What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

SilverHawk

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern companies have with moving to a public cloud model. Amazon is such a huge player and has a pretty decent security history. Are these concerns about AMI well founded or bogus?

Answer this Question

Answers

2 total
jimlynch
Vote Up (15)

Hi SilverHawk,

GigaOm had an article about and seemed to feel it was overblown, according to certain experts.

Amazon AMI vulnerabilities overblown, experts say
http://gigaom.com/cloud/amazon-ami-vulnerabilities-overblown-experts-say/

"Stories about potential security vulnerabilities strike a chord as more companies consider moving more of their IT workloads to public cloud infrastructure run by Amazon, Rackspace and others.

Security experts said this is more of a people problem than a technology issue in that some people deploying AMIs leave passwords, SSH keys and other data that should be locked away, unattended. That flies in the face of Amazon’s recommended practices and makes AMIs vulnerable to hackers.

The message from security experts was clear: Stupid users get what they deserve."

nbetolli
Vote Up (12)

I looked at one of the articles making these claims earlier this week, and to use your term, I think they are booooogus!  It looks like most of the issues arise from people not following security best practices.  If you leave passwords and sensitive information "laying around" unsecured and unencrypted and someone takes advantage of it, I don't see how that is Amazon's fault.  I have seen so many instances of guidelines and procedures not being followed at companies large and small that I am not really surprised that some people are sloppy when they should be more cautious. 

Ask a question

Join Now or Sign In to ask a question.
Oracle chairman Larry Ellison has delivered another dose of hype for the vendor's cloud platform, but many customers may need more convincing before they make the leap.
Earlier this month, Microsoft quietly appointed software architect Mark Russinovich as chief technology officer for its Azure cloud computing platform, formalizing a role he's been executing for the past several years.
Microsoft CEO Satya Nadella wooed India's government and banks on Tuesday with an offer to host cloud services including Azure and Office 365 in the country.
New technology may soon allow you to control your phone without touching or talking to it
Aiming to make cloud computing and DevOps training more accessible to women, Intel is sponsoring the IC3 Cloud Scholars program.
A hybrid cloud delivers IT efficiencies, and proprietary business intelligence tools, to help hundreds of hotel owners boost profitability.
Oracle needs to recognize that the consumerization of IT is already here.
Cisco on Monday said it is expanding on its Intercloud multi-cloud service provider initiative with another $1 billion investment, designed to lead to more products, data centers and partners.
Rackspace is in the process of rebooting a substantial portion of its cloud servers before Oct. 1.

White Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+