Adobe To Detail Cloud DoS Attacks

Wolfgang Gruener in Products on January 07

Tags: Adobe, Cloud, security

It isn’t popular to criticize cloud computing these days, even if Google, Amazon and Microsoft need to employee marketing armies to alleviate security concerns of potential customers. Adobe may crash the cloud party as a security engineer is scheduled to detail a recent discovery of a particularly nasty DoS vulnerability in PHP code.

If you believe the current cloud pitch, the best decision you can make for the security of your data is to move to the cloud. Billion-dollar data centers can provide a security level the average Joe can never match and if your bathroom sink happens to trash your notebook, you can be calm as your data is safely stored in the clouds above. Despite the story we hear, we should not forget that vulnerabilities will continue to exist and, if exploited quickly, could affect a much greater number of users than before.

Adobe engineer Bryan Sullivan said that he will be discussing Denial of Service (DoS) attacks in the cloud era, at Black hat DC later this month. He especially referred to a flaw in current PHP code that would enable an attacker to send send an application into an infinite loop. Sullivan explained that cloud DoS techniques are relatively simple to plant and require a “single http request with less than 1000 bytes of code”. What is scary about these attacks is that they can hold thousands of cloud users hostage. From Sullivan’s blog post:

“Since you’re paying for your cloud resources on a per-cycle/per-gigabyte/per-megabit basis, a DoS attack could very quickly overcome your budget and force you to take the site down yourself. For the attackers, this has an added bonus in that they can provide you with metrics when they deliver their blackmail demands. “Give us $25,000 or we’ll take down your site” is bad enough, but “Give us $25,000 or we’ll soak up $50,000 worth of cloud resources” is worse still.”

“The worst part about all of these techniques is that they’re both extremely effective at soaking up server resources and also extremely asymmetric in terms of attacker effort versus effect,” Sullivan said.

You can leave a response, or trackback from your own site.

⇐Mac App Store: 1 Million Downloads And Hack Attacks ⇒2010 Music Sales Decline 2.4%

Microsoft Acquires Netscape Patent Base As First Strike Weapon Against Google

Mozilla Posts First Firefox Metro Screenshots

How Microsoft And Intel May Miss The Opportunity Of The Decade

In Historic Event, Chrome Surpasses IE Market Share

Firefox 11 With Chrome Tools Is Prepped For Tuesday Release

How “Flight” Will Change PC Gaming

Nokia 808 PureView: A 41 Megapixel Milestone for Smartphones

Mozilla Preps B2G OS: A Wake-Up Call For Google And Apple

Review: Infiniti G37 IPL – The Better 370Z?

Roadmap Update: Redesigned Firefox UI Most Critical in 2012

Adobe To Detail Cloud DoS Attacks

Related Stories on ConceivablyTech

Leave a reply

Follow ConceivablyTech

Active Discussions

Latest Slideshows >> All Slideshows

Recent Articles on CTech