|
southern MN | IF YOU HAVE ADMINISTRATIVE (e.g. "root") ACCESS TO A MACHINE RUNNING A HYPERVISOR AND HOSTING CLIENTS YOU CAN TRIVIALLY READ ANY OF THE MEMORY IN USE BY SAID CLIENTS WITHOUT BEING DETECTED. THIS IN TURN MEANS YOU CAN TRIVIALLY READ ANY ENCRYPTION KEYS USED BY SAID CLIENTS AND STEAL THEM UNDETECTED.
HAVING DONE SO YOU CAN NOW READ EVEN SO-CALLED ENCRYPTED DATA STORED ON THE DISKS OF SAID CLOUD SERVICE COMPLETELY UNDETECTED.
---------
I know very little about computer programming and security.
I've often wondered, we are getting so password protected on everything - but what keeps the list of,passwords secure?
Smart phones especially, have banking and email and Amazon and so on data, where do they stick the passwords to keep them secure from malware? I know smart phones are built a little different to do better than Windows and so forth. But still a list of passwords needs to be so,where.
Anyhow, your article says if you have access to the computer that controls the cloud, you can easily pick off the list of passwords and thrn use the passwords to access any data that is stored on that cloud.
Paul | |
|
Warning on the lack of "cloud" security
