[Cryptography] Code Spaces has been under DDOS attacks and...
Perry E. Metzger
perry at piermont.com
Sat Jun 21 10:10:43 EDT 2014
On Fri, 20 Jun 2014 19:21:12 -0700 Tom Mitchell <mitch at niftyegg.com>
wrote:
> I might ask here how encryption helps or hinders (both attacker and
> defenders) attacks in the cloud.
Password based authentication to a crucial configuration service is
probably a bad idea. Other than that, this does not sound like it has
terribly much to do with encryption.
> "From the announcement:An unauthorized person who at this point who
> is still unknown (All we can say is that we have no reason to think
> its anyone who is or was employed with Code Spaces) had gained
> access to our Amazon EC2 control panel
That seems like the problem right there.
Requiring two (or more) factor authentication for systems
administration interfaces and using proper segregation of
administrative privileges is kind of important if you don't want to
end up with someone hijacking your sysadmin system.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list