What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

SilverHawk

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern companies have with moving to a public cloud model. Amazon is such a huge player and has a pretty decent security history. Are these concerns about AMI well founded or bogus?

Answer this Question

Answers

2 total
jimlynch
Vote Up (12)

Hi SilverHawk,

GigaOm had an article about and seemed to feel it was overblown, according to certain experts.

Amazon AMI vulnerabilities overblown, experts say
http://gigaom.com/cloud/amazon-ami-vulnerabilities-overblown-experts-say/

"Stories about potential security vulnerabilities strike a chord as more companies consider moving more of their IT workloads to public cloud infrastructure run by Amazon, Rackspace and others.

Security experts said this is more of a people problem than a technology issue in that some people deploying AMIs leave passwords, SSH keys and other data that should be locked away, unattended. That flies in the face of Amazon’s recommended practices and makes AMIs vulnerable to hackers.

The message from security experts was clear: Stupid users get what they deserve."

nbetolli
Vote Up (9)

I looked at one of the articles making these claims earlier this week, and to use your term, I think they are booooogus!  It looks like most of the issues arise from people not following security best practices.  If you leave passwords and sensitive information "laying around" unsecured and unencrypted and someone takes advantage of it, I don't see how that is Amazon's fault.  I have seen so many instances of guidelines and procedures not being followed at companies large and small that I am not really surprised that some people are sloppy when they should be more cautious. 

Ask a question

Join Now or Sign In to ask a question.
According to a new dataset, the big names in technology lag well behind actors, politicians and athletes in terms of global cultural significance
Five weeks after announcing a lower-cost subscription to Office, Microsoft today started selling Office 365 Personal to consumers.
Big data analytics are driving rapid growth for public cloud computing vendors with revenues for the top 50 public cloud providers shooting up 47% in the fourth quarter last year to $6.2 billion, according to Technology Business Review Inc.
Google has expanded its Cloud Platform to include locally hosted computing capacity, storage and data bases for the Asia-Pacific region.
The space agency has published a catalog of its software being made available to the public, and it includes code for things other than flying a rocket to the moon
Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.
For companies in the cloud storage business, standing out from the pack isn't getting any easier, as many competing services are racing to the bottom with both free and paid offerings.
The latest entrant into cloud-based Wi-Fi plans to apply the technique to public Wi-Fi hotspots, helping enterprises and service providers to better manage and monetize their networks.
The cloud is more than just dirt-cheap data storage and lightning-fast apps. These six innovations show that it's possible to manage servers, develop applications, run virtual machines and even sequence the human genome using cloud technology.
In today's accessible technology roundup: UK researchers find Google Glass helps Parkinson’s sufferers, a new wheelchair that can be controlled with facial expressions and a guide for using text alternatives to images on websites
randomness