Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

The Windows Flaw That Cracks Amazon Web Services 114

Nerval's Lobster writes "Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular 'chntwp' password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. 'The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,' he writes. 'Now let's be clear: I'm not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.' It's a security concern, and one that's particularly insidious to patch."
This discussion has been archived. No new comments can be posted.

The Windows Flaw That Cracks Amazon Web Services

Comments Filter:

Related Links Top of the: day, week, month.

Real Programs don't use shared text. Otherwise, how can they use functions for scratch space after they are finished calling them?

Working...