FW: [ISN] University Research Exposes Potential Vulnerabilities In Cloud Computing

[Howell, Paul]

-----Original Message-----
From: isn-bounces@infosecnews.org [mailto:isn-bounces@infosecnews.org]
On Behalf Of InfoSec News
Sent: Wednesday, September 09, 2009 1:15 AM
To: isn@infosecnews.org
Subject: [ISN] University Research Exposes Potential Vulnerabilities In
Cloud Computing 

http://www.darkreading.com/securityservices/security/management/showArti
cle.jhtml?articleID=219700098

By Tim Wilson
DarkReading
Sept 08, 2009

Users of cloud computing infrastructures should be aware that their 
sensitive data could be potentially leaked, a group of university 
researchers say.

In a new research paper (PDF), several computer scientists from the 
University of California at San Diego (UCSD) and the Massachusetts 
Institute of Technology (MIT) say they have discovered soft spots in the

cloud computing concept that could leave data vulnerable to attack.

"Overall, our results indicate that there exist tangible dangers when 
deploying sensitive tasks to third-party compute clouds," the paper 
says.

In a nutshell, the researchers argue that by taking the right steps, an 
attacker could place a malicious virtual machine (VM) in close proximity

to a target server in a shared, "cloud" environment. From there, it 
would be possible to launch a "cross-VM attack" using a variety of 
different hacking strategies, they say.

Such methods might be employed by an attacker looking to access a 
specific target or server, or they might be used by hackers casting a 
wide net, searching for any vulnerable server, the paper says.

[...]


------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------