How long would it take to hack into an average Web-based server—the kind a company might rent from the likes of Amazon Web Services? To find out, the security company CloudPassage set up six servers, two running Microsoft operating systems and four running Linux-based operating systems, loaded them with various combinations of widely used programs, and invited hackers to take their best shot. Top prize: $5,000.
It took just four hours for the winning hacker to captured the flag and the bounty. Worse still, he was a novice. Gus Gray, 28, has worked for a technology company for a little over a year and is taking classes toward a bachelor’s degree in computer science at California Polytechnic State University in San Luis Obispo. “I just thought I’d spend two or three hours poking around and see what I could learn, and it would make for an interesting evening,” he says.
That’s one way to put it. As companies shift from old-fashioned and expensive servers managed within four walls to cloud data centers online, the market for cloud-based infrastructure has grown to $9.2 billion, according to an estimate by the technology research firm Gartner. What that money buys may not be the security people think.
Full Topic
How Long Can Cloud Servers Hold Off Hackers? Not as Long as You Think
+54
+35- OpenText Employee
A couple of key points to take away from the article:
"CloudPassage configured the systems without any security beyond the default setting required to get them to run, mimicking the setups they often see among clients."
"...Gray decided to poke around on a utility application that allowed remote access from the Internet—a convenience for system administrators that can be easy to attack, Gray says. The application used a default password that wasn’t unique to either the program or the operating system, which Gray was able to guess"
-Dan
"CloudPassage configured the systems without any security beyond the default setting required to get them to run, mimicking the setups they often see among clients."
"...Gray decided to poke around on a utility application that allowed remote access from the Internet—a convenience for system administrators that can be easy to attack, Gray says. The application used a default password that wasn’t unique to either the program or the operating system, which Gray was able to guess"
-Dan
Webroot Threat Research
+6WSA runs on AWS.
I wonder what their monthly bill is. Dem IOPS and storage is expensive.
Probably why their business product reporting features are so bad. 😞
I wonder what their monthly bill is. Dem IOPS and storage is expensive.
Probably why their business product reporting features are so bad. 😞
all I know is it would be hard for anyone to do so, I've done some work in a couple different data centers supporting the could services and their protection is incredible, I of course can't go in to more detail but seriously wow, if it happens it will be in a very very VERY long time.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.