Modernizing Authentication — What It Takes to Transform Secure Access
Researchers at the Horst Görtz Institute of Germany's Ruhr-University Bochum have demonstrated a successful account hijacking attack against Amazon Web Services (AWS).
"The flaw is located in the WS-Security (Web Services Security) protocol and enables attackers to trick servers into authorizing digitally signed SOAP (Simple Object Access Protocol) messages that have been altered," writes PCWorld's Lucian Constantin.
"The new practical attack against Amazon's cloud infrastructure was demonstrated at the ACM Conference on Computer and Communications Security last week and involved obtaining unauthorized access to an AWS account," Constantin writes.
Go to "Researchers Demo Cloud Security Issue With Amazon AWS Attack" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.