SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    The Cloud = New Heaven for Hackers

    Is it me or has everyone been hypnotize that Cloud is all ?

    It's fairly obvious that if the hackers can tap into cloud's shared memory or disk!!!! ... say good bye to your Security Identity. Seriously, as soon as you deploy to your app on to these cloud... it's same as putting bullseye symbol on your ass. Sure, your app will be more secured than before by using their "fabricated" security features. However, you still have bullseye symbol on your ass that every hacker in the world will try to crack open! I've found out that these server farms...shares memories! If a hacker decides to deploy a dummy application in the cloud and somehow taps into shared memories from major banks, Verizon, AT&T, and etc... . I'm a bit scared.....

  2. #2
    SitePoint Enthusiast
    Join Date
    Aug 2004
    Location
    Bloomington, IL
    Posts
    93
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't be scared...there's a lot of really smart people working at Verizon, AT&T, major banks, etc. That's not to say there are never issues...just nothing to be scared about.

    The security of credit card information is taken seriously by all parties involved...from the banks to the credit card companies to the many governments of the world. I'd be more concerned about the coming inflation eating up all your savings than "the cloud" imploding.

    "We'll all float on"

  3. #3
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    That's the thing. Credit card leak information has already happened to various companies. But the credit card is limited to those ones that's related to that one company. For example, if WalMart got hacked and I didn't shop at Walmart, I feel safe. Now all these companies will be on ONE platform or at least various companies using the same Cloud Hosts. Now if someone succeeds...not only they'll get credit card info from Walmart, they'll get plenty of others as well. It'll definitely be on CNN front page. My guess is that these companies will use Cloud hosts for non-critical apps but not mission-critical ones. At least that's my thought or hope to be.

  4. #4
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    I listened to an interview with the CEO of the cloud storage host Dropbox... and the facts he provided make me suspect that a hacker is not going to simply be able to break into the system and steal your data (unless they get your username and password - the weakest point of any secure system is it's users). Dropbox use Defence department level encryption on EVERYTHING within the servers which isn't likely to get broken, apart from that none of the staff can read any of the data on the servers (only the end users who setup the account can). The top three people at the company can override the system but it requires three key cards and one of those switch systems like you see in movies where they launch the nukes. That and the places where the data is stored is like a fortress with eye recognition, key-cards, biometrics and such (with the usual guards and cameras) and if the disk is removed from the rack it'll fry the data. Now I'm not saying it's totally secure from hackers, because obviously people who steal your credentials can get in... but all things considered there's nothing more they could do to prevent hackers... their physical storage is secure, their system is heavily protected from code injection (et al) and the only point of penetration is the stupidity of the end user.

  5. #5
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    That's Cloud Storage System but what about App that is powered by the Cloud

    Like Amazon
    http://aws.amazon.com/ec2/

    VMForce
    http://www.vmforce.com/

    Most likely, Google will come into the picture.

    These guys will use Distributed Share Memory. Meaning, all application that's hosted by them will "share" memory like "share" cpu. A hacker can simply purchase a plan to host their app and easily tap into DSM. By default, they can "only" see the memory they manage...however... I don't think it's out of range to steal other info in the memory space w/ hacks.... of course I don't know how to do that But in theory, this sounds very doable to me.

    Of course, I'm not saying Cloud is bad as it saves tons of $$$$, immediate scalability, low maintainance, and etc... but people forgets about security risks. You know I won't be surprise that these cloud hosts have the ability to "remote" access the virtual machine..... this creates huge chance of being "pwnage" by the hackers

  6. #6
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Unless there's a proof of concept I wouldn't really worry about it, I doubt someone like Amazon or Google would go into this without considering such an event.

  7. #7
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You're right though. Cloud hosts will have better security than doing it yourself. A analogy would be... let say you need to transfer a very critical item from point A to B. Would you

    A) Ride in a "very" secured truck that is easily spottable from "ALL" hackers.
    B) Ride in a taxi to be obscured w/ other taxies

    No doubt, Cloud will offer better security but more hackers will try to crack it.

  8. #8
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Kind of like Linux and Mac isn't it? Windows is only the most hacked because the majority of people use it.

    Yet it's a well established fact that Mac can be hacked in equal measure (and Linux too if you really wanted to attempt it).

  9. #9
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AlexDawson View Post
    Unless there's a proof of concept I wouldn't really worry about it, I doubt someone like Amazon or Google would go into this without considering such an event.
    Already done. From a reliable source, someone was able to deploy fake app into the clouds. I think someone challenged MIT to crack their cloud. Also, there's only handful of people who knows "Cloud Security". In a way, it's so new that there's not that many people to know well enough to be called "Cloud Security Expert".

  10. #10
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,381
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AlexDawson View Post
    Kind of like Linux and Mac isn't it? Windows is only the most hacked because the majority of people use it.

    Yet it's a well established fact that Mac can be hacked in equal measure (and Linux too if you really wanted to attempt it).
    Yup~ I swear I'll come back to this post in about 3~5 yrs and say "I told you!!!"

  11. #11
    SitePoint Member
    Join Date
    May 2010
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And I think cloud would have enhanced it's security before that 3-5 years would end...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •