European Data Protection Digest

Researchers Find Break in the Cloud

DATA PROTECTION—GERMANY

October 28, 2011

German researchers report having found a security flaw in a cloud service provider allowing hackers to gain administrative rights to users' accounts, and according to the researchers, the flaw is one that may occur in many cloud architectures. Network World reports that the researchers informed Amazon Web Services (AWS) of the flaw, which has since been fixed, but say "since the relevant Web service standards make performance and security incompatible...These problems could be found in other cloud frameworks also." However, an AWS spokesman said, "It is important to note that this potential vulnerability involved a very small percentage of all authenticated AWS API calls...and was not a potentially widespread vulnerability as has been reported."
Full Story