How to use $6 on Amazon EC2 to tear down a target infrastructure
 |
Last week at the security conference DEF CON 2010, two security researchers demonstrated how easy and powerful it is to use cloud computing for malicious activities.
The two rented ten virtual machines on Amazon EC2 Infrastructure-as-a-Service (IaaS) cloud computing platform and used them to produce a denial of service (DoS) against a target SMB.
The striking thing is that taking down the target infrastructure for two hours costed just $6.
The two researchers highlighted that Amazon doesn’t enforce any bandwidth limitation and doesn’t check for malicious activity inside its Amazon Machine Instances (AMIs).
Of course this is not just an Amazon fault. Any IaaS or PaaS could be used for malicious activities like this one, and it’s extremely hard to believe that any cloud provider on the market is enforcing such kind of security checks at the moment.
Of course, it’s also true that a DoS or a Distributed DoS (DDoS) can be arranged even without using a public cloud. But using a IaaS or PaaS cloud makes it faster, cheaper, and scalable: the two experts started with just three AMIs and eventually rented another seven, until the target was completely down.
Amazon also failed to return the calls and emails of the company under attack, reports DarkReading.
Considering that the company just launched a new policy to report about vulnerabilities, maybe it’s a good time to launch a new policy for incident handling too.
cloudcomputing.info Newest articles
December 6th, 2011
In November Microsoft released a public beta of the Microsoft Assessment and Planning Toolkit (MAP) version 6.5. Today Microsoft announced its release, which is the follow-up of version 6.0 which…
November 21st, 2011
VMware has released the vCloud Connector, its Software as a Service (SaaS) management tool for VMware environments residing on- or off premise offering Infrastructure as a Service (IaaS). vCloud connector…
November 7th, 2011
Microsoft has released a beta of the next version of its capacity planning tool the Microsoft Assessment and Planning Toolkit version 6.5. This version will be the follow up of…
October 28th, 2011
Microsoft has released a public beta of System Center App Controller, its management portal for public and private clouds codenamed Concero which it announced in January this year. App Controller…
September 5th, 2011
In June this year, cloudcomputing.info reported that VMware released a set of papers, dubbed the vCloud Architecture Toolkit (vCAT) providing guidance for customers planning to implement their own cloud infrastructure….
August 30th, 2011
In July this year Citrix acquired Cloud.com a company providing an orchestration tool for managing Infrastructure as a Service (IaaS) called CloudStack. Now Citrix has announced a new upcoming release…
August 30th, 2011
During VMWorld in Las Vegas, VMware announced version 1.5 of vCloud connector, a management platform for Infrastructure-as-a-Service (IaaS) clouds powered by VMware vSphere. vCloud Connector is capable of viewing, managing…
August 25th, 2011
When VMware announced its Platform as a Service (PaaS) solution Cloud Foundry in April this year it detailed that Cloud Foundry would be able to run on several types of…
August 22nd, 2011
In April this year, Nimbula launched the first version of its product Director, a tool assisting the creation of Private, Public and Hybrid cloud solutions running on top of a…
July 20th, 2011
After releasing a public beta in May this year, Microsoft has now released version 6.0 of its capacity planning tool, the Assessment and Planning Toolkit (MAP), which is the follow…
July 20th, 2011
In May this year cloudcomputing.info reported about Citrix which announced Project Olympus, a cloud infrastructure under development based on the OpenStack project. Last week though Citrix announced that it acquired…
June 20th, 2011
CoreVault has announced a new cloud based hosting service called Cloud Hosting, developed in partnership with VMware to provide, and targeted both for small medium business (SMB) and enterprise customers….
June 16th, 2011
VMware announced a few days ago its intention to acquire Digital Fuel, which provides solutions to plan, bill and optimize IT cost and value.
Following the recent acquisitions of SlideRocket and SocialCast, this…
June 9th, 2011
In July last year, cloudcomputing.info reported about the fact that Microsoft was planning on launching a version of Azure, codenamed Talisker which could run on-premises. At that time, Microsoft confirmed…
Copyright © 2010-2012 cloudcomputing.info. All rights reserved.