What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

SilverHawk

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern companies have with moving to a public cloud model. Amazon is such a huge player and has a pretty decent security history. Are these concerns about AMI well founded or bogus?

Answer this Question

Answers

2 total
jimlynch
Vote Up (14)

Hi SilverHawk,

GigaOm had an article about and seemed to feel it was overblown, according to certain experts.

Amazon AMI vulnerabilities overblown, experts say
http://gigaom.com/cloud/amazon-ami-vulnerabilities-overblown-experts-say/

"Stories about potential security vulnerabilities strike a chord as more companies consider moving more of their IT workloads to public cloud infrastructure run by Amazon, Rackspace and others.

Security experts said this is more of a people problem than a technology issue in that some people deploying AMIs leave passwords, SSH keys and other data that should be locked away, unattended. That flies in the face of Amazon’s recommended practices and makes AMIs vulnerable to hackers.

The message from security experts was clear: Stupid users get what they deserve."

nbetolli
Vote Up (12)

I looked at one of the articles making these claims earlier this week, and to use your term, I think they are booooogus!  It looks like most of the issues arise from people not following security best practices.  If you leave passwords and sensitive information "laying around" unsecured and unencrypted and someone takes advantage of it, I don't see how that is Amazon's fault.  I have seen so many instances of guidelines and procedures not being followed at companies large and small that I am not really surprised that some people are sloppy when they should be more cautious. 

Ask a question

Join Now or Sign In to ask a question.
The impending arrival of 25G will help drive the Layer 2-3 Ethernet switch market to approach $25 billion in 2018, according to Dell'Oro Group.
Perkins and Will, like many other global architectural firms, is struggling to manage ever-growing volumes of information. Data-intensive applications such as building information modeling (BIM) produce enormous files on a regular basis.
Oracle is fleshing out its family of cloud applications and taking a competitive step against the likes of Salesforce.com with the acquisition of TOA Technologies, maker of software for companies centered around field services. Terms were not disclosed.
In response to a query from Vint Cerf, professional developers explain why they don’t feel a membership in the Association for Computing Machinery is worth the cost
Microsoft and IBM are gaining momentum in the cloud infrastructure services market, putting pressure on Amazon and outpacing rival Google, according to a new study.
A network testbed being constructed just south of San Francisco will help carriers and vendors develop standards for better cloud services, the CloudEthernet Forum says.
Managed cloud service offers alternative to DIY or WAN optimization appliances.
IT leaders need to learn how to manage the evolving legal, privacy and compliance issues of SMAC contracts.
California is moving its IT services to a cloud, on-demand, subscription-based service that state officials believe may meet as much as 80% of its computing needs.
Microsoft has begun boosting the free allowance of its OneDrive cloud-based storage service to one terabyte for subscribers to consumer and college student Office 365 plans.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness