27.10.2011, 00:00 Uhr
Amazon verneint vollen Zugriff auf Kundendaten in der Amazon Cloud
Online PC hat in einer Meldung (Sicherheitslücke in Amazons Cloud) darüber berichtet, dass es Sicherheitslücken im Cloud Service von Amazon gegeben hat. Amazon hat der Redaktion nun das folgende Statement gemailt, dass wir unseren Lesern gerne präsentieren:
Regarding Amazon specifically, researchers did not have access to all Amazon.com customer data as has been reported. The process by which Amazon.com stores customer data would not enable researchers to see and expose information such as passwords or payment information as has been suggested. Additionally, the potential vulnerability reported by these researchers would require customers to intentionally follow a specific script and take various specific actions that had been created by the researchers. Nevertheless, the potential vulnerabilities identified by researchers were corrected months ago and no customers were impacted. Both Amazon and AWS have had a strong security track record over the years.
The team works with security researchers around the world to identify potential vulnerabilities and to inform and educate cloud users of the importance of maintaining strong security processes in the cloud. When a potential vulnerability is identified, we work with researchers to quickly address the vulnerability and inform customers via the AWS Security Center. The potential vulnerabilities reported by researchers at Ruhr-University Bochum have been corrected and no customers have been impacted. The AWS security center provides a summary of the research findings and reminder of best practices for proper user validation. It is important to note that this potential vulnerability involved a very small percentage of all authenticated AWS API calls that use non-SSL endpoints and was not a potentially widespread vulnerability as has been reported. Additionally, customers fully implementing the AWS security best practices were not susceptible to these vulnerabilities. (Patrick Hediger) http://aws.amazon.com
Siehe auch: Sicherheitslücke in Amazons Cloud
Regarding Amazon specifically, researchers did not have access to all Amazon.com customer data as has been reported. The process by which Amazon.com stores customer data would not enable researchers to see and expose information such as passwords or payment information as has been suggested. Additionally, the potential vulnerability reported by these researchers would require customers to intentionally follow a specific script and take various specific actions that had been created by the researchers. Nevertheless, the potential vulnerabilities identified by researchers were corrected months ago and no customers were impacted. Both Amazon and AWS have had a strong security track record over the years.
The team works with security researchers around the world to identify potential vulnerabilities and to inform and educate cloud users of the importance of maintaining strong security processes in the cloud. When a potential vulnerability is identified, we work with researchers to quickly address the vulnerability and inform customers via the AWS Security Center. The potential vulnerabilities reported by researchers at Ruhr-University Bochum have been corrected and no customers have been impacted. The AWS security center provides a summary of the research findings and reminder of best practices for proper user validation. It is important to note that this potential vulnerability involved a very small percentage of all authenticated AWS API calls that use non-SSL endpoints and was not a potentially widespread vulnerability as has been reported. Additionally, customers fully implementing the AWS security best practices were not susceptible to these vulnerabilities. (Patrick Hediger) http://aws.amazon.com
Siehe auch: Sicherheitslücke in Amazons Cloud
