科技回声

The researchers uncovered an XML Signature Wrapping attack, which requires the attacker has access to the plaintext of a correctly authorized XML request sent to Amazon. Given that every client I know of uses https for EC2 APIS, this isn't what I would call a "Massive Security Flaw".<p>More details on XML Signature Wrapping here: <a href="http://clawslab.nds.rub.de/wiki/index.php/XML_Signature_Wrapping_-_Simple_Context" rel="nofollow">http://clawslab.nds.rub.de/wiki/index.php/XML_Signature_Wrap...</a>

Why is this a story if the flaws have already been fixed? I have no expectations of perfection from Amazon, just responsiveness.

For those looking to ditch Amazon over their mismanagement, try a real VPS provider like RapidXen.

Why is this a story if the flaws have already been fixed? I have no expectations of perfection from Amazon, just responsiveness.

For those looking to ditch Amazon over their mismanagement, try a real VPS provider like RapidXen.

Researchers Uncover 'Massive Security Flaws' In Amazon Cloud

3 条评论

Researchers Uncover 'Massive Security Flaws' In Amazon Cloud

3 条评论