Stormy Weather for the Eucalyptus Grove?

June 10, 2011

Still feel safe in the cloud?  Have you heard from Eucalyptus lately?

According to “Critical Vulnerability in Open Source Eucalyptus Clouds”, there has been another break-in.  At least a theoretical one; university researchers have found a hole in the cloud.  Per the article:

“An attacker can, with access to the network traffic, intercept Eucalyptus SOAP commands and either modify them or issue their own arbitrary commands. To achieve this, the attacker needs only to copy the signature from one of the XML packets sent by Eucalyptus to the user. As Eucalyptus did not properly validate SOAP requests, the attacker could use the copy in their own commands sent to the SOAP interface and have them executed as the authenticated user.”

The platform has already provided a newer, downloadable version that corrects the issue.  Eucalyptus has warned their services may be a little spotty while the rest of the system recognizes the fix.

Go ahead and tally another tick mark against the cloud.  What’s worse, besides the discovered threat, users must contend with the hassle of outages related to the fix.  I could be wrong, but it seems it is only a matter of time before some serious consequences arise from lax attitudes concerning data storage.

How about putting enterprise data in the cloud with a search interface?  Or maybe a bank of social security numbers?  Now what about a security lapse?

Sarah Rogers, June 10, 2011

Sponsored by ArnoldIT.com, the resource for enterprise search information and current news about data fusion

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta