Technology Review
Cloud password cracker is a sign of things to come.
Want to check if the password to your wireless network (or your neighbor's) passes muster? For $34, you can do just that by using a password-cracking service that's primarily aimed at "penetration testers"--people who are paid by a company to test its network's security.
The service, known as WPA Cracker, is one of the first hacking services to rely on cloud computing. WPA Cracker went live on Monday--it uses pay-as-you go cloud computing resources to search for an encrypted WiFi Protected Access (WPA) password from 135 million different possibilities, says creator and hacker Moxie Marlinspike. Normally the task would take a single computer about five days, but WPA Cracker uses a cluster of 400 virtual computers and high-performance computing techniques. It takes only 20 minutes, he says.
"Security is moving into the cloud ... so the attacks will follow security into the cloud as well," says Marlinspike. "Password cracking is an obvious thing. Normally, it is cost-prohibitive to run CPU-intensive jobs. [With cloud computing] it costs a lot less money than doing it yourself."
At its core, cloud computing is about providing services or infrastructure through the Internet that can easily be ramped up to meet demand. Online giants, including Amazon, Google, and Microsoft, all have services that offer the ability to run an application in a large data center or to rent time on a cluster of virtual computers, allowing customers to tap into large amounts of computing power more efficiently.
Security experts say the performance and costs advantages of cloud computing are already luring cybercriminals.
"We have seen attacks emanate from IP ranges associated with cloud-based computing services," says Tom Cross, manager of advanced research at IBM's X-Force security team. Cross would not elaborate on which services were involved, however.
Yet other real-world examples exist. In 2008, a spammer used Amazon's Elastic Computing Cloud (EC2) service to blast out a massive campaign of porn-related junk e-mail. And last month, security firm Arbor Networks reported that a cloud application hosted on Google's AppEngine platform appeared to be the command-and-control hub for a small botnet. However, Google removed the application for usage-policy violations and said that the malicious behavior was the result of a programming error, not criminal intent.
Even if the intent was not malicious, however, the example shows that poorly behaved applications can run in the cloud, says Danny MacPherson, chief security officer for Arbor.
As targeted scams become more common, it's vital to protect yourself.
A new approach does away with the need for long strings of letters and numbers.
Information technology's next grand challenge will be to secure the cloud--and prove we can trust it.
That the botnets of yore are the pre-cursor to cloud computing of today and you can thank the criminals for the foresight they had.
Now that there is a real cloud computing architecture growing they dont need to create their own every time.
They also pointed out that the major players have been compromised like every one else...
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
rttedrow
63 Comments
Harnessing the Cloud for Hacking
......and Technology Review would want to notarize this.......why?
Reply