Researchers find holes in the cloud
Until recently, a vulnerability in Amazon Web Services including the EC2 cloud allowed unauthorised users to perform administrative tasks. At an ACM workshop on cloud security, a team of researchers from Germany's Ruhr University of Bochum led by professor Jörg Schwenk reported that attackers were, for example, able to start and stop virtual machines, and create new images and gateways, in an EC2 instance.
In their presentation entitled "All Your Clouds are Belong to us", the researchers explained how an XML signature attack can be used to manipulate SOAP messages in such a way that EC2 will consider them authentic and intact. This attack type was first described in 2005 and exploits the fact that signed partial XML documents continue to be considered as having been signed correctly even after having been modified.
Attackers can move the signed partial tree and then inject specially crafted elements in the original location. The attack is successful if an application's signature verification and XML interpretation are handled separately and if the specially crafted, unsigned code is executed after verification. Apparently, this was the case with Amazon's SOAP interface. The security researchers said that a similar vulnerability also existed in the open source Eucalyptus software for operating private cloud installations.
The security holes they described were closed immediately after the researchers informed the Amazon and Eucalyptus developers.
- Researchers: XML encryption standard is insecure, a report from The H.