Now-patched attack raises questions

Now-patched attack raises questions about security of cloud environments.
By Brandon Butler
As thousands of cloud fanatics descend on Las Vegas this week for Amazon Web Service’s re:Invent conference, researchers in Massachusetts are raising new questions about the security of all multi-tenant cloud environments.
A group of professors at Worcester Polytechnic Institute demonstrated in a recently published paper named “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a proof of concept hack of secret cryptography keys used in an AWS virtual machine. The now-patched flaw – which was not specific to AWS — showed that a hacker could theoretically gain a user’s secret keys that are used to encrypt sensitive data.
To read the entire article, please click here.

Leave A Comment