Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks
......
.....
The researchers said Amazon was also vulnerable to cross-site scripting (XSS) attacks that could have allowed users logged onto its online store to hijack an AWS session, using injected JavaScript code. The researchers demonstrated the vulnerability, only possible because signing into Amazon store automatically creates a concurrent AWS cloud service session automatically, at an ACM workshop on cloud security during a presentation entitledAll Your Clouds are Belong to us.
Click here to read more ....
Solutions : www.xcyss.in
......
A team of researchers from Germany's Ruhr University found that an XML signature-based attack can be used to manipulate SOAP messages in such a way that EC4 authentication systems fail to detect that they have been doctored – and thus action them as authentic.
The approach applies a class of security shortcoming, involving the modification of partially signed XML documents, that was first uncoveredin 2005 as affecting cloud-based systems, H Security reports......
The researchers said Amazon was also vulnerable to cross-site scripting (XSS) attacks that could have allowed users logged onto its online store to hijack an AWS session, using injected JavaScript code. The researchers demonstrated the vulnerability, only possible because signing into Amazon store automatically creates a concurrent AWS cloud service session automatically, at an ACM workshop on cloud security during a presentation entitledAll Your Clouds are Belong to us.
Click here to read more ....
Solutions : www.xcyss.in
No comments:
Post a Comment