issue in that some people deploying AMIs leave passwords, SSH keys and other data that should be locked away, unattended. That flies in the face of Amazon’s recommended practices and makes AMIs vulnerable to hackers.

The message from security experts was clear: Stupid users get what they deserve."

nbetolli
Vote Up (12)

I looked at one of the articles making these claims earlier this week, and to use your term, I think they are booooogus!  It looks like most of the issues arise from people not following security best practices.  If you leave passwords and sensitive information "laying around" unsecured and unencrypted and someone takes advantage of it, I don't see how that is Amazon's fault.  I have seen so many instances of guidelines and procedures not being followed at companies large and small that I am not really surprised that some people are sloppy when they should be more cautious. 

Ask a question

Join Now or Sign In to ask a question.
IBM continues to make the case for the nascent field of cognitive computing, showing off some Watson prototypes Thursday that could help speed scientific discovery in the medical field, by scanning large volumes of literature and data far more quickly then humans can, and suggesting possible leads.
NASA migrated 65 software applications, including its flagship NASA.gov website to the cloud in 22 weeks, and the space agency is still in the midst of a massive deployment to the cloud.
Is it crazy to pay $1300 for a Chromebook? Some reflections after a year and a half of living with Google's luxurious Pixel.
IBM announced late Wednesday that it's making its artificially intelligent computer system, Watson, available to researchers as a cloud service.
Technology companies make up almost half of the businesses ranked highest by their employees for culture and values in a new survey
Microsoft has extended the data loss prevention features in Office 365 so that they are available not only for its email tools but also for data in SharePoint Online and OneDrive for Business.
Salesforce.com's development teams are continuing their steady pace of improvements to the Salesforce1 mobile application, which first debuted at last year's Dreamforce conference.
Responding to the growth of enterprise software development teams, Microsoft will allow occasional contributors to access the Visual Studio Online project development environment at no cost.
Dropbox is consolidating its three Pro account options into a single plan that's priced at US$9.99 per month and includes 1TB of storage and added controls for document sharing and security.
Use your coding powers to raise money for a worthy cause, no ice water involved