Cloud services hacked via Google search

Researchers at Stach & Liu, a security consulting firm, have advised organizations against storing critical information on the public cloud until there are better intrusion detection systems available for cloud services, the Dark Reading website reports.

The firm made the recommendation after discovering that access codes and passwords to thousands of public cloud services could be found via a simple Google search. The firm first reported the results of their cloud services security research at the Hacker Halted conference in October in Miami, according to Dark Reading. 

"It is not a good idea to put sensitive data out in the cloud right now -- at least not until there are intrusion-detection systems that would let users see these types of searches on their cloud services," Fran Brown, managing director of the firm, told Dark Reading.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Reader Comments

Mon, Nov 14, 2011

The title of this article is misleading. It has absolutely no bearing on any particular public cloud security. Any search engine could have been listed. You can do the same for on premise systems as well that are connected to the Internet and do not deploy security best practices. Making generic blanket statements is not good and leads to misinformation. Everyone does security differently when it comes to people, processes, and technology, so evaluate each based on its merits.

Mon, Nov 14, 2011 Sue

Fran should advise that in addition to intrusion detection systems, a "reverse content-aware firewall" needs to be in place as well.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above