Compromising Amazon EC2
Sep 1st, 2009 by admin
A recent blogpost showed how to perform a EDoS (Economical Denial of Service) and how to publish a compromised public AMI. As the post outlines:
“Theft of resources is the red-headed step-child of attack classes and doesn’t get much attention, but on cloud platforms where resources are shared amongst many users these attacks can have a very real impact. With this in mind, we wanted to show how EC2 was vulnerable to a number of resource theft attacks and the videos below demonstrate three separate attacks against EC2 that permit an attacker to boot up massive numbers of machines, steal computing time/bandwidth from other users and steal paid-for AMIs.”
