Amazon's Cloud Is Full of Holes 66
itwbennett writes "Amazon's Web Services is so easy to use that customers create virtual machines without following Amazon's 'very detailed' security guidelines, says Thomas Schneider, a postdoctoral researcher in the System Security Lab of Technische Universität Darmstadt. Most notably, Schneider and his fellow researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines. '[Customers] just forgot to remove their API keys from machines before publishing,' Schneider said."
Re:How does that mean it is full of holes? (Score:4, Insightful)
No, your example posits a situation where you are privately sending your physical keys to a known individual in a 1:1 transaction. Apples to oranges.
The situation being described is where people build server images, and them publish them to share, without first having striped them of their security keys.
A better comparison is if you wrote up an email for your dog walker with very detailed instructions on how to take care of your dog and you included the security code for your alarm. Then, you thought it would be a terrific idea to share your great dog walking tips with an email list and forwarded your original email without editing out your security code. Now anyone who accesses your dog walking tips has access to your house.