Home > Cloud Computing, Cloud Security > Oh, c’mon…

Oh, c’mon…

Story here from Network World.

Frankly, XML Signature-Wrapping and XSS don’t represent “massive security flaws in cloud architectures.”

They represent unfortunate vulnerabilities in authentication mechanism and web app security, but “cloud architecture?”

These vulnerabilities were also fixed.  Quickly.

Further, while the attack vector will continue to play an important role when using Cloud (publicly) as a delivery model (that is, APIs,) this story is being over played.

Will this/could this/is this type of vulnerability pervasive? Certainly there are opportunities for abuse of Internet-facing APIs and authentication schemes, especially given the reliance on vulnerable protocols and security models?

Perhaps.

Is it scary?

Yes.

See: Cloudifornication and Cloudinomicon.

 

Enhanced by Zemanta
Categories: Cloud Computing, Cloud Security Tags:
  1. Tony
    November 1st, 2011 at 11:47 | #1

    As with any article, it is written to stir up controversy. The more controversy the more interest. Have they overdone it? Maybe. Is it out of the ordinary? No

  1. October 29th, 2011 at 17:10 | #1